Merge pull request #30 from SURFnet/develop

Add develop branc into master
SURFnet · Apr 24, 2024 · 7570741 · 7570741
2 parents 00a91ea + b52907b
commit 7570741
Show file tree

Hide file tree

Showing 40 changed files with 3,575 additions and 2,130 deletions.
diff --git a/.github/workflows/daily-security-check.yml b/.github/workflows/daily-security-check.yml
@@ -0,0 +1,102 @@
+---
+name: Daily security check
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      # PHP checks
+      - name: Check for php composer project
+        id: check_composer
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "composer.lock"
+      - name: Run php local security checker
+        if: steps.check_composer.outputs.files_exists == 'true'
+        run: composer audit
+
+      # node-yarn checks
+      - name: Check for node-yarn project
+        id: check_node_yarn
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "yarn.lock"
+      - name: Setup node
+        if: steps.check_node_yarn.outputs.files_exists == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: Yarn Audit
+        if: steps.check_node_yarn.outputs.files_exists == 'true'
+        run: yarn audit --level high --groups dependencies optionalDependencies
+
+      # node-npm checks
+      - name: Check for node-npm project
+        id: check_node_npm
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "package.lock"
+      - name: Setup node
+        if: steps.check_node_npm.outputs.files_exists == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: npm audit
+        if: steps.check_node_npm.outputs.files_exists == 'true'
+        run: npm audit --audit-level=high
+
+      # python checks
+      - name: Check for python project
+        id: check_python
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "requirements.txt"
+      - name: Safety checks Python dependencies
+        if: steps.check_python.outputs.files_exists == 'true'
+        uses: pyupio/safety@2.3.5
+
+      # java checks
+      - name: Check for java maven project
+        id: check_maven
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "pom.xml"
+      - name: Setup java if needed
+        if: steps.check_maven.outputs.files_exists == 'true'
+        uses: actions/setup-java@v3
+        with:
+          java-version: 11
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Set up maven cache if needed
+        if: steps.check_maven.outputs.files_exists == 'true'
+        uses: actions/cache@v1
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Check java
+        if: steps.check_maven.outputs.files_exists == 'true'
+        run: mvn org.owasp:dependency-check-maven:check
+
+      # Send results
+      - name: Send to Slack if something failed
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: surfconext-nightly-check
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://static.surfconext.nl/logos/idp/surfnet.png
+          SLACK_MESSAGE: 'Dependency check failed :crying_cat_face:'
+          SLACK_TITLE: ${{ github.repository }} wants attention
+          SLACK_USERNAME: NightlySecurityCheck
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml
@@ -0,0 +1,23 @@
+name: Run QA tests (static analysis, lint and unit tests)
+on: [pull_request]
+
+jobs:
+  run-qa-tests:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: /var/www/html/
+    container:
+      image:  ghcr.io/openconext/openconext-basecontainers/php82-apache2-node20-composer2:latest
+      volumes:
+        - .:/var/www/html
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Composer install
+        run: composer install
+
+      - name: Run QA tests
+        run: composer check
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 /vendor/
 /cache.properties
+/ci/qa/.phpcs-cache
diff --git a/.scrutinizer.yml b/.scrutinizer.yml
@@ -1,3 +1,13 @@
+build:
+    image: default-jammy
+    environment:
+        php: 8.2
+        node: v20
+    nodes:
+        analysis:
+            tests:
+                override:
+                    - php-scrutinizer-run
 filter:
     excluded_paths:
         - src/Tests/*

diff --git a/.travis.php.ini b/.travis.php.ini
diff --git a/.travis.yml b/.travis.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,24 @@
 # Changelog
 
+## 4.2.0  
+Drop support for SF 4
+Changed to GHA
+Added extra QA tools
+
+## 4.1.1
+
+Do not pin dependency versions
+
+## 4.1.0
+
+Upgrade yubikey-api-client to use new YK api endpoints
+
 ## 3.0.1
+
 Remove RMT and Ibuildings QA tools from the project.
 
 ## Older versions
+
 Older entries can be found on the projects github page.
 See https://github.com/SURFnet/yubikey-api-client-bundle/releases
 
diff --git a/build-pre-commit.xml b/build-pre-commit.xml