Deploy and Create Release #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy and Create Release | |
| # example: gh workflow run release.yml -f tag_name=v1.1.4 -f deploy_to_wordpress=true | |
| on: | |
| workflow_dispatch: | |
| branches: | |
| - main | |
| inputs: | |
| tag_name: | |
| type: string | |
| required: true | |
| deploy_to_wordpress: | |
| type: boolean | |
| description: Deploy to WordPress | |
| default: true | |
| required: true | |
| permissions: | |
| contents: write | |
| env: | |
| # Allow ddev get to use a GitHub token to prevent rate limiting by tests | |
| DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| deploy-create-release: | |
| name: Deploy and create release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check naming convention | |
| run: | | |
| VERIF=$(echo ${{ github.event.inputs.tag_name }} | grep -E "^v([0-9]{1,}\.)([0-9]{1,}\.)([0-9]{1,})(-(alpha|beta)\.[0-9]{1,})?$") | |
| if [ ! ${VERIF} ] | |
| then | |
| echo "Tag name '${{ github.event.inputs.tag_name }}' does not comply with naming convention vX.Y.Z" | |
| exit 1 | |
| fi | |
| - name: Set version number without v | |
| run: | | |
| echo "VERSION_NUMBER=$(echo ${{ github.event.inputs.tag_name }} | sed 's/v//g' )" >> $GITHUB_ENV | |
| - name: Clone sources | |
| uses: actions/checkout@v4 | |
| - name: Check version ${{ env.VERSION_NUMBER }} consistency in files | |
| # Check crowdsec.php (2), readme.txt (1), inc/Constants.php (1) and CHANGELOG.md (3) | |
| run: | | |
| CURRENT_DATE=$(date +'%Y-%m-%d') | |
| CHANGELOG_VERSION=$(grep -o -E "## \[(.*)\].* - $CURRENT_DATE" CHANGELOG.md | head -1 | sed 's/ //g') | |
| echo $CURRENT_DATE | |
| echo $CHANGELOG_VERSION | |
| echo "##[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})-$CURRENT_DATE" | |
| if [[ $CHANGELOG_VERSION == "##[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})-$CURRENT_DATE" ]] | |
| then | |
| echo "Version in CHANGELOG.md: OK" | |
| else | |
| echo "Version in CHANGELOG.md: KO" | |
| exit 1 | |
| fi | |
| COMPARISON=$(grep -oP "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/compare/\K(.*)$" CHANGELOG.md | head -1) | |
| LAST_TAG=$(curl -Ls -o /dev/null -w %{url_effective} $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/latest | grep -oP "\/tag\/\K(.*)$") | |
| if [[ $COMPARISON == "$LAST_TAG...v${{ env.VERSION_NUMBER }})" ]] | |
| then | |
| echo "VERSION COMPARISON OK" | |
| else | |
| echo "VERSION COMPARISON KO" | |
| echo $COMPARISON | |
| echo "$LAST_TAG...v${{ env.VERSION_NUMBER }})" | |
| exit 1 | |
| fi | |
| VERSION=$(grep -E "Version: (.*)" crowdsec.php | sed 's/ //g') | |
| echo $VERSION | |
| echo "*Version:${{ env.VERSION_NUMBER }}" | |
| if [[ $VERSION == "*Version:${{ env.VERSION_NUMBER }}" ]] | |
| then | |
| echo "Version in crowdsec.php: OK" | |
| else | |
| echo "Version in crowdsec.php: KO" | |
| exit 1 | |
| fi | |
| CROWDSEC_STABLE=$(grep -E "Stable tag: (.*)" crowdsec.php | sed 's/ //g') | |
| echo $CROWDSEC_STABLE | |
| echo "*Stabletag:${{ env.VERSION_NUMBER }}" | |
| if [[ $CROWDSEC_STABLE == "*Stabletag:${{ env.VERSION_NUMBER }}" ]] | |
| then | |
| echo "Stable tag in crowdsec.php: OK" | |
| else | |
| echo "Stable tag in crowdsec.php: KO" | |
| exit 1 | |
| fi | |
| README_STABLE=$(grep -E "Stable tag: (.*)" readme.txt | sed 's/ //g') | |
| echo $README_STABLE | |
| echo "Stabletag:${{ env.VERSION_NUMBER }}" | |
| if [[ $README_STABLE == "Stabletag:${{ env.VERSION_NUMBER }}" ]] | |
| then | |
| echo "Stable tag in readme.txt: OK" | |
| else | |
| echo "Stable tag in readme.txt: KO" | |
| exit 1 | |
| fi | |
| CONSTANT_VERSION=$(grep -E "VERSION = 'v(.*)" inc/Constants.php | sed 's/[\x27(),/ ]//g') | |
| echo $CONSTANT_VERSION | |
| echo "publicconstVERSION=v${{ env.VERSION_NUMBER }};" | |
| if [[ $CONSTANT_VERSION == "publicconstVERSION=v${{ env.VERSION_NUMBER }};" ]] | |
| then | |
| echo "Version in inc/Constants.php: OK" | |
| else | |
| echo "Version in inc/Constants.php: KO" | |
| exit 1 | |
| fi | |
| - name: Create Tag ${{ github.event.inputs.tag_name }} | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ github.token }} | |
| script: | | |
| github.rest.git.createRef({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: "refs/tags/${{ github.event.inputs.tag_name }}", | |
| sha: context.sha | |
| }) | |
| - name: WordPress Plugin Deploy | |
| if: github.event.inputs.deploy_to_wordpress == 'true' | |
| id: deploy | |
| uses: 10up/[email protected] | |
| with: | |
| generate-zip: true | |
| env: | |
| SVN_USERNAME: ${{ secrets.SVN_USERNAME }} | |
| SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} | |
| SLUG: crowdsec | |
| VERSION: ${{ env.VERSION_NUMBER }} | |
| - name: Prepare release notes | |
| run: | | |
| VERSION_RELEASE_NOTES=$(awk -v ver="[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})" '/^## / { if (p) { exit }; if ($2 == ver) { p=1; next} } p && NF' CHANGELOG.md | sed ':a;N;$!ba;s/\n---/ /g') | |
| echo "$VERSION_RELEASE_NOTES" >> CHANGELOG.txt | |
| cat CHANGELOG.txt | |
| - name: Create release ${{ env.VERSION_NUMBER }} with Wordpress zip | |
| if: github.event.inputs.deploy_to_wordpress == 'true' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: crowdsec.zip | |
| body_path: CHANGELOG.txt | |
| name: ${{ env.VERSION_NUMBER }} | |
| tag_name: ${{ github.event.inputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| - name: Create release ${{ env.VERSION_NUMBER }} without Wordpress zip | |
| if: github.event.inputs.deploy_to_wordpress != 'true' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| body_path: CHANGELOG.txt | |
| name: ${{ env.VERSION_NUMBER }} | |
| tag_name: ${{ github.event.inputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| end-to-end-release-zip-test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| wp-version: [ "4.9", "5.0", "5.5", "5.9", "6.1", "6.3" ] | |
| php-version: [ "7.2", "7.4", "8.0" ] | |
| exclude: | |
| - { php-version: "7.4", wp-version: "4.9" } | |
| - { php-version: "8.0", wp-version: "4.9" } | |
| - { php-version: "7.4", wp-version: "5.0" } | |
| - { php-version: "8.0", wp-version: "5.0" } | |
| - { php-version: "8.0", wp-version: "5.5" } | |
| name: End-to-end release test suite | |
| runs-on: ubuntu-latest | |
| if: success() | |
| needs: [ deploy-create-release ] | |
| env: | |
| EXTENSION_NAME: "CrowdSec_Bouncer" | |
| EXTENSION_PATH: "wp-content/plugins/crowdsec" | |
| GITHUB_ORIGIN: "crowdsecurity/cs-wordpress-bouncer" | |
| steps: | |
| - name: Install DDEV | |
| # @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures | |
| run: | | |
| curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null | |
| echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list | |
| sudo apt-get -q update | |
| sudo apt-get -q -y install libnss3-tools ddev | |
| mkcert -install | |
| ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent | |
| - name: Set WP_VERSION_CODE env | |
| # used in some directory path and conventional file naming | |
| # Example : 5.6.5 => wp565 | |
| run: | | |
| echo "WP_VERSION_CODE=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_ENV | |
| - name: Create empty WordPress DDEV project (with Apache) | |
| run: ddev config --project-type=wordpress --project-name=${{ env.WP_VERSION_CODE }} --php-version=${{ matrix.php-version }} --webserver-type=apache-fpm | |
| - name: Disable automatic update | |
| run: | | |
| # @see https://wordpress.org/documentation/article/configuring-automatic-background-updates/#constant-to-disable-all-updates | |
| sed -i -e 's/#ddev-generated//g' wp-config-ddev.php | |
| echo "define( 'AUTOMATIC_UPDATER_DISABLED', true );" >> wp-config-ddev.php | |
| - name: Add Redis, Memcached, Crowdsec and Playwright | |
| run: | | |
| ddev get ddev/ddev-redis | |
| ddev get ddev/ddev-memcached | |
| ddev get julienloizelet/ddev-playwright | |
| # override redis.conf | |
| ddev get julienloizelet/ddev-tools | |
| ddev get julienloizelet/ddev-crowdsec-php | |
| - name: Start DDEV | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_minutes: 5 | |
| max_attempts: 3 | |
| shell: bash | |
| command: | | |
| ddev start | |
| - name: Download WordPress | |
| run: ddev wp core download --version=${{ matrix.wp-version }} | |
| - name: Setup WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }} | |
| run: | | |
| ddev exec wp core install --url='https://${{ env.WP_VERSION_CODE }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='[email protected]' | |
| - name: Set LAST_TAG env | |
| run: | | |
| echo "LAST_TAG=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/${{ env.GITHUB_ORIGIN }}/releases/latest | grep -oP "\/tag\/v\K(.*)$")" >> $GITHUB_ENV | |
| - name: Clone files from last release | |
| uses: actions/checkout@v4 | |
| with: | |
| path: raw_sources | |
| ref: "v${{ env.LAST_TAG }}" | |
| repository: "${{ env.GITHUB_ORIGIN }}" | |
| - name: Retrieve last stable release zip | |
| run: | | |
| curl -fL https://downloads.wordpress.org/plugin/crowdsec.${{ env.LAST_TAG }}.zip -o crowdsec.$LAST_TAG.zip | |
| unzip crowdsec.${{ env.LAST_TAG }}.zip -d ${{ github.workspace }}/wp-content/plugins | |
| - name: Copy needed tests files | |
| run: | | |
| cp -r raw_sources/tests wp-content/plugins/crowdsec | |
| cp -r raw_sources/.github wp-content/plugins/crowdsec | |
| - name: Prepare for playwright test | |
| run: | | |
| mkdir -p crowdsec/tls | |
| mkdir -p crowdsec/geolocation | |
| cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-with-wordpress-load.php cache-actions.php | |
| cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls | |
| ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation | |
| ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation | |
| cd crowdsec/geolocation | |
| sha256sum -c GeoLite2-Country.tar.gz.sha256.txt | |
| sha256sum -c GeoLite2-City.tar.gz.sha256.txt | |
| tar -xf GeoLite2-Country.tar.gz | |
| tar -xf GeoLite2-City.tar.gz | |
| rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt | |
| cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__ | |
| chmod +x test-init.sh | |
| ./test-init.sh | |
| chmod +x run-tests.sh | |
| - name: Some DEBUG information | |
| run: | | |
| ddev --version | |
| ddev exec php -v | |
| ddev exec -s crowdsec crowdsec -version | |
| - name: Run Plugin activation tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 1-activate-plugin.js | |
| - name: Configure CrowdSec and Wordpress bouncer plugin | |
| run: | | |
| ddev crowdsec-config | |
| - name: Run Live mode remediation tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 2-live-mode-remediations.js | |
| - name: Run more Live mode remediation tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 3-live-mode-more.js | |
| - name: Run Live mode cache tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 4-live-mode-cache.js | |
| - name: Prepare cron usage | |
| run: | | |
| sed -i 's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php | |
| - name: Run Stream mode tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 5-stream-mode.js | |
| - name: Run Redis tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 6-redis.js | |
| - name: Run Memcached tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 7-memcached.js | |
| - name: Run Geolocation tests | |
| uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test | |
| with: | |
| test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev | |
| file_path: 8-geolocation.js | |
| - name: tmate debugging session | |
| uses: mxschmitt/action-tmate@v3 | |
| with: | |
| limit-access-to-actor: true | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| timeout-minutes: 30 | |
| if: failure() |