radityo/ansible-php
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-php.git synced 2026-03-02 09:52:10 +07:00
Code Issues Projects Releases Wiki Activity

⚗️ Modernize and add CI

Browse Source
This commit is contained in:
Emilien Mantel
2025-06-02 12:09:08 +02:00
parent 4aef107c1a
commit b0834f9a1a
49 changed files with 599 additions and 506 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
molecule/_shared/Dockerfile.j2 Normal file
View File

@@ -0,0 +1,19 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
{% if item.env is defined %}
{% for var, value in item.env.items() %}
{% if value %}
ENV {{ var }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
RUN apt-get update && \
apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
&& apt-get clean

42
molecule/_shared/base.yml Normal file
View File

@@ -0,0 +1,42 @@
---
scenario:
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
- idempotence
- verify
- destroy
dependency:
name: galaxy
options:
requirements-file: ./molecule/_shared/requirements.yml
role-file: ./molecule/_shared/requirements.yml
driver:
name: docker
role_name_check: 1
provisioner:
name: ansible
env:
ANSIBLE_FILTER_PLUGINS: "../../filter_plugins"
config_options:
defaults:
deprecation_warnings: false
callback_whitelist: timer,profile_tasks
fact_caching: jsonfile
fact_caching_connection: ./cache
forks: 100
connection:
pipelining: true
playbooks:
converge: ../_shared/converge.yml
prepare: ../_shared/prepare.yml
verify: ../_shared/verify.yml
inventory:
links:
group_vars: ../_shared/group_vars
verifier:
name: ansible

41
molecule/_shared/converge.yml Normal file
View File

@@ -0,0 +1,41 @@
---
- name: Converge # noqa: role-name[path]
hosts: all
gather_facts: true
roles:
- ../../../
handlers:
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
vars:
__nginx_conf: /etc/nginx/nginx.conf
post_tasks:
- name: TEMPLATE | Nginx site config
ansible.builtin.template:
src: "templates/nginx.conf.j2"
dest: "{{ __nginx_conf }}"
mode: 0644
owner: root
group: root
notify: Reload nginx
- name: COMMAND | Fix nginx config
ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
args:
creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: LINEINFILE | Fix nginx config (second step)
ansible.builtin.lineinfile:
regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;"
dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: SERVICE | Ensure Nginx is started
ansible.builtin.service:
name: nginx
state: started

36
molecule/_shared/group_vars/all/main.yml Normal file
View File

@@ -0,0 +1,36 @@
---
vhost: 'test.local'
php_version: null
php_extra_packages:
- '{{ php_package_prefix }}pgsql'
php_install_xdebug: true
php_autoremove_default_pool: true
php_ini_fpm:
display_errors: 'Off'
php_ini_cli:
error_reporting: 'E_ALL'
php_fpm_poold:
- pool_name: 'test_ansible'
listen: '/run/php/php-ansible1.sock'
pm: 'dynamic'
pm_max_children: 250
pm_start_servers: 10
pm_min_spare_servers: 10
pm_max_spare_servers: 20
status_path: '/status'
ping_path: '/ping'
ping_response: 'ok'
- name: 'test_ansible2'
user: 'foo'
php_value:
display_errors: 'Off'
php_admin_value:
memory_limit: '98M'

41
molecule/_shared/prepare.yml Normal file
View File

@@ -0,0 +1,41 @@
---
- name: Prepare
hosts: all
gather_facts: true
tasks:
- name: APT | Install packages
ansible.builtin.apt:
pkg: "{{ p }}"
update_cache: true
cache_valid_time: 3600
vars:
p:
- apt-transport-https
- ca-certificates
- curl
- gpg
- lsb-release
- nginx
- vim
- name: BLOCK | Setup Sury on Debian
when:
- php_version is not none
- php_version != php_default_version
- ansible_distribution == 'Debian'
block:
- name: APT | Install Sury key
ansible.builtin.apt_key:
url: 'https://packages.sury.org/php/apt.gpg'
- name: APT_REPOSITORY | Add Sury repository
ansible.builtin.apt_repository:
repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
- name: USER | Create PHP user
ansible.builtin.user:
name: 'foo'
system: true
create_home: false
shell: '/usr/sbin/nologin'

4
molecule/_shared/requirements.yml Normal file
View File

@@ -0,0 +1,4 @@
---
collections:
- community.general

16
molecule/_shared/templates/custom_template.conf.j2 Normal file
View File

@@ -0,0 +1,16 @@
# {{ ansible_managed }} - custom template
server {
listen 80;
listen 8888 http2;
listen 9999 http2 proxy_protocol;
server_name {{ item.name }};
index index.html index.htm;
root {{ item.root }};
location / {
try_files $uri $uri/ =404;
}
}

45
molecule/_shared/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,45 @@
events {
worker_connections 512;
multi_accept on;
use epoll;
}
user www-data;
worker_processes 1;
pid /run/nginx.pid;
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
server_name {{ vhost }};
root /var/www;
{% if ansible_local.hanxhx_php.fpm_pool.0.status_path is defined %}
location = {{ ansible_local.hanxhx_php.fpm_pool.0.status_path }} {
include fastcgi.conf;
fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
}
{% endif %}
{% if ansible_local.hanxhx_php.fpm_pool.0.ping_path is defined %}
location = {{ ansible_local.hanxhx_php.fpm_pool.0.ping_path }} {
include fastcgi.conf;
fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
}
{% endif %}
location = /ini.php {
include fastcgi.conf;
fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.1.listen }};
}
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
}
}
}

76
molecule/_shared/verify.yml Normal file
View File

@@ -0,0 +1,76 @@
---
- name: Verify
hosts: all
gather_facts: true
vars:
nginx_root: "/srv/www"
tasks:
- name: SHELL | Test php-cli
ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ ansible_local.hanxhx_php.php_version }}' | head -n 1
changed_when: false
register: p
failed_when: p.stdout == ''
args:
executable: /bin/bash
- name: FILE | Create /var/www
ansible.builtin.file:
dest: /var/www
state: directory
owner: root
group: root
mode: 0755
- name: COPY | Add phpinfo
ansible.builtin.copy:
dest: /var/www/phpinfo.php
content: '<?php phpinfo();'
owner: root
group: root
mode: 0644
- name: COPY | Add ini test file
ansible.builtin.copy:
dest: /var/www/ini.php
content: '<?php echo ini_get("memory_limit") . "\n";'
owner: root
group: root
mode: 0644
- name: SHELL | Check vhost
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ ansible_local.hanxhx_php.php_version }}' | sed -r 's/<//g'"
args:
executable: /bin/bash
changed_when: false
register: c
failed_when: c.stdout == ''
- name: SHELL | Check custom php value # noqa: command-instead-of-module
ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
changed_when: false
register: c
failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
- name: URI | Check ping
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
when: php_fpm_poold.0.ping_path is defined
- name: URI | Check status
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.status_path }}"
when: php_fpm_poold.0.status_path is defined
- name: SHELL | Check if we installed multiple PHP versions
ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
args:
executable: /bin/bash
failed_when: false
changed_when: false
register: check_multiple_php
- name: FAIL | If we have multiple PHP version
ansible.builtin.fail:
msg: "Multiple PHP versions detected"
when: check_multiple_php.stdout != '1'

13
molecule/debian-11/molecule.yml Normal file
View File

@@ -0,0 +1,13 @@
---
platforms:
- name: debian-11
image: dokken/debian-11
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/debian-12/molecule.yml Normal file
View File

@@ -0,0 +1,13 @@
---
platforms:
- name: debian-12
image: dokken/debian-12
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/debian-13/molecule.yml Normal file
View File

@@ -0,0 +1,13 @@
---
platforms:
- name: debian-12
image: dokken/debian-13
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

0
molecule/default/.gitkeep Normal file
View File

13
molecule/ubuntu-20.04/molecule.yml Normal file
View File

@@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-20.04
image: dokken/ubuntu-20.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/ubuntu-22.04/molecule.yml Normal file
View File

@@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-22.04
image: dokken/ubuntu-22.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/ubuntu-24.04/molecule.yml Normal file
View File

@@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-24.04
image: dokken/ubuntu-24.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true