feat(*): Add AppSec support (#157) #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: End-to-end multisite | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
workflow_dispatch: | |
inputs: | |
debug_enabled: | |
type: boolean | |
description: Debug with tmate | |
default: false | |
permissions: | |
contents: read | |
env: | |
# Allow ddev get to use a GitHub token to prevent rate limiting by tests | |
DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
end-to-end-multisite: | |
strategy: | |
fail-fast: false | |
matrix: | |
wp-version: [ "4.9", "5.9", "6.6" ] | |
php-version: [ "7.2" ] | |
subsite: ["site1", "site2"] | |
name: End-to-end Multisite | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, 'chore(') }} | |
env: | |
EXTENSION_NAME: "CrowdSec_Bouncer" | |
EXTENSION_PATH: "wp-content/plugins/crowdsec" | |
steps: | |
- name: Install DDEV | |
# @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures | |
run: | | |
curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null | |
echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list | |
sudo apt-get -q update | |
sudo apt-get -q -y install libnss3-tools ddev | |
mkcert -install | |
ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent | |
- name: Set WP_VERSION_CODE env | |
# used in some directory path and conventional file naming | |
# Example : 5.6.5 => wp565 | |
run: | | |
echo "WP_VERSION_CODE=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_ENV | |
- name: Create empty WordPress DDEV project (with Apache) | |
run: ddev config --project-type=wordpress --project-name=${{ env.WP_VERSION_CODE }} --php-version=${{ matrix.php-version }} --webserver-type=apache-fpm | |
- name: Disable automatic update | |
run: | | |
# @see https://wordpress.org/documentation/article/configuring-automatic-background-updates/#constant-to-disable-all-updates | |
sed -i -e 's/#ddev-generated//g' wp-config-ddev.php | |
echo "define( 'AUTOMATIC_UPDATER_DISABLED', true );" >> wp-config-ddev.php | |
- name: Disable DDEV config | |
run: | | |
sed -i -e 's/#ddev-generated//g' wp-config.php | |
- name: Add Redis, Memcached, Crowdsec and Playwright | |
run: | | |
ddev get ddev/ddev-redis | |
ddev get ddev/ddev-memcached | |
ddev get julienloizelet/ddev-playwright | |
# override redis.conf | |
ddev get julienloizelet/ddev-tools | |
ddev get julienloizelet/ddev-crowdsec-php | |
- name: Start DDEV | |
uses: nick-fields/retry@v3 | |
with: | |
timeout_minutes: 5 | |
max_attempts: 3 | |
shell: bash | |
command: | | |
ddev start | |
- name: Download WordPress | |
run: ddev wp core download --version=${{ matrix.wp-version }} | |
- name: Setup Multisite WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }} | |
run: | | |
ddev wp core multisite-install --url='https://${{ env.WP_VERSION_CODE }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='[email protected]' | |
- name: Copy multisite .htaccess | |
run: cp .ddev/okaeli-add-on/wordpress/custom_files/.htaccess-multisite-subfolder .htaccess | |
- name: Create sub sites | |
run: | | |
ddev wp site create --slug="site1" --title="WordPress Site1" | |
ddev wp site create --slug="site2" --title="WordPress Site2" | |
- name: Clone ${{ env.EXTENSION_NAME }} files | |
uses: actions/checkout@v4 | |
with: | |
path: ${{ env.EXTENSION_PATH }} | |
- name: Prepare for playwright test | |
run: | | |
ddev exec -s crowdsec apk add iproute2 | |
cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-post.html | ddev wp post create --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site1' --post_type=page --post_status=publish --post_title="AppSec" - | |
cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-post.html | ddev wp post create --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site2' --post_type=page --post_status=publish --post_title="AppSec" - | |
ddev wp rewrite structure "/%postname%/" --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site1' | |
ddev wp rewrite structure "/%postname%/" --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site2' | |
mkdir -p crowdsec/tls | |
mkdir -p crowdsec/geolocation | |
cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-with-wordpress-load.php cache-actions.php | |
cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls | |
ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation | |
ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation | |
cd crowdsec/geolocation | |
sha256sum -c GeoLite2-Country.tar.gz.sha256.txt | |
sha256sum -c GeoLite2-City.tar.gz.sha256.txt | |
tar -xf GeoLite2-Country.tar.gz | |
tar -xf GeoLite2-City.tar.gz | |
rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt | |
cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__ | |
chmod +x test-init.sh | |
./test-init.sh | |
chmod +x run-tests.sh | |
- name: Some DEBUG information | |
run: | | |
ddev --version | |
ddev exec php -v | |
ddev exec -s crowdsec crowdsec -version | |
- name: Run Plugin activation tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 1-activate-plugin.js | |
subsite: ${{ matrix.subsite }} | |
- name: Configure CrowdSec and Wordpress bouncer plugin | |
run: | | |
ddev crowdsec-config | |
- name: Run Live mode remediation tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 2-live-mode-remediations.js | |
subsite: ${{ matrix.subsite }} | |
- name: Run more Live mode remediation tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 3-live-mode-more.js | |
subsite: ${{ matrix.subsite }} | |
- name: Run Live mode cache tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 4-live-mode-cache.js | |
subsite: ${{ matrix.subsite }} | |
- name: Prepare cron usage | |
run: | | |
sed -i 's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php | |
- name: Run Stream mode tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 5-stream-mode.js | |
subsite: ${{ matrix.subsite }} | |
- name: Run Redis tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 6-redis.js | |
subsite: ${{ matrix.subsite }} | |
- name: Run Memcached tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 7-memcached.js | |
subsite: ${{ matrix.subsite }} | |
- name: Run Geolocation tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 8-geolocation.js | |
subsite: ${{ matrix.subsite }} | |
- name: Run AppSec tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 11-appsec.js | |
subsite: ${{ matrix.subsite }} | |
- name: Prepare CrowdSec for AppSec timeout tests | |
run: ddev exec -s crowdsec tc qdisc add dev eth0 root netem delay 500ms | |
- name: Run AppSec timeout tests | |
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
with: | |
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
file_path: 12-appsec-timeout.js | |
subsite: ${{ matrix.subsite }} | |
- name: Check tested version | |
run: | | |
CURRENT_VERSION=$(ddev wp core version) | |
if [[ ${{ matrix.wp-version }} == $CURRENT_VERSION ]] | |
then | |
echo "Tested version was as expected" | |
else | |
echo "Tested version was not as expected" | |
echo $CURRENT_VERSION | |
echo ${{ matrix.wp-version }} | |
exit 1 | |
fi | |
- name: tmate debugging session | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
timeout-minutes: 15 | |
if: failure() && github.event.inputs.debug_enabled == 'true' | |