Skip to content

feat(*): Add AppSec support (#157) #17

feat(*): Add AppSec support (#157)

feat(*): Add AppSec support (#157) #17

name: End-to-end multisite
on:
push:
branches:
- main
paths-ignore:
- '**.md'
workflow_dispatch:
inputs:
debug_enabled:
type: boolean
description: Debug with tmate
default: false
permissions:
contents: read
env:
# Allow ddev get to use a GitHub token to prevent rate limiting by tests
DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
end-to-end-multisite:
strategy:
fail-fast: false
matrix:
wp-version: [ "4.9", "5.9", "6.6" ]
php-version: [ "7.2" ]
subsite: ["site1", "site2"]
name: End-to-end Multisite
runs-on: ubuntu-latest
if: ${{ !contains(github.event.head_commit.message, 'chore(') }}
env:
EXTENSION_NAME: "CrowdSec_Bouncer"
EXTENSION_PATH: "wp-content/plugins/crowdsec"
steps:
- name: Install DDEV
# @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
run: |
curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null
echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
sudo apt-get -q update
sudo apt-get -q -y install libnss3-tools ddev
mkcert -install
ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent
- name: Set WP_VERSION_CODE env
# used in some directory path and conventional file naming
# Example : 5.6.5 => wp565
run: |
echo "WP_VERSION_CODE=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_ENV
- name: Create empty WordPress DDEV project (with Apache)
run: ddev config --project-type=wordpress --project-name=${{ env.WP_VERSION_CODE }} --php-version=${{ matrix.php-version }} --webserver-type=apache-fpm
- name: Disable automatic update
run: |
# @see https://wordpress.org/documentation/article/configuring-automatic-background-updates/#constant-to-disable-all-updates
sed -i -e 's/#ddev-generated//g' wp-config-ddev.php
echo "define( 'AUTOMATIC_UPDATER_DISABLED', true );" >> wp-config-ddev.php
- name: Disable DDEV config
run: |
sed -i -e 's/#ddev-generated//g' wp-config.php
- name: Add Redis, Memcached, Crowdsec and Playwright
run: |
ddev get ddev/ddev-redis
ddev get ddev/ddev-memcached
ddev get julienloizelet/ddev-playwright
# override redis.conf
ddev get julienloizelet/ddev-tools
ddev get julienloizelet/ddev-crowdsec-php
- name: Start DDEV
uses: nick-fields/retry@v3
with:
timeout_minutes: 5
max_attempts: 3
shell: bash
command: |
ddev start
- name: Download WordPress
run: ddev wp core download --version=${{ matrix.wp-version }}
- name: Setup Multisite WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
run: |
ddev wp core multisite-install --url='https://${{ env.WP_VERSION_CODE }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='admin@admin.com'
- name: Copy multisite .htaccess
run: cp .ddev/okaeli-add-on/wordpress/custom_files/.htaccess-multisite-subfolder .htaccess
- name: Create sub sites
run: |
ddev wp site create --slug="site1" --title="WordPress Site1"
ddev wp site create --slug="site2" --title="WordPress Site2"
- name: Clone ${{ env.EXTENSION_NAME }} files
uses: actions/checkout@v4
with:
path: ${{ env.EXTENSION_PATH }}
- name: Prepare for playwright test
run: |
ddev exec -s crowdsec apk add iproute2
cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-post.html | ddev wp post create --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site1' --post_type=page --post_status=publish --post_title="AppSec" -
cat .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/html/appsec-post.html | ddev wp post create --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site2' --post_type=page --post_status=publish --post_title="AppSec" -
ddev wp rewrite structure "/%postname%/" --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site1'
ddev wp rewrite structure "/%postname%/" --url='https://${{ env.WP_VERSION_CODE }}.ddev.site/site2'
mkdir -p crowdsec/tls
mkdir -p crowdsec/geolocation
cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-with-wordpress-load.php cache-actions.php
cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls
ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation
ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation
cd crowdsec/geolocation
sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
sha256sum -c GeoLite2-City.tar.gz.sha256.txt
tar -xf GeoLite2-Country.tar.gz
tar -xf GeoLite2-City.tar.gz
rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__
chmod +x test-init.sh
./test-init.sh
chmod +x run-tests.sh
- name: Some DEBUG information
run: |
ddev --version
ddev exec php -v
ddev exec -s crowdsec crowdsec -version
- name: Run Plugin activation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 1-activate-plugin.js
subsite: ${{ matrix.subsite }}
- name: Configure CrowdSec and Wordpress bouncer plugin
run: |
ddev crowdsec-config
- name: Run Live mode remediation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 2-live-mode-remediations.js
subsite: ${{ matrix.subsite }}
- name: Run more Live mode remediation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 3-live-mode-more.js
subsite: ${{ matrix.subsite }}
- name: Run Live mode cache tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 4-live-mode-cache.js
subsite: ${{ matrix.subsite }}
- name: Prepare cron usage
run: |
sed -i 's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php
- name: Run Stream mode tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 5-stream-mode.js
subsite: ${{ matrix.subsite }}
- name: Run Redis tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 6-redis.js
subsite: ${{ matrix.subsite }}
- name: Run Memcached tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 7-memcached.js
subsite: ${{ matrix.subsite }}
- name: Run Geolocation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 8-geolocation.js
subsite: ${{ matrix.subsite }}
- name: Run AppSec tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 11-appsec.js
subsite: ${{ matrix.subsite }}
- name: Prepare CrowdSec for AppSec timeout tests
run: ddev exec -s crowdsec tc qdisc add dev eth0 root netem delay 500ms
- name: Run AppSec timeout tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 12-appsec-timeout.js
subsite: ${{ matrix.subsite }}
- name: Check tested version
run: |
CURRENT_VERSION=$(ddev wp core version)
if [[ ${{ matrix.wp-version }} == $CURRENT_VERSION ]]
then
echo "Tested version was as expected"
else
echo "Tested version was not as expected"
echo $CURRENT_VERSION
echo ${{ matrix.wp-version }}
exit 1
fi
- name: tmate debugging session
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
github-token: ${{ secrets.GITHUB_TOKEN }}
timeout-minutes: 15
if: failure() && github.event.inputs.debug_enabled == 'true'