Skip to content

Commit

Permalink
Merge pull request PrestaShop#60 from boubkerbribri/feat/pr-security
Browse files Browse the repository at this point in the history 
feat: add PR security testing without cache
  • Loading branch information
@boubkerbribri
boubkerbribri authored Jan 12, 2024
2 parents e205355 + c42be34 commit 0993471
Show file tree
Hide file tree
Showing 12 changed files with 338 additions and 8 deletions.
229 changes: 229 additions & 0 deletions .github/workflows/pr_security_test_one.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,229 @@
name: Testing Security PrestaShop pull requests (without cache)
on:
workflow_dispatch:
inputs:
GH_REPOSITORY:
description: Pull request private repository
required: true
GH_TOKEN:
description: Github token to access the repository
required: true
PR_NUMBER:
description: Pull request Id
required: true
BASE_BRANCH:
type: choice
description: Base branch to rebase the PR
required: true
options:
- 'develop'
- '8.1.x'
- '8.0.x'
- '1.7.8.x'
default: 'develop'
DEV_MODE:
type: choice
description: Enable/Disable the developer mode
required: true
options:
- 'true'
- 'false'
default: 'false'
PHP_VERSION:
type: choice
description: PHP version
required: true
options:
- '7.3'
- '7.4'
- '8.0'
- '8.1'
- '8.2'
- '8.3'
default: '8.1'
NODE_VERSION:
type: choice
description: Node version
required: true
options:
- '14.21.3'
- '16.20.1'
default: '14.21.3'
BO_LAYOUT:
type: choice
description: Backoffice layout
required: true
options:
- 'legacy'
- 'symfony'
default: 'legacy'

jobs:
testing-pr:
runs-on: ubuntu-latest
name: Security PR test
strategy:
fail-fast: false
matrix:
TEST_CAMPAIGN:
- 'cldr'
- 'functional:API'
- 'functional:BO:login'
- 'functional:BO:dashboard'
- 'functional:BO:orders:01:0-1'
- 'functional:BO:orders:01-create-orders'
- 'functional:BO:orders:01-view-and-edit-order'
- 'functional:BO:orders:02'
- 'functional:BO:orders:03-05'
- 'functional:BO:catalog:01-02'
- 'functional:BO:catalog:03-04'
- 'functional:BO:catalog:05-06'
- 'functional:BO:catalog:07-08'
- 'functional:BO:customer:01'
- 'functional:BO:customer:02-03'
- 'functional:BO:customer-service'
- 'functional:BO:modules'
- 'functional:BO:design'
- 'functional:BO:shipping'
- 'functional:BO:payment'
- 'functional:BO:international:01'
- 'functional:BO:international:02'
- 'functional:BO:international:03-04'
- 'functional:BO:shop-parameters:01-02'
- 'functional:BO:shop-parameters:03-04'
- 'functional:BO:shop-parameters:05-07'
- 'functional:BO:advanced-parameters:01-06'
- 'functional:BO:advanced-parameters:07-10'
- 'functional:BO:advanced-parameters:11-12'
- 'functional:BO:header'
- 'functional:FO:01-03'
- 'functional:FO:04-07'
- 'functional:FO:08-12'
- 'functional:FO:classic:01-03'
- 'functional:FO:classic:04-07'
- 'functional:FO:classic:08-12'
- 'functional:FO:hummingbird:01-03'
- 'functional:productV2'
- 'functional:WS'
- 'modules'
- 'regression'
- 'sanity'
- 'sanity:productV2'
BASE_BRANCH:
- ${{ github.event.inputs.base_branch }}
exclude:
## 1.7.8.x
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'cldr'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:BO:advanced-parameters:11-12'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:BO:dashboard'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:productV2'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:API'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:FO:classic:01-03'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:FO:classic:04-07'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:FO:classic:08-12'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:FO:hummingbird:01-03'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'functional:WS'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'modules'
- BASE_BRANCH: 1.7.8.x
TEST_CAMPAIGN: 'sanity:productV2'
## 8.0.x
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'cldr'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:BO:advanced-parameters:11-12'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:BO:dashboard'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:productV2'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:API'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:FO:classic:01-03'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:FO:classic:04-07'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:FO:classic:08-12'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:FO:hummingbird:01-03'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'functional:WS'
- BASE_BRANCH: 8.0.x
TEST_CAMPAIGN: 'modules'
## 8.1.x
- BASE_BRANCH: 8.1.x
TEST_CAMPAIGN: 'functional:BO:advanced-parameters:11-12'
- BASE_BRANCH: 8.1.x
TEST_CAMPAIGN: 'functional:FO:01-03'
- BASE_BRANCH: 8.1.x
TEST_CAMPAIGN: 'functional:FO:04-07'
- BASE_BRANCH: 8.1.x
TEST_CAMPAIGN: 'functional:FO:08-12'
## develop
- BASE_BRANCH: develop
TEST_CAMPAIGN: 'functional:FO:01-03'
- BASE_BRANCH: develop
TEST_CAMPAIGN: 'functional:FO:04-07'
- BASE_BRANCH: develop
TEST_CAMPAIGN: 'functional:FO:08-12'
- BASE_BRANCH: develop
TEST_CAMPAIGN: 'functional:productV2'
- BASE_BRANCH: develop
TEST_CAMPAIGN: 'sanity:productV2'

steps:
# Checkout Private repository
- uses: actions/checkout@v3
name: Checkout PrestaShop PR security private repository
with:
fetch-depth: 0
repository: ${{ inputs.GH_REPOSITORY }}
token: ${{ inputs.GH_TOKEN }}
ref: refs/pull/${{ inputs.PR_NUMBER }}/head

- name: Setup Environment
timeout-minutes: 15
uses: ./.github/actions/setup-env
with:
PHP_VERSION: ${{ inputs.PHP_VERSION }}
NODE_VERSION: ${{ inputs.NODE_VERSION }}
ENABLE_SSL: ${{ env.ENABLE_SSL }}
INSTALL_AUTO: ${{ env.INSTALL_AUTO }}
CP_API_CONFIG: ${{ env.CP_API_CONFIG }}
DEV_MODE: ${{ inputs.DEV_MODE }}
BO_LAYOUT: ${{ inputs.BO_LAYOUT }}
env:
ENABLE_SSL: ${{ ((inputs.BASE_BRANCH == '1.7.8.x') || (inputs.BASE_BRANCH == '8.0.x')) && 'false' || 'true' }}
INSTALL_AUTO: ${{ (matrix.TEST_CAMPAIGN == 'sanity') && 'false' || 'true' }}
CP_API_CONFIG: ${{ (matrix.BASE_BRANCH == '8.1.x') && 'true' || 'false' }}

- name: Run Tests
id: runTests
uses: ./.github/actions/ui-test
with:
NODE_VERSION: ${{ inputs.NODE_VERSION }}
TEST_CAMPAIGN: ${{ matrix.TEST_CAMPAIGN }}
INSTALL_BROWSERS: ${{ env.INSTALL_BROWSERS }}
env:
INSTALL_BROWSERS: ${{ (inputs.BASE_BRANCH == '1.7.8.x') && 'false' || 'true' }}

- run: echo "SCREENSHOT_CAMPAIGN=$( echo -e '${{ matrix.TEST_CAMPAIGN }}' | tr ':' '-' )" >> $GITHUB_ENV
if: failure() && steps.runTests.outcome == 'failure'

- uses: actions/upload-artifact@v3
if: failure() && steps.runTests.outcome == 'failure'
with:
name: campaign-${{ env.SCREENSHOT_CAMPAIGN }}
path: |
./tests/UI/screenshots/
./var/logs
19 changes: 11 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,17 @@ After that, it's very simple :

### How to fill the form ?

| Parameter | Description | Default |
|:-----------------:|:-------------------------------------------------------------:|:--------------------------------------------:|
| `Branch` | The branch of `testing_pr` repository | `main` |
| `Pull request Id` | ID of Pull request on `PrestaShop/PrestaShop` repository | No default value, you must fill it to submit |
| `Base Branch` | Target Branch of you pull request (ex: 8.0.x, develop) | `develop` |
| `Rebase or merge` | Git method to use to get the last updates for target branches | `rebase` |
| `PHP version` | PHP version to use to setup PrestaShop environment | `7.4` |
| `Node Version` | Node version to use to setup PrestaShop environment | `14` |
| Parameter | Description | Default |
|:-------------------:|:-------------------------------------------------------------:|:--------------------------------------------:|
| `Branch` | The branch of `testing_pr` repository | `main` |
| `Pull request Id` | ID of Pull request on `PrestaShop/PrestaShop` repository | No default value, you must fill it to submit |
| `Base Branch` | Target Branch of you pull request (ex: 8.0.x, develop) | `develop` |
| `DEV Mode` | Enable/Disable the developer mode | `false` |
| `Rebase or merge` | Git method to use to get the last updates for target branches | `rebase` |
| `PHP version` | PHP version to use to setup PrestaShop environment | `8.1` |
| `Node Version` | Node version to use to setup PrestaShop environment | `14` |
| `Backoffice layout` | `Legacy` or `Symfony` | `Legacy` |


### How to analyze results ?

Expand Down
98 changes: 98 additions & 0 deletions SECURITY_PR.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
# How to test a security pull request

As we know, Security Pull requests are hidden on PrestaShop/PrestaShop repository, So it's hard to launch Automatic tests on it.
For this purpose, we did create a new workflow called [Testing Security PrestaShop pull requests (without cache)](./.github/workflows/pr_security_test_one.yml).

## Pre-requisites

### Create a private repository of `PrestaShop/ga.test.ui.pr`

Before you start testing you need to make sure that **NO ACCESS ARE GRANTED** on where you test, and since you can make a fork of public repository private (Github policy), you need to create a new private one, following these steps :

1. Go to your Profile -> Repositories then click on <kbd style="background-color: green">**New**</kbd>

![img.png](imgs/security_pr1.png)

2. Add a name and Make it **PRIVATE**

![img.png](imgs/security_pr2.png)

3. Then Create The Repository

4. Once created, click on <kbd style="background-color: #373e47">**Import Code**</kbd> below page

![img.png](imgs/security_pr3.png)

5. Add Link to [PrestaShop/ga.test.ui.pr](https://github.com/prestashop/ga.tests.ui.pr) and click on <kbd style="background-color: green">**Begin import**</kbd>

![img.png](imgs/security_pr4.png)

6. Congrats, your Repository is Ready.

![img.png](imgs/security_pr5.png)

### Activate Actions on the new Repository

When a new private Repository is created with Import, Actions are disabled, you should enable it, To do that, you have to :

1. Go To Your Repository -> Setting -> Actions General

2. Check `Allow all actions and reusable workflows`

3. Click on <kbd style="background-color: #373e47">**Save**</kbd>

![img.png](imgs/security_pr6.png)

4. Congrats, Actions are available now

![img.png](imgs/security_pr7.png)

### Create A personal Token

A token will serve to access the private repository of the pull request, you can refer to this [tutorial](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) to do so.
You need to only check this part on the setting

![img.png](imgs/security_pr8.png)

Copy Your token and **Keep it safe**

PS: You can set the expiration date to the minimum (7 days) so it can not be used a lot.

## Start Your Test

Congratulations 🎉, You can now test the security pull request.

## How to use it ?

You can use the private repository you created following these steps :

1. Click on **Actions Tab**

2. On Actions Tab, Click on the **workflow name** on the list `Testing Security PrestaShop pull requests`

3. Once on the workflow, Click on **Run Workflow**

4. Fill the form and submit the workflow

![img.png](imgs/security_pr9.png)


### How to fill the form ?

| Parameter | Description | Default |
|:---------------------------------:|:--------------------------------------------------------------------------:|:--------------------------------------------:|
| `Pull request private repository` | The Name of the fork to use (ex `PrestaShop/PrestaShop-abc-xyz`) | No default value, you must fill it to submit |
| `Github token` | The Token will serve to access the repository (created and copied earlier) | No default value, you must fill it to submit |
| `Pull request Id` | ID of Pull request on `PrestaShop/PrestaShop-abc-xyz` repository | No default value, you must fill it to submit |
| `Base Branch` | Target Branch of you pull request (ex: 8.0.x, develop) | `develop` |
| `DEV Mode` | Enable/Disable the developer mode | `false` |
| `PHP version` | PHP version to use to setup PrestaShop environment | `8.1` |
| `Node Version` | Node version to use to setup PrestaShop environment | `14` |
| `Backoffice layout` | `Legacy` or `Symfony` | `Legacy` |

## Cleaning up behind

After finishing the tests, when you finally validate the pull request(s), you should clean behind by:

- [Deleting the private repository you created](https://docs.github.com/en/repositories/creating-and-managing-repositories/deleting-a-repository)
- [Deleting the access Token you created](https://docs.github.com/en/[email protected]/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#deleting-a-personal-access-token)
Binary file added imgs/security_pr1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr6.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr7.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr8.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added imgs/security_pr9.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 0993471

Please sign in to comment.