feat: add OWASP dependency check #1744
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors | |
# SPDX-License-Identifier: AGPL-3.0-or-later | |
name: Behat SQLite | |
on: pull_request | |
permissions: | |
contents: read | |
concurrency: | |
group: behat-sqlite-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
php-version: ${{ steps.versions.outputs.php-available-list }} | |
server-max: ${{ steps.versions.outputs.branches-max-list }} | |
steps: | |
- name: Checkout app | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Get version matrix | |
id: versions | |
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 | |
changes: | |
runs-on: ubuntu-latest | |
outputs: | |
src: ${{ steps.changes.outputs.src}} | |
steps: | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: changes | |
continue-on-error: true | |
with: | |
filters: | | |
src: | |
- '.github/workflows/**' | |
- 'appinfo/**' | |
- 'lib/**' | |
- 'templates/**' | |
- 'tests/**' | |
- 'vendor/**' | |
- 'vendor-bin/**' | |
- '.php-cs-fixer.dist.php' | |
- 'composer.json' | |
- 'composer.lock' | |
behat-sqlite: | |
runs-on: ubuntu-latest | |
needs: [changes, matrix] | |
if: needs.changes.outputs.src != 'false' | |
strategy: | |
matrix: | |
php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} | |
server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} | |
name: SQLite PHP ${{ matrix.mysql-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} | |
services: | |
mailhog: | |
image: mailhog/mailhog | |
ports: | |
- 8025:8025/tcp | |
- 1025:1025/tcp | |
steps: | |
- name: Set app env | |
run: | | |
# Split and keep last | |
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV | |
- name: Checkout server | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
repository: nextcloud/server | |
ref: ${{ matrix.server-versions }} | |
- name: Checkout app | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: apps/${{ env.APP_NAME }} | |
- name: Set up php ${{ matrix.php-versions }} | |
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 | |
with: | |
php-version: ${{ matrix.php-versions }} | |
tools: phpunit | |
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation | |
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite | |
coverage: none | |
ini-file: development | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check composer file existence | |
id: check_composer | |
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 | |
with: | |
files: apps/${{ env.APP_NAME }}/composer.json | |
- name: Set up dependencies | |
# Only run if phpunit config file exists | |
if: steps.check_composer.outputs.files_exists == 'true' | |
working-directory: apps/${{ env.APP_NAME }} | |
run: | | |
composer install --no-dev | |
composer --working-dir=tests/integration install | |
- name: Prevent Nextcloud OCP outdated | |
working-directory: apps/${{ env.APP_NAME }} | |
run: make updateocp | |
- name: Set up Nextcloud | |
env: | |
DB_PORT: 4444 | |
run: | | |
sudo echo "127.0.0.1 mailhog" | sudo tee -a /etc/hosts | |
mkdir data | |
./occ maintenance:install \ | |
--verbose \ | |
--database=sqlite \ | |
--database-name=nextcloud \ | |
--database-host=127.0.0.1 \ | |
--database-port=$DB_PORT \ | |
--database-user=root \ | |
--database-pass=rootpassword \ | |
--admin-user admin \ | |
--admin-pass admin | |
./occ --version | |
./occ app:enable --force ${{ env.APP_NAME }} | |
git clone --depth 1 -b ${{ matrix.server-versions }} https://github.com/nextcloud/notifications apps/notifications | |
./occ app:enable --force notifications | |
git clone --depth 1 -b ${{ matrix.server-versions }} https://github.com/nextcloud/activity apps/activity | |
./occ app:enable --force activity | |
./occ app:enable --force guests | |
./occ config:system:set mail_smtpport --value 1025 --type integer | |
./occ config:system:set mail_smtphost --value mailhog | |
./occ config:system:set allow_local_remote_servers --value true --type boolean | |
./occ config:system:set auth.bruteforce.protection.enabled --value false --type boolean | |
- name: Run behat | |
working-directory: apps/${{ env.APP_NAME }}/tests/integration | |
env: | |
BEHAT_ROOT_DIR: ../../../../ | |
run: | | |
export BEHAT_RUN_AS=runner | |
export BEHAT_VERBOSE="$RUNNER_DEBUG" | |
vendor/bin/behat -f junit -f pretty --colors | |
- name: Print logs | |
if: always() | |
run: | | |
cat data/nextcloud.log | |
summary: | |
permissions: | |
contents: none | |
runs-on: ubuntu-latest | |
needs: [changes, behat-sqlite] | |
if: always() | |
name: behat-sqlite-summary | |
steps: | |
- name: Summary status | |
run: if ${{ needs.changes.outputs.src != 'false' && needs.behat-sqlite.result != 'success' }}; then exit 1; fi |