end-to-end-auto-prepend-test-suite.yml

name: End-to-end auto-prepend-file mode test suite
on:
  push:
    branches:
      - main
    paths-ignore:
      - '**.md'
  workflow_dispatch:

permissions:
  contents: read

env:
  # Allow ddev get to use a GitHub token to prevent rate limiting by tests
  DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
  end-to-end-auto-prepend-file-mode-test-suite:
    strategy:
      fail-fast: false
      matrix:
        wp-version: [ "4.9", "5.0", "5.9", "6.0", "6.5", "6.6" ]
        php-version: [ "7.2", "7.4", "8.0" ]
        exclude:
          - { php-version: "7.4", wp-version: "4.9" }
          - { php-version: "7.4", wp-version: "5.0" }
          - { php-version: "8.0", wp-version: "4.9" }
          - { php-version: "8.0", wp-version: "5.0" }

    name: End-to-end auto-prepend-file mode test suite
    runs-on: ubuntu-latest
    if: ${{ !contains(github.event.head_commit.message, 'chore(') }}

    env:
      EXTENSION_NAME: "CrowdSec_Bouncer"
      EXTENSION_PATH: "wp-content/plugins/crowdsec"

    steps:

      - name: Install DDEV
        # @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
        run: |
          curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null
          echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
          sudo apt-get -q update
          sudo apt-get -q -y install libnss3-tools ddev
          mkcert -install
          ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent


      - name: Set WP_VERSION_CODE env
        # used in some directory path and conventional file naming
        # Example : 5.6.5 => wp565
        run: |
          echo "WP_VERSION_CODE=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_ENV

      - name: Create empty WordPress DDEV project (with Nginx)
        run: ddev config --project-type=wordpress --project-name=${{ env.WP_VERSION_CODE }} --php-version=${{ matrix.php-version }} --webserver-type=nginx-fpm

      - name: Disable automatic update
        run: |
          # @see https://wordpress.org/documentation/article/configuring-automatic-background-updates/#constant-to-disable-all-updates
          sed -i -e 's/#ddev-generated//g' wp-config-ddev.php
          echo "define( 'AUTOMATIC_UPDATER_DISABLED', true );" >> wp-config-ddev.php

      - name: Add Redis, Memcached, Crowdsec and Playwright
        run: |
          ddev get ddev/ddev-redis
          ddev get ddev/ddev-memcached
          ddev get julienloizelet/ddev-playwright
          # override redis.conf
          ddev get julienloizelet/ddev-tools
          ddev get julienloizelet/ddev-crowdsec-php

      - name: Start DDEV
        uses: nick-fields/retry@v3
        with:
          timeout_minutes: 5
          max_attempts: 3
          shell: bash
          command: |
            ddev start

      - name: Download WordPress
        run: ddev wp core download --version=${{ matrix.wp-version }}

      - name: Setup WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
        run: |
          ddev wp core install --url='https://${{ env.WP_VERSION_CODE }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='admin@admin.com'  

      - name: Clone ${{ env.EXTENSION_NAME }} files
        uses: actions/checkout@v4
        with:
          path: ${{ env.EXTENSION_PATH }}

      - name: Prepare for playwright test
        run: |
          ddev exec -s crowdsec apk add iproute2
          cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/wp_appsec_custom_upload.php wp_appsec_custom_upload.php
          cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-post.html | ddev wp post create --post_type=page --post_status=publish --post_title="AppSec" - 
          cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-upload.html | ddev wp post create --post_type=page --post_status=publish --post_title="AppSec Upload" -
          ddev wp rewrite structure "/%postname%/"
          mkdir -p crowdsec/tls
          mkdir -p crowdsec/geolocation
          cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-with-wordpress-load.php cache-actions.php
          cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls
          ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation
          ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation
          cd crowdsec/geolocation
          sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
          sha256sum -c GeoLite2-City.tar.gz.sha256.txt
          tar -xf GeoLite2-Country.tar.gz
          tar -xf GeoLite2-City.tar.gz
          rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
          cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__
          chmod +x test-init.sh
          ./test-init.sh
          chmod +x run-tests.sh   

      - name: Some DEBUG information
        run: |
          ddev --version
          ddev exec php -v
          ddev exec -s crowdsec crowdsec -version

      - name: Activate plugin with wp
        run: ddev wp plugin install crowdsec --activate

      - name: Configure CrowdSec and Wordpress bouncer plugin
        run: |
          ddev crowdsec-config

      - name: Prepare auto-prepend-file mode test suite
        run: |
          cd ${{ github.workspace }}/.ddev
          ddev nginx-config okaeli-add-on/wordpress/custom_files/crowdsec/crowdsec-prepend-nginx-site.conf

      - name: Verify auto_prepend_file directive
        run: |
          cd ${{ github.workspace }}
          cp .ddev/okaeli-add-on/common/custom_files/phpinfo.php phpinfo.php
          curl -v https://${{ env.WP_VERSION_CODE }}.ddev.site/phpinfo.php
          PREPENDVERIF=$(curl https://${{ env.WP_VERSION_CODE }}.ddev.site/phpinfo.php | grep -o -E "auto_prepend_file=(.*)php(.*)" | sed 's/<\/tr>//g; s/<\/td>//g;' | tr '\n' '#')
          if [[ $PREPENDVERIF == "auto_prepend_file=/var/www/html/wp-content/plugins/crowdsec/inc/standalone-bounce.php#auto_prepend_file=/var/www/html/wp-content/plugins/crowdsec/inc/standalone-bounce.php#" ]]
          then
              echo "AUTO PREPEND FILE OK"
          else
              echo "AUTO PREPEND FILE KO"
              echo $PREPENDVERIF
              exit 1
          fi

      - name: Enable Plugin auto_prepend_file mode
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 10-enable-autoprependfile-mode.js

      - name: Run Live mode remediation tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 2-live-mode-remediations.js

      - name: Run more Live mode remediation tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 3-live-mode-more.js

      - name: Run Live mode cache tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 4-live-mode-cache.js

      - name: Prepare cron usage
        run: |
          sed -i  's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php

      - name: Run Stream mode tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 5-stream-mode.js

      - name: Run Redis tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 6-redis.js

      - name: Run Memcached tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 7-memcached.js

      - name: Run Geolocation tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 8-geolocation.js

      - name: Run AppSec tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 11-appsec.js

      - name: Prepare CrowdSec for AppSec timeout tests
        run: ddev exec -s crowdsec tc qdisc add dev eth0 root netem delay 500ms

      - name: Run AppSec timeout tests
        uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
        with:
          test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
          file_path: 12-appsec-timeout.js

      - name: Check tested version
        run: |
          CURRENT_VERSION=$(ddev wp core version)
          if [[ ${{ matrix.wp-version }} == $CURRENT_VERSION ]]
          then
              echo "Tested version was as expected"
          else
              echo "Tested version was not as expected"
              echo $CURRENT_VERSION
              echo ${{ matrix.wp-version }}
              exit 1
          fi