Skip to content

Commit e9d3c13

Browse files
ci(sdk dev): Add sdk development workflow
1 parent b445eb4 commit e9d3c13

File tree

2 files changed

+274
-81
lines changed

2 files changed

+274
-81
lines changed
Lines changed: 268 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,268 @@
1+
name: PHP SDK development tests
2+
on:
3+
workflow_dispatch:
4+
inputs:
5+
php_common_json:
6+
type: string
7+
description: The PHP common json to use
8+
required: true
9+
default: '["main","crowdsecurity/php-common"]'
10+
lapi_client_json:
11+
type: string
12+
description: The LAPI client json to use
13+
required: true
14+
default: '["main","crowdsecurity/php-lapi-client"]'
15+
remediation_engine_json:
16+
type: string
17+
description: The Remediation Engine json to use
18+
required: true
19+
default: '["main", "crowdsecurity/php-remediation-engine"]'
20+
21+
workflow_call:
22+
# For workflow_call, we don't allow passing a repository as input
23+
inputs:
24+
is_call:
25+
type: boolean
26+
description: "Flag to indicate if the workflow is called"
27+
# @see https://github.com/actions/runner/discussions/1884
28+
required: false
29+
default: true
30+
php_common_json:
31+
type: string
32+
description: The PHP common json to use
33+
required: true
34+
default: '["main"]'
35+
lapi_client_json:
36+
type: string
37+
description: The LAPI client json to use
38+
required: true
39+
default: '["main"]'
40+
remediation_engine_json:
41+
type: string
42+
description: The Remediation Engine json to use
43+
required: true
44+
default: '["main"]'
45+
46+
permissions:
47+
contents: read
48+
49+
env:
50+
# Allow ddev get to use a GitHub token to prevent rate limiting by tests
51+
DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
52+
BOUNCER_LIP_REPO: crowdsecurity/php-cs-bouncer
53+
PHP_COMMON_JSON: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.php_common_json || inputs.php_common_json }}
54+
LAPI_CLIENT_JSON: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.lapi_client_json || inputs.lapi_client_json }}
55+
REMEDIATION_ENGINE_JSON: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.remediation_engine_json || inputs.remediation_engine_json }}
56+
57+
jobs:
58+
test-suite:
59+
strategy:
60+
fail-fast: false
61+
matrix:
62+
php-version: ["7.2", "7.3", "7.4", "8.0", "8.1", "8.2", "8.3"]
63+
64+
name: Test suite
65+
runs-on: ubuntu-20.04
66+
if: ${{ !contains(github.event.head_commit.message, 'chore(') }}
67+
env:
68+
EXTENSION_PATH: "my-code/crowdsec-bouncer-lib"
69+
DDEV_PROJECT: "crowdsec-bouncer-lib"
70+
JP_TEST_IP: "210.249.74.42"
71+
IPV6_TEST_IP: "2001:0db8:0000:85a3:0000:0000:ac1f:8001"
72+
IPV6_TEST_PROXY_IP: "2345:0425:2CA1:0000:0000:0567:5673:23b5"
73+
74+
steps:
75+
- name: Set PHP common variables
76+
id: set-common-data
77+
run: |
78+
echo "major_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/crowdsecurity/php-common/releases/latest | grep -oP "\/tag\/v\K(.*)$" | cut -d. -f1)" >> $GITHUB_OUTPUT
79+
echo "branch=${{ fromJson(env.PHP_COMMON_JSON)[0] }}" >> $GITHUB_OUTPUT
80+
if [ "${{ inputs.is_call }}" = "true" ]; then
81+
echo "repo=crowdsecurity/php-common" >> $GITHUB_OUTPUT
82+
else
83+
echo "repo=${{ fromJson(env.PHP_COMMON_JSON)[1] }}" >> $GITHUB_OUTPUT
84+
fi
85+
86+
- name: Set LAPI client variables
87+
id: set-lapi-client-data
88+
run: |
89+
echo "major_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/crowdsecurity/php-lapi-client/releases/latest | grep -oP "\/tag\/v\K(.*)$" | cut -d. -f1)" >> $GITHUB_OUTPUT
90+
echo "branch=${{ fromJson(env.LAPI_CLIENT_JSON)[0] }}" >> $GITHUB_OUTPUT
91+
if [ "${{ inputs.is_call }}" = "true" ]; then
92+
echo "repo=crowdsecurity/php-lapi-client" >> $GITHUB_OUTPUT
93+
else
94+
echo "repo=${{ fromJson(env.LAPI_CLIENT_JSON)[1] }}" >> $GITHUB_OUTPUT
95+
fi
96+
97+
- name: Set Remediation engine variables
98+
id: set-remediation-engine-data
99+
run: |
100+
echo "major_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/crowdsecurity/php-remediation-engine/releases/latest | grep -oP "\/tag\/v\K(.*)$" | cut -d. -f1)" >> $GITHUB_OUTPUT
101+
echo "branch=${{ fromJson(env.REMEDIATION_ENGINE_JSON)[0] }}" >> $GITHUB_OUTPUT
102+
if [ "${{ inputs.is_call }}" = "true" ]; then
103+
echo "repo=crowdsecurity/php-remediation-engine" >> $GITHUB_OUTPUT
104+
else
105+
echo "repo=${{ fromJson(env.REMEDIATION_ENGINE_JSON)[1] }}" >> $GITHUB_OUTPUT
106+
fi
107+
108+
- name: Install DDEV
109+
# @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
110+
run: |
111+
curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null
112+
echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
113+
sudo apt-get -q update
114+
sudo apt-get -q -y install libnss3-tools ddev
115+
mkcert -install
116+
ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent
117+
118+
- name: Create empty PHP DDEV project
119+
run: ddev config --project-type=php --project-name=${{env.DDEV_PROJECT}} --php-version=${{ matrix.php-version }}
120+
121+
- name: Add Redis, Memcached and Crowdsec
122+
run: |
123+
ddev add-on get ddev/ddev-redis
124+
ddev add-on get ddev/ddev-memcached
125+
# override redis.conf
126+
ddev add-on get julienloizelet/ddev-tools
127+
ddev add-on get julienloizelet/ddev-crowdsec-php
128+
129+
- name: Start DDEV
130+
uses: nick-fields/retry@v3
131+
with:
132+
timeout_minutes: 5
133+
max_attempts: 3
134+
shell: bash
135+
command: ddev start
136+
137+
- name: Set BOUNCER_KEY and PROXY_IP env
138+
run: |
139+
echo "BOUNCER_KEY=$(ddev create-bouncer)" >> $GITHUB_ENV
140+
echo "PROXY_IP=$(ddev find-ip ddev-router)" >> $GITHUB_ENV
141+
142+
- name: Some DEBUG information
143+
run: |
144+
ddev --version
145+
ddev exec php -v
146+
ddev exec -s crowdsec crowdsec -version
147+
ddev php -r "echo phpversion('memcached');"
148+
149+
- name: Clone bouncer lib files
150+
if: inputs.is_call != true
151+
uses: actions/checkout@v4
152+
with:
153+
path: ${{env.EXTENSION_PATH}}
154+
155+
- name: Clone bouncer lib files
156+
if: inputs.is_call == true
157+
uses: actions/checkout@v4
158+
with:
159+
repository: ${{ env.BOUNCER_LIB_REPO }}
160+
path: ${{env.EXTENSION_PATH}}
161+
ref: "main"
162+
163+
- name: Clone PHP common files
164+
uses: actions/checkout@v4
165+
with:
166+
repository: ${{ steps.set-common-data.outputs.repo}}
167+
ref: ${{ steps.set-common-data.outputs.branch }}
168+
path: my-code/php-common
169+
170+
- name: Clone PHP LAPI client
171+
uses: actions/checkout@v4
172+
with:
173+
repository: ${{ steps.set-lapi-client-data.outputs.repo }}
174+
ref: ${{ steps.set-lapi-client-data.outputs.branch }}
175+
path: my-code/php-lapi-client
176+
177+
- name: Clone PHP remediation engine
178+
uses: actions/checkout@v4
179+
with:
180+
repository: ${{ steps.set-remediation-engine-data.outputs.repo }}
181+
ref: ${{ steps.set-remediation-engine-data.outputs.branch }}
182+
path: my-code/php-remediation-engine
183+
184+
- name: Add local repositories to composer
185+
run: |
186+
ddev exec --raw composer config repositories.0 '{"type": "path", "url": "../php-common", "options": {"symlink": true}}' --working-dir ./${{ env.EXTENSION_PATH }}
187+
ddev exec --raw composer config repositories.1 '{"type": "path", "url": "../php-lapi-client", "options": {"symlink": true}}' --working-dir ./${{ env.EXTENSION_PATH }}
188+
ddev exec --raw composer config repositories.2 '{"type": "path", "url": "../php-remediation-engine", "options": {"symlink": true}}' --working-dir ./${{ env.EXTENSION_PATH }}
189+
190+
- name: Modify dependencies to use development aliases
191+
run: |
192+
composer require crowdsec/common:"dev-${{ steps.set-common-data.outputs.branch }} as ${{ steps.set-common-data.outputs.major_tag }}.999.0" --no-update --working-dir ./${{env.EXTENSION_PATH}}
193+
composer require crowdsec/lapi-client:"dev-${{ steps.set-lapi-client-data.outputs.branch }} as ${{ steps.set-lapi-client-data.outputs.major_tag }}.999.0" --no-update --working-dir ./${{env.EXTENSION_PATH}}
194+
composer require crowdsec/remediation-engine:"dev-${{ steps.set-remediation-engine-data.outputs.branch }} as ${{ steps.set-remediation-engine-data.outputs.major_tag }}.999.0" --no-update --working-dir ./${{env.EXTENSION_PATH}}
195+
196+
cat ./${{env.EXTENSION_PATH}}/composer.json
197+
198+
- name: Validate composer.json
199+
run: ddev composer validate --strict --working-dir ./${{env.EXTENSION_PATH}}
200+
201+
- name: Install CrowdSec lib dependencies
202+
run: |
203+
ddev composer update --working-dir ./${{env.EXTENSION_PATH}}
204+
205+
- name: Check installed packages versions
206+
run: |
207+
208+
PHP_COMMON_VERSION=$(ddev composer show crowdsec/common --working-dir ./${{env.EXTENSION_PATH}} | grep -oP "versions : \* \K(.*)")
209+
if [[ $PHP_COMMON_VERSION == "dev-${{ steps.set-common-data.outputs.branch }}" ]]
210+
then
211+
echo "PHP_COMMON_VERSION COMPARISON OK"
212+
else
213+
echo "PHP_COMMON_VERSION COMPARISON KO"
214+
echo $PHP_COMMON_VERSION
215+
exit 1
216+
fi
217+
LAPI_CLIENT_VERSION=$(ddev composer show crowdsec/lapi-client --working-dir ./${{env.EXTENSION_PATH}} | grep -oP "versions : \* \K(.*)")
218+
if [[ $LAPI_CLIENT_VERSION == "dev-${{ steps.set-lapi-client-data.outputs.branch }}" ]]
219+
then
220+
echo "LAPI_CLIENT_VERSION COMPARISON OK"
221+
else
222+
echo "LAPI_CLIENT_VERSION COMPARISON KO"
223+
echo $LAPI_CLIENT_VERSION
224+
exit 1
225+
fi
226+
REMEDIATION_ENGINE_VERSION=$(ddev composer show crowdsec/remediation-engine --working-dir ./${{env.EXTENSION_PATH}} | grep -oP "versions : \* \K(.*)")
227+
if [[ $REMEDIATION_ENGINE_VERSION == "dev-${{ steps.set-remediation-engine-data.outputs.branch }}" ]]
228+
then
229+
echo "REMEDIATION_ENGINE_VERSION COMPARISON OK"
230+
else
231+
echo "REMEDIATION_ENGINE_VERSION COMPARISON KO"
232+
echo $REMEDIATION_ENGINE_VERSION
233+
exit 1
234+
fi
235+
236+
- name: Set excluded groups
237+
id: set-excluded-groups
238+
if: contains(fromJson('["7.2","7.3"]'),matrix.php-version)
239+
run: echo "exclude_group=$(echo --exclude-group up-to-php74 )" >> $GITHUB_OUTPUT
240+
241+
- name: Run "Unit Tests"
242+
run: |
243+
ddev exec /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox ${{ steps.set-excluded-groups.outputs.exclude_group }} ./${{env.EXTENSION_PATH}}/tests/Unit
244+
245+
- name: Prepare PHP Integration tests
246+
run: |
247+
mkdir ${{ github.workspace }}/cfssl
248+
cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* ${{ github.workspace }}/cfssl
249+
ddev maxmind-download DEFAULT GeoLite2-City /var/www/html/${{env.EXTENSION_PATH}}/tests
250+
ddev maxmind-download DEFAULT GeoLite2-Country /var/www/html/${{env.EXTENSION_PATH}}/tests
251+
cd ${{env.EXTENSION_PATH}}/tests
252+
sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
253+
sha256sum -c GeoLite2-City.tar.gz.sha256.txt
254+
tar -xf GeoLite2-Country.tar.gz
255+
tar -xf GeoLite2-City.tar.gz
256+
rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
257+
258+
- name: Run "IP verification" test
259+
run: |
260+
ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration/AbstractBouncerTest.php
261+
262+
- name: Run "IP verification with TLS" test
263+
run: |
264+
ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl BOUNCER_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 MEMCACHED_DSN=memcached://memcached:11211 REDIS_DSN=redis://redis:6379 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration/AbstractBouncerTest.php
265+
266+
- name: Run "Geolocation with cURL" test
267+
run: |
268+
ddev exec BOUNCER_KEY=${{ env.BOUNCER_KEY }} AGENT_TLS_PATH=/var/www/html/cfssl APPSEC_URL=http://crowdsec:7422 LAPI_URL=https://crowdsec:8080 /usr/bin/php ./${{env.EXTENSION_PATH}}/vendor/bin/phpunit --testdox --colors --exclude-group ignore ./${{env.EXTENSION_PATH}}/tests/Integration/GeolocationTest.php

.github/workflows/sdk-chain-tests.yml

Lines changed: 6 additions & 81 deletions
Original file line numberDiff line numberDiff line change
@@ -10,97 +10,22 @@ on:
1010
branches:
1111
- main
1212
paths-ignore:
13-
- '**.md'
14-
pull_request:
15-
workflow_dispatch:
16-
inputs:
17-
php_common_branch:
18-
type: string
19-
description: The PHP common branch to use
20-
required: true
21-
default: "main"
22-
lapi_client_branch:
23-
type: string
24-
description: The LAPI client branch to use
25-
required: true
26-
default: "main"
27-
remediation_engine_branch:
28-
type: string
29-
description: The Remediation Engine branch to use
30-
required: true
31-
default: "main"
32-
bouncer_lib_branch:
33-
type: string
34-
description: The PHP bouncer library branch to use
35-
required: true
36-
default: "main"
13+
- "**.md"
3714

3815
permissions:
3916
contents: read
4017

4118
env:
4219
# Allow ddev get to use a GitHub token to prevent rate limiting by tests
4320
DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
44-
PHP_COMMON_BRANCH: ${{ github.event.inputs.php_common_branch }}
45-
LAPI_CLIENT_BRANCH: ${{ github.event.inputs.lapi_client_branch }}
46-
REMEDIATION_ENGINE_BRANCH: ${{ github.event.inputs.remediation_engine_branch }}
47-
BOUNCER_LIB_BRANCH: ${{ github.event.inputs.bouncer_lib_branch }}
4821

4922
jobs:
50-
prepare-data:
51-
name: Prepare data
52-
outputs:
53-
php_common_branch: ${{ steps.prepare-php-common.outputs.branch }}
54-
lapi_client_branch: ${{ steps.prepare-lapi-client.outputs.branch }}
55-
remediation_engine_branch: ${{ steps.prepare-remediation-engine.outputs.branch }}
56-
bouncer_lib_branch: ${{ steps.prepare-bouncer-lib.outputs.branch }}
57-
runs-on: ubuntu-latest
58-
steps:
59-
- name: Prepare PHP common data
60-
id: prepare-php-common
61-
run: |
62-
if [ "${{ github.event_name }}" == "push" ] || [ "${{ github.event_name }}" == "pull_request" ]; then
63-
echo "branch=main" >> $GITHUB_OUTPUT
64-
else
65-
echo "branch=${{ env.PHP_COMMON_BRANCH }}" >> $GITHUB_OUTPUT
66-
fi
67-
68-
- name: Prepare LAPI client data
69-
id: prepare-lapi-client
70-
run: |
71-
if [ "${{ github.event_name }}" == "push" ] || [ "${{ github.event_name }}" == "pull_request" ]; then
72-
echo 'branch=main' >> $GITHUB_OUTPUT
73-
else
74-
echo "branch=${{ env.LAPI_CLIENT_BRANCH }}" >> $GITHUB_OUTPUT
75-
fi
76-
77-
- name: Prepare Remediation Engine data
78-
id: prepare-remediation-engine
79-
run: |
80-
if [ "${{ github.event_name }}" == "push" ] || [ "${{ github.event_name }}" == "pull_request" ]; then
81-
echo 'branch=main' >> $GITHUB_OUTPUT
82-
else
83-
echo "branch=${{ env.REMEDIATION_ENGINE_BRANCH }}" >> $GITHUB_OUTPUT
84-
fi
85-
86-
- name: Prepare Bouncer lib data
87-
id: prepare-bouncer-lib
88-
run: |
89-
if [ "${{ github.event_name }}" == "push" ] || [ "${{ github.event_name }}" == "pull_request" ]; then
90-
echo 'branch=${{ github.ref_name }}' >> $GITHUB_OUTPUT
91-
else
92-
echo "branch=${{ env.BOUNCER_LIB_BRANCH }}" >> $GITHUB_OUTPUT
93-
fi
94-
9523
test-standalone-bouncer:
96-
needs: prepare-data
9724
name: Run Standalone Bouncer tests
9825
if: ${{ !contains(github.event.head_commit.message, 'chore(') }}
99-
uses: crowdsecurity/cs-standalone-php-bouncer/.github/workflows/php-sdk-development-tests.yml@main
26+
uses: crowdsecurity/cs-standalone-php-bouncer/.github/workflows/php-sdk-development-tests.yml@736a2971d93dc6a7e9dc3a73051986b8f7e0b41a
10027
with:
101-
php_common_branch: ${{ needs.prepare-data.outputs.php_common_branch }}
102-
lapi_client_branch: ${{ needs.prepare-data.outputs.lapi_client_branch }}
103-
remediation_engine_branch: ${{ needs.prepare-data.outputs.remediation_engine_branch }}
104-
bouncer_lib_branch: ${{ needs.prepare-data.outputs.bouncer_lib_branch }}
105-
106-
28+
php_common_json: '["main"]'
29+
lapi_client_json: '["main"]'
30+
remediation_engine_json: '["main"]'
31+
bouncer_lib_json: '["${{ github.ref_name }}"]'

0 commit comments

Comments
 (0)