QA: 1.2.29 Security Updates (#6074) #3524
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# +-------------------------------------------------------------------------+ | |
# | Copyright (C) 2004-2024 The Cacti Group | | |
# | | | |
# | This program is free software; you can redistribute it and/or | | |
# | modify it under the terms of the GNU General Public License | | |
# | as published by the Free Software Foundation; either version 2 | | |
# | of the License, or (at your option) any later version. | | |
# | | | |
# | This program is distributed in the hope that it will be useful, | | |
# | but WITHOUT ANY WARRANTY; without even the implied warranty of | | |
# | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | |
# | GNU General Public License for more details. | | |
# +-------------------------------------------------------------------------+ | |
# | Cacti: The Complete RRDtool-based Graphing Solution | | |
# +-------------------------------------------------------------------------+ | |
# | This code is designed, written, and maintained by the Cacti Group. See | | |
# | about.php and/or the AUTHORS file for specific developer information. | | |
# +-------------------------------------------------------------------------+ | |
# | http://www.cacti.net/ | | |
# +-------------------------------------------------------------------------+ | |
name: Cacti Commit Audit | |
on: | |
push: | |
branches: [ 1.2.x ] | |
pull_request: | |
branches: [ 1.2.x ] | |
permissions: | |
contents: read | |
concurrency: | |
group: build-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
check: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] #ubuntu-20.04.04 currently | |
php: ['5.4','7.0','7.4', '8.0', '8.1', '8.2'] | |
experimental: [false] | |
services: | |
mysql: | |
image: mysql:latest | |
env: | |
MYSQL_DATABASE: cacti | |
MYSQL_HOST: 127.0.0.1 | |
MYSQL_USER: cactiuser | |
MYSQL_PASSWORD: cactiuser | |
MYSQL_ROOT_PASSWORD: cactiroot | |
ports: | |
- 3306:3306 | |
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 | |
name: PHP ${{ matrix.php }} Test on ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install PHP ${{ matrix.php }} | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.php }} | |
extensions: intl, mysql, gd, ldap, gmp, xml, curl, json, mbstring #optional | |
ini-values: "post_max_size=256M, max_execution_time=60, date.timezone=America/New_York" #optional | |
- name: Check PHP version | |
run: php -v | |
- name: Checkout Thold Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_thold' | |
- name: Checkout Monitor Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_monitor' | |
- name: Checkout MacTrack Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_mactrack' | |
- name: Checkout FlowView Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_flowview' | |
- name: Checkout Audit Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_audit' | |
- name: Checkout Syslog Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_syslog' | |
- name: Move Plugins to Plugin Directory | |
run: | | |
mv plugin_thold ${{ github.workspace }}/plugins/thold | |
mv plugin_monitor ${{ github.workspace }}/plugins/monitor | |
mv plugin_mactrack ${{ github.workspace }}/plugins/mactrack | |
mv plugin_audit ${{ github.workspace }}/plugins/audit | |
mv plugin_flowview ${{ github.workspace }}/plugins/flowview | |
mv plugin_syslog ${{ github.workspace }}/plugins/syslog | |
# With syslog we have to enable batch installs using the lines below | |
cd ${{ github.workspace }}/plugins/syslog | |
cp -p config.php.dist config.php | |
sed -i 's/\/\/\$syslog_install_options/\$syslog_install_options/g' config.php | |
- name: Check PHP syntax | |
run: if find ${{ github.workspace }} -name '*.php' -exec php -l {} 2>&1 \; | grep -iv 'no syntax errors detected'; then exit 1; fi | |
- name: Install php-fpm | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
env: | |
version: ${{ matrix.php }} | |
run: | | |
sudo service php$version-fpm start | |
sudo service php$version-fpm status | |
- name: Test php-fpm | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
env: | |
version: ${{ matrix.php }} | |
run: | | |
# Copy php-fpm to a directory in PATH | |
sudo cp /usr/sbin/php-fpm$version /usr/bin/php-fpm | |
php-fpm -v | |
- name: Install Apache and tools | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: sudo apt-get install apache2 snmp rrdtool | |
- name: Enable Proxy FCGI | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: sudo a2enmod proxy_fcgi setenvif actions alias | |
- name: Configure Apache Site | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cat ${{ github.workspace }}/tests/tools/cacti.conf | sed -r 's#GITHUB_WORKSPACE#${{ github.workspace }}#g' > /tmp/cacti.conf | |
sudo cp /tmp/cacti.conf /etc/apache2/sites-available/000-default.conf | |
- name: Open permissions for testing purposes | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: sudo chmod -R 777 ${{ github.workspace}} | |
- name: Restart Apache2 | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: sudo systemctl restart apache2 | |
- name: Create and Initialize Database | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
env: | |
MYSQL_AUTH_USR: '--defaults-file=~/.my.cnf' | |
run: | | |
echo -e "[client]\nuser = root\npassword = cactiroot\nhost = 127.0.0.1\n" >> ~/.my.cnf | |
cat ~/.my.cnf | |
mysql $MYSQL_AUTH_USR -e 'CREATE DATABASE IF NOT EXISTS cacti;' | |
mysql $MYSQL_AUTH_USR -e "CREATE USER 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';" | |
mysql $MYSQL_AUTH_USR -e "GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost';" | |
mysql $MYSQL_AUTH_USR -e "FLUSH PRIVILEGES;" | |
mysql $MYSQL_AUTH_USR cacti < ${{ github.workspace }}/cacti.sql | |
mysql $MYSQL_AUTH_USR -e "INSERT INTO settings (name, value) VALUES ('path_php_binary', '/bin/php')" cacti | |
- name: Prime Cacti config.php File | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cat ${{ github.workspace }}/include/config.php.dist | sed -r "s/localhost/127.0.0.1/g" > ${{ github.workspace }}/include/config.php | |
sudo chmod 777 ${{ github.workspace }}/include/config.php | |
cat ${{ github.workspace}}/include/config.php | |
- name: Check install code for validity | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cd ${{ github.workspace }} | |
sudo php -q tests/tools/check_install_code.php | |
- name: Check that all CLI scripts have a valid --version flag | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cd ${{ github.workspace }} | |
sudo bash tests/tools/check_cli_version.sh | |
- name: Install Cacti through the CLI | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cd ${{ github.workspace }} | |
sudo php cli/install_cacti.php --accept-eula --install --force | |
- name: Install and Enable Plugins | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cd ${{ github.workspace }} | |
sudo php cli/plugin_manage.php --plugin=thold --plugin=monitor --plugin=mactrack --plugin=audit --plugin=flowview --plugin=syslog --install --enable --allperms | |
- name: Check all pages using recursive wget | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: | | |
cd ${{ github.workspace }} | |
echo -e "[client]\nuser = root\npassword = cactiroot\nhost = 127.0.0.1\n" > ${{ github.workspace }}/.my.cnf | |
sudo tests/tools/check_all_pages.sh | |
- name: View contents of logs | |
if: ${{ '5.4' != matrix.php && '7.0' != matrix.php }} # removed old php from page tests | |
run: sudo cat ${{ github.workspace }}/log/cacti.log | |
# - name: Validate composer.json and composer.lock | |
# run: composer validate --strict | |
# - name: Cache Composer packages | |
# id: composer-cache | |
# uses: actions/cache@v3 | |
# with: | |
# path: vendor | |
# key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | |
# restore-keys: | | |
# ${{ runner.os }}-php- | |
# | |
# - name: Install dependencies | |
# run: composer install --prefer-dist --no-progress | |
# Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit" | |
# Docs: https://getcomposer.org/doc/articles/scripts.md | |
# - name: Run test suite | |
# run: composer run-script test |