From c2bbf6d45263e281ddd82b7a553876aa3489cfa5 Mon Sep 17 00:00:00 2001 From: balexey88 Date: Fri, 19 Jan 2024 19:03:10 +0200 Subject: [PATCH] Cleanup build files. Add security scan for PHP --- .github/workflows/publish-release.yml | 4 - .github/workflows/security-scan.yml | 25 +++ Gruntfile.js | 237 -------------------------- Makefile | 26 --- build.sh | 234 ------------------------- package.json | 32 ---- 6 files changed, 25 insertions(+), 533 deletions(-) create mode 100644 .github/workflows/security-scan.yml delete mode 100644 Gruntfile.js delete mode 100644 Makefile delete mode 100644 build.sh delete mode 100644 package.json diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 95e93f89f..fee3338f0 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -63,10 +63,6 @@ jobs: # but keep the .git folder, because we need it for the next step - name: Cleanup files run: | - rm -f build.sh || true - rm -f Gruntfile.js || true - rm -f Makefile || true - rm -f package.json || true rm -f composer.lock || true rm -rf vendor/composer/installers || true find ./ -name '.git*' -not -path './.git' -type f -delete || true diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml new file mode 100644 index 000000000..5f54c716f --- /dev/null +++ b/.github/workflows/security-scan.yml @@ -0,0 +1,25 @@ +name: Security Scan +run-name: Security Scan + +on: + push: + pull_request: + workflow_dispatch: + +jobs: + code-scanning: + name: Code Scanning (grype) + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Run Security Check + id: test + uses: anchore/scan-action@v3 + with: + path: . + output-format: table + + diff --git a/Gruntfile.js b/Gruntfile.js deleted file mode 100644 index f86814ee3..000000000 --- a/Gruntfile.js +++ /dev/null @@ -1,237 +0,0 @@ -/** - * Build Plugin - * - * @author Usability Dynamics, Inc. - * @version 2.0.0 - * @param grunt - */ -module.exports = function build( grunt ) { - - // Automatically Load Tasks. - require( 'load-grunt-tasks' )( grunt, { - pattern: 'grunt-*', - config: './package.json', - scope: 'devDependencies' - }); - - grunt.initConfig( { - - package: grunt.file.readJSON( 'composer.json' ), - - markdown: { - all: { - files: [ - { - expand: true, - src: 'readme.md', - dest: 'static/', - ext: '.html' - } - ], - options: { - markdownOptions: { - gfm: true, - codeLines: { - before: '', - after: '' - } - } - } - } - }, - - // Compile LESS - less: { - production: { - options: { - yuicompress: true, - relativeUrls: true - }, - files: {} - }, - development: { - options: { - relativeUrls: true - }, - files: {} - } - }, - - watch: { - options: { - interval: 100, - debounceDelay: 500 - }, - less: { - files: [ - 'static/styles/src/*.*' - ], - tasks: [ 'less' ] - }, - js: { - files: [ - 'static/scripts/src/*.*' - ], - tasks: [ 'uglify' ] - } - }, - - uglify: { - production: { - options: { - mangle: false, - beautify: false - }, - files: [ - { - expand: true, - cwd: 'static/scripts/src', - src: [ '*.js' ], - dest: 'static/scripts' - } - ] - }, - staging: { - options: { - mangle: false, - beautify: true - }, - files: [ - { - expand: true, - cwd: 'static/scripts/src', - src: [ '*.js' ], - dest: 'static/scripts' - } - ] - } - }, - - 'json-minify': { - build: { - files: 'composer.json' - } - }, - - clean: { - update: [ - "composer.lock" - ], - all: [ - "vendor", - "composer.lock" - ] - }, - - shell: { - /** - * Make Production Build and create new tag ( release ) on Github. - */ - release: { - command: function( tag ) { - return [ - 'sh build.sh ' + tag - ].join( ' && ' ); - }, - options: { - encoding: 'utf8', - stderr: true, - stdout: true - } - }, - /** - * Runs PHPUnit test, creates code coverage and sends it to Scrutinizer - */ - coverageScrutinizer: { - command: [ - 'grunt phpunit:circleci --coverage-clover=coverage.clover', - 'wget https://scrutinizer-ci.com/ocular.phar', - 'php ocular.phar code-coverage:upload --format=php-clover coverage.clover' - ].join( ' && ' ), - options: { - encoding: 'utf8', - stderr: true, - stdout: true - } - }, - /** - * Runs PHPUnit test, creates code coverage and sends it to Code Climate - */ - coverageCodeClimate: { - command: [ - 'grunt phpunit:circleci --coverage-clover build/logs/clover.xml', - 'CODECLIMATE_REPO_TOKEN='+ process.env.CODECLIMATE_REPO_TOKEN + ' ./vendor/bin/test-reporter' - ].join( ' && ' ), - options: { - encoding: 'utf8', - stderr: true, - stdout: true - } - }, - /** - * Composer Install - */ - install: { - command: function( env ) { - if( typeof env !== 'undefined' && env == 'dev' ) { - return [ - "COMPOSER_CACHE_DIR=/dev/null composer install" - ].join( ' && ' ); - } else { - return [ - "COMPOSER_CACHE_DIR=/dev/null composer install --no-dev", - "rm -rf ./vendor/composer/installers", - "find ./vendor -name .git -exec rm -rf '{}' \\;", - "find ./vendor -name .svn -exec rm -rf '{}' \\;", - ].join( ' && ' ); - } - }, - options: { - encoding: 'utf8', - stderr: true, - stdout: true - } - } - }, - - // Runs PHPUnit Tests - phpunit: { - classes: {}, - options: { - bin: './vendor/bin/phpunit', - }, - local: { - configuration: './test/php/phpunit.xml' - }, - circleci: { - configuration: './test/php/phpunit-circle.xml' - } - } - - }); - - // Register tasks - grunt.registerTask( 'default', [ 'markdown', 'less' , 'uglify' ] ); - - // Run default Tests - grunt.registerTask( 'localtest', [ 'phpunit:local' ] ); - grunt.registerTask( 'test', [ 'phpunit:circleci' ] ); - - // Run coverage tests - grunt.registerTask( 'testscrutinizer', [ 'shell:coverageScrutinizer' ] ); - grunt.registerTask( 'testcodeclimate', [ 'shell:coverageCodeClimate' ] ); - - // Install Environment - grunt.registerTask( 'install', 'Run all my install tasks.', function( env ) { - if ( env == null ) env = 'no-dev'; - grunt.task.run( 'clean:all' ); - grunt.task.run( 'shell:install:' + env ); - }); - - // Make Production Build and create new tag ( release ) on Github. - grunt.registerTask( 'release', 'Run all my release tasks.', function( tag ) { - if ( tag == null ) grunt.warn( 'Release tag must be specified, like release:1.0.0' ); - grunt.task.run( 'shell:release:' + tag ); - }); - -}; diff --git a/Makefile b/Makefile deleted file mode 100644 index c33519a33..000000000 --- a/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -## Build Plugin -## -## - -NAME = stateless-media - -# Default Install Action -default: - npm install - -# Install project -# - Removes composer.lock, vendor -# - Runs composer install --no-dev -# - Removes extra files. -install: - echo Install $(NAME). - make default - grunt install - -# Creates Release with Build Distribution -# Example: -# make TAG=1.0.0 release -release: - @echo Releasing $(NAME). - make default - sh build.sh $(TAG) \ No newline at end of file diff --git a/build.sh b/build.sh deleted file mode 100644 index 3d9a1e28a..000000000 --- a/build.sh +++ /dev/null @@ -1,234 +0,0 @@ -#!/bin/bash - -############################################################################################ -# -# Automatic Distribution Build and Tag creating on GitHub -# -############################################################################################ -# -# Script by default does the following steps: -# - creates temp directory -# - clones git repository there -# - creates temp branch -# - installs composer and nodes dependencies -# - adds vendor directory ( composer dependencies ) to commit -# - clears out build -# - commits build to temp branch -# - creates new tag -# - removes temp branch -# - removes temp directory -# -############################################################################################ -# -# Options: -# - $1 ( $RELEASE_VERSION ) - Required. Tag version which will be created for current build -# -############################################################################################ -# -# Features: -# - The current script generates new Tag on GitHub for your build (Distributive). -# - circleci compatible. It can use the latest commit log for creating new tag via CircleCI. -# Log message should contain [release:{tag}] shortcode -# -############################################################################################ -# -# Examples: -# -# Run remote sh file: -# curl -s https://url-to-release-sh-file.sh | RELEASE_VERSION=1.2.3 sh -# -# Run local sh file -# sh build.sh 1.2.3 -# -# Run grunt task ( see information about gruntfile.js below ) -# grunt release:1.2.3 -# -############################################################################################ -# -# CircleCi -# The current script can be triggered on CircleCi. -# Add the following settings to your circle.yml file: -# -# deployment: -# production: -# branch: master -# commands: -# - sh build.sh -# -# Notes: -# - Log ( commit ) message should contain [release:{tag}] shortcode for running script. -# - script will be triggered only on successful (green) build for 'master' branch in -# current example. -# - in random cases gist file is not available on curl request, I suggest to -# download script and call it directly. -# -# More details about CircleCi deployment: -# https://circleci.com/docs/configuration#deployment -# -############################################################################################ -# -# Gruntfile.js -# -# module.exports = function release( grunt ) { -# -# grunt.initConfig( { -# -# shell: { -# release: { -# command: function( tag ) { -# return 'sh build.sh ' + tag; -# }, -# options: { -# encoding: 'utf8', -# stderr: true, -# stdout: true -# } -# } -# } -# -# } ); -# -# grunt.registerTask( 'release', 'Run release tasks.', function( tag ) { -# if ( tag == null ) grunt.warn( 'Release tag must be specified, like release:1.0.0' ); -# grunt.task.run( 'shell:release:' + tag ); -# }); -# -# } -# -# -###################################################################################### - -echo " " -echo "Running build script..." -echo "---" - -if [ -z $RELEASE_VERSION ] ; then - - # Try to get Tag version which should be created. - if [ -z $1 ] ; then - echo "Tag version parameter is not passed." - echo "Determine if we have [release:{version}] shortcode to deploy new release" - RELEASE_VERSION="$( git log -1 --pretty=%s | sed -n 's/.*\[release\:\(.*\)\].*/\1/p' )" - else - echo "Tag version parameter is "$1 - RELEASE_VERSION=$1 - fi - -else - - echo "Tag version parameter is "$RELEASE_VERSION - -fi - -echo "---" - -if [ -z $RELEASE_VERSION ] ; then - - echo "No [release:{tag}] shortcode found." - echo "Finish process." - exit 0 - -else - - echo "Determine current branch:" - if [ -z $CIRCLE_BRANCH ]; then - CIRCLE_BRANCH=$(git rev-parse --abbrev-ref HEAD) - fi - echo $CIRCLE_BRANCH - echo "---" - - # Remove temp directory if it already exists to prevent issues before proceed - if [ -d temp-build-$RELEASE_VERSION ]; then - rm -rf temp-build-$RELEASE_VERSION - fi - - echo "Create temp directory" - mkdir temp-build-$RELEASE_VERSION - cd temp-build-$RELEASE_VERSION - - echo "Do production build from scratch to temp directory" - ORIGIN_URL="$( git config --get remote.origin.url )" - git clone $ORIGIN_URL - cd "$( basename `git rev-parse --show-toplevel` )" - # Be sure we are on the same branch - git checkout $CIRCLE_BRANCH - echo "---" - - #echo "Clean up structure ( remove composer relations )" - #rm -rf composer.lock - #rm -rf vendor - - #echo "Running: composer install --no-dev --no-interaction" - #composer install --no-dev --no-interaction --quiet - #echo "---" - - echo "Create local and remote temp branch temp-automatic-branch-"$RELEASE_VERSION - git checkout -b temp-branch-$RELEASE_VERSION - git push origin temp-branch-$RELEASE_VERSION - git branch --set-upstream-to=origin/temp-branch-$RELEASE_VERSION temp-branch-$RELEASE_VERSION - echo "---" - - # It's used only by CircleCi. Should not be called directly. - # - #echo "Set configuration to proceed" - #git config --global push.default simple - #git config --global user.email "$( git log -1 --pretty=%an )" - #git config --global user.name "$( git log -1 --pretty=%ae )" - #echo "---" - - echo "Install Node modules to minify composer.json" - npm install - grunt json-minify - - echo "Be sure we do not add node and other specific files needed only for development" - rm -rf vendor/composer/installers - rm -rf coverage.clover - rm -rf ocular.phar - rm -rf build - rm -rf node_modules - rm -f composer.lock - rm -f .scrutinizer.yml - rm -f circle.yml - rm -f build.sh - rm -f Gruntfile.js - rm -f Makefile - rm -f package.json - rm -rf test - rm -f package-lock.json - rm -f .gitignore - echo "Be sure we do not add .git directories" - find ./vendor -name .git -exec rm -rf '{}' \; - echo "Be sure we do not add .svn directories" - find ./vendor -name .svn -exec rm -rf '{}' \; - echo "Git Add" - git add --all - echo "Be sure we added vendor directory" - git add -f vendor - echo "---" - - echo "Now commit our build to remote branch" - git commit -m "[ci skip] Distributive Auto Build" --quiet - git pull - git push --quiet - echo "---" - - echo "Finally, create tag "$RELEASE_VERSION - git tag -a $RELEASE_VERSION -m "v"$RELEASE_VERSION" - Distributive Auto Build" - git push origin $RELEASE_VERSION - echo "---" - - echo "Remove local and remote temp branches, but switch to previous branch before" - git checkout $CIRCLE_BRANCH - git push origin --delete temp-branch-$RELEASE_VERSION - git branch -D temp-branch-$RELEASE_VERSION - echo "---" - - # Remove temp directory. - echo "Remove temp directory" - cd ../.. - rm -rf temp-build-$RELEASE_VERSION - echo "---" - - echo "Done" - -fi diff --git a/package.json b/package.json deleted file mode 100644 index 2d09051d2..000000000 --- a/package.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "name": "wp-stateless", - "title": "WP-Stateless", - "description": "wpCloud Stateless Media for GCE", - "version": "3.2.3", - "homepage": "https://udx.io", - "author": { - "name": "UDX", - "url": "https://udx.io" - }, - "repository": { - "type": "git", - "url": "https://github.com/wpCloud/wp-stateless" - }, - "engines": { - "node": ">= 0.10.0" - }, - "dependencies": { - "grunt": "^1.6.1", - "load-grunt-tasks": "^5.1.0" - }, - "devDependencies": { - "grunt-contrib-clean": "~2.0.1", - "grunt-markdown": "~0.7.0", - "grunt-contrib-less": "~3.0.0", - "grunt-contrib-uglify": "~5.2.2", - "grunt-contrib-watch": "~1.1.0", - "grunt-phpunit": "~0.3.6", - "grunt-shell": "~4.0.0", - "grunt-json-minify": "~1.1.0" - } -}