Skip to content

Deploy and Create Release #39

Deploy and Create Release

Deploy and Create Release #39

Workflow file for this run

name: Deploy and Create Release
# example: gh workflow run release.yml -f tag_name=v1.1.4 -f deploy_to_wordpress=true
on:
workflow_dispatch:
branches:
- main
inputs:
tag_name:
type: string
required: true
deploy_to_wordpress:
type: boolean
description: Deploy to WordPress
default: true
required: true
permissions:
contents: write
env:
# Allow ddev get to use a GitHub token to prevent rate limiting by tests
DDEV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
deploy-create-release:
name: Deploy and create release
runs-on: ubuntu-latest
steps:
- name: Check naming convention
run: |
VERIF=$(echo ${{ github.event.inputs.tag_name }} | grep -E "^v([0-9]{1,}\.)([0-9]{1,}\.)([0-9]{1,})(-(alpha|beta)\.[0-9]{1,})?$")
if [ ! ${VERIF} ]
then
echo "Tag name '${{ github.event.inputs.tag_name }}' does not comply with naming convention vX.Y.Z"
exit 1
fi
- name: Set version number without v
run: |
echo "VERSION_NUMBER=$(echo ${{ github.event.inputs.tag_name }} | sed 's/v//g' )" >> $GITHUB_ENV
- name: Clone sources
uses: actions/checkout@v4
- name: Check version ${{ env.VERSION_NUMBER }} consistency in files
# Check crowdsec.php (2), readme.txt (1), inc/Constants.php (1) and CHANGELOG.md (3)
run: |
CURRENT_DATE=$(date +'%Y-%m-%d')
CHANGELOG_VERSION=$(grep -o -E "## \[(.*)\].* - $CURRENT_DATE" CHANGELOG.md | head -1 | sed 's/ //g')
echo $CURRENT_DATE
echo $CHANGELOG_VERSION
echo "##[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})-$CURRENT_DATE"
if [[ $CHANGELOG_VERSION == "##[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})-$CURRENT_DATE" ]]
then
echo "Version in CHANGELOG.md: OK"
else
echo "Version in CHANGELOG.md: KO"
exit 1
fi
COMPARISON=$(grep -oP "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/compare/\K(.*)$" CHANGELOG.md | head -1)
LAST_TAG=$(curl -Ls -o /dev/null -w %{url_effective} $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/latest | grep -oP "\/tag\/\K(.*)$")
if [[ $COMPARISON == "$LAST_TAG...v${{ env.VERSION_NUMBER }})" ]]
then
echo "VERSION COMPARISON OK"
else
echo "VERSION COMPARISON KO"
echo $COMPARISON
echo "$LAST_TAG...v${{ env.VERSION_NUMBER }})"
exit 1
fi
VERSION=$(grep -E "Version: (.*)" crowdsec.php | sed 's/ //g')
echo $VERSION
echo "*Version:${{ env.VERSION_NUMBER }}"
if [[ $VERSION == "*Version:${{ env.VERSION_NUMBER }}" ]]
then
echo "Version in crowdsec.php: OK"
else
echo "Version in crowdsec.php: KO"
exit 1
fi
CROWDSEC_STABLE=$(grep -E "Stable tag: (.*)" crowdsec.php | sed 's/ //g')
echo $CROWDSEC_STABLE
echo "*Stabletag:${{ env.VERSION_NUMBER }}"
if [[ $CROWDSEC_STABLE == "*Stabletag:${{ env.VERSION_NUMBER }}" ]]
then
echo "Stable tag in crowdsec.php: OK"
else
echo "Stable tag in crowdsec.php: KO"
exit 1
fi
README_STABLE=$(grep -E "Stable tag: (.*)" readme.txt | sed 's/ //g')
echo $README_STABLE
echo "Stabletag:${{ env.VERSION_NUMBER }}"
if [[ $README_STABLE == "Stabletag:${{ env.VERSION_NUMBER }}" ]]
then
echo "Stable tag in readme.txt: OK"
else
echo "Stable tag in readme.txt: KO"
exit 1
fi
CONSTANT_VERSION=$(grep -E "VERSION = 'v(.*)" inc/Constants.php | sed 's/[\x27(),/ ]//g')
echo $CONSTANT_VERSION
echo "publicconstVERSION=v${{ env.VERSION_NUMBER }};"
if [[ $CONSTANT_VERSION == "publicconstVERSION=v${{ env.VERSION_NUMBER }};" ]]
then
echo "Version in inc/Constants.php: OK"
else
echo "Version in inc/Constants.php: KO"
exit 1
fi
- name: Create Tag ${{ github.event.inputs.tag_name }}
uses: actions/github-script@v7
with:
github-token: ${{ github.token }}
script: |
github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: "refs/tags/${{ github.event.inputs.tag_name }}",
sha: context.sha
})
- name: WordPress Plugin Deploy
if: github.event.inputs.deploy_to_wordpress == 'true'
id: deploy
uses: 10up/action-wordpress-plugin-deploy@2.2.0
with:
generate-zip: true
env:
SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
SLUG: crowdsec
VERSION: ${{ env.VERSION_NUMBER }}
- name: Prepare release notes
run: |
VERSION_RELEASE_NOTES=$(awk -v ver="[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})" '/^## / { if (p) { exit }; if ($2 == ver) { p=1; next} } p && NF' CHANGELOG.md | sed ':a;N;$!ba;s/\n---/ /g')
echo "$VERSION_RELEASE_NOTES" >> CHANGELOG.txt
cat CHANGELOG.txt
- name: Create release ${{ env.VERSION_NUMBER }} with Wordpress zip
if: github.event.inputs.deploy_to_wordpress == 'true'
uses: softprops/action-gh-release@v1
with:
files: crowdsec.zip
body_path: CHANGELOG.txt
name: ${{ env.VERSION_NUMBER }}
tag_name: ${{ github.event.inputs.tag_name }}
draft: false
prerelease: false
- name: Create release ${{ env.VERSION_NUMBER }} without Wordpress zip
if: github.event.inputs.deploy_to_wordpress != 'true'
uses: softprops/action-gh-release@v1
with:
body_path: CHANGELOG.txt
name: ${{ env.VERSION_NUMBER }}
tag_name: ${{ github.event.inputs.tag_name }}
draft: false
prerelease: false
end-to-end-release-zip-test:
strategy:
fail-fast: false
matrix:
wp-version: [ "4.9", "5.0", "5.5", "5.9", "6.1", "6.3" ]
php-version: [ "7.2", "7.4", "8.0" ]
exclude:
- { php-version: "7.4", wp-version: "4.9" }
- { php-version: "8.0", wp-version: "4.9" }
- { php-version: "7.4", wp-version: "5.0" }
- { php-version: "8.0", wp-version: "5.0" }
- { php-version: "8.0", wp-version: "5.5" }
name: End-to-end release test suite
runs-on: ubuntu-latest
if: success()
needs: [ deploy-create-release ]
env:
EXTENSION_NAME: "CrowdSec_Bouncer"
EXTENSION_PATH: "wp-content/plugins/crowdsec"
GITHUB_ORIGIN: "crowdsecurity/cs-wordpress-bouncer"
steps:
- name: Install DDEV
# @see https://ddev.readthedocs.io/en/stable/#installationupgrade-script-linux-and-macos-armarm64-and-amd64-architectures
run: |
curl -fsSL https://apt.fury.io/drud/gpg.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/ddev.gpg > /dev/null
echo "deb [signed-by=/etc/apt/trusted.gpg.d/ddev.gpg] https://apt.fury.io/drud/ * *" | sudo tee /etc/apt/sources.list.d/ddev.list
sudo apt-get -q update
sudo apt-get -q -y install libnss3-tools ddev
mkcert -install
ddev config global --instrumentation-opt-in=false --omit-containers=ddev-ssh-agent
- name: Set WP_VERSION_CODE env
# used in some directory path and conventional file naming
# Example : 5.6.5 => wp565
run: |
echo "WP_VERSION_CODE=$(echo wp${{ matrix.wp-version }} | sed 's/\.//g' )" >> $GITHUB_ENV
- name: Create empty WordPress DDEV project (with Apache)
run: ddev config --project-type=wordpress --project-name=${{ env.WP_VERSION_CODE }} --php-version=${{ matrix.php-version }} --webserver-type=apache-fpm
- name: Disable automatic update
run: |
# @see https://wordpress.org/documentation/article/configuring-automatic-background-updates/#constant-to-disable-all-updates
sed -i -e 's/#ddev-generated//g' wp-config-ddev.php
echo "define( 'AUTOMATIC_UPDATER_DISABLED', true );" >> wp-config-ddev.php
- name: Add Redis, Memcached, Crowdsec and Playwright
run: |
ddev get ddev/ddev-redis
ddev get ddev/ddev-memcached
ddev get julienloizelet/ddev-playwright
# override redis.conf
ddev get julienloizelet/ddev-tools
ddev get julienloizelet/ddev-crowdsec-php
- name: Start DDEV
uses: nick-fields/retry@v3
with:
timeout_minutes: 5
max_attempts: 3
shell: bash
command: |
ddev start
- name: Download WordPress
run: ddev wp core download --version=${{ matrix.wp-version }}
- name: Setup WordPress ${{ matrix.wp-version }} with PHP ${{ matrix.php-version }}
run: |
ddev exec wp core install --url='https://${{ env.WP_VERSION_CODE }}.ddev.site' --title='WordPress' --admin_user='admin' --admin_password='admin123' --admin_email='admin@admin.com'
- name: Set LAST_TAG env
run: |
echo "LAST_TAG=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/${{ env.GITHUB_ORIGIN }}/releases/latest | grep -oP "\/tag\/v\K(.*)$")" >> $GITHUB_ENV
- name: Clone files from last release
uses: actions/checkout@v4
with:
path: raw_sources
ref: "v${{ env.LAST_TAG }}"
repository: "${{ env.GITHUB_ORIGIN }}"
- name: Retrieve last stable release zip
run: |
curl -fL https://downloads.wordpress.org/plugin/crowdsec.${{ env.LAST_TAG }}.zip -o crowdsec.$LAST_TAG.zip
unzip crowdsec.${{ env.LAST_TAG }}.zip -d ${{ github.workspace }}/wp-content/plugins
- name: Copy needed tests files
run: |
cp -r raw_sources/tests wp-content/plugins/crowdsec
cp -r raw_sources/.github wp-content/plugins/crowdsec
- name: Prepare for playwright test
run: |
mkdir -p crowdsec/tls
mkdir -p crowdsec/geolocation
cp .ddev/okaeli-add-on/wordpress/custom_files/crowdsec/php/cache-actions-with-wordpress-load.php cache-actions.php
cp -r .ddev/okaeli-add-on/custom_files/crowdsec/cfssl/* crowdsec/tls
ddev maxmind-download DEFAULT GeoLite2-City crowdsec/geolocation
ddev maxmind-download DEFAULT GeoLite2-Country crowdsec/geolocation
cd crowdsec/geolocation
sha256sum -c GeoLite2-Country.tar.gz.sha256.txt
sha256sum -c GeoLite2-City.tar.gz.sha256.txt
tar -xf GeoLite2-Country.tar.gz
tar -xf GeoLite2-City.tar.gz
rm GeoLite2-Country.tar.gz GeoLite2-Country.tar.gz.sha256.txt GeoLite2-City.tar.gz GeoLite2-City.tar.gz.sha256.txt
cd ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev/__scripts__
chmod +x test-init.sh
./test-init.sh
chmod +x run-tests.sh
- name: Some DEBUG information
run: |
ddev --version
ddev exec php -v
ddev exec -s crowdsec crowdsec -version
- name: Run Plugin activation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 1-activate-plugin.js
- name: Configure CrowdSec and Wordpress bouncer plugin
run: |
ddev crowdsec-config
- name: Run Live mode remediation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 2-live-mode-remediations.js
- name: Run more Live mode remediation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 3-live-mode-more.js
- name: Run Live mode cache tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 4-live-mode-cache.js
- name: Prepare cron usage
run: |
sed -i 's/fastcgi_finish_request/\/\/fastcgi_finish_request/g' wp-cron.php
- name: Run Stream mode tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 5-stream-mode.js
- name: Run Redis tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 6-redis.js
- name: Run Memcached tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 7-memcached.js
- name: Run Geolocation tests
uses: ./wp-content/plugins/crowdsec/.github/workflows/end-to-end/run-single-test
with:
test_path: ${{ github.workspace }}/${{ env.EXTENSION_PATH }}/tests/e2e-ddev
file_path: 8-geolocation.js
- name: tmate debugging session
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
github-token: ${{ secrets.GITHUB_TOKEN }}
timeout-minutes: 30
if: failure()