Skip to content

feat: add OWASP dependency check #1725

feat: add OWASP dependency check

feat: add OWASP dependency check #1725

Workflow file for this run

# SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
name: Behat PostgreSQL
on: pull_request
permissions:
contents: read
concurrency:
group: behat-pgsql-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
matrix:
runs-on: ubuntu-latest
outputs:
php-version: ${{ steps.versions.outputs.php-available-list }}
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get version matrix
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
changes:
runs-on: ubuntu-latest
outputs:
src: ${{ steps.changes.outputs.src}}
steps:
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes
continue-on-error: true
with:
filters: |
src:
- '.github/workflows/**'
- 'appinfo/**'
- 'lib/**'
- 'templates/**'
- 'tests/**'
- 'vendor/**'
- 'vendor-bin/**'
- '.php-cs-fixer.dist.php'
- 'composer.json'
- 'composer.lock'
behat-pgsql:
runs-on: ubuntu-latest
needs: [changes, matrix]
if: needs.changes.outputs.src != 'false'
strategy:
matrix:
php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }}
server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }}
name: PostgreSQL PHP ${{ matrix.mysql-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }}
services:
postgres:
image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest
ports:
- 4444:5432/tcp
env:
POSTGRES_USER: root
POSTGRES_PASSWORD: rootpassword
POSTGRES_DB: nextcloud
options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
mailhog:
image: mailhog/mailhog
ports:
- 8025:8025/tcp
- 1025:1025/tcp
steps:
- name: Set app env
run: |
# Split and keep last
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
- name: Checkout app
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
with:
php-version: ${{ matrix.php-versions }}
tools: phpunit
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql
coverage: none
ini-file: development
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
with:
files: apps/${{ env.APP_NAME }}/composer.json
- name: Set up dependencies
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
run: |
composer install --no-dev
composer --working-dir=tests/integration install
- name: Prevent Nextcloud OCP outdated
working-directory: apps/${{ env.APP_NAME }}
run: make updateocp
- name: Set up Nextcloud
env:
DB_PORT: 4444
run: |
sudo echo "127.0.0.1 mailhog" | sudo tee -a /etc/hosts
mkdir data
./occ maintenance:install \
--verbose \
--database=pgsql \
--database-name=nextcloud \
--database-host=127.0.0.1 \
--database-port=$DB_PORT \
--database-user=root \
--database-pass=rootpassword \
--admin-user admin \
--admin-pass admin
./occ --version
./occ app:enable --force ${{ env.APP_NAME }}
git clone --depth 1 -b ${{ matrix.server-versions }} https://github.com/nextcloud/notifications apps/notifications
./occ app:enable --force notifications
git clone --depth 1 -b ${{ matrix.server-versions }} https://github.com/nextcloud/activity apps/activity
./occ app:enable --force activity
./occ app:enable --force guests
./occ config:system:set mail_smtpport --value 1025 --type integer
./occ config:system:set mail_smtphost --value mailhog
./occ config:system:set allow_local_remote_servers --value true --type boolean
./occ config:system:set auth.bruteforce.protection.enabled --value false --type boolean
- name: Run behat
working-directory: apps/${{ env.APP_NAME }}/tests/integration
env:
BEHAT_ROOT_DIR: ../../../../
run: |
export BEHAT_RUN_AS=runner
export BEHAT_VERBOSE="$RUNNER_DEBUG"
vendor/bin/behat -f junit -f pretty --colors
- name: Print logs
if: always()
run: |
cat data/nextcloud.log
summary:
permissions:
contents: none
runs-on: ubuntu-latest
needs: [changes, behat-pgsql]
if: always()
name: behat-pgsql-summary
steps:
- name: Summary status
run: if ${{ needs.changes.outputs.src != 'false' && needs.behat-pgsql.result != 'success' }}; then exit 1; fi