Byte-level care

[!NOTE] Currently there are 14 GitHub Actions workflows in this repository.

How to live with zero problems through Total Control.

Analyze service providers before you choose one
Monitor your service providers
Collaborate closely with your service providers
Know every piece of software on your server and its author;
uninstall anything that is not needed
Monitor every process on your server with functional tests, not just pings
Run QA tools on every byte of your git repositories
Know your dependencies (packages) and their authors
Deploy 100% automatically
Run production environments without human intervention
Be conservative with software versions when upgrading

Support my work

Please consider supporting my work if you benefit from this knowledge.

Thank you!

How to design and implement continuous integration.

You find a complete CI workflow in this repository.

Run in a premade container or install OS packages
Display environment information
Set access credentials
Version control
- Git committer
- Commit message
- PR title
Cache OS and programming language library packages
Check programming language and framework version compatibility
Check package management configuration (validate & normalize)
Check outdated packages and known security vulnerabilities
Build code
Configure application
0️⃣ Byte-level
- Check execute file mode bit
- Look for non-ASCII characters
  (non-English alphabets, whitespace characters, control characters)
1️⃣ Syntax errors
- Check source code for syntax errors
- Check template files for syntax errors
2️⃣ Run unit and functional tests
3️⃣ Static Analysis
- Run static analysis: PHPStan
- Magic Number Detector
- Copy-Paste Detector
4️⃣ Coding Standards
- Check coding style
- Adhere to EditorConfig
Measure code coverage
Check route methods (controllers of routes)
Check list of distributed files
Check spelling: Typos
Custom checks and warnings
Display logs in CI output or upload logs as artifacts
Start CD by SSH-ing to own server
(restrict,command in authorized_keys and DenyUsers in sshd.conf)
Wipe sensitive data

How to design and implement continuous delivery.

Possible constrains:
- successful tests
- do not run on PR-s
- our repo
- specific branch
- tag in commit message [deploy:prod]
- deploy head commit only
- optional manual start (GitLab manual actions)
Do not run as root user
Keep deploy configuration in a file
Log every output to a file, log start and finish to syslog
Limit execution time of time-consuming steps (timeout)
Optionally back up project files before starting to deploy
Create a bot user on the server for git access with SSH key (@companybot)
List changes in current project files
Check for maintenance mode,
Turn on maintenance mode php artisan down
covering static resource, page, AJAX and API requests
Clear caches (configuration, routes, application, template etc.)
Wait for to finish and disable cron jobs and background workers
after clearing caches (email piped to a program)
Identify git repository and branch
Checkout by commit hash (not by branch HEAD)
At least lint the source code
Don't deploy testing packages
Enable production optimizations in package manager
Build code
Run database migrations
Turn off maintenance mode
Populate caches (application, OPcache, wp rewrite flush)
Run at least 1 basic functional or unit test (e.g. log in or display dashboard)
Check HTML output
Special sudo configuration for reloading PHP-FPM or Cachetool
Alert on failure
"Was down for X seconds"
Send email, Slack, Trello or Google Hangouts notification