Fix CVE-2024-52301 #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
push: | |
branches: | |
- develop | |
- accept | |
- master | |
pull_request: | |
jobs: | |
code-analysis: | |
name: Code Analysis | |
runs-on: ubuntu-latest | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set Up PHP and Tools | |
uses: shivammathur/setup-php@master | |
with: | |
php-version: "8.1" | |
tools: composer:v2 | |
coverage: none | |
- name: Setup Analysis Environment | |
run: yes | cp .env.testing.example .env | |
- name: Install Composer Dependencies | |
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist | |
- name: Static Code Analysis | |
run: ./vendor/bin/phpstan analyse --memory-limit=2G | |
code-style: | |
name: Code Style | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set Up PHP and Tools | |
uses: shivammathur/setup-php@master | |
with: | |
php-version: "8.1" | |
tools: composer:v2, phpcs, php-cs-fixer, phpmd | |
coverage: none | |
- name: Install required NVM version | |
run: . ~/.nvm/nvm.sh && nvm install 20 | |
- name: Install pnpm | |
run: curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=8.15.8 sh - | |
- name: Syntax Errors | |
run: find app database tests config routes -name "*.php" -print0 | xargs -0 -n1 -P8 php -l | |
- name: PHP_CodeSniffer | |
run: phpcs | |
- name: PHP-CS-Fixer | |
run: php-cs-fixer fix app database config routes tests --dry-run --diff --allow-risky=yes --config=.php-cs-fixer.php | |
- name: PHPMD | |
run: phpmd app text phpmd.xml | |
- name: Lint Assets | |
run: ./lintHook.sh $PWD | |
security-check: | |
name: Security Check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set Up PHP and Tools | |
uses: shivammathur/setup-php@master | |
with: | |
php-version: "8.1" | |
tools: composer:v2 | |
coverage: none | |
- name: Check Composer Packages | |
uses: symfonycorp/security-checker-action@v4 | |
tests: | |
name: Tests | |
runs-on: ubuntu-latest | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
services: | |
mysql: | |
image: mysql:5.7 | |
env: | |
MYSQL_ALLOW_EMPTY_PASSWORD: yes | |
MYSQL_DATABASE: tests_db | |
ports: | |
- 13306:3306 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Initialize the Database | |
run: | | |
sudo systemctl start mysql | |
mysql --user="root" --password="root" -e "CREATE DATABASE tests_db character set UTF8mb4 collate utf8mb4_bin;" | |
- name: Set Up PHP and Tools | |
uses: shivammathur/setup-php@master | |
with: | |
php-version: "8.1" | |
extensions: bz2, bcmath, curl, exif, gd, imagick, imap, intl, mysqli, pcntl, pcov, pdo_mysql, soap, xmlrpc, xsl, zip, iconv, pdo | |
tools: composer:v2 | |
coverage: pcov | |
- name: Install required NVM version | |
run: . ~/.nvm/nvm.sh && nvm install 20 | |
- name: Install pnpm | |
run: curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=8.15.8 sh - | |
- name: Install Composer Dependencies | |
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist | |
- name: Setup PHPUnit Environment | |
run: yes | cp .env.testing.example .env | |
- name: Build Assets | |
run: ./buildHook.sh $PWD | |
- name: Run PHPUnit Tests | |
run: composer test | |
env: | |
DB_HOST: localhost | |
DB_DATABASE: tests_db | |
DB_USERNAME: root | |
DB_PASSWORD: root | |
- name: Run Test Coverage Report | |
run: ./vendor/bin/phpunit --coverage-clover ./coverage.xml | |
env: | |
DB_HOST: localhost | |
DB_DATABASE: tests_db | |
DB_USERNAME: root | |
DB_PASSWORD: root | |
- name: Check Test Coverage | |
uses: johanvanhelden/gha-clover-test-coverage-check@v1 | |
with: | |
percentage: "58" | |
filename: "coverage.xml" |