Python application #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will install Python dependencies, run tests and lint with a single version of Python | |
| # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
| name: Python application | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| wp_version: | |
| description: Version of WordPress | |
| default: "-6.2.2-en_GB" | |
| push: | |
| paths-ignore: | |
| - '**.md' | |
| - '**.png' | |
| - '**.jpg' | |
| - '**.webp' | |
| - '**Vagrantfile' | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| schedule: | |
| - cron: "0 0 * * FRI" | |
| env: | |
| WORDPRESS_VERSION: "-6.0.1-en_GB" | |
| DOCUMENT_ROOT: "/var/www/html" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.8", "3.9", "3.10", "3.11"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set the variables | |
| env: | |
| DEFAULT_WP_VERSION: "-6.2.2-en_GB" | |
| run: | | |
| echo "WORDPRESS_VERSION=${{ github.event.inputs.wp_version || env.DEFAULT_WP_VERSION }}" >> $GITHUB_ENV | |
| - name: Set up ${{ matrix.python-version }} | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install flake8 pytest coverage | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Lint with flake8 | |
| run: | | |
| # stop the build if there are Python syntax errors or undefined names | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Install server packages | |
| run: | | |
| sudo apt-get update | |
| sudo apt list --installed | grep php | |
| # 57MB purge, but necessary to get libapache2-mod-php. Reinstallation | |
| # consumes 30MB if choosing php8.1-fpm, or 24.3MB for php8.1. | |
| sudo apt purge libapache2-mod-php8.1 libapache2-mod-php php8.1-common php-common | |
| sudo apt-get install -y apache2 \ | |
| php \ | |
| libapache2-mod-php \ | |
| php-bcmath \ | |
| php-curl \ | |
| php-intl \ | |
| php-json \ | |
| php-mbstring \ | |
| php-mysql \ | |
| php-xml \ | |
| php-zip | |
| - name: Initialise WordPress and MySQL | |
| run: | | |
| # It's disabled by default, use `start` to use it. | |
| sudo systemctl start mysql.service | |
| sudo mysql -uroot -proot < wpdbsetup.sql | |
| sudo mysql -uroot -proot wordpress < full_db_220727_0953-mariadb.sql | |
| sudo mkdir -p ${{env.DOCUMENT_ROOT}} | |
| sudo chown www-data: ${{env.DOCUMENT_ROOT}} | |
| sudo curl "https://en-gb.wordpress.org/wordpress${{env.WORDPRESS_VERSION}}.tar.gz" | sudo -u www-data tar zx --strip-components=1 -C ${{env.DOCUMENT_ROOT}} | |
| sudo -u www-data cp wp-config.php "${{env.DOCUMENT_ROOT}}/wp-config.php" | |
| sudo -u www-data cp wp.htaccess "${{env.DOCUMENT_ROOT}}/.htaccess" | |
| - name: Setup Apache | |
| run: | | |
| sudo openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 365 -nodes -x509 \ | |
| -subj "/CN=localhost" -addext "subjectAltName = DNS:localhost" \ | |
| -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt | |
| sudo cp ssl-params.conf /etc/apache2/conf-available/ssl-params.conf | |
| sudo cp wordpress.conf /etc/apache2/sites-available/wordpress.conf | |
| sudo a2enmod ssl | |
| sudo a2enmod headers | |
| sudo a2enmod rewrite | |
| sudo a2ensite wordpress | |
| sudo a2enconf ssl-params | |
| sudo a2dissite 000-default | |
| sudo systemctl start apache2 | |
| - name: Setup UFW | |
| run: | | |
| sudo ufw allow OpenSSH | |
| echo ============= | |
| cat /etc/default/ufw | |
| # Default should already be these (cat /etc/default/ufw): | |
| sudo ufw default allow outgoing | |
| sudo ufw default deny incoming | |
| sudo ufw allow 'Apache Full' | |
| sudo ufw delete allow 'Apache' | |
| sudo echo "y" | sudo ufw enable | |
| - name: Check PHP version | |
| run: | | |
| php -v | |
| - name: Test TLS server with in-situ cert | |
| run: | | |
| curl -i --cacert /etc/ssl/certs/apache-selfsigned.crt https://localhost | |
| - name: Test TLS only server without a cert | |
| run: | | |
| curl -i http://localhost | |
| - name: Test TLS only server without a cert, following redirection | |
| run: | | |
| if curl -iL http://localhost; then | |
| exit 1 | |
| fi | |
| - name: Test REST API, ignoring cert | |
| run: | | |
| curl -ki https://localhost/wp-json/wp/v2/users | |
| - name: Test fudged API, ignoring cert | |
| run: | | |
| curl -ki https://localhost/index.php?rest_route=/wp/v2/users | |
| - name: Test hello world post is here | |
| run: | | |
| curl -ki https://localhost/2022/08/hello-world/ | |
| - name: Acquire wp_api | |
| run: | | |
| git clone https://github.com/ployt0/wp_app_api.git | |
| cp -r wp_app_api/wp_api tests/ | |
| - name: Grab the TLS cert from WP | |
| run: | | |
| echo quit | openssl s_client -showcerts -servername "localhost" -connect localhost:443 > tests/self-signed-cacert.crt | |
| - name: Test with pytest for coverage | |
| run: | | |
| cd tests | |
| PYTHONPATH=../ss_img_shrinker coverage run --source="../ss_img_shrinker" -m pytest | |
| - name: Test coverage | |
| run: | | |
| cd tests | |
| PYTHONPATH=../ss_img_shrinker coverage report -m --fail-under=90 | |
| coverage json | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@v3 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |