bitbucket-pipelines.yml

image: mediacurrent/mc-bb-pipelines:PHP8.0

pipelines:
  default:
    - step:
        name: Build and test
        caches:
          - composer
          - composer-project-vendor
        script:
          - uname -a
          - mkdir -p /root/.ssh
          - echo "bitbucket.org,104.192.143.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> /root/.ssh/known_hosts
          - echo -e "$SSH_ID_RSA" >> ~/.ssh/id_rsa
          - chmod 600 ~/.ssh/id_rsa
          - echo -e "$SSH_ID_RSA_PUB" >> ~/.ssh/id_rsa.pub
          - chmod 600 ~/.ssh/id_rsa.pub
          - chmod 700 ~/.ssh
          - php --version
          - source /root/.bashrc
          - composer selfupdate
          - composer validate --no-check-all --no-check-publish
          - composer --verbose install
          - ls -l ./vendor/bin
          - ./vendor/bin/behat --version
          - ./vendor/bin/drush version
          - ./vendor/bin/phpunit --version
          - composer robo --version
          - composer robo list
          - composer robo project:init example.mcdev 127.0.0.1
          # - nvm install v7.4.0
          # - nvm use v7.4.0
          # Drupal coding standards test on custom modules
          - echo "Coding Standards"
          - ./tests/code-sniffer.sh ./web
          # - CMD=$(./tests/code-sniffer.sh ./web 2>&1) && printf '%s\n' "${CMD}"|| ( slackcli -h mc-alerts-nysenate -e ":rage3:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/ ${BITBUCKET_BRANCH} error - \`\`\`${CMD}\`\`\`" && printf '%s\n' "${CMD}" && exit 1 )
          - echo "PHPUnit unit tests"
          - if [ "$(ls -A web/modules/custom/)" ]; then
          - composer robo test:phpunit-tests
          - fi
          # echo "Drupal-check custom development for Drupal 9/10 readiness"
          # ./vendor/mediacurrent/ci-tests/tests/drupal-check.sh web
          # - CMD=$(composer robo test:phpunit-tests 2>&1) && printf '%s\n' "${CMD}"|| ( slackcli -h mc-alerts-nysenate -e ":rage3:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/results/$BITBUCKET_BUILD_NUMBER ${BITBUCKET_BRANCH} error - \`\`\`${CMD}\`\`\`" && printf '%s\n' "${CMD}" && exit 1 )
          - printf "127.0.0.1 example.mcdev" >> /etc/hosts
          - cd ./web
          # Set script to continue on failure.
          - set +e
          # Check for pending security updates.
          - PMSECURITY=$(../vendor/bin/drush pm:security 2>&1)
          - printf '%s\n' "${PMSECURITY}"
          - if grep -vq '[success]' <<< ${PMSECURITY} ; then
          - slackcli -h mc-alerts-nysenate -e ":lock:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/results/$BITBUCKET_BUILD_NUMBER - ${BITBUCKET_BRANCH} - pm:security \`\`\`${PMSECURITY}\`\`\`"
          # - exit 1
          - fi
          # Set script to stop on failure.
          - set -e
          # if db.sql exists, import and run drush deploy, else run site:install.
          - if [ -e ../vendor/bin/db.sql ]; then
          - cat ../.bitbucket/settings.local.php.txt >> ./sites/default/settings.php
          - ../vendor/bin/drush sqlc < ../vendor/bin/db.sql
          - if [ ! -z "$(ls -A ../config/sync/*.yml 2>/dev/null)" ]; then
          - ../vendor/bin/drush deploy
          - fi
          - else
          # Install site using options to disable email notification.
          - echo "\$config['system.mail']['interface']['default'] = 'test_mail_collector';" >> ./sites/default/settings.php
          - /usr/bin/env PHP_OPTIONS="-d sendmail_path=$(which true)" ../vendor/bin/drush site-install nysenate install_configure_form.enable_update_status_module=NULL install_configure_form.enable_update_status_emails=NULL --verbose --yes --db-url=mysql://drupal:drupal@127.0.0.1:3306/drupal --existing-config
          - ../vendor/bin/drush status
          - ../vendor/bin/drush sget system.test_mail_collector
          - fi
          - ../vendor/bin/drush sql-dump > ../vendor/bin/db.sql
          - cd ..
        services:
          - mysql
        artifacts:
          - bin/*
          - tests/**
          - vendor/**
          - web/**
    - parallel:
      - step:
          name: A11y and regression tests
          script:
            - ls -l
            - ls -l ./vendor/bin
            - cd web
            - ../vendor/bin/drush sqlc < ../vendor/bin/db.sql
            - ../vendor/bin/drush status
            - ../vendor/bin/drush -vvv --debug runserver 8080 &
            - sleep 3
            - cd ..
            #- if [ "$(ls -A web/modules/custom/)" ]; then
            # The SIMPLETEST_DB var is needed for Kernel and Functional tests.
            #- echo 'SIMPLETEST_DB="mysql://drupal:drupal@127.0.0.1:3306/drupal"' >> .env
            # PHPUnit - Kernel and Functional tests
            #- composer robo test:phpunit-tests --filter="/Kernel\|Functional/"
            # PHPUnit - Drupal Test Trait ExistingSite tests
            #- DTT_BASE_URL=http://127.0.0.1:8080 ./vendor/bin/phpunit --configuration=./tests/dtt/phpunit.xml ./web/modules/custom/
            #- fi
            # Drupal accessibility tests
            # - echo "Accessibility tests"
            # - pa11y --version
            # - ./tests/pa11y/pa11y-review.sh http://127.0.0.1:8080/themes/contrib/rain_theme/dist/style-guide/section-components.html
            # - CMD=$(./tests/pa11y/pa11y-review.sh http://127.0.0.1:8080/themes/contrib/rain_theme/dist/style-guide/section-components.html 2>&1) && printf '%s\n' "${CMD}"|| ( slackcli -h mc-alerts-nysenate -e ":rage3:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/results/$BITBUCKET_BUILD_NUMBER ${BITBUCKET_BRANCH} error - \`\`\`${CMD}\`\`\`" && printf '%s\n' "${CMD}" && exit 1 )
            # Drupal behat tests
            - echo "Behat tests"
            - ./vendor/bin/drush cr
            - curl http://127.0.0.1:8080/user -L
            - ./tests/behat/behat-run.sh http://127.0.0.1:8080
            # - CMD=$(./tests/behat/behat-run.sh http://127.0.0.1:8080 2>&1) && printf '%s\n' "${CMD}"|| ( slackcli -h mc-alerts-nysenate -e ":rage3:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/results/$BITBUCKET_BUILD_NUMBER ${BITBUCKET_BRANCH} error - \`\`\`${CMD}\`\`\`" && printf '%s\n' "${CMD}" && exit 1 )
          services:
            - mysql
      - step:
          name: Security tests
          caches:
            - docker
          script:
            - cd web
            - ../vendor/bin/drush sqlc < ../vendor/bin/db.sql
            - ../vendor/bin/drush status
            - ../vendor/bin/drush -vvv --debug runserver 172.17.0.1:8080 &
            - cd ..
            # OWASP Zap Baseline report
            - echo "OWASP ZAP Baseline report"
            - docker version
            # Set script to continue on failure.
            - set +e
            - ln -s $(pwd) /zap/wrk
            - ls -l /zap/wrk/
            # - /zap/zap-baseline.py -c owasp-zap.conf -p owasp-zap-progress.json -t http://127.0.0.1:8080
            - CMD=$(/zap/zap-baseline.py -d -c owasp-zap.conf -p owasp-zap-progress.json -t http://172.17.0.1:8080) && printf '%s\n' "${CMD}"|| ( slackcli -h mc-alerts-nysenate -e ":lock:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/results/$BITBUCKET_BUILD_NUMBER - ${BITBUCKET_BRANCH} - OWASP Zap Baseline report \`\`\`${CMD}\`\`\`" && printf '%s\n' "${CMD}" && exit 1 )
            # Set script to stop on failure.
            - set -e
            # Run Security Review checks
            - cd web
            # Check security review.
            - ../vendor/bin/drush en security_review
            - SECURITYREVIEW=$(../vendor/bin/drush secrev --check=input_formats,upload_extensions,admin_permissions,executable_php,temporary_files 2>&1)
            - printf '%s\n' "${SECURITYREVIEW}"
            - if grep -q 'failed' <<< ${SECURITYREVIEW} ; then
            - slackcli -h mc-alerts-nysenate -e ":lock:" -m "https://bitbucket.org/mediacurrent/${BITBUCKET_REPO_SLUG}/addon/pipelines/home#!/results/$BITBUCKET_BUILD_NUMBER - ${BITBUCKET_BRANCH} - secrev \`\`\`${SECURITYREVIEW}\`\`\`"
            - exit 1
            - fi
          services:
            - docker
            - mysql
      - step:
          name: Visual Regression
          caches:
            - docker
            - visual-regression-ci-reference
            - visual-regression-node-modules
          script:
            - aws --version
            - ls -l
            - ls -l ./vendor/bin
            - cd web
            - ../vendor/bin/drush sqlc < ../vendor/bin/db.sql
            - ../vendor/bin/drush status
            - ../vendor/bin/drush -vvv --debug runserver 172.17.0.1:8080 &
            - sleep 3
            - cd ..
            - cd tests/visual-regression
            - chmod -R o+w ./backstop_data
            - npm install
            - set +e
            # Generate new reference if needed
            - if [ ! "$(ls -A backstop_data/ci_reference)" ]; then
            - aws s3 cp s3://mis-ci-tests/vrt/reference-${BITBUCKET_REPO_SLUG} backstop_data --recursive
            - if [ ! "$(ls -A backstop_data/ci_reference)" ]; then
            - make -i ci-reference
            - fi
            - fi
            - make -i ci-test
            - aws s3 cp backstop_data s3://mis-ci-tests/vrt/test-${BITBUCKET_REPO_SLUG}-${BITBUCKET_BUILD_NUMBER} --recursive
            # link to results posted to Bitbucket
            - export VRT_URL="http://vrt.mediacurrent.com/test-${BITBUCKET_REPO_SLUG}-${BITBUCKET_BUILD_NUMBER}/ci_html_report/"
            - export BUILD_STATUS="{\"key\":\"doc\", \"state\":\"SUCCESSFUL\", \"name\":\"VRT Results\", \"url\":\"${VRT_URL}\"}"
            - curl -H "Content-Type:application/json" -X POST --user "${BB_AUTH_STRING}" -d "${BUILD_STATUS}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/commit/${BITBUCKET_COMMIT}/statuses/build"
            # Use current develop as reference
            - if [ "${BITBUCKET_BRANCH}" == "develop" ]; then
            - make -i ci-approve;
            - aws s3 cp backstop_data s3://mis-ci-tests/vrt/reference-${BITBUCKET_REPO_SLUG} --recursive
            - fi
          services:
            - docker
            - mysql
          artifacts:
            - tests/visual-regression/backstop_data/**
  #pull-requests:
    #'{feature/**,clu-*}':
      #- step:
          #caches:
           #- composer
              #- composer-project-vendor
          #script:
            #- TERMINUS_SITE="nysenate-2022"
            #- ADMIN_USERNAME="admin"
            #- ADMIN_EMAIL="admin@example.com"
            # Passwords set in Bitbucket Pipelines UI
            #- ADMIN_PASSWORD="$MULTIDEV_ADMIN_PASSWORD"
            #- git config --global user.email "it@mediacurrent.com"
            #- git config --global user.name "Mediacurrent IT"
            #- mkdir -p $HOME/.ssh
            #- echo "bitbucket.org,104.192.143.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> /root/.ssh/known_hosts
            # Avoid ssh prompting when connecting to new ssh hosts
            #- echo "StrictHostKeyChecking no" >> "$HOME/.ssh/config"
            #- echo -e "$SSH_ID_RSA" >> ~/.ssh/id_rsa
            #- chmod 600 ~/.ssh/id_rsa
            #- echo -e "$SSH_ID_RSA_PUB" >> ~/.ssh/id_rsa.pub
            #- chmod 600 ~/.ssh/id_rsa.pub
            #- chmod 700 ~/.ssh
            #- composer selfupdate
            #- export PATH="$(composer config -g home)/vendor/bin:$PATH"
            #- composer global require -n "pantheon-systems/terminus:~3"
            #- terminus --version
            # Install the copy of the Build Tools Plugin cloned by Bitbucket as a plugin
            # in Terminus, so that all build-env commands run the System-Under-Test.
            #- terminus self:plugin:install pantheon-systems/terminus-build-tools-plugin
            #- terminus auth:login -n --machine-token="$TERMINUS_TOKEN"
            #- terminus build-env:list ${TERMINUS_SITE}
            #- composer --verbose install
            # Build and deploy to Pantheon
            #- DDEV_PROJECT=false ./scripts/hobson release:build Pantheon ${BITBUCKET_BRANCH}
            #- cd ./build/release_repo
            #- PANTHEON_BRANCH=$( echo "ci-$(echo ${BITBUCKET_BRANCH} | sed 's/[^0-9]*//g' | cut -c 1-4)${BITBUCKET_BUILD_NUMBER//[[:space:]]}" | cut -c 1-11)
            #- echo ${PANTHEON_BRANCH}
            # Remove older "ci-" multidev environments
            #- MULTIDEV_KEEP=3
            #- MULTIDEV_LIST=$(terminus build-env:list ${TERMINUS_SITE} --format=string --fields=id)
            #- set -- $MULTIDEV_LIST; while [ $# -gt $MULTIDEV_KEEP ]; do terminus multidev:delete ${TERMINUS_SITE}.$1 --delete-branch -y;  shift;  done
            #- terminus env:wake -n "${TERMINUS_SITE}.develop"
            #- SITE_ENV=$(echo "${TERMINUS_SITE}.${PANTHEON_BRANCH}")
            #- echo ${SITE_ENV}
            #- MULTIDEV_SITE=https://${PANTHEON_BRANCH}-${TERMINUS_SITE}.pantheonsite.io
            #- echo visit ${MULTIDEV_SITE}
            # Install new site for each multidev
            # - terminus build-env:create ${TERMINUS_SITE}.develop ${PANTHEON_BRANCH}
            # - terminus connection:set "${SITE_ENV}" git
            # - terminus drush -n "${SITE_ENV}" -- site-install nysenate -y --site-name="${SITE_ENV}" --account-name="${ADMIN_USERNAME}" --account-mail="${ADMIN_EMAIL}" --account-pass="${ADMIN_PASSWORD}" --site-mail="${ADMIN_EMAIL}"
            # Alternately update existing site for each multidev
            #- cd web/themes/custom/nysenate_theme
            #- nvm install
            #- cd ../../../../
            #- DDEV_PROJECT=false ./scripts/hobson release:build Pantheon ${BITBUCKET_BRANCH} --release_branch=${PANTHEON_BRANCH} --no_nvm --theme_build=themes/custom/nysenate_theme --gitignore=themes/custom/nysenate_theme/node_modules
            #- DDEV_PROJECT=false ./scripts/hobson release:deploy Pantheon ${PANTHEON_BRANCH} -y
            #- terminus multidev:create ${TERMINUS_SITE}.develop ${PANTHEON_BRANCH} --no-files
            #- terminus env:wake -n ${SITE_ENV}
            #- terminus connection:set "${SITE_ENV}" git
            #- terminus remote:drush ${SITE_ENV} -- deploy -y
            #- terminus drush -n "${SITE_ENV}" -- status
            #- terminus drush -n "${SITE_ENV}" -- uli
            #- terminus lock:enable ${SITE_ENV} ${LOCK_USERNAME} ${LOCK_PASSWORD}
            # link to multidev posted to Bitbucket
            #- export BUILD_STATUS="{\"key\":\"${PANTHEON_BRANCH}\", \"state\":\"SUCCESSFUL\", \"name\":\"PR Multidev\", \"url\":\"${MULTIDEV_SITE}\"}"
            #- curl -H "Content-Type:application/json" -X POST --user "${BB_AUTH_STRING}" -d "${BUILD_STATUS}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/commit/${BITBUCKET_COMMIT}/statuses/build"
            # - slackcli -h mc-alerts-nysenate -e ":robot_face:" -m "CI multidev for ${BITBUCKET_BRANCH} available. visit ${MULTIDEV_SITE}" > /dev/null
            #- echo visit ${MULTIDEV_SITE}

definitions:
  caches:
    composer-project-vendor: vendor/
    visual-regression-ci-reference: tests/visual-regression/backstop_data/ci_reference
    visual-regression-node-modules: tests/visual-regression/node_modules
  services:
    docker:
      memory: 2048
    mysql:
      image: mysql:8.0
      environment:
        MYSQL_DATABASE: 'drupal'
        MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
        MYSQL_USER: 'drupal'
        MYSQL_PASSWORD: 'drupal'