Skip to content
This repository has been archived by the owner on Jan 1, 2024. It is now read-only.

Commit

Permalink
chore: Update main with all recent-ish develop changes. (#1263)
Browse files Browse the repository at this point in the history 
* chore(deps): bump socket.io-parser and socket.io

Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) and [socket.io](https://github.com/socketio/socket.io). These dependencies needed to be updated together.

Updates `socket.io-parser` from 4.2.2 to 4.2.3
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io-parser@4.2.2...4.2.3)

Updates `socket.io` from 4.5.1 to 4.6.1
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io@4.5.1...4.6.1)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-type: indirect
- dependency-name: socket.io
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix: pin composer version till preserve-paths package is updated

Refs: updates

* fix: pin composer version in dockerfile too

Refs: updates

* chore: Update all outdated drupal/* packages.

* chore: Port tests to GHA (#1259)

* chore: Ensure the composer action uses the new *variables* instead of secrets.

* chore: Drop in a modified tests GHA that runs what the old Travis one did. Not much.

Refs: OPS-7509

* chore: Ensure the tests can build the docker image, so they can run phpcs.

Refs: OPS-7509

* chore: Drop travis yaml.

Refs: OPS-7509

* fix: Look for code in the Drupal 7 locations.

* fix: Do what we used to do and cross fingers.

* Update .github/workflows/run-tests.yml

* Delete default.services.yml

* Update .github/workflows/run-tests.yml

* feat: Do not redirect archive.org to RW Response (#1261)

* feat: Ensure user-agents with "archive" skip all redirects to RW Response pages.

Refs: OPS-9290

* chore: Treat the archive.org bot as if it were a human, so a higher permitted rate.

It has its own varnish cache entry, which should help a bit. This will allow faster crawling, so we may get an achived up before 2024.

Refs: OPS-9290

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andy Footner <[email protected]>
Co-authored-by: unocha-jenkins <[email protected]>
  • Loading branch information
@cafuego @dependabot
@lazysoundsystem @unocha-jenkins
4 people authored Jun 15, 2023
1 parent f3b21d5 commit 4fa6dda
Show file tree
Hide file tree
Showing 193 changed files with 2,636 additions and 662 deletions.
7 changes: 3 additions & 4 deletions .github/workflows/composer-update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Run Composer Update

on:
schedule:
- cron: '30 6 * * 4'
- cron: '30 5 * * 4'
workflow_dispatch:

jobs:
Expand All @@ -16,7 +16,6 @@ jobs:
github_access_token: ${{ secrets.PAT }}
patch_branch: 'develop'
patch_packages: 'drupal/*'
patch_maintainers: ${{ secrets.DRUPAL_MAINTAINERS }}
php_version: '7.4'
patch_maintainers: ${{ vars.DRUPAL_MAINTAINERS }}
slack_bot_token: ${{ secrets.SLACK_BOT_TOKEN }}
slack_channel_name: ${{ secrets.SLACK_CHANNEL }}
slack_channel_name: ${{ vars.SLACK_CHANNEL }}
209 changes: 209 additions & 0 deletions .github/workflows/run-tests.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
name: Run tests

on: [pull_request]

jobs:
tests:
runs-on: ubuntu-latest

steps:
- name: Checkout code
id: checkout
uses: actions/checkout@v3

- name: Extract PHP Version
id: php
uses: docker://ghcr.io/un-ocha/actions:extract-php-version-main
with:
docker_file: 'docker/Dockerfile'
docker_image: 'public.ecr.aws/unocha/php-k8s'

- name: Setup PHP with PECL extension
uses: shivammathur/setup-php@v2
with:
php-version: ${{ steps.php.outputs.php_version }}
tools: composer:2.5.5
env:
fail-fast: true

- name: Software versions
id: versions
uses: cafuego/command-output@main
with:
run: |
php --version && composer --version
- name: Composer Validate
id: validate
uses: cafuego/command-output@main
with:
run: |
composer validate
env:
fail-fast: true

- name: Code Lint
id: lint
uses: cafuego/command-output@main
with:
run: |
test ! -d ./html/sites/all/modules/custom || find -L ./html/sites/all/modules/custom -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
test ! -d ./html/sites/all/modules/access || find -L ./html/sites/all/modules/access -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
test ! -d ./html/sites/all/modules/ar || find -L ./html/sites/all/modules/ar -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
test ! -d ./html/sites/all/modules/ev || find -L ./html/sites/all/modules/ev -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
test ! -d ./html/sites/all/modules/hdx || find -L ./html/sites/all/modules/hdx -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
test ! -d ./html/sites/all/modules/hid || find -L ./html/sites/all/modules/hid -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
test ! -d ./html/sites/all/modules/hr || find -L ./html/sites/all/modules/hr -iregex '.*\.\(php\|module\|inc\|install\)$' -print0 | xargs -0 -n 1 -P 4 php -l
env:
fail-fast: true

- name: Configure AWS Credentials
id: aws
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1

- name: Login to Public ECR
id: aws-login
uses: docker/[email protected]
with:
registry: public.ecr.aws
username: ${{ secrets.ECR_AWS_ACCESS_KEY_I }}
password: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
env:
AWS_REGION: us-east-1

- name: Build Image
id: build
uses: cafuego/command-output@main
with:
run: |
make
env:
fail-fast: true

- name: Setup Environment
id: docker
uses: cafuego/command-output@main
with:
run: |
docker-compose -f tests/docker-compose.yml up -d
sleep 10
docker ps -a
docker-compose -f tests/docker-compose.yml exec -w /srv/www -T drupal composer self-update 2.5.5
docker-compose -f tests/docker-compose.yml exec -w /srv/www -T drupal composer install --dev
env:
fail-fast: true

- name: PHPCS
id: phpcs
uses: cafuego/command-output@main
with:
run: |
docker-compose -f tests/docker-compose.yml exec -w /srv/www -T drupal phpcs vendor/drupal/coder/coder_sniffer
docker-compose -f tests/docker-compose.yml exec -u appuser -w /srv/www -T drupal phpcs -np --report=full --standard=phpcs.xml ./html/sites/all/modules/custom ./html/sites/all/modules/access ./html/sites/all/modules/ar ./html/sites/all/modules/ev ./html/sites/all/modules/hdx ./html/sites/all/modules/hid ./html/sites/all/modules/hr
env:
fail-fast: true

- name: Find Comment
uses: peter-evans/find-comment@v2
id: fc
with:
token: ${{ secrets.GITHUB_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Build output

- name: Create or update comment
uses: peter-evans/create-or-update-comment@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
### Test Run Output
#### Software Versions
#### Composer Validate `${{ steps.validate.outcome }}`
#### PHP Lint `${{ steps.lint.outcome }}`
#### Docker Build `${{ steps.build.outcome }}`
#### Environment Setup `${{ steps.docker.outcome }}`
#### PHP Code Sniffer `${{ steps.phpcs.outcome }}`
<details><summary>Software Versions</summary>
<code>${{ steps.versions.outputs.stdout }}</code>
<code>${{ steps.versions.outputs.stderr }}</code>
</details>
<details><summary>Composer Validate</summary>
<code>${{ steps.validate.outputs.stdout }}</code>
<code>${{ steps.validate.outputs.stderr }}</code>
</details>
<details><summary>PHP Lint</summary>
<code>${{ steps.lint.outputs.stdout }}</code>
<code>${{ steps.lint.outputs.stderr }}</code>
</details>
<details><summary>PHPCS</summary>
<code>${{ steps.phpcs.outputs.stdout }}</code>
<code>${{ steps.phpcs.outputs.stderr }}</code>
</details>
*Pusher: @${{ github.actor }}, Action: `${{ github.event_name }}`, Workflow: `${{ github.workflow }}`*
edit-mode: replace

- name: Slack Success Notification
id: slack_success
if: success()
uses: slackapi/[email protected]
with:
channel-id: '${{ vars.SLACK_CHANNEL }}'
payload: |
{
"text": "Tests passed for a pull request on ${{ github.repository }}",
"attachments": [
{
"color": "#00FF00",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Pull request by @${{ github.triggering_actor }} to merge _${{ github.head_ref }}_ into _${{ github.base_ref }}_ on <${{ github.repositoryUrl }}|${{ github.repository }}> passed tests (<${{ github.event.pull_request.html_url }}|Review>)"
}
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

- name: Slack Failure Notification
id: slack_failure
if: failure()
uses: slackapi/[email protected]
with:
channel-id: '${{ vars.SLACK_CHANNEL }}'
payload: |
{
"text": "Tests failed for a pull request on ${{ github.repository }}",
"attachments": [
{
"color": "#FF0000",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Pull request by @${{ github.triggering_actor }} to merge _${{ github.head_ref }}_ into _${{ github.base_ref }}_ on <${{ github.repositoryUrl }}|${{ github.repository }}> failed tests (<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Review>)"
}
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
28 changes: 0 additions & 28 deletions .travis.yml
View file

This file was deleted.

4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ build: clean
--build-arg GITHUB_ACTOR=`whoami` \
--build-arg GITHUB_REPOSITORY=`git config --get remote.origin.url` \
--build-arg GITHUB_SHA=`git rev-parse --short HEAD` \
. --file docker/Dockerfile --tag unocha/hrinfo-site:local \
. --file docker/Dockerfile --tag public.ecr.aws/unocha/hrinfo-site:local \
2>&1 | tee buildlog.txt
@echo "Built a shiny new unocha/hrinfo-site:local for you."
@echo "Built a shiny new public.ecr.aws/unocha/hrinfo-site:local for you."

clean:
rm -rf ./buildlog.txt
Expand Down
22 changes: 15 additions & 7 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ ARG BRANCH_ENVIRONMENT
ENV NODE_ENV=$BRANCH_ENVIRONMENT
COPY . /srv/www
WORKDIR /srv/www
RUN composer self-update && \
RUN composer self-update 2.5.5 && \
composer install --quiet --no-dev --prefer-dist

FROM public.ecr.aws/unocha/php-k8s:7.4-stable
Expand Down Expand Up @@ -35,6 +35,7 @@ COPY --from=builder /srv/www/composer.lock /srv/www/composer.lock
COPY --from=builder /srv/www/composer.patches.json /srv/www/composer.patches.json
COPY --from=builder /srv/www/docker/fastcgi_drupal.conf /etc/nginx/apps/drupal/fastcgi_drupal.conf
COPY --from=builder /srv/www/docker/custom /etc/nginx/custom
COPY --from=builder /srv/www/docker/ratelimit.conf.template /etc/nginx/ratelimit.conf.template

RUN cd /srv/www/html/sites && \
rm -f www.humanitarianresponse.info && \
Expand Down
26 changes: 26 additions & 0 deletions docker/ratelimit.conf.template
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Apply settings from the environment at boot time via envsubst.

## A rate limit request returns status 429.
limit_req_status 429;

## Determine if this is a bot request via the user-agent string.
map $http_user_agent $isbot_ua {
default 0;
~*pingdom 0;
~*archive 0;
~*(bot|crawler|spider) 1;
}

## Set a limit zone based on the bot status.
map $isbot_ua $limit_bot {
0 "";
1 $binary_remote_addr;
}

## Apply the rate limits.
limit_req_zone $limit_bot zone=bots:10m rate=${NGINX_LIMIT_BOTS};
limit_req_zone $binary_remote_addr zone=humans:10m rate=${NGINX_LIMIT_HUMANS};

## Apply the burst limits.
limit_req zone=bots burst=${NGINX_BURST_BOTS} nodelay;
limit_req zone=humans burst=${NGINX_BURST_HUMANS};
5 changes: 5 additions & 0 deletions html/CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
Drupal 7.98, 2023-06-07
-----------------------
- Various security improvements
- Various bug fixes, optimizations and improvements

Drupal 7.97, 2023-04-21
-----------------------
- Fix PHP 5.x regression caused by SA-CORE-2023-005
Expand Down
10 changes: 5 additions & 5 deletions html/cron.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@
include_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

if (!isset($_GET['cron_key']) || variable_get('cron_key', 'drupal') != $_GET['cron_key']) {
watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE);
drupal_access_denied();
}
elseif (variable_get('maintenance_mode', 0)) {
if (variable_get('maintenance_mode', 0)) {
watchdog('cron', 'Cron could not run because the site is in maintenance mode.', array(), WATCHDOG_NOTICE);
drupal_site_offline();
}
elseif (!isset($_GET['cron_key']) || variable_get('cron_key', 'drupal') != $_GET['cron_key']) {
watchdog('cron', 'Cron could not run because an invalid key was used.', array(), WATCHDOG_NOTICE);
drupal_access_denied();
}
else {
Expand Down
Loading

0 comments on commit 4fa6dda

Please sign in to comment.