Merge pull request #19 from sherifabdlnaby/v4.2

V4.2

.github/auto-release.yml

@@ -0,0 +1,80 @@
+name-template: 'v$RESOLVED_VERSION 🌈'
+tag-template: 'v$RESOLVED_VERSION'
+version-template: '$MAJOR.$MINOR.$PATCH'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+      - 'enhancement'
+      - 'feature'
+  patch:
+    labels:
+      - 'auto-update'
+      - 'patch'
+      - 'fix'
+      - 'chore'
+      - 'bugfix'
+      - 'bug'
+      - 'hotfix'
+  default: 'patch'
+
+categories:
+  - title: '🚀 Enhancements'
+    labels:
+      - 'enhancement'
+      - 'feature'
+      - 'patch'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+      - 'hotfix'
+  - title: '🤖 Automatic Updates'
+    labels:
+      - 'auto-update'
+  - title: '📝 Documentation'
+    labels:
+      - 'chore'
+
+autolabeler:
+  - label: 'chore'
+    files:
+      - '*.md'
+  - label: 'enhancement'
+    title: '/enhancement/i'
+
+  - label: 'bugfix'
+    title: '/bugfix/i'
+
+  - label: 'bug'
+    title: '/🐛|🐞|fixes/i'
+
+  - label: 'auto-update'
+    title: '/🤖/i'
+
+  - label: 'feature'
+    title: '/🚀|🎉/i'
+
+change-template: |
+  <details>
+    <summary>$TITLE @$AUTHOR (#$NUMBER)</summary>
+
+    $BODY
+  </details>
+
+template: |
+  ## Changes
+
+  $CHANGES
+
+replacers:
+  # Remove irrelevant information from Renovate bot
+  - search: '/(?<=---\s+)+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
+    replace: ''
+  # Remove Renovate bot banner image
+  - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
+    replace: ''

.github/workflows/auto-release.yml

@@ -0,0 +1,27 @@
+name: auto-release
+
+on:
+  push:
+    # branches to consider in the event; optional, defaults to all
+    branches:
+      - main
+  # pull_request event is required only for autolabeler
+  pull_request:
+    # Only following types are handled by the action, but one can default to all as well
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - uses: release-drafter/release-drafter@v5
+        with:
+          publish: false
+          prerelease: true
+          config-name: auto-release.yml
+          # allows autolabeler to run without unmerged PRs from being added to draft
+          disable-releaser: ${{ github.ref_name != 'main' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/build-test-scan.yml

@@ -0,0 +1,57 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which checks out the code, builds a container
+# image using Docker and scans that image for vulnerabilities using
+# Snyk. The results are then uploaded to GitHub Security Code Scanning
+#
+# For more examples, including how to limit scans to only high-severity
+# issues, monitor images for newly disclosed vulnerabilities in Snyk and
+# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
+
+name: Build, Test, and Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '41 5 * * 5'
+
+env:
+  APP_BASE_DIR: "./app"
+
+jobs:
+  Build-Test-Scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Demo App
+        uses: php-actions/composer@v6
+        with:
+          dev: no
+          command: create-project
+          args: --no-install --no-scripts symfony/symfony-demo app
+          php_version: 7.4
+      - name: Build & Deploy
+        run: make deploy
+      - name: Test the App Startup
+        run: sleep 5 && curl localhost:8080 -I
+      - name: Run Snyk to check Docker image for vulnerabilities
+        # Snyk can be used to break the build when it detects vulnerabilities.
+        # In this case we want to upload the issues to GitHub Code Scanning
+        continue-on-error: true
+        uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: kubephp_app:latest kubephp_web:latest
+          args: --file=Dockerfile --print-deps
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif

.github/workflows/lint.yml

@@ -0,0 +1,32 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which checks out the code, builds a container
+# image using Docker and scans that image for vulnerabilities using
+# Snyk. The results are then uploaded to GitHub Security Code Scanning
+#
+# For more examples, including how to limit scans to only high-severity
+# issues, monitor images for newly disclosed vulnerabilities in Snyk and
+# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
+
+name: Lint
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+
+jobs:
+  Lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Hadolint Action
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: Dockerfile
+          ignore: DL3018 SC2086 DL3019