From bbce73f1a7937fde392ae88ca7ccf8c9f542d1c9 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Tue, 21 Mar 2023 16:51:39 +0100 Subject: [PATCH 01/11] Automate audit through graphql-http - https://github.com/graphql/graphql-http/pull/63 - https://github.com/graphql/graphql-http/pull/60 --- .gitattributes | 1 + Makefile | 3 +++ audit/docker-compose.yml | 12 ++++++++++++ audit/test.ts | 24 ++++++++++++++++++++++++ 4 files changed, 40 insertions(+) create mode 100644 audit/docker-compose.yml create mode 100644 audit/test.ts diff --git a/.gitattributes b/.gitattributes index 42c9ffc9a1..db06916b1a 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,6 +1,7 @@ * text=auto /.github export-ignore +/audit export-ignore /benchmarks export-ignore /docs export-ignore /tests export-ignore diff --git a/Makefile b/Makefile index d4012b3285..e0db58a080 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,9 @@ php-cs-fixer: up ## Fix code style stan: up ## Runs static analysis ${dcphp} vendor/bin/phpstan +.PHONY: audit + deno test --allow-net audit + .PHONY: test test: up ## Runs tests with PHPUnit ${dcphp} vendor/bin/phpunit diff --git a/audit/docker-compose.yml b/audit/docker-compose.yml new file mode 100644 index 0000000000..514b1f9593 --- /dev/null +++ b/audit/docker-compose.yml @@ -0,0 +1,12 @@ +services: + php: + build: + context: . + dockerfile: php.dockerfile + args: + USER: $USER + volumes: + - ./:/workdir + security_opt: + - label:disable + tty: true diff --git a/audit/test.ts b/audit/test.ts new file mode 100644 index 0000000000..77d575096a --- /dev/null +++ b/audit/test.ts @@ -0,0 +1,24 @@ +import { serverAudits } from "npm:graphql-http"; + +for ( + const audit of serverAudits({ + url: "http://localhost:8000/graphql", + fetchFn: fetch, + }) +) { + Deno.test( + audit.name, + // TODO remove when https://github.com/graphql/graphql-http/pull/63#discussion_r1143599460 gets fixed + { sanitizeResources: false }, + async () => { + const result = await audit.fn(); + if (result.status === "error") { + throw result.reason; + } + if (result.status === "warn") { + console.warn(result.reason); // or throw if you want full compliance (warnings are not requirements) + } + // result.status === 'ok' + }, + ); +} From 3820cc3b88dbf3a5867ae99761da477095f7bfc8 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 10:41:13 +0100 Subject: [PATCH 02/11] audit --- Makefile | 5 +---- audit/.gitignore | 1 + audit/Makefile | 39 +++++++++++++++++++++++++++++++++++++++ audit/client.dockerfile | 3 +++ audit/docker-compose.yml | 16 ++++++++++------ audit/server.dockerfile | 23 +++++++++++++++++++++++ audit/test.ts | 12 ++++++++---- 7 files changed, 85 insertions(+), 14 deletions(-) create mode 100644 audit/.gitignore create mode 100644 audit/Makefile create mode 100644 audit/client.dockerfile create mode 100644 audit/server.dockerfile diff --git a/Makefile b/Makefile index e0db58a080..29b0bd704c 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ build: ## Build the local Docker containers .PHONY: up up: ## Bring up the docker-compose stack - docker-compose up -d + docker-compose up --detach .PHONY: fix fix: rector php-cs-fixer ## Automatic code fixes @@ -30,9 +30,6 @@ php-cs-fixer: up ## Fix code style stan: up ## Runs static analysis ${dcphp} vendor/bin/phpstan -.PHONY: audit - deno test --allow-net audit - .PHONY: test test: up ## Runs tests with PHPUnit ${dcphp} vendor/bin/phpunit diff --git a/audit/.gitignore b/audit/.gitignore new file mode 100644 index 0000000000..6750dba93d --- /dev/null +++ b/audit/.gitignore @@ -0,0 +1 @@ +/app diff --git a/audit/Makefile b/audit/Makefile new file mode 100644 index 0000000000..2848472b2b --- /dev/null +++ b/audit/Makefile @@ -0,0 +1,39 @@ +dcserver=$$(echo "docker-compose exec server") +dcapp=$$(echo "docker-compose exec --workdir=/workdir/audit/app server") +dcclient=$$(echo "docker-compose exec client") + +.PHONY: help +help: ## Displays this list of targets with descriptions + @grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(firstword $(MAKEFILE_LIST)) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[32m%-30s\033[0m %s\n", $$1, $$2}' + +.PHONY: setup +setup: build app app/vendor ## Setup the local environment + +.PHONY: build +build: ## Build the local Docker containers + docker-compose build --pull --build-arg USER_ID=$(shell id -u) --build-arg GROUP_ID=$(shell id -g) + +app: up ## Install the app + ${dcserver} rm -rf audit/app + ${dcserver} composer create-project laravel/laravel audit/app + +app/vendor: up ## Install the app dependencies + ${dcapp} composer require nuwave/lighthouse:dev-master + ${dcapp} rsync -r /workdir/ /workdir/audit/app/vendor/nuwave/lighthouse --exclude audit --exclude docs --exclude vendor --exclude .idea --exclude .git --delete + ${dcapp} php artisan vendor:publish --tag=lighthouse-schema + +.PHONY: up +up: ## Bring up the docker-compose stack + docker-compose up --detach + +.PHONY: serve +serve: up ## Run the HTTP server + ${dcapp} php artisan serve --host=0.0.0.0 + +.PHONY: audit +audit: up ## Runs tests with PHPUnit + ${dcclient} deno test --allow-net + +.PHONY: fmt +fmt: up ## Runs tests with PHPUnit + ${dcclient} deno fmt test.ts diff --git a/audit/client.dockerfile b/audit/client.dockerfile new file mode 100644 index 0000000000..47144b28fc --- /dev/null +++ b/audit/client.dockerfile @@ -0,0 +1,3 @@ +FROM denoland/deno:1.31.3 + +WORKDIR /workdir diff --git a/audit/docker-compose.yml b/audit/docker-compose.yml index 514b1f9593..ba397107b8 100644 --- a/audit/docker-compose.yml +++ b/audit/docker-compose.yml @@ -1,12 +1,16 @@ services: - php: + server: build: context: . - dockerfile: php.dockerfile - args: - USER: $USER + dockerfile: server.dockerfile + volumes: + - ../:/workdir + tty: true + client: + build: + context: . + dockerfile: client.dockerfile volumes: - ./:/workdir - security_opt: - - label:disable + entrypoint: /bin/bash tty: true diff --git a/audit/server.dockerfile b/audit/server.dockerfile new file mode 100644 index 0000000000..f56060919f --- /dev/null +++ b/audit/server.dockerfile @@ -0,0 +1,23 @@ +FROM php:8.1-cli + +WORKDIR /workdir + +COPY --from=composer /usr/bin/composer /usr/bin/composer + +RUN apt-get update && \ + apt-get install --yes \ + git \ + rsync \ + libzip-dev \ + zip \ + && docker-php-ext-install \ + zip \ + && rm -rf /var/lib/apt/lists/* + +ARG USER_ID +ARG GROUP_ID +RUN if [ ${USER_ID:-0} -ne 0 ] && [ ${GROUP_ID:-0} -ne 0 ]; then \ + groupadd --force --gid ${GROUP_ID} lighthouse &&\ + useradd --no-log-init --create-home --uid ${USER_ID} --gid ${GROUP_ID} lighthouse \ +;fi +USER lighthouse diff --git a/audit/test.ts b/audit/test.ts index 77d575096a..898d29eabc 100644 --- a/audit/test.ts +++ b/audit/test.ts @@ -2,23 +2,27 @@ import { serverAudits } from "npm:graphql-http"; for ( const audit of serverAudits({ - url: "http://localhost:8000/graphql", + url: "http://server:8000/graphql", fetchFn: fetch, }) ) { + // if (audit.name !== 'MUST accept application/json and match the content-type') continue; Deno.test( audit.name, - // TODO remove when https://github.com/graphql/graphql-http/pull/63#discussion_r1143599460 gets fixed - { sanitizeResources: false }, + // { sanitizeResources: false }, async () => { const result = await audit.fn(); + // Clean up dangling resources + console.log(result); + if ("response" in result) { + await result.response.body?.cancel(); + } if (result.status === "error") { throw result.reason; } if (result.status === "warn") { console.warn(result.reason); // or throw if you want full compliance (warnings are not requirements) } - // result.status === 'ok' }, ); } From 35d5cfd0892c3d650e34678b6c43ca2f509ced91 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 10:55:02 +0100 Subject: [PATCH 03/11] add CI --- .github/workflows/validate.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d0e5cd4d00..ec8705d72a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -184,6 +184,18 @@ jobs: - name: "Upload to Codecov" uses: codecov/codecov-action@v2 + audit: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - run: | + cd audit + make setup + make serve & + make audit + benchmarks: runs-on: ubuntu-latest From 30dfcecccfffb87de4d270a637908bad6a1ffc6e Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:10:56 +0100 Subject: [PATCH 04/11] simplify --- audit/Makefile | 21 +++------------------ audit/client.dockerfile | 3 --- audit/docker-compose.yml | 12 ++++++++---- audit/server.dockerfile | 13 +++++-------- 4 files changed, 16 insertions(+), 33 deletions(-) delete mode 100644 audit/client.dockerfile diff --git a/audit/Makefile b/audit/Makefile index 2848472b2b..a9f814dc5c 100644 --- a/audit/Makefile +++ b/audit/Makefile @@ -1,35 +1,20 @@ -dcserver=$$(echo "docker-compose exec server") -dcapp=$$(echo "docker-compose exec --workdir=/workdir/audit/app server") -dcclient=$$(echo "docker-compose exec client") +dcclient=$$(echo "docker-compose exec -T client") .PHONY: help help: ## Displays this list of targets with descriptions @grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(firstword $(MAKEFILE_LIST)) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[32m%-30s\033[0m %s\n", $$1, $$2}' .PHONY: setup -setup: build app app/vendor ## Setup the local environment +setup: build ## Setup the local environment .PHONY: build build: ## Build the local Docker containers - docker-compose build --pull --build-arg USER_ID=$(shell id -u) --build-arg GROUP_ID=$(shell id -g) - -app: up ## Install the app - ${dcserver} rm -rf audit/app - ${dcserver} composer create-project laravel/laravel audit/app - -app/vendor: up ## Install the app dependencies - ${dcapp} composer require nuwave/lighthouse:dev-master - ${dcapp} rsync -r /workdir/ /workdir/audit/app/vendor/nuwave/lighthouse --exclude audit --exclude docs --exclude vendor --exclude .idea --exclude .git --delete - ${dcapp} php artisan vendor:publish --tag=lighthouse-schema + docker-compose build --pull .PHONY: up up: ## Bring up the docker-compose stack docker-compose up --detach -.PHONY: serve -serve: up ## Run the HTTP server - ${dcapp} php artisan serve --host=0.0.0.0 - .PHONY: audit audit: up ## Runs tests with PHPUnit ${dcclient} deno test --allow-net diff --git a/audit/client.dockerfile b/audit/client.dockerfile deleted file mode 100644 index 47144b28fc..0000000000 --- a/audit/client.dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM denoland/deno:1.31.3 - -WORKDIR /workdir diff --git a/audit/docker-compose.yml b/audit/docker-compose.yml index ba397107b8..4bb5406954 100644 --- a/audit/docker-compose.yml +++ b/audit/docker-compose.yml @@ -5,11 +5,15 @@ services: dockerfile: server.dockerfile volumes: - ../:/workdir - tty: true + entrypoint: 'php artisan serve --host=0.0.0.0' + healthcheck: + test: curl -f http://localhost:8000/graphql?query=%7B__typename%7D || exit 1 + interval: 3s + timeout: 1s + client: - build: - context: . - dockerfile: client.dockerfile + image: denoland/deno:1.31.3 + working_dir: /workdir volumes: - ./:/workdir entrypoint: /bin/bash diff --git a/audit/server.dockerfile b/audit/server.dockerfile index f56060919f..e0bbf01aba 100644 --- a/audit/server.dockerfile +++ b/audit/server.dockerfile @@ -1,6 +1,6 @@ FROM php:8.1-cli -WORKDIR /workdir +WORKDIR /app COPY --from=composer /usr/bin/composer /usr/bin/composer @@ -14,10 +14,7 @@ RUN apt-get update && \ zip \ && rm -rf /var/lib/apt/lists/* -ARG USER_ID -ARG GROUP_ID -RUN if [ ${USER_ID:-0} -ne 0 ] && [ ${GROUP_ID:-0} -ne 0 ]; then \ - groupadd --force --gid ${GROUP_ID} lighthouse &&\ - useradd --no-log-init --create-home --uid ${USER_ID} --gid ${GROUP_ID} lighthouse \ -;fi -USER lighthouse +RUN composer create-project laravel/laravel /app +RUN composer require nuwave/lighthouse:dev-master +COPY ../ /app/vendor/nuwave/lighthouse +RUN php artisan vendor:publish --tag=lighthouse-schema From e9e8077e79248116aec48af3402dd7c63fcbfbc9 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:11:11 +0100 Subject: [PATCH 05/11] simplify --- .github/workflows/validate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ec8705d72a..cf8393c9fa 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -193,7 +193,6 @@ jobs: - run: | cd audit make setup - make serve & make audit benchmarks: From 268bd2ec743ac598a029e78ac9e076654c03b137 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:19:46 +0100 Subject: [PATCH 06/11] fix context --- audit/docker-compose.yml | 6 ++---- audit/server.dockerfile | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/audit/docker-compose.yml b/audit/docker-compose.yml index 4bb5406954..f9fba61799 100644 --- a/audit/docker-compose.yml +++ b/audit/docker-compose.yml @@ -1,10 +1,8 @@ services: server: build: - context: . - dockerfile: server.dockerfile - volumes: - - ../:/workdir + context: ../ + dockerfile: audit/server.dockerfile entrypoint: 'php artisan serve --host=0.0.0.0' healthcheck: test: curl -f http://localhost:8000/graphql?query=%7B__typename%7D || exit 1 diff --git a/audit/server.dockerfile b/audit/server.dockerfile index e0bbf01aba..14afca3ad0 100644 --- a/audit/server.dockerfile +++ b/audit/server.dockerfile @@ -16,5 +16,5 @@ RUN apt-get update && \ RUN composer create-project laravel/laravel /app RUN composer require nuwave/lighthouse:dev-master -COPY ../ /app/vendor/nuwave/lighthouse +COPY . /app/vendor/nuwave/lighthouse RUN php artisan vendor:publish --tag=lighthouse-schema From 457fe1dfbc391a2c5c2313fc44763fd0ba6f0d0c Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:22:29 +0100 Subject: [PATCH 07/11] cleanup --- audit/.gitignore | 1 - 1 file changed, 1 deletion(-) delete mode 100644 audit/.gitignore diff --git a/audit/.gitignore b/audit/.gitignore deleted file mode 100644 index 6750dba93d..0000000000 --- a/audit/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/app From 0960336a2c618581f551c86839c49fd25b02949d Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:23:04 +0100 Subject: [PATCH 08/11] omit fetch --- audit/test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/audit/test.ts b/audit/test.ts index 898d29eabc..174d2d735b 100644 --- a/audit/test.ts +++ b/audit/test.ts @@ -3,7 +3,6 @@ import { serverAudits } from "npm:graphql-http"; for ( const audit of serverAudits({ url: "http://server:8000/graphql", - fetchFn: fetch, }) ) { // if (audit.name !== 'MUST accept application/json and match the content-type') continue; From 2577001ede9e14e9289c874d003f0e571081a2c7 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:25:58 +0100 Subject: [PATCH 09/11] discrete --- .github/workflows/validate.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index cf8393c9fa..1524a77a3b 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -187,13 +187,16 @@ jobs: audit: runs-on: ubuntu-latest + defaults: + run: + working-directory: audit + steps: - uses: actions/checkout@v3 - - run: | - cd audit - make setup - make audit + - run: make setup + + - run: make audit benchmarks: runs-on: ubuntu-latest From 18e66be0f519db92d56eb1024410b4db43ac05f2 Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:31:33 +0100 Subject: [PATCH 10/11] No cleanup --- audit/test.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/audit/test.ts b/audit/test.ts index 174d2d735b..345b6b63c4 100644 --- a/audit/test.ts +++ b/audit/test.ts @@ -13,9 +13,9 @@ for ( const result = await audit.fn(); // Clean up dangling resources console.log(result); - if ("response" in result) { - await result.response.body?.cancel(); - } + // if ("response" in result) { + // await result.response.body?.cancel(); + // } if (result.status === "error") { throw result.reason; } From b0cb13679bb78b3299fa4a7a1ccc724b3021e9da Mon Sep 17 00:00:00 2001 From: Benedikt Franke Date: Wed, 22 Mar 2023 11:49:28 +0100 Subject: [PATCH 11/11] --no-progress --- audit/server.dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audit/server.dockerfile b/audit/server.dockerfile index 14afca3ad0..d0c05c0ae1 100644 --- a/audit/server.dockerfile +++ b/audit/server.dockerfile @@ -14,7 +14,7 @@ RUN apt-get update && \ zip \ && rm -rf /var/lib/apt/lists/* -RUN composer create-project laravel/laravel /app -RUN composer require nuwave/lighthouse:dev-master +RUN composer create-project --no-progress laravel/laravel /app +RUN composer require --no-progress nuwave/lighthouse:dev-master COPY . /app/vendor/nuwave/lighthouse RUN php artisan vendor:publish --tag=lighthouse-schema