Skip to content

BUGFIX: Sanitize uploaded svg files from suspicious content #2732

BUGFIX: Sanitize uploaded svg files from suspicious content

BUGFIX: Sanitize uploaded svg files from suspicious content #2732

Workflow file for this run

name: build
on:
push:
branches: [ master, '[0-9]+.[0-9]' ]
pull_request:
branches: [ master, '[0-9]+.[0-9]' ]
jobs:
build:
if: "!contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip travis]')"
name: "PHP ${{ matrix.php-versions }} Test ${{ matrix.static-analysis != 'no' && matrix.static-analysis || '' }} (deps: ${{ matrix.dependencies }})"
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
matrix:
php-versions: ['7.3', '7.4', '8.0', '8.1', '8.2']
dependencies: ['highest']
composer-arguments: [''] # to run --ignore-platform-reqs in experimental builds
static-analysis: ['no']
experimental: [false]
include:
- php-versions: '7.3'
static-analysis: 'psalm'
experimental: true
dependencies: 'highest'
# Experimental build for PHP nightly
#- php-versions: 'nightly'
# composer-arguments: '--ignore-platform-reqs'
# static-analysis: 'no'
# experimental: true
# dependencies: 'highest'
# Build for minimum dependencies.
- php-versions: '7.3'
static-analysis: 'no'
experimental: false
dependencies: 'lowest'
runs-on: ubuntu-latest
services:
mariadb:
image: mariadb:10.2
env:
MYSQL_USER: neos
MYSQL_PASSWORD: neos
MYSQL_DATABASE: flow_functional_testing
MYSQL_ROOT_PASSWORD: neos
ports:
- "3306:3306"
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
postgres:
image: postgres:9.5-alpine
env:
POSTGRES_USER: neos
POSTGRES_PASSWORD: neos
POSTGRES_DB: flow_functional_testing
ports:
- "5432:5432"
options: --health-cmd=pg_isready --health-interval=10s --health-timeout=5s --health-retries=3
redis:
image: redis:alpine
ports:
- "6379:6379"
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
memcached:
image: memcached:alpine
ports:
- "11211:11211"
# options: --health-cmd "timeout 5 bash -c 'cat < /dev/null > /dev/udp/127.0.0.1/11211'" --health-interval 10s --health-timeout 5s --health-retries 5
env:
FLOW_CONTEXT: Testing
FLOW_DIST_FOLDER: flow-development-distribution
FLOW_FOLDER: flow-development-collection
defaults:
run:
working-directory: ${{ env.FLOW_DIST_FOLDER }}
steps:
- name: Set Flow target branch name
run: echo "FLOW_TARGET_VERSION=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
working-directory: .
- name: Checkout
uses: actions/checkout@v2
with:
path: ${{ env.FLOW_FOLDER }}
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-versions }}
extensions: mbstring, xml, json, zlib, iconv, intl, pdo_sqlite, mysql, pgsql, redis, memcached, memcache, apcu
coverage: xdebug #optional
ini-values: date.timezone="Africa/Tunis", opcache.fast_shutdown=0, apc.enable_cli=on
- name: Checkout development distribution
uses: actions/checkout@v2
with:
repository: neos/flow-development-distribution
ref: ${{ env.FLOW_TARGET_VERSION }}
path: ${{ env.FLOW_DIST_FOLDER }}
- name: Set alias branch name
run: if [ "${FLOW_TARGET_VERSION}" == "master" ]; then echo "FLOW_BRANCH_ALIAS=dev-master"; else echo "FLOW_BRANCH_ALIAS=${FLOW_TARGET_VERSION}.x-dev"; fi >> $GITHUB_ENV
- name: Update composer.json
run: |
git -C ../${{ env.FLOW_FOLDER }} checkout -b build
composer config repositories.flow '{ "type": "path", "url": "../${{ env.FLOW_FOLDER }}", "options": { "symlink": false } }'
composer require --no-update neos/flow-development-collection:"dev-build as ${{ env.FLOW_BRANCH_ALIAS }}"
- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v2
with:
path: |
~/.cache/composer
${{ env.FLOW_DIST_FOLDER }}/Packages
key: php-${{ matrix.php-versions }}-${{ matrix.dependencies }}${{ hashFiles('**/composer.json') }}
restore-keys: php-${{ matrix.php-versions }}-${{ matrix.dependencies }}
- name: Install dependencies
run: |
composer ${{ matrix.dependencies == 'locked' && 'install' || 'update' }} --no-progress --no-interaction ${{ matrix.dependencies == 'lowest' && '--prefer-lowest' || '' }} ${{ matrix.composer-arguments }}
- name: Set Flow Context
run: echo "FLOW_CONTEXT=${{ env.FLOW_CONTEXT }}" >> $GITHUB_ENV
- name: Setup Flow configuration
run: |
rm -f Configuration/Routes.yaml
rm -f Configuration/Testing/Settings.yaml
cat <<EOF >> Configuration/Testing/Settings.yaml
Neos:
Flow:
persistence:
backendOptions:
host: '127.0.0.1'
driver: pdo_mysql
user: 'neos'
password: 'neos'
dbname: 'flow_functional_testing'
mvc:
routes:
'Neos.Flow': TRUE
EOF
echo "Running in context '$FLOW_CONTEXT'"
./flow configuration:show
./flow routing:list
- name: Static analysis
if: matrix.static-analysis == 'psalm'
run: composer test-static
- name: Update psalm baseline
if: ${{ failure() && github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true }}
run: |
composer psalm-baseline-update
cd ./Packages/Framework
git add psalm-baseline.xml
git -c user.name='gh-action' -c user.email='[email protected]' commit -m "TASK: Update psalm-baseline"
git push -f origin HEAD:${FLOW_TARGET_VERSION}
- name: Run unit tests
if: matrix.static-analysis == 'no'
run: composer test-unit -- --verbose
- name: Run functional tests
if: matrix.static-analysis == 'no'
run: composer test-func -- --verbose
- name: Run behat tests
if: ${{ matrix.static-analysis == 'no' && matrix.dependencies != 'lowest' }}
#if: env.BEHAT == true
run: |
FLOW_CONTEXT=Testing/Behat ./flow behat:setup && ./flow doctrine:create && ./flow doctrine:migrationversion --add --version all
bin/behat --stop-on-failure -f progress -c Packages/Framework/Neos.Flow/Tests/Behavior/behat.yml.dist
- name: Setup Flow configuration (PGSQL)
run: |
rm -f Configuration/Testing/Settings.yaml
cat <<EOF >> Configuration/Testing/Settings.yaml
Neos:
Flow:
persistence:
backendOptions:
host: '127.0.0.1'
port: 5432
driver: pdo_pgsql
user: 'neos'
password: 'neos'
dbname: 'flow_functional_testing'
charset: 'utf8'
defaultTableOptions:
charset: 'utf8'
mvc:
routes:
'Neos.Flow': TRUE
EOF
- name: Run unit tests (PGSQL)
if: matrix.static-analysis == 'no'
run: composer test-unit -- --verbose
- name: Run functional tests (PGSQL)
if: matrix.static-analysis == 'no'
run: composer test-func -- --verbose
- name: Run behat tests (PGSQL)
if: ${{ matrix.static-analysis == 'no' && matrix.dependencies != 'lowest' }}
#if: env.BEHAT == true
run: |
FLOW_CONTEXT=Testing/Behat ./flow behat:setup && ./flow doctrine:create && ./flow doctrine:migrationversion --add --version all
bin/behat --stop-on-failure -f progress -c Packages/Framework/Neos.Flow/Tests/Behavior/behat.yml.dist
buildall:
if: "!contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.head_commit.message, '[skip travis]')"
runs-on: ubuntu-latest
name: CI build (matrix)
needs: build
steps:
- name: Check build matrix status
if: ${{ needs.build.result != 'success' }}
run: exit 1