Skip to content

Latest commit

 

History

History
97 lines (54 loc) · 4.54 KB

SECURITY_PR.md

File metadata and controls

97 lines (54 loc) · 4.54 KB
Raw

How to test a security pull request

As we know, Security Pull requests are hidden on PrestaShop/PrestaShop repository, So it's hard to launch Automatic tests on it. For this purpose, we did create a new workflow called Testing Security PrestaShop pull requests (without cache).

Pre-requisites

Create a private repository of PrestaShop/ga.test.ui.pr

Before you start testing you need to make sure that NO ACCESS ARE GRANTED on where you test, and since you can make a fork of public repository private (Github policy), you need to create a new private one, following these steps :

  1. Go to your Profile -> Repositories then click on New

img.png

  1. Add a name and Make it PRIVATE

img.png

  1. Then Create The Repository

  2. Once created, click on Import Code below page

img.png

  1. Add Link to PrestaShop/ga.test.ui.pr and click on Begin import

img.png

  1. Congrats, your Repository is Ready.

img.png

Activate Actions on the new Repository

When a new private Repository is created with Import, Actions are disabled, you should enable it, To do that, you have to :

  1. Go To Your Repository -> Setting -> Actions General

  2. Check Allow all actions and reusable workflows

  3. Click on Save

img.png

  1. Congrats, Actions are available now

img.png

Create A personal Token

A token will serve to access the private repository of the pull request, you can refer to this tutorial to do so. You need to only check this part on the setting

img.png

Copy Your token and Keep it safe

PS: You can set the expiration date to the minimum (7 days) so it can not be used a lot.

Start Your Test

Congratulations 🎉, You can now test the security pull request.

How to use it ?

You can use the private repository you created following these steps :

  1. Click on Actions Tab

  2. On Actions Tab, Click on the workflow name on the list Testing Security PrestaShop pull requests

  3. Once on the workflow, Click on Run Workflow

  4. Fill the form and submit the workflow

img.png

How to fill the form ?

Parameter Description Default
Pull request private repository The Name of the fork to use (ex PrestaShop/PrestaShop-abc-xyz) No default value, you must fill it to submit
Github token The Token will serve to access the repository (created and copied earlier) No default value, you must fill it to submit
Pull request Id ID of Pull request on PrestaShop/PrestaShop-abc-xyz repository No default value, you must fill it to submit
Base Branch Target Branch of you pull request (ex: 8.0.x, develop) develop
DEV Mode Enable/Disable the developer mode false
PHP version PHP version to use to setup PrestaShop environment 8.1
Node Version Node version to use to setup PrestaShop environment 14

Cleaning up behind

After finishing the tests, when you finally validate the pull request(s), you should clean behind by: