QA: Merging Security Updates from 1.2.x into develop #3526
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# +-------------------------------------------------------------------------+ | |
# | Copyright (C) 2004-2024 The Cacti Group | | |
# | | | |
# | This program is free software; you can redistribute it and/or | | |
# | modify it under the terms of the GNU General Public License | | |
# | as published by the Free Software Foundation; either version 2 | | |
# | of the License, or (at your option) any later version. | | |
# | | | |
# | This program is distributed in the hope that it will be useful, | | |
# | but WITHOUT ANY WARRANTY; without even the implied warranty of | | |
# | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | |
# | GNU General Public License for more details. | | |
# +-------------------------------------------------------------------------+ | |
# | Cacti: The Complete RRDtool-based Graphing Solution | | |
# +-------------------------------------------------------------------------+ | |
# | This code is designed, written, and maintained by the Cacti Group. See | | |
# | about.php and/or the AUTHORS file for specific developer information. | | |
# +-------------------------------------------------------------------------+ | |
# | http://www.cacti.net/ | | |
# +-------------------------------------------------------------------------+ | |
name: Cacti Commit Audit | |
on: | |
push: | |
branches: [ 1.2.x, develop ] | |
pull_request: | |
branches: [ 1.2.x, develop ] | |
permissions: | |
contents: read | |
concurrency: | |
group: build-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
check: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] #ubuntu-20.04.04 currently | |
php: ['8.1', '8.2', '8.3'] | |
experimental: [false] | |
services: | |
mysql: | |
image: mysql:latest | |
env: | |
MYSQL_DATABASE: cacti | |
MYSQL_HOST: 127.0.0.1 | |
MYSQL_USER: cactiuser | |
MYSQL_PASSWORD: cactiuser | |
MYSQL_ROOT_PASSWORD: cactiroot | |
ports: | |
- 3306:3306 | |
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 | |
name: PHP ${{ matrix.php }} Test on ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install PHP ${{ matrix.php }} | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.php }} | |
extensions: intl, mysql, gd, ldap, gmp, xml, curl, json, mbstring #optional | |
ini-values: "post_max_size=256M, max_execution_time=60, date.timezone=America/New_York" #optional | |
- name: Check PHP version | |
run: php -v | |
- name: Checkout Thold Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_thold' | |
- name: Checkout Monitor Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_monitor' | |
- name: Checkout MacTrack Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_mactrack' | |
- name: Checkout FlowView Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_flowview' | |
- name: Checkout Audit Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_audit' | |
- name: Checkout Syslog Plugin | |
uses: GuillaumeFalourd/clone-github-repo-action@v2 | |
with: | |
owner: 'Cacti' | |
repository: 'plugin_syslog' | |
- name: Move Plugins to Plugin Directory | |
run: | | |
mv plugin_thold ${{ github.workspace }}/plugins/thold | |
mv plugin_monitor ${{ github.workspace }}/plugins/monitor | |
mv plugin_mactrack ${{ github.workspace }}/plugins/mactrack | |
mv plugin_audit ${{ github.workspace }}/plugins/audit | |
mv plugin_flowview ${{ github.workspace }}/plugins/flowview | |
mv plugin_syslog ${{ github.workspace }}/plugins/syslog | |
# With syslog we have to enable batch installs using the lines below | |
cd ${{ github.workspace }}/plugins/syslog | |
cp -p config.php.dist config.php | |
sed -i 's/\/\/\$syslog_install_options/\$syslog_install_options/g' config.php | |
- name: Check PHP syntax | |
run: if find ${{ github.workspace }} -name '*.php' -exec php -l {} 2>&1 \; | grep -iv 'no syntax errors detected'; then exit 1; fi | |
- name: Install Apache and tools | |
run: sudo apt-get -y install apache2 snmp rrdtool fping bash libapache2-mod-php${{ matrix.php }} | |
- name: Open permissions for testing purposes | |
run: sudo chmod -R 777 ${{ github.workspace}} | |
- name: Restart Apache2 | |
run: sudo systemctl restart apache2 | |
- name: Setup the Cacti Root | |
run: | | |
sudo cp -rp ${{ github.workspace }} /var/www/html | |
sudo chown -R www-data:www-data /var/www/html/cacti | |
- name: Create and Initialize Database | |
env: | |
MYSQL_AUTH_USR: '--defaults-file=~/.my.cnf' | |
run: | | |
echo -e "[client]\nuser = root\npassword = cactiroot\nhost = 127.0.0.1\n" >> ~/.my.cnf | |
cat ~/.my.cnf | |
mysql $MYSQL_AUTH_USR -e 'CREATE DATABASE IF NOT EXISTS cacti;' | |
mysql $MYSQL_AUTH_USR -e "CREATE USER 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';" | |
mysql $MYSQL_AUTH_USR -e "GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost';" | |
mysql $MYSQL_AUTH_USR -e "FLUSH PRIVILEGES;" | |
mysql $MYSQL_AUTH_USR cacti < ${{ github.workspace }}/cacti.sql | |
mysql $MYSQL_AUTH_USR -e "INSERT INTO settings (name, value) VALUES ('path_php_binary', '/bin/php')" cacti | |
- name: Prime Cacti config.php File | |
run: | | |
cat ${{ github.workspace }}/include/config.php.dist | sed -r "s/localhost/127.0.0.1/g" > ${{ github.workspace }}/include/config.php | |
sudo chmod 777 ${{ github.workspace }}/include/config.php | |
cat ${{ github.workspace}}/include/config.php | |
- name: Check install code for validity | |
run: | | |
cd ${{ github.workspace }} | |
sudo php -q tests/tools/check_install_code.php | |
- name: Check that all CLI scripts have a valid --version flag | |
run: | | |
cd ${{ github.workspace }} | |
sudo bash tests/tools/check_cli_version.sh | |
- name: Install Cacti through the CLI | |
run: | | |
cd ${{ github.workspace }} | |
sudo php cli/install_cacti.php --accept-eula --install --force | |
- name: Install and Enable Plugins | |
run: | | |
cd ${{ github.workspace }} | |
sudo php cli/plugin_manage.php --plugin=thold --plugin=monitor --plugin=mactrack --plugin=audit --plugin=flowview --plugin=syslog --install --enable --allperms | |
- name: Check all pages using recursive wget | |
run: | | |
cd ${{ github.workspace }} | |
echo -e "[client]\nuser = root\npassword = cactiroot\nhost = 127.0.0.1\n" > ${{ github.workspace }}/.my.cnf | |
sudo tests/tools/check_all_pages.sh | |
- name: View contents of logs | |
run: sudo cat ${{ github.workspace }}/log/cacti.log | |
# - name: Validate composer.json and composer.lock | |
# run: composer validate --strict | |
# - name: Cache Composer packages | |
# id: composer-cache | |
# uses: actions/cache@v3 | |
# with: | |
# path: vendor | |
# key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | |
# restore-keys: | | |
# ${{ runner.os }}-php- | |
# | |
# - name: Install dependencies | |
# run: composer install --prefer-dist --no-progress | |
# Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit" | |
# Docs: https://getcomposer.org/doc/articles/scripts.md | |
# - name: Run test suite | |
# run: composer run-script test |