From 65402b170f1f9c82fdb02a604e72a6ca3f8328f9 Mon Sep 17 00:00:00 2001 From: Rodrigo Luzuriaga Date: Wed, 14 Aug 2024 21:37:01 -0700 Subject: [PATCH 1/3] Modify workflows to run installation tests. #601 --- .../stable-releases-1_pull-request.yml | 41 ++++-- .../stable-releases-2_test-validity.yml | 121 ++++++++++++++---- .../stable-releases-3_tag-and-release.yml | 39 ++++-- 3 files changed, 153 insertions(+), 48 deletions(-) diff --git a/.github/workflows/stable-releases-1_pull-request.yml b/.github/workflows/stable-releases-1_pull-request.yml index 583bf3670c..148e49777d 100644 --- a/.github/workflows/stable-releases-1_pull-request.yml +++ b/.github/workflows/stable-releases-1_pull-request.yml @@ -3,20 +3,37 @@ name: Stable Release Step 1 - Create PR on: workflow_dispatch: schedule: - - cron: "0 10 15 * *" + - cron: "0 15 16 * *" + jobs: create-release-pull-request: - runs-on: ubuntu-latest if: github.ref == 'refs/heads/stable' + runs-on: ubuntu-22.04 + steps: - - uses: actions/checkout@v4 - with: - ref: dev-branch - - name: create pull request - run: | - echo 'Get version to be released and create PR with that in the name' - system_file="$(git rev-parse --show-toplevel)/packages/web/lib/fog/system.class.php" - tag=$(grep "define('FOG_VERSION'" $system_file | sed "s/.*FOG_VERSION', '\([^']*\)');/\1/") - gh pr create -B stable -H dev-branch --title "Stable Release PR For ${tag} - $(date '+%Y-%m-%d')" --body "Pull Request for creating the latest stable release from staged security fixes, bug fixes, and minor enhancements in dev-branch. Created as needed or monthly on 15th of every month, released once tests are passing" - env: + - uses: actions/checkout@v4 + with: + ref: dev-branch + + - name: Create pull request + run: | + echo 'Get version to be released and create PR with that in the name' + system_file="$(git rev-parse --show-toplevel)/packages/web/lib/fog/system.class.php" + tag=$(grep "define('FOG_VERSION'" $system_file | sed "s/.*FOG_VERSION', '\([^']*\)');/\1/") + gh pr create -B stable -H dev-branch --title "Stable Release PR For ${tag} - $(date '+%Y-%m-%d')" --body "Pull Request for creating the latest stable release from staged security fixes, bug fixes, and minor enhancements in dev-branch. Created as needed or monthly on 15th of every month, released once tests are passing" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + call-test-validation-workflow: + needs: create-release-pull-request + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + with: + ref: dev-branch + + - name: Call test validity workflow + run: gh workflow run stable-releases-2_test-validity.yml + env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/stable-releases-2_test-validity.yml b/.github/workflows/stable-releases-2_test-validity.yml index 633ce3e29c..dbdd157d7c 100644 --- a/.github/workflows/stable-releases-2_test-validity.yml +++ b/.github/workflows/stable-releases-2_test-validity.yml @@ -2,36 +2,111 @@ name: Stable Release Step 2 - Validate PR on: workflow_dispatch: - # pull_request: - # types: - # - open - # branches: - # - dev-branch - # - stable + workflow_call: jobs: - Merge-After-All-Tests-Passed: - runs-on: ubuntu-latest + run-install-tests: + runs-on: ubuntu-22.04 + + steps: + - name: Call main workflow that calls all the distros + run: gh workflow run --repo rluzuriaga/testing-distros execute_test_install_fog.yml + env: + GITHUB_TOKEN: ${{ secrets.INSTALL_VALIDATION_REPO_TOKEN }} + + check-all-tests-completed-successfully: + needs: run-install-tests + runs-on: ubuntu-22.04 + + env: + GITHUB_TOKEN: ${{ secrets.INSTALL_VALIDATION_REPO_TOKEN }} + + steps: + - name: Wait a minute for the runs to start + run: sleep 60 + + - name: Get run IDs + run: | + run_id=$(gh run list --repo rluzuriaga/testing-distros --workflow execute_test_install_fog.yml --json databaseId --limit 1 | jq -r '.[0].databaseId') + echo "RUN_ID=$run_id" >> $GITHUB_ENV + + - name: Check if distro workflow passed or failed + run: | + run_status="" + while [[ $run_status != "success" && $run_status != "failure" ]]; do + sleep 15 + run_status=$(gh run view --repo rluzuriaga/testing-distros ${{ env.RUN_ID }} --exit-status --json conclusion | jq -r '.conclusion') + done + + if [[ $run_status == "failure" ]]; then + exit 1 + fi + + merge-after-all-tests-passed: + needs: check-all-tests-completed-successfully + + runs-on: ubuntu-22.04 if: github.ref == 'refs/heads/stable' + steps: - name: Check out code uses: actions/checkout@v4 + - name: Merge The PR run: | - echo 'Get the tag' - git fetch origin dev-branch - git checkout dev-branch - system_file="$(git rev-parse --show-toplevel)/packages/web/lib/fog/system.class.php" - tag=$(grep "define('FOG_VERSION'" $system_file | sed "s/.*FOG_VERSION', '\([^']*\)');/\1/") - git checkout stable - echo "merge the pull request bringing dev-branch into stable"; - gh pr merge dev-branch --squash --subject "Stable Release - ${tag}"; + echo 'Get the tag' + git fetch origin dev-branch + git checkout dev-branch + system_file="$(git rev-parse --show-toplevel)/packages/web/lib/fog/system.class.php" + tag=$(grep "define('FOG_VERSION'" $system_file | sed "s/.*FOG_VERSION', '\([^']*\)');/\1/") + git checkout stable + echo "merge the pull request bringing dev-branch into stable"; + gh pr merge dev-branch --squash --subject "Stable Release - ${tag}"; env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + close-pr-if-tests-fail: + needs: check-all-tests-completed-successfully + + runs-on: ubuntu-22.04 + if: failure() + + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get PR number + run: | + pr_number=$(gh pr list --repo ${{ github.repository }} --json title,number | jq -r '.[] | select(.title | test("Stable Release PR for*"; "i")) | .number') + echo "PR_NUMBER=$pr_number" >> $GITHUB_ENV -# on a monthly pr created from other workflow -# test validity of install -# down the road-test various functions (deploy, capture, API) -# Fix version if needed -# merge pull request with generic commit -# maybe update version if not handled in hook \ No newline at end of file + - name: Close PR + run: | + closure_message="Closing PR due to failure in tests" + gh pr close --comment "$closure_message" ${{ env.PR_NUMBER }} + + - name: Announce error on Discord + uses: sarisia/actions-status-discord@v1 + with: + webhook: ${{ secrets.DISCORD_WEBHOOK }} + content: "Hey @everyone, validation tests failed. PR closed" + title: Validation tests + status: ${{ needs.check-all-tests-completed-successfully.result }} + color: 0xff0000 + + call-tag-and-release-workflow: + needs: merge-after-all-tests-passed + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + with: + ref: stable + + - name: Run tag and release workflow + run: gh workflow run stable-releases-3_tag-and-release.yml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stable-releases-3_tag-and-release.yml b/.github/workflows/stable-releases-3_tag-and-release.yml index bd875957be..49f47a2bd6 100644 --- a/.github/workflows/stable-releases-3_tag-and-release.yml +++ b/.github/workflows/stable-releases-3_tag-and-release.yml @@ -2,17 +2,17 @@ name: Stable Release Step 3 - Tag and Release on: workflow_dispatch: - # pull_request: - # types: - # - closed + workflow_call: jobs: - Tag-and-release: - runs-on: ubuntu-latest + tag-and-release: + runs-on: ubuntu-22.04 if: github.ref == 'refs/heads/stable' + steps: - name: Check-out code to release uses: actions/checkout@v4 + - name: Tag and release run: | echo 'Find the version to use for the tag, create the release, and sync the dev and stable branches' @@ -26,12 +26,25 @@ jobs: gh pr create -B dev-branch -H stable --title "merge stable - ${tag} into dev" --body "Pull Request for syncing stable release commit back to dev after a release" gh pr merge stable --merge --subject "merge stable - ${tag} into dev"; env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + discord-success: + needs: tag-and-release + runs-on: ubuntu-22.04 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get tag as env + run: | + tag=$(grep "define('FOG_VERSION'" $system_file | sed "s/.*FOG_VERSION', '\([^']*\)');/\1/") + echo "TAG=$tag" >> $GITHUB_ENV -# on merge of monthly release pr -# get/calculate current version -# create tag of current version -# create release of new tag -# generate release notes -# send announcements? \ No newline at end of file + - name: Announce success on Discord + uses: sarisia/actions-status-discord@v1 + with: + webhook: ${{ secrets.DISCORD_WEBHOOK }} + title: "New release" + description: Click [here](https://github.com/fogproject/fogproject/releases/latest) to check the newest release. + color: 0x00ff00 From 3e845276907b458daa5f892f3ae3bd0eda7b7de4 Mon Sep 17 00:00:00 2001 From: Rodrigo Luzuriaga Date: Thu, 15 Aug 2024 07:20:30 -0700 Subject: [PATCH 2/3] Fix workflow call #601 --- .github/workflows/stable-releases-2_test-validity.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/stable-releases-2_test-validity.yml b/.github/workflows/stable-releases-2_test-validity.yml index dbdd157d7c..b07546f654 100644 --- a/.github/workflows/stable-releases-2_test-validity.yml +++ b/.github/workflows/stable-releases-2_test-validity.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Call main workflow that calls all the distros - run: gh workflow run --repo rluzuriaga/testing-distros execute_test_install_fog.yml + run: gh workflow run --repo FOGProject/fogproject-install-validation run_all_distros.yml env: GITHUB_TOKEN: ${{ secrets.INSTALL_VALIDATION_REPO_TOKEN }} @@ -27,7 +27,7 @@ jobs: - name: Get run IDs run: | - run_id=$(gh run list --repo rluzuriaga/testing-distros --workflow execute_test_install_fog.yml --json databaseId --limit 1 | jq -r '.[0].databaseId') + run_id=$(gh run list --repo FOGProject/fogproject-install-validation --workflow run_all_distros.yml --json databaseId --limit 1 | jq -r '.[0].databaseId') echo "RUN_ID=$run_id" >> $GITHUB_ENV - name: Check if distro workflow passed or failed @@ -35,7 +35,7 @@ jobs: run_status="" while [[ $run_status != "success" && $run_status != "failure" ]]; do sleep 15 - run_status=$(gh run view --repo rluzuriaga/testing-distros ${{ env.RUN_ID }} --exit-status --json conclusion | jq -r '.conclusion') + run_status=$(gh run view --repo FOGProject/fogproject-install-validation ${{ env.RUN_ID }} --exit-status --json conclusion | jq -r '.conclusion') done if [[ $run_status == "failure" ]]; then From fe8a36d8e4a5c9581affdf5fbb900f8a79911ad0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 16 Aug 2024 15:19:19 +0000 Subject: [PATCH 3/3] Stable Release - 1.5.10.1584 * Setup/fix authentication issues * Should commonize auth checks * Set static mountd port for NFS * Should fix issue of isloaded * Should push the change derp * Should refine out nfs building * Should ensure ymls are updated appropriately here * Should fix upload png/jpg issue --------- Co-authored-by: JJ Fullmer Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tom Elliott --- lib/common/functions.sh | 23 +++++++++++++++++++ packages/web/lib/fog/fogbase.class.php | 21 +++++++++++++++-- packages/web/lib/fog/system.class.php | 2 +- .../lib/pages/fogconfigurationpage.class.php | 8 +------ packages/web/management/export.php | 8 +------ packages/web/service/getversion.php | 8 +------ packages/web/status/getfiles.php | 8 +------ packages/web/status/kernelvers.php | 8 +------ 8 files changed, 48 insertions(+), 38 deletions(-) diff --git a/lib/common/functions.sh b/lib/common/functions.sh index 563a04e027..cc537a8f9a 100755 --- a/lib/common/functions.sh +++ b/lib/common/functions.sh @@ -1355,6 +1355,29 @@ configureFOGService() { startInitScript } configureNFS() { + dots "Setting up NFS configuration file" + if [[ -f "/etc/nfs.conf" ]]; then + # Fix all set port=20048 back to default values + sed -i '/^port=20048/ {s/^port=20048/# port=0/}' /etc/nfs.conf >>$error_log 2>&1 + fi + # set port in nfs.conf.d directory + if [[ -f "/etc/nfs.conf" && ! -d "/etc/nfs.conf.d/" ]]; then + mkdir /etc/nfs.conf.d + elif [[ -f "/usr/etc/nfs.conf" && ! -d "/usr/etc/nfs.conf.d/" ]]; then + mkdir /usr/etc/nfs.conf.d + fi + if [[ -f "/etc/nfs.conf" && ! -f "/etc/nfs.conf.d/fog-nfs.conf" ]]; then + cat > /etc/nfs.conf.d/fog-nfs.conf < /usr/etc/nfs.conf.d/fog-nfs.conf <key($key); - $result = isset($this->isLoaded[$key]) ? $this->isLoaded[$key] : 0; + $result = isset($this->isLoaded[$key]) ? true : false; $this->isLoaded[$key] = true; - ++$this->isLoaded[$key]; return $result ? $result : false; } @@ -2578,4 +2577,22 @@ public static function is_array_of_assoc_arrays($arr) { } return true; } + /** + * Is Authorized to perform action simplified + * + * @param $return_bool Defaults to false, but can return bool + * + * @return void|bool + */ + public static function is_authorized($return_bool = false) + { $authorized = self::$FOGUser->isValid() || + strtolower(($_SERVER['HTTP_X_REQUESTED_WITH'] ?? '')) == 'xmlhttprequest'; + if ($return_bool) { + return $authorized; + } + if (!$authorized) { + echo _('Unauthorized'); + exit; + } + } } diff --git a/packages/web/lib/fog/system.class.php b/packages/web/lib/fog/system.class.php index 8360f93a22..502ffa251b 100644 --- a/packages/web/lib/fog/system.class.php +++ b/packages/web/lib/fog/system.class.php @@ -53,7 +53,7 @@ private static function _versionCompare() public function __construct() { self::_versionCompare(); - define('FOG_VERSION', '1.5.10.1566'); + define('FOG_VERSION', '1.5.10.1584'); define('FOG_SCHEMA', 271); define('FOG_BCACHE_VER', 141); define('FOG_CLIENT_VERSION', '0.13.0'); diff --git a/packages/web/lib/pages/fogconfigurationpage.class.php b/packages/web/lib/pages/fogconfigurationpage.class.php index cf9bb036c3..5b4647c277 100644 --- a/packages/web/lib/pages/fogconfigurationpage.class.php +++ b/packages/web/lib/pages/fogconfigurationpage.class.php @@ -3061,16 +3061,10 @@ public function settingsPost() 'jpeg', 'png', ]; - $extensionCheck = strtolower(pathinfo($src, PATHINFO_EXTENSION)); - if (!in_array($extensionCheck, $validExtensions)) { - throw new Exception( - _('Upload file extension must be, jpg, jpeg, or png') - ); - } $extensionCheck = strtolower(pathinfo($set, PATHINFO_EXTENSION)); if (!in_array($extensionCheck, $validExtensions)) { throw new Exception( - _('Created file extension must be, jpg, jpeg, or png') + _('Upload file extension must be, jpg, jpeg, or png') ); } if ($width != 650) { diff --git a/packages/web/management/export.php b/packages/web/management/export.php index fbd052fbf8..98c80417a9 100644 --- a/packages/web/management/export.php +++ b/packages/web/management/export.php @@ -20,13 +20,7 @@ * @link https://fogproject.org */ require '../commons/base.inc.php'; -$unauthorized = !(isset($currentUser) && $currentUser->isValid()) || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - -if ($unauthorized) { - echo _('Unauthorized'); - exit; -} +FOGCore::is_authorized(); $report = unserialize($_SESSION['foglastreport']); if (!($report instanceof ReportMaker)) { diff --git a/packages/web/service/getversion.php b/packages/web/service/getversion.php index 321b9f1334..bd436e69e1 100644 --- a/packages/web/service/getversion.php +++ b/packages/web/service/getversion.php @@ -44,13 +44,7 @@ } elseif (isset($_REQUEST['url'])) { // Prevent an unauthenticated user from making arbitrary requests. - $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - - if ($unauthorized) { - echo _('Unauthorized'); - exit; - } + FOGCore::is_authorized(); $url = $_REQUEST['url']; $res = $FOGURLRequests diff --git a/packages/web/status/getfiles.php b/packages/web/status/getfiles.php index 80d4c3a9d2..213dea266f 100644 --- a/packages/web/status/getfiles.php +++ b/packages/web/status/getfiles.php @@ -24,13 +24,7 @@ require '../commons/base.inc.php'; // Prevent file enumeration by an unauthenticated user -$unauthorized = !(isset($currentUser) && $currentUser->isValid()) || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - -if ($unauthorized) { - echo _('Unauthorized'); - exit; -} +FOGCore::is_authorized(); if (!is_string($_GET['path'])) { echo json_encode( diff --git a/packages/web/status/kernelvers.php b/packages/web/status/kernelvers.php index 6ad607f381..3131612585 100644 --- a/packages/web/status/kernelvers.php +++ b/packages/web/status/kernelvers.php @@ -28,13 +28,7 @@ if (isset($_POST['url'])) { // Prevent an unauthenticated user from making arbitrary requests. - $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH']) - || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'; - - if ($unauthorized) { - echo _('Unauthorized'); - exit; - } + FOGCore::is_authorized(); $res = $FOGURLRequests ->process(filter_input(INPUT_POST, 'url'));