From 69b573b628da7ef44b1a4d1d5fcfe46f6bd97c90 Mon Sep 17 00:00:00 2001
From: Waldo Jaquith <waldo@jaquith.org>
Date: Mon, 25 Dec 2023 21:48:44 -0500
Subject: [PATCH] Move from Travis to GitHub Actions

Here's a first crack at the build and deploy scripts.
---
 .github/dependabot.yml       | 71 ++++++++++++++++++++++++++++++++++++
 .github/workflows/deploy.yml | 71 ++++++++++++++++++++++++++++++++++++
 .travis.yml                  | 61 -------------------------------
 3 files changed, 142 insertions(+), 61 deletions(-)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/deploy.yml
 delete mode 100644 .travis.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..5b09b78
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,71 @@
+version: 2
+updates:
+- package-ecosystem: composer
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "10:00"
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: aws/aws-sdk-php
+    versions:
+    - 3.172.2
+    - 3.172.3
+    - 3.172.4
+    - 3.173.0
+    - 3.173.10
+    - 3.173.11
+    - 3.173.12
+    - 3.173.13
+    - 3.173.14
+    - 3.173.15
+    - 3.173.16
+    - 3.173.17
+    - 3.173.18
+    - 3.173.19
+    - 3.173.2
+    - 3.173.20
+    - 3.173.21
+    - 3.173.22
+    - 3.173.23
+    - 3.173.24
+    - 3.173.25
+    - 3.173.26
+    - 3.173.27
+    - 3.173.28
+    - 3.173.3
+    - 3.173.4
+    - 3.173.5
+    - 3.173.6
+    - 3.173.7
+    - 3.173.8
+    - 3.173.9
+    - 3.174.0
+    - 3.174.1
+    - 3.174.2
+    - 3.174.3
+    - 3.175.0
+    - 3.175.2
+    - 3.175.3
+    - 3.176.1
+    - 3.176.2
+    - 3.176.3
+    - 3.176.4
+    - 3.176.6
+    - 3.176.7
+    - 3.176.8
+    - 3.176.9
+    - 3.177.0
+    - 3.178.0
+    - 3.178.1
+    - 3.178.2
+    - 3.178.3
+    - 3.178.4
+    - 3.178.5
+    - 3.178.6
+    - 3.178.7
+    - 3.178.8
+    - 3.178.9
+  - dependency-name: phpmailer/phpmailer
+    versions:
+    - 6.3.0
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..6d9a005
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,71 @@
+name: Deploy Process
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: Firenza/secrets-to-env@v1.1.0
+        with:
+          secrets: ${{ toJSON(secrets) }}
+      - name: Specify PHP version
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '5.6'
+      - name: Make branch name available as Bash variable
+        run: echo "GITHUB_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+      - run: >-
+          sudo apt-get update && 
+          sudo apt-get install -y awscli php5.6-cli php5.6-curl php5.6-memcached php5.6-mysql yarn zip
+      - uses: actions/checkout@v2
+      - run: sudo apt-get update -qq
+      - run: git clone -b deploy https://github.com/openva/richmondsunlight.com.git
+      - run: cd richmondsunlight.com && composer install && cd ..
+      - run: mkdir includes/
+      - run: cp richmondsunlight.com/htdocs/includes/*.php includes/
+      - run: rm -Rf richmondsunlight.com
+      - run: composer install
+      - run: cd htdocs/js/vendor; yarn build
+      - run: cd ../../..
+      - run: find htdocs/*.php -print0 |xargs -0 -n1 -P8 php5.6 -l
+      - run: cd deploy/tests/ && php bills.php && php committee_members.php && php legislators.php && cd ../..
+      - run: >-
+          ./deploy/config_variables.sh && ./deploy/aws_credentials.sh
+          && ./deploy/sftp_credentials.sh && zip -qr rs-machine . --exclude
+          *.git* *.scannerwork* && mkdir -p upload && mv latest.zip
+          upload/latest.zip
+      - name: Save secret-populated code for a subsequent deploy step
+        uses: actions/upload-artifact@v2
+        with:
+          name: codebase
+          path: .
+    outputs:
+      github_branch: ${{ steps.get_branch.outputs.github_branch }}
+
+  deploy:
+    runs-on: ubuntu-20.04
+    needs: build # Don't deploy unless the build succeeds
+    steps:
+      - name: Get the secret-populated code
+        uses: actions/download-artifact@v2
+        with:
+          name: codebase
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: us-east-1
+      - name: Staging CodeDeploy Deployment
+        if: ${{ needs.build.outputs.github_branch == 'master' }}
+        run: |
+          aws deploy create-deployment \
+            --application-name RS-Machine \
+            --deployment-group-name RS-Machine-Fleet \
+            --deployment-config-name CodeDeployDefault.OneAtATime \
+            --github-location repository=${{ github.repository }},commitId=${{ github.sha }}
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 52d74a9..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-dist: xenial
-language: php
-php:
-- '5.6'
-notifications:
-  slack:
-    secure: yLlrDX7C9oF4ESAz86fslJfTusDY7PjQmcdNpVBkMq5Y1+/cOcJQO2kg2do/1Ka6zibo/yBIAC/+egobC9/J6381H4bSkNQfwTYD2e9Z4OhMQ5DvL+SEl3OiQ/usWoNmI7QagbyUE6kQt+61D3xZ70b9XfS19a4Qoku/EzrQHOM7flwqrQQ2iD4OjVxHtS7K76Pr/fmxu1HuLEZBqnENCV4hauCVnVoUNMEsK351+eDo9QXmedS9gyDmdmvUliGw7GaLB79uTsFvDm5YQ2Jqsv4pWAE2inMAy2XMFktop6dWXALOhjAEHhZY/O6DcNKp0Qbhx5HDCBTs9XX7anUWzoaUkgZA84iLAENlA529HvOBodPrOLTI7OfO/7MEX5P9Dg2yorTQGAgFkV5R8TKbNxuf17441wpOE8Q7MwbpXPgGmd8PmLGGinBicZvmJ/sze5vJwcbwwp238OseCcLYiuIBPgrCVsT8jizniQ6IvGoDigrD86uvVe+Bu8E6FhwORhvmXMiu64IfdlVFwLOvQK67aq4kdjMdEg3wbyM23k3aY8CPeSAfOkcJdiJsoivxIw4nlz7q0HUAvR7HD+hJCjwXpyPx7m4b6o3lj/3G7iQ9aCLMmsGOSf8YlChMSa/Zg5jxuTcBdU8IIlfZY+lihKj7tyWZFfKdw8qKwLmbDyo=
-addons:
-  apt:
-    sources:
-      - sourceline: 'ppa:ondrej/php'
-    packages:
-      - php5.6-cli
-      - php5.6-mysql
-      - php5.6-curl
-      - php5.6-memcached
-      - zip
-      - ruby
-      - awscli
-  sonarcloud:
-    organization: "openva"
-before_install:
-# Get includes from the website's repo, per https://github.com/openva/rs-machine/issues/13
-- git clone -b deploy https://github.com/openva/richmondsunlight.com.git
-- cd richmondsunlight.com && composer install && cd ..
-- mkdir includes/
-- cp richmondsunlight.com/htdocs/includes/*.php includes/
-- rm -Rf richmondsunlight.com
-install:
-- composer install
-script:
-- cd deploy/tests/ && php bills.php && php committee_members.php && cd ../..
-- ./deploy/config_variables.sh
-  && sonar-scanner
-  && ./deploy/aws_credentials.sh
-  && ./deploy/sftp_credentials.sh
-  && zip -qr latest *
-  && mkdir -p upload
-  && mv latest.zip upload/latest.zip
-deploy:
-- provider: s3
-  access_key_id: $TRAVIS_AWS_ACCESS_KEY
-  secret_access_key: $TRAVIS_AWS_SECRET_KEY
-  local_dir: upload
-  skip_cleanup: true
-  on:
-    branch: master
-  bucket: deploy.machine.richmondsunlight.com
-  region: us-east-1
-- provider: codedeploy
-  access_key_id: $TRAVIS_AWS_ACCESS_KEY
-  secret_access_key: $TRAVIS_AWS_SECRET_KEY
-  bucket: deploy.machine.richmondsunlight.com
-  key: latest.zip
-  bundle_type: zip
-  application: RS-Machine
-  deployment_group: RS-Machine-Fleet
-  region: us-east-1
-  on:
-    branch: master
-  wait-until-deployed: true