Skip to content

Commit

Permalink
feat(*): Enable admin bounce by default (#161)
Browse files Browse the repository at this point in the history 
* feat(admin): Enable protection by default on admin

* test(end to end): Disable protection on admin for test

* fix(captcha): Patch Gregwar Captcha to avoid deprecated error in PHP 8.4

* feat(*): Prepare release 2.8.0
  • Loading branch information
@julienloizelet
julienloizelet authored Dec 12, 2024
1 parent a8f453a commit 324385b
Show file tree
Hide file tree
Showing 60 changed files with 4,223 additions and 545 deletions.
208 changes: 0 additions & 208 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,211 +161,3 @@ jobs:
draft: false
prerelease: false

end-to-end-release-zip-test:
strategy:
fail-fast: false
# First and last minor versions of each major version
# Highest compatible PHP version
matrix:
include:
- wp-version: '4.9'
php-version: '7.2'
- wp-version: '5.0'
php-version: '7.2'
- wp-version: '5.9'
php-version: '7.2'
- wp-version: '5.9'
php-version: '8.0'
- wp-version: '6.0'
php-version: '7.2'
- wp-version: '6.0'
php-version: '8.0'
- wp-version: '6.7'
php-version: '7.2'
- wp-version: '6.7'
php-version: '8.3'

name: End-to-end release test suite
runs-on: ubuntu-latest
if: success()
needs: [ deploy-create-release ]

env:
EXTENSION_NAME: "CrowdSec_Bouncer"
EXTENSION_PATH: "wp-content/plugins/crowdsec"
GITHUB_ORIGIN: "crowdsecurity/cs-wordpress-bouncer"

steps:

- name: Install DDEV
# @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
run: |
curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null
echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
sudo apt-get -q update
sudo apt-get -q -y install libnss3-tools ddev
mkcert -install
ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent
- name: Set WP_VERSION_CODE env
# used in some directory path and conventional file naming
# Example : 5.6.5 => wp565
id: set-wp-version-code
run: |
echo "wp_version_code=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_OUTPUT
- name: Create empty WordPress DDEV project (with Apache)
run: ddev config --project-type=wordpress --project-name=${{ steps.set-wp-version-code.outputs.wp_version_code }} --php-version=${{ matrix.php-version }} --webserver-type=apache-fpm

- name: Disable automatic update
run: |
# @see https://wordpress.org/documentation/article/configuring-automatic-background-updates/#constant-to-disable-all-updates
sed -i -e 's/#ddev-generated//g' wp-config-ddev.php
echo "define( 'AUTOMATIC_UPDATER_DISABLED', true );" >> wp-config-ddev.php
- name: Add Redis, Memcached, Crowdsec and Playwright
run: |
ddev get ddev/ddev-redis
ddev get ddev/ddev-memcached
ddev get julienloizelet/ddev-playwright
# override redis.conf
ddev get julienloizelet/ddev-tools
ddev get julienloizelet/ddev-crowdsec-php
- name: Start DDEV
uses: nick-fields/retry@v3
with:
timeout_minutes: 5
max_attempts: 3
shell: bash
command: |
ddev start
- name: Download WordPress
run: ddev wp core download --version=${{ matrix.wp-version }}

- name: Setup WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
run: |
ddev exec wp core install --url='https://${{ steps.set-wp-version-code.outputs.wp_version_code }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='[email protected]'
- name: Set LAST_TAG env
id: set-last-tag
run: |
echo "last_tag=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/${{ env.GITHUB_ORIGIN }}/releases/latest | grep -oP "\/tag\/v\K(.*)$")" >> $GITHUB_OUTPUT
- name: Clone files from last release
uses: actions/checkout@v4
with:
path: raw_sources
ref: "v${{ steps.set-last-tag.outputs.last_tag }}"
repository: "${{ env.GITHUB_ORIGIN }}"

- name: Retrieve last stable release zip
run: |
curl -fL https://downloads.wordpress.org/plugin/crowdsec.${{ steps.set-last-tag.outputs.last_tag }}.zip -o crowdsec.$LAST_TAG.zip
unzip crowdsec.${{ steps.set-last-tag.outputs.last_tag }}.zip -d ${{ github.workspace }}/wp-content/plugins
- name: Copy needed tests files
run: |
cp -r raw_sources/tests wp-content/plugins/crowdsec
cp -r raw_sources/.github wp-content/plugins/crowdsec
- name: Prepare for playwright test
run: |
ddev exec -s crowdsec apk add iproute2
cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/wp_appsec_custom_upload.php wp_appsec_custom_upload.php
cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-upload.html | ddev wp post create --post_type=page --post_status=publish --post_title="AppSec Upload" -
cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-post.html | ddev wp post create --post_type=page --post_status=publish --post_title="AppSec" -
ddev wp rewrite structure "/%postname%/"
mkdir -p crowdsec/tls
mkdir -p crowdsec/geolocation
cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-with-wordpress-load.php cache-actions.php
cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls
ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation
ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation
cd crowdsec/geolocation
sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
sha256sum -c GeoLite2-City.tar.gz.sha256.txt
tar -xf GeoLite2-Country.tar.gz
tar -xf GeoLite2-City.tar.gz
rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__
chmod +x test-init.sh
./test-init.sh
chmod +x run-tests.sh
- name: Some DEBUG information
run: |
ddev --version
ddev exec php -v
ddev exec -s crowdsec crowdsec -version
- name: Run Plugin activation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 1-activate-plugin.js

- name: Configure CrowdSec and Wordpress bouncer plugin
run: |
ddev crowdsec-config
- name: Run Live mode remediation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 2-live-mode-remediations.js

- name: Run more Live mode remediation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 3-live-mode-more.js

- name: Run Live mode cache tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 4-live-mode-cache.js

- name: Prepare cron usage
run: |
sed -i 's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php
- name: Run Stream mode tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 5-stream-mode.js

- name: Run Redis tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 6-redis.js

- name: Run Memcached tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 7-memcached.js

- name: Run Geolocation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 8-geolocation.js

- name: Run AppSec tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 11-appsec.js

- name: tmate debugging session
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
github-token: ${{ secrets.GITHUB_TOKEN }}
timeout-minutes: 30
if: failure()
16 changes: 16 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

---


## [2.8.0](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.8.0) - 2024-12-13
[_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.7.0...v2.8.0)


### Changed

- Set the "Public website only" setting to OFF by default

### Fixed

- Fix deprecated warning in PHP 8.4 for Captcha

---


## [2.7.0](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.7.0) - 2024-12-12
[_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.6.7...v2.7.0)

Expand Down
13 changes: 12 additions & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,17 @@
"config" : {
"platform": {
"php": "7.2.5"
},
"allow-plugins": {
"cweagans/composer-patches": true
}
},
"require": {
"crowdsec/bouncer": "^3.2.0",
"symfony/cache": "5.4.40",
"symfony/polyfill-mbstring": "^1.31.0",
"symfony/service-contracts": "^2.5.3"
"symfony/service-contracts": "^2.5.3",
"cweagans/composer-patches": "^1.7"
},
"replace": {
"twig/twig": "*"
Expand All @@ -31,5 +35,12 @@
"psr-4": {
"CrowdSecWordPressBouncer\\": "./inc/"
}
},
"extra": {
"patches": {
"gregwar/captcha": {
"Fix deprecation in CaptchaBuilder constructor": "patches/gregwar-captcha-constructor.patch"
}
}
}
}
Loading

0 comments on commit 324385b

Please sign in to comment.