|
| 1 | +name: PHP SDK development tests |
| 2 | +on: |
| 3 | + workflow_dispatch: |
| 4 | + inputs: |
| 5 | + php_common_json: |
| 6 | + type: string |
| 7 | + description: The PHP common json to use |
| 8 | + required: true |
| 9 | + default: '["main","crowdsecurity/php-common"]' |
| 10 | + lapi_client_json: |
| 11 | + type: string |
| 12 | + description: The LAPI client json to use |
| 13 | + required: true |
| 14 | + default: '["main","crowdsecurity/php-lapi-client"]' |
| 15 | + remediation_engine_json: |
| 16 | + type: string |
| 17 | + description: The Remediation Engine json to use |
| 18 | + required: true |
| 19 | + default: '["main", "crowdsecurity/php-remediation-engine"]' |
| 20 | + |
| 21 | + workflow_call: |
| 22 | + # For workflow_call, we don't allow passing a repository as input |
| 23 | + inputs: |
| 24 | + is_call: |
| 25 | + type: boolean |
| 26 | + description: "Flag to indicate if the workflow is called" |
| 27 | + # @see https://github.com/actions/runner/discussions/1884 |
| 28 | + required: false |
| 29 | + default: true |
| 30 | + php_common_json: |
| 31 | + type: string |
| 32 | + description: The PHP common json to use |
| 33 | + required: true |
| 34 | + default: '["main"]' |
| 35 | + lapi_client_json: |
| 36 | + type: string |
| 37 | + description: The LAPI client json to use |
| 38 | + required: true |
| 39 | + default: '["main"]' |
| 40 | + remediation_engine_json: |
| 41 | + type: string |
| 42 | + description: The Remediation Engine json to use |
| 43 | + required: true |
| 44 | + default: '["main"]' |
| 45 | + |
| 46 | +permissions: |
| 47 | + contents: read |
| 48 | + |
| 49 | +env: |
| 50 | + # Allow ddev get to use a GitHub token to prevent rate limiting by tests |
| 51 | + DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 52 | + BOUNCER_LIP_REPO: crowdsecurity/php-cs-bouncer |
| 53 | + PHP_COMMON_JSON: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.php_common_json || inputs.php_common_json }} |
| 54 | + LAPI_CLIENT_JSON: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.lapi_client_json || inputs.lapi_client_json }} |
| 55 | + REMEDIATION_ENGINE_JSON: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.remediation_engine_json || inputs.remediation_engine_json }} |
| 56 | + |
| 57 | +jobs: |
| 58 | + test-suite: |
| 59 | + strategy: |
| 60 | + fail-fast: false |
| 61 | + matrix: |
| 62 | + php-version: ["7.2", "7.3", "7.4", "8.0", "8.1", "8.2", "8.3"] |
| 63 | + |
| 64 | + name: Test suite |
| 65 | + runs-on: ubuntu-20.04 |
| 66 | + if: ${{ !contains(github.event.head_commit.message, 'chore(') }} |
| 67 | + env: |
| 68 | + EXTENSION_PATH: "my-code/crowdsec-bouncer-lib" |
| 69 | + DDEV_PROJECT: "crowdsec-bouncer-lib" |
| 70 | + JP_TEST_IP: "210.249.74.42" |
| 71 | + IPV6_TEST_IP: "2001:0db8:0000:85a3:0000:0000:ac1f:8001" |
| 72 | + IPV6_TEST_PROXY_IP: "2345:0425:2CA1:0000:0000:0567:5673:23b5" |
| 73 | + |
| 74 | + steps: |
| 75 | + - name: Set PHP common variables |
| 76 | + id: set-common-data |
| 77 | + run: | |
| 78 | + echo "major_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/crowdsecurity/php-common/releases/latest | grep -oP "\/tag\/v\K(.*)$" | cut -d. -f1)" >> $GITHUB_OUTPUT |
| 79 | + echo "branch=${{ fromJson(env.PHP_COMMON_JSON)[0] }}" >> $GITHUB_OUTPUT |
| 80 | + if [ "${{ inputs.is_call }}" = "true" ]; then |
| 81 | + echo "repo=crowdsecurity/php-common" >> $GITHUB_OUTPUT |
| 82 | + else |
| 83 | + echo "repo=${{ fromJson(env.PHP_COMMON_JSON)[1] }}" >> $GITHUB_OUTPUT |
| 84 | + fi |
| 85 | +
|
| 86 | + - name: Set LAPI client variables |
| 87 | + id: set-lapi-client-data |
| 88 | + run: | |
| 89 | + echo "major_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/crowdsecurity/php-lapi-client/releases/latest | grep -oP "\/tag\/v\K(.*)$" | cut -d. -f1)" >> $GITHUB_OUTPUT |
| 90 | + echo "branch=${{ fromJson(env.LAPI_CLIENT_JSON)[0] }}" >> $GITHUB_OUTPUT |
| 91 | + if [ "${{ inputs.is_call }}" = "true" ]; then |
| 92 | + echo "repo=crowdsecurity/php-lapi-client" >> $GITHUB_OUTPUT |
| 93 | + else |
| 94 | + echo "repo=${{ fromJson(env.LAPI_CLIENT_JSON)[1] }}" >> $GITHUB_OUTPUT |
| 95 | + fi |
| 96 | +
|
| 97 | + - name: Set Remediation engine variables |
| 98 | + id: set-remediation-engine-data |
| 99 | + run: | |
| 100 | + echo "major_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/crowdsecurity/php-remediation-engine/releases/latest | grep -oP "\/tag\/v\K(.*)$" | cut -d. -f1)" >> $GITHUB_OUTPUT |
| 101 | + echo "branch=${{ fromJson(env.REMEDIATION_ENGINE_JSON)[0] }}" >> $GITHUB_OUTPUT |
| 102 | + if [ "${{ inputs.is_call }}" = "true" ]; then |
| 103 | + echo "repo=crowdsecurity/php-remediation-engine" >> $GITHUB_OUTPUT |
| 104 | + else |
| 105 | + echo "repo=${{ fromJson(env.REMEDIATION_ENGINE_JSON)[1] }}" >> $GITHUB_OUTPUT |
| 106 | + fi |
| 107 | +
|
| 108 | + - name: Install DDEV |
| 109 | + # @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures |
| 110 | + run: | |
| 111 | + curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null |
| 112 | + echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list |
| 113 | + sudo apt-get -q update |
| 114 | + sudo apt-get -q -y install libnss3-tools ddev |
| 115 | + mkcert -install |
| 116 | + ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent |
| 117 | +
|
| 118 | + - name: Create empty PHP DDEV project |
| 119 | + run: ddev config --project-type=php --project-name=${{env.DDEV_PROJECT}} --php-version=${{ matrix.php-version }} |
| 120 | + |
| 121 | + - name: Add Redis, Memcached and Crowdsec |
| 122 | + run: | |
| 123 | + ddev add-on get ddev/ddev-redis |
| 124 | + ddev add-on get ddev/ddev-memcached |
| 125 | + # override redis.conf |
| 126 | + ddev add-on get julienloizelet/ddev-tools |
| 127 | + ddev add-on get julienloizelet/ddev-crowdsec-php |
| 128 | +
|
| 129 | + - name: Start DDEV |
| 130 | + uses: nick-fields/retry@v3 |
| 131 | + with: |
| 132 | + timeout_minutes: 5 |
| 133 | + max_attempts: 3 |
| 134 | + shell: bash |
| 135 | + command: ddev start |
| 136 | + |
| 137 | + - name: Set BOUNCER_KEY and PROXY_IP env |
| 138 | + run: | |
| 139 | + echo "BOUNCER_KEY=$(ddev create-bouncer)" >> $GITHUB_ENV |
| 140 | + echo "PROXY_IP=$(ddev find-ip ddev-router)" >> $GITHUB_ENV |
| 141 | +
|
| 142 | + - name: Some DEBUG information |
| 143 | + run: | |
| 144 | + ddev --version |
| 145 | + ddev exec php -v |
| 146 | + ddev exec -s crowdsec crowdsec -version |
| 147 | + ddev php -r "echo phpversion('memcached');" |
| 148 | +
|
| 149 | + - name: Clone bouncer lib files |
| 150 | + if: inputs.is_call != true |
| 151 | + uses: actions/checkout@v4 |
| 152 | + with: |
| 153 | + path: ${{env.EXTENSION_PATH}} |
| 154 | + |
| 155 | + - name: Clone bouncer lib files |
| 156 | + if: inputs.is_call == true |
| 157 | + uses: actions/checkout@v4 |
| 158 | + with: |
| 159 | + repository: ${{ env.BOUNCER_LIB_REPO }} |
| 160 | + path: ${{env.EXTENSION_PATH}} |
| 161 | + ref: "main" |
| 162 | + |
| 163 | + - name: Clone PHP common files |
| 164 | + uses: actions/checkout@v4 |
| 165 | + with: |
| 166 | + repository: ${{ steps.set-common-data.outputs.repo}} |
| 167 | + ref: ${{ steps.set-common-data.outputs.branch }} |
| 168 | + path: my-code/php-common |
| 169 | + |
| 170 | + - name: Clone PHP LAPI client |
| 171 | + uses: actions/checkout@v4 |
| 172 | + with: |
| 173 | + repository: ${{ steps.set-lapi-client-data.outputs.repo }} |
| 174 | + ref: ${{ steps.set-lapi-client-data.outputs.branch }} |
| 175 | + path: my-code/php-lapi-client |
| 176 | + |
| 177 | + - name: Clone PHP remediation engine |
| 178 | + uses: actions/checkout@v4 |
| 179 | + with: |
| 180 | + repository: ${{ steps.set-remediation-engine-data.outputs.repo }} |
| 181 | + ref: ${{ steps.set-remediation-engine-data.outputs.branch }} |
| 182 | + path: my-code/php-remediation-engine |
| 183 | + |
| 184 | + - name: Add local repositories to composer |
| 185 | + run: | |
| 186 | + ddev exec --raw composer config repositories.0 '{"type": "path", "url": "../php-common", "options": {"symlink": true}}' --working-dir ./${{ env.EXTENSION_PATH }} |
| 187 | + ddev exec --raw composer config repositories.1 '{"type": "path", "url": "../php-lapi-client", "options": {"symlink": true}}' --working-dir ./${{ env.EXTENSION_PATH }} |
| 188 | + ddev exec --raw composer config repositories.2 '{"type": "path", "url": "../php-remediation-engine", "options": {"symlink": true}}' --working-dir ./${{ env.EXTENSION_PATH }} |
| 189 | +
|
| 190 | + - name: Modify dependencies to use development aliases |
| 191 | + run: | |
| 192 | + composer require crowdsec/common:"dev-${{ steps.set-common-data.outputs.branch }} as ${{ steps.set-common-data.outputs.major_tag }}.999.0" --no-update --working-dir ./${{env.EXTENSION_PATH}} |
| 193 | + composer require crowdsec/lapi-client:"dev-${{ steps.set-lapi-client-data.outputs.branch }} as ${{ steps.set-lapi-client-data.outputs.major_tag }}.999.0" --no-update --working-dir ./${{env.EXTENSION_PATH}} |
| 194 | + composer require crowdsec/remediation-engine:"dev-${{ steps.set-remediation-engine-data.outputs.branch }} as ${{ steps.set-remediation-engine-data.outputs.major_tag }}.999.0" --no-update --working-dir ./${{env.EXTENSION_PATH}} |
| 195 | +
|
| 196 | + cat ./${{env.EXTENSION_PATH}}/composer.json |
| 197 | +
|
| 198 | + - name: Validate composer.json |
| 199 | + run: ddev composer validate --strict --working-dir ./${{env.EXTENSION_PATH}} |
| 200 | + |
| 201 | + - name: Install CrowdSec lib dependencies |
| 202 | + run: | |
| 203 | + ddev composer update --working-dir ./${{env.EXTENSION_PATH}} |
| 204 | +
|
| 205 | + - name: Check installed packages versions |
| 206 | + run: | |
| 207 | +
|
| 208 | + PHP_COMMON_VERSION=$(ddev composer show crowdsec/common --working-dir ./${{env.EXTENSION_PATH}} | grep -oP "versions : \* \K(.*)") |
| 209 | + if [[ $PHP_COMMON_VERSION == "dev-${{ steps.set-common-data.outputs.branch }}" ]] |
| 210 | + then |
| 211 | + echo "PHP_COMMON_VERSION COMPARISON OK" |
| 212 | + else |
| 213 | + echo "PHP_COMMON_VERSION COMPARISON KO" |
| 214 | + echo $PHP_COMMON_VERSION |
| 215 | + exit 1 |
| 216 | + fi |
| 217 | + LAPI_CLIENT_VERSION=$(ddev composer show crowdsec/lapi-client --working-dir ./${{env.EXTENSION_PATH}} | grep -oP "versions : \* \K(.*)") |
| 218 | + if [[ $LAPI_CLIENT_VERSION == "dev-${{ steps.set-lapi-client-data.outputs.branch }}" ]] |
| 219 | + then |
| 220 | + echo "LAPI_CLIENT_VERSION COMPARISON OK" |
| 221 | + else |
| 222 | + echo "LAPI_CLIENT_VERSION COMPARISON KO" |
| 223 | + echo $LAPI_CLIENT_VERSION |
| 224 | + exit 1 |
| 225 | + fi |
| 226 | + REMEDIATION_ENGINE_VERSION=$(ddev composer show crowdsec/remediation-engine --working-dir ./${{env.EXTENSION_PATH}} | grep -oP "versions : \* \K(.*)") |
| 227 | + if [[ $REMEDIATION_ENGINE_VERSION == "dev-${{ steps.set-remediation-engine-data.outputs.branch }}" ]] |
| 228 | + then |
| 229 | + echo "REMEDIATION_ENGINE_VERSION COMPARISON OK" |
| 230 | + else |
| 231 | + echo "REMEDIATION_ENGINE_VERSION COMPARISON KO" |
| 232 | + echo $REMEDIATION_ENGINE_VERSION |
| 233 | + exit 1 |
| 234 | + fi |
| 235 | +
|
| 236 | + - name: Set excluded groups |
| 237 | + id: set-excluded-groups |
| 238 | + if: contains(fromJson('["7.2","7.3"]'),matrix.php-version) |
| 239 | + run: echo "exclude_group=$(echo --exclude-group up-to-php74 )" >> $GITHUB_OUTPUT |
| 240 | + |
| 241 | + - name: Run "Unit Tests" |
| 242 | + run: | |
| 243 | + ddev exec /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox ${{ steps.set-excluded-groups.outputs.exclude_group }} ./${{env.EXTENSION_PATH}}/tests/Unit |
| 244 | +
|
| 245 | + - name: Prepare PHP Integration tests |
| 246 | + run: | |
| 247 | + mkdir ${{ github.workspace }}/cfssl |
| 248 | + cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* ${{ github.workspace }}/cfssl |
| 249 | + ddev maxmind-download DEFAULT GeoLite2-City /var/www/html/${{env.EXTENSION_PATH}}/tests |
| 250 | + ddev maxmind-download DEFAULT GeoLite2-Country /var/www/html/${{env.EXTENSION_PATH}}/tests |
| 251 | + cd ${{env.EXTENSION_PATH}}/tests |
| 252 | + sha256sum -c GeoLite2-Country.tar.gz.sha256.txt |
| 253 | + sha256sum -c GeoLite2-City.tar.gz.sha256.txt |
| 254 | + tar -xf GeoLite2-Country.tar.gz |
| 255 | + tar -xf GeoLite2-City.tar.gz |
| 256 | + rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt |
| 257 | +
|
| 258 | + - name: Run "IP verification" test |
| 259 | + run: | |
| 260 | + ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration/AbstractBouncerTest.php |
| 261 | +
|
| 262 | + - name: Run "IP verification with TLS" test |
| 263 | + run: | |
| 264 | + ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl BOUNCER_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration/AbstractBouncerTest.php |
| 265 | +
|
| 266 | + - name: Run "Geolocation with cURL" test |
| 267 | + run: | |
| 268 | + ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration/GeolocationTest.php |
0 commit comments