fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist #12343
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors | |
# SPDX-License-Identifier: MIT | |
name: PHPUnit files_external FTP | |
on: | |
pull_request: | |
schedule: | |
- cron: "5 2 * * *" | |
concurrency: | |
group: files-external-ftp-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
changes: | |
runs-on: ubuntu-latest-low | |
outputs: | |
src: ${{ steps.changes.outputs.src}} | |
steps: | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: changes | |
continue-on-error: true | |
with: | |
filters: | | |
src: | |
- '.github/workflows/**' | |
- '3rdparty/**' | |
- 'apps/files_external/**' | |
- 'vendor/**' | |
- 'vendor-bin/**' | |
- 'composer.json' | |
- 'composer.lock' | |
- '**.php' | |
files-external-ftp: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }} | |
strategy: | |
# do not stop on another job's failure | |
fail-fast: false | |
matrix: | |
php-versions: ['8.1', '8.4'] | |
ftpd: ['proftpd', 'vsftpd', 'pure-ftpd'] | |
include: | |
- php-versions: '8.1' | |
coverage: ${{ github.event_name != 'pull_request' }} | |
name: php${{ matrix.php-versions }}-${{ matrix.ftpd }} | |
steps: | |
- name: Checkout server | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
submodules: true | |
- name: Set up ftpd | |
run: | | |
sudo mkdir /tmp/ftp | |
sudo chmod -R 0777 /tmp/ftp | |
if [[ "${{ matrix.ftpd }}" == 'proftpd' ]]; then echo '$6$Q7V2n3q2GRVv5YeQ$/AhLu07H76Asojy7bxGXMY1caKLAbp5Vt82LOZYMkD/8uDzyMAEXwk0c1Bdz1DkBsk2Vh/9SF130mOPavRGMo.' > /tmp/secret.txt; fi | |
if [[ "${{ matrix.ftpd }}" == 'proftpd' ]]; then echo 'FTP_ROOT=/home/test' > $GITHUB_ENV; fi | |
if [[ "${{ matrix.ftpd }}" == 'proftpd' ]]; then docker run --name ftp -d --net host -e PASV_ADDRESS=127.0.0.1 -e FTPUSER_NAME=test -v /tmp/secret.txt:/run/secrets/ftp-user-password-secret -v /tmp/ftp:/home/test instantlinux/proftpd; fi | |
if [[ "${{ matrix.ftpd }}" == 'vsftpd' ]]; then docker run --name ftp -d --net host -e FTP_USER=test -e FTP_PASS=test -e PASV_ADDRESS=127.0.0.1 -v /tmp/ftp:/home/vsftpd/test fauria/vsftpd; fi | |
if [[ "${{ matrix.ftpd }}" == 'pure-ftpd' ]]; then docker run --name ftp -d --net host -e "PUBLICHOST=localhost" -e FTP_USER_NAME=test -e FTP_USER_PASS=test -e FTP_USER_HOME=/home/test -v /tmp/ftp:/home/test -v /tmp/ftp:/etc/pure-ftpd/passwd stilliard/pure-ftpd; fi | |
- name: Set up php ${{ matrix.php-versions }} | |
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1 | |
with: | |
php-version: ${{ matrix.php-versions }} | |
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation | |
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite | |
coverage: ${{ matrix.coverage && 'xdebug' || 'none' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Nextcloud | |
run: | | |
composer install | |
mkdir data | |
./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password | |
./occ app:enable --force files_external | |
echo "<?php return ['run' => true,'host' => 'localhost','user' => 'test','password' => 'test', 'root' => '${{ env.FTP_ROOT }}'];" > apps/files_external/tests/config.ftp.php | |
- name: smoketest ftp | |
run: | | |
php -r 'var_dump(file_put_contents("ftp://test:test@localhost${{ env.FTP_ROOT }}/ftp.txt", "asd"));' | |
php -r 'var_dump(file_get_contents("ftp://test:test@localhost${{ env.FTP_ROOT }}/ftp.txt"));' | |
php -r 'var_dump(mkdir("ftp://test:test@localhost${{ env.FTP_ROOT }}/asdads"));' | |
ls -l /tmp/ftp | |
[ -f /tmp/ftp/ftp.txt ] | |
- name: PHPUnit | |
run: composer run test:files_external -- \ | |
apps/files_external/tests/Storage/FtpTest.php \ | |
${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }} | |
- name: Upload code coverage | |
if: ${{ !cancelled() && matrix.coverage }} | |
uses: codecov/[email protected] | |
with: | |
files: ./clover.xml | |
flags: phpunit-files-external-ftp | |
- name: ftpd logs | |
if: always() | |
run: | | |
docker logs ftp | |
ftp-summary: | |
runs-on: ubuntu-latest-low | |
needs: [changes, files-external-ftp] | |
if: always() | |
steps: | |
- name: Summary status | |
run: if ${{ needs.changes.outputs.src != 'false' && needs.files-external-ftp.result != 'success' }}; then exit 1; fi |