Skip to content

Start working on escaping entities' output to avoid injections #30587

Start working on escaping entities' output to avoid injections

Start working on escaping entities' output to avoid injections #30587

Workflow file for this run

name: "GLPI CI"
on:
# Runs test suite when a new commit is pushed on "main" and "*/bugfixes" branches
# and when a new tag is created
push:
branches:
- main
- '*/bugfixes'
- 'feature/*'
- 'fix/*'
- 'security/*'
tags:
- '*'
# Runs test suite when a PR is opened or synchronyzed
pull_request:
# Runs test suite every night
schedule:
- cron: '0 0 * * *'
# Enable manual run
workflow_dispatch:
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
lint:
# Do not run scheduled lint on tier repositories
if: github.repository == 'glpi-project/glpi' || github.event_name != 'schedule'
name: "Lint on PHP ${{ matrix.php-version }}"
runs-on: "ubuntu-latest"
strategy:
fail-fast: false
matrix:
include:
- {php-version: "8.2"} # Lint on lower PHP version to detected too early usage of new syntaxes
- {php-version: "8.3"} # Lint on higher PHP version to detected deprecated elements usage
env:
COMPOSE_FILE: ".github/actions/docker-compose-app.yml"
APPLICATION_ROOT: "${{ github.workspace }}"
PHP_IMAGE: "githubactions-php-apache:${{ matrix.php-version }}"
UPDATE_FILES_ACL: true
steps:
- name: "Set env"
run: |
echo "APP_CONTAINER_HOME=${{ runner.temp }}/app_home" >> $GITHUB_ENV
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "Restore dependencies cache"
uses: actions/cache@v4
with:
path: |
${{ env.APP_CONTAINER_HOME }}/.composer/cache/
${{ env.APP_CONTAINER_HOME }}/.npm/_cacache/
key: "app_home_deps-${{ matrix.php-version }}-${{ hashFiles('composer.lock', 'package-lock.json') }}"
restore-keys: |
app_home_deps-${{ matrix.php-version }}-
app_home_deps-
- name: "Restore lint cache"
uses: actions/cache@v4
with:
path: |
${{ env.APP_CONTAINER_HOME }}/phpcs.cache
key: "app_home_lint-${{ matrix.php-version }}-${{ github.base_ref || github.ref }}"
restore-keys: |
app_home_lint-${{ matrix.php-version }}
app_home_lint-
- name: "Initialize containers"
run: |
.github/actions/init_containers-start.sh
- name: "Show versions"
run: |
.github/actions/init_show-versions.sh
- name: "Force used PHP version"
run: |
docker compose exec -T app composer config --unset platform.php
docker compose exec -T app composer require "php:>=${{ matrix.php-version }}" --ignore-platform-req=php+ --no-install --no-scripts
- name: "Build dependencies / translations"
run: |
docker compose exec -T app .github/actions/init_build.sh
- name: "PHP lint"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/lint_php-lint.sh
- name: "Twig lint"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/lint_twig-lint.sh
- name: "JS lint"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/lint_js-lint.sh
- name: "SCSS lint"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/lint_scss-lint.sh
- name: "Misc lint"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/lint_misc-lint.sh
generate-tests-matrix:
# Do not run scheduled tests on tier repositories
if: github.repository == 'glpi-project/glpi' || github.event_name != 'schedule'
name: "Generate tests matrix"
runs-on: "ubuntu-latest"
outputs:
matrix: ${{ steps.generate-matrix.outputs.matrix }}
steps:
- name: "Generate matrix"
id: "generate-matrix"
run: |
if [[ "${{ github.event_name }}" = "workflow_dispatch" || ( "${{ github.ref_type }}" = "branch" && "${{ github.ref_name }}" =~ ^(main|.*/bugfixes)$ ) || "${{ github.ref_type }}" = "tag" ]]; then
MATRIX='
{
"include": [
{"php-version": "8.3", "db-image": "mariadb:11.4"},
{"php-version": "8.3", "db-image": "mysql:8.4"},
{"php-version": "8.2", "db-image": "mariadb:11.4"},
{"php-version": "8.3", "db-image": "mariadb:10.5"},
{"php-version": "8.3", "db-image": "percona:8.0"}
]
}
'
else
MATRIX='
{
"include": [
{"php-version": "8.3", "db-image": "mariadb:11.4"},
{"php-version": "8.3", "db-image": "mysql:8.4"}
]
}
'
fi
echo "matrix=$(echo $MATRIX | jq -c .)" >> $GITHUB_OUTPUT
tests:
# Do not run scheduled tests on tier repositories
if: github.repository == 'glpi-project/glpi' || github.event_name != 'schedule'
name: "Test on PHP ${{ matrix.php-version }} using ${{ matrix.db-image }}"
needs: "generate-tests-matrix"
runs-on: "ubuntu-latest"
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.generate-tests-matrix.outputs.matrix) }}
env:
COMPOSE_FILE: ".github/actions/docker-compose-app.yml:.github/actions/docker-compose-services.yml"
APPLICATION_ROOT: "${{ github.workspace }}"
DB_IMAGE: "githubactions-${{ matrix.db-image }}"
PHP_IMAGE: "githubactions-php-apache:${{ matrix.php-version }}"
UPDATE_FILES_ACL: true
steps:
- name: "Set env"
run: |
echo "APP_CONTAINER_HOME=${{ runner.temp }}/app_home" >> $GITHUB_ENV
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "Restore dependencies cache"
uses: actions/cache@v4
with:
path: |
${{ env.APP_CONTAINER_HOME }}/.composer/cache/
${{ env.APP_CONTAINER_HOME }}/.npm/_cacache/
key: "app_home_deps-${{ matrix.php-version }}-${{ hashFiles('composer.lock', 'package-lock.json') }}"
restore-keys: |
app_home_deps-${{ matrix.php-version }}-
app_home_deps-
- name: "Initialize containers"
run: |
.github/actions/init_containers-start.sh
- name: "Show versions"
run: |
.github/actions/init_show-versions.sh
- name: "Build dependencies / translations"
run: |
docker compose exec -T app .github/actions/init_build.sh
- name: "Install DB tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_install.sh
- name: "Update DB tests (from 0.85.5, not using utf8mb4)"
if: "${{ success() || failure() }}"
run: |
.github/actions/init_initialize-0.85.5-db.sh
docker compose exec -T app .github/actions/test_update-from-older-version.sh
- name: "Update DB tests (from 9.5, using utf8mb4)"
if: "${{ success() || failure() }}"
run: |
.github/actions/init_initialize-9.5-db.sh
docker compose exec -T app .github/actions/test_update-from-9.5.sh
- name: "PHPUnit tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_tests-phpunit.sh
- name: "Functional tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_tests-functional.sh
- name: "Cache tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_tests-cache.sh
- name: "LDAP tests"
if: "${{ success() || failure() }}"
run: |
.github/actions/init_initialize-ldap-fixtures.sh
docker compose exec -T app .github/actions/test_tests-ldap.sh
- name: "IMAP tests"
if: "${{ success() || failure() }}"
run: |
.github/actions/init_initialize-imap-fixtures.sh
docker compose exec -T app .github/actions/test_tests-imap.sh
- name: "Javascript tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_javascript.sh
e2e:
# Do not run scheduled tests on tier repositories
if: github.repository == 'glpi-project/glpi' || github.event_name != 'schedule'
name: "E2E and web tests using latest PHP and MariaDB versions"
runs-on: "ubuntu-latest"
env:
COMPOSE_FILE: ".github/actions/docker-compose-app.yml:.github/actions/docker-compose-services.yml"
APPLICATION_ROOT: "${{ github.workspace }}"
DB_IMAGE: "githubactions-mariadb:10.11"
PHP_IMAGE: "githubactions-php-apache:8.3"
UPDATE_FILES_ACL: true
steps:
- name: "Set env"
run: |
echo "APP_CONTAINER_HOME=${{ runner.temp }}/app_home" >> $GITHUB_ENV
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "Restore dependencies cache"
uses: actions/cache@v4
with:
path: |
${{ env.APP_CONTAINER_HOME }}/.composer/cache/
${{ env.APP_CONTAINER_HOME }}/.npm/_cacache/
key: "app_home_deps-8.3-${{ hashFiles('composer.lock', 'package-lock.json') }}"
restore-keys: |
app_home_deps-8.3-
app_home_deps-
- name: "Initialize containers"
run: |
.github/actions/init_containers-start.sh
- name: "Show versions"
run: |
.github/actions/init_show-versions.sh
- name: "Build dependencies / translations"
run: |
docker compose exec -T app .github/actions/init_build.sh
- name: "Install DB tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_install.sh
- name: "WEB tests"
if: "${{ success() || failure() }}"
run: |
docker compose exec -T app .github/actions/test_tests-web.sh
- name: "E2E tests"
if: "${{ success() || failure() }}"
id: "e2e"
run: |
docker compose exec -T app .github/actions/test_tests-e2e.sh
- name: "Upload Cypress screenshots"
if: "${{ failure() && steps.e2e.conclusion == 'failure' }}"
uses: actions/upload-artifact@v4
with:
name: cypress-screenshots
path: tests/cypress/screenshots