Skip to content

Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role #7396

Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role

Issue #3490462: Revoke "Join group" and "request group membership" from Authenticated (outsider) group role #7396

Workflow file for this run

name: Quality checks
on:
pull_request: { }
# Trigger workflow for release branches.
push:
branches:
- main
- "[0-9]+.[0-9]+.x"
# We use the default concurrency grouping of allowing a single workflow per branch/PR/tag to run at the same time.
# In case of PRs we only care about the results for the last workflow run, so we cancel workflows already in progress
# when new code is pushed, in all other cases (branches/tags) we want to have a history for commits so it's easier to
# find breakages when they occur (head_ref is non-empty only when the workflow is triggered from a PR).
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.head_ref != '' }}
jobs:
setup:
name: Project Setup
runs-on: ubuntu-22.04
strategy:
matrix:
php:
- 8.1
steps:
# We want to reuse our project setup to run different jobs at once.
- uses: actions/cache@v4
id: opensocial-project-build
with:
path: ./*
key: ${{ github.sha }}-${{ matrix.php }}
# Set PHP {{ matrix.php }} as default.
# https://github.com/shivammathur/setup-php
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
coverage: none
# We check out the code in a separate folder since we want to use the
# result of the merge rather than the pre-merged code.
# A separate path is used to keep our working directory clean.
- name: Setup a temporary repository
uses: actions/checkout@v4
with:
path: ${{ github.workspace }}/tmp/repository
# Since composer must clone from this we require all the history.
fetch-depth: 0
# Create a branch for the specific commit so that composer can check it
# out.
- name: Checkout out to current commit in temporary repository
run: cd $GITHUB_WORKSPACE/tmp/repository && git checkout -b $GITHUB_SHA
# Prepare our composer.json to do a full project set-up.
- name: Copy tests/composer.json to root of workspace
run: cp $GITHUB_WORKSPACE/tmp/repository/tests/composer.json composer.json
# Set up composer with our desired PHP version.
- name: Setup Composer Config similar to temporary repository
run: composer config repositories.social vcs $GITHUB_WORKSPACE/tmp/repository
# Install the version of Open Social under test.
- name: Composer require Open Social of current branch's latest commit.
run: composer require goalgorilla/open_social:dev-${{ github.sha }}#${{ github.sha }}
- name: Set file permissions
run: mkdir -p $GITHUB_WORKSPACE/sites/default/files && sudo chmod -R 664 $GITHUB_WORKSPACE/sites/default/files
phpstan:
needs: setup
name: PHPStan check
runs-on: ubuntu-22.04
strategy:
matrix:
php:
- 8.1
steps:
- uses: actions/cache/restore@v4
id: opensocial-project-build-load
with:
path: ./*
key: ${{ github.sha }}-${{ matrix.php }}
fail-on-cache-miss: true
# Set PHP {{ matrix.php }} as default.
# https://github.com/shivammathur/setup-php
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
coverage: none
tools: cs2pr
- name: PHPStan Version
run: $GITHUB_WORKSPACE/vendor/bin/phpstan --version
# Run PHPStan
- name: Run PHPStan analysis
run: $GITHUB_WORKSPACE/vendor/bin/phpstan analyse -c $GITHUB_WORKSPACE/html/profiles/contrib/social/phpstan.neon --error-format=checkstyle | cs2pr
phpcs:
needs: setup
name: PHPCS check
runs-on: ubuntu-22.04
steps:
- uses: actions/cache/restore@v4
id: opensocial-project-build-load
with:
path: ./*
key: ${{ github.sha }}-8.1
fail-on-cache-miss: true
# Set PHP {{ matrix.php }} as default.
# https://github.com/shivammathur/setup-php
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.1
coverage: none
tools: cs2pr
# Copy phpcs.xml folder to root.
- name: Copy PHPCS.xml file from temporary repository to root of workspace.
run: cp $GITHUB_WORKSPACE/tmp/repository/phpcs.xml phpcs.xml
- name: Run PHPCS checks
id: phpcs
run: vendor/bin/phpcs --report-full --report-checkstyle=./phpcs-report.xml
# https://github.com/staabm/annotate-pull-request-from-checkstyle#using-php_codesniffer
- name: Show PHPCS results in PR
if: ${{ always() && steps.phpcs.outcome == 'failure' }}
run: cs2pr ./phpcs-report.xml
phpunit:
needs: setup
name: PHPUnit Tests
runs-on: ubuntu-22.04
strategy:
matrix:
php:
- 8.1
steps:
- uses: actions/cache/restore@v4
id: opensocial-project-build-load
with:
path: ./*
key: ${{ github.sha }}-${{ matrix.php }}
fail-on-cache-miss: true
# Set PHP {{ matrix.php }} as default.
# https://github.com/shivammathur/setup-php
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
ini-values: zend.assertions=1
coverage: none
tools: cs2pr
# https://github.com/shivammathur/setup-php#phpunit
- name: Setup problem matchers for PHPUnit
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
# Run PHPUnit testing.
- name: Run PHPUnit test suite
run: $GITHUB_WORKSPACE/vendor/bin/phpunit -c $GITHUB_WORKSPACE/html/profiles/contrib/social/phpunit.xml.dist --log-junit $GITHUB_WORKSPACE/test-reports/phpunit.xml
env:
SIMPLETEST_DB: sqlite://tmp/db.sqlite
spellcheck:
name: Spell Check
runs-on: ubuntu-22.04
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: streetsidesoftware/cspell-action@v6
behat-linting:
name: Behat Linting
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install developer tooling
run: composer install --no-interaction --no-progress --working-dir=tests
- name: Find changed test files
run: |
git fetch origin $BRANCH_NAME
# We change the way we create the TEST_FILES env in the GITHUB_ENV file depending on whether we actually have
# test files that were changed in this PR. This is needed to avoid the TEST_FILES variable from containing a
# single blank line in case no files are changed.
TEST_FILES=`git diff --name-only --diff-filter=d origin/$BRANCH_NAME..HEAD -- 'tests/behat/features/capabilities/*.feature'`
if [ "$TEST_FILES" == '' ]; then
echo 'TEST_FILES=' >> $GITHUB_ENV
else
{
echo 'TEST_FILES<<EOF'
echo "$TEST_FILES"
echo EOF
} >> "$GITHUB_ENV"
fi
env:
BRANCH_NAME: ${{ github.base_ref || github.ref_name }}
- name: Ensure behat folder and filenames are kebab-case
if: ${{ env.TEST_FILES != '' }}
run: |
# We must invert the exit code because we want to have no matches, but grep treats no matches as failure.
! MISNAMED_FILES=`grep -v -E '^([a-z\-]+\/)+[a-z0-9\-]+\.feature$' <<<"$TEST_FILES"`
EXIT_CODE=$?
while read -r file && [ ! -z "$file" ]; do
echo "::error file=$file::File and folder names for Behat tests must be kebab-case and alphanumeric."
done <<< "$MISNAMED_FILES"
exit $EXIT_CODE
- name: Lint modified test files
if: ${{ env.TEST_FILES != '' }}
run: xargs tests/vendor/bin/cucumber-linter <<<"$TEST_FILES"