[Security] Do not try to clear CSRF on stateless request #34478

Workflow file for this run

.github/workflows/integration-tests.yml at e7323b3

	name: Integration

	on:
	push:
	pull_request:

	defaults:
	run:
	shell: bash

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:

	tests:
	name: Integration
	runs-on: Ubuntu-20.04

	strategy:
	matrix:
	php: ['8.1']
	fail-fast: false

	services:
	postgres:
	image: postgres:10.6-alpine
	ports:
	- 5432:5432
	env:
	POSTGRES_PASSWORD: 'password'
	ldap:
	image: bitnami/openldap
	ports:
	- 3389:3389
	env:
	LDAP_ADMIN_USERNAME: admin
	LDAP_ADMIN_PASSWORD: symfony
	LDAP_ROOT: dc=symfony,dc=com
	LDAP_PORT_NUMBER: 3389
	LDAP_USERS: a
	LDAP_PASSWORDS: a
	redis:
	image: redis:6.2.8
	ports:
	- 16379:6379
	redis-authenticated:
	image: redis:6.2.8
	ports:
	- 16380:6379
	env:
	REDIS_ARGS: "--requirepass p@ssword"
	redis-cluster:
	image: grokzen/redis-cluster:6.2.8
	ports:
	- 7000:7000
	- 7001:7001
	- 7002:7002
	- 7003:7003
	- 7004:7004
	- 7005:7005
	- 7006:7006
	env:
	STANDALONE: 1
	redis-sentinel:
	image: bitnami/redis-sentinel:6.2.8
	ports:
	- 26379:26379
	env:
	REDIS_MASTER_HOST: redis
	REDIS_MASTER_SET: redis_sentinel
	REDIS_SENTINEL_QUORUM: 1
	memcached:
	image: memcached:1.6.5
	ports:
	- 11211:11211
	rabbitmq:
	image: rabbitmq:3.8.3
	ports:
	- 5672:5672
	mongodb:
	image: mongo
	ports:
	- 27017:27017
	couchbase:
	image: couchbase:6.5.1
	ports:
	- 8091:8091
	- 8092:8092
	- 8093:8093
	- 8094:8094
	- 11210:11210
	sqs:
	image: localstack/localstack:3.0.2
	ports:
	- 4566:4566
	zookeeper:
	image: wurstmeister/zookeeper:3.4.6
	kafka:
	image: wurstmeister/kafka:2.12-2.0.1
	ports:
	- 9092:9092
	env:
	KAFKA_AUTO_CREATE_TOPICS_ENABLE: false
	KAFKA_CREATE_TOPICS: 'test-topic:1:1:compact'
	KAFKA_ADVERTISED_HOST_NAME: 127.0.0.1
	KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
	KAFKA_ADVERTISED_PORT: 9092
	frankenphp:
	image: dunglas/frankenphp:1.1.0
	ports:
	- 80:80
	volumes:
	- ${{ github.workspace }}:/symfony
	env:
	SERVER_NAME: 'http://localhost'
	CADDY_SERVER_EXTRA_DIRECTIVES: \|
	root * /symfony/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Install system dependencies
	run: \|
	echo "::group::apt-get update"
	sudo wget -O - https://packages.couchbase.com/clients/c/repos/deb/couchbase.key \| sudo apt-key add -
	echo "deb https://packages.couchbase.com/clients/c/repos/deb/ubuntu2004 focal focal/main" \| sudo tee /etc/apt/sources.list.d/couchbase.list
	sudo apt-get update
	echo "::endgroup::"

	echo "::group::install tools & libraries"
	sudo apt-get install librdkafka-dev redis-server libcouchbase-dev
	sudo -- sh -c 'echo unixsocket /var/run/redis/redis-server.sock >> /etc/redis/redis.conf'
	sudo -- sh -c 'echo unixsocketperm 777 >> /etc/redis/redis.conf'
	sudo service redis-server restart
	echo "::endgroup::"

	- name: Install pgbouncer
	run: \|
	sudo apt-get install -y pgbouncer
	sudo cp src/Symfony/Component/Messenger/Bridge/Doctrine/Tests/Fixtures/pgbouncer/pgbouncer.ini /etc/pgbouncer/pgbouncer.ini
	sudo cp src/Symfony/Component/Messenger/Bridge/Doctrine/Tests/Fixtures/pgbouncer/userlist.txt /etc/pgbouncer/userlist.txt
	sudo service pgbouncer restart
	sudo su - postgres -c "PGPASSWORD=password psql -Atq -h localhost -p 5432 -U postgres -d postgres -c \"SELECT usename, passwd FROM pg_shadow\""

	- name: Configure Couchbase
	run: \|
	curl -s -u 'username=Administrator&password=111111' -X POST http://localhost:8091/node/controller/setupServices -d 'services=kv%2Cn1ql%2Cindex%2Cfts'
	curl -s -X POST http://localhost:8091/settings/web -d 'username=Administrator&password=111111&port=SAME'
	curl -s -u Administrator:111111 -X POST http://localhost:8091/pools/default/buckets -d 'ramQuotaMB=100&bucketType=ephemeral&name=cache'
	curl -s -u Administrator:111111 -X POST http://localhost:8091/pools/default -d 'memoryQuota=256'

	- name: Setup PHP
	uses: shivammathur/setup-php@v2
	with:
	coverage: "none"
	extensions: "json,couchbase-3.2.2,memcached,mongodb-1.12.0,redis,rdkafka,xsl,ldap,relay"
	ini-values: date.timezone=UTC,memory_limit=-1,default_socket_timeout=10,session.gc_probability=0,apc.enable_cli=1,zend.assertions=1
	php-version: "${{ matrix.php }}"
	tools: pecl

	- name: Display versions
	run: \|
	php -r 'foreach (get_loaded_extensions() as $extension) echo $extension . " " . phpversion($extension) . PHP_EOL;'
	php -i

	- name: Load fixtures
	uses: docker://bitnami/openldap
	with:
	entrypoint: /bin/bash
	args: -c "(/opt/bitnami/openldap/bin/ldapwhoami -H ldap://ldap:3389 -D cn=admin,dc=symfony,dc=com -w symfony\|\|sleep 5) && /opt/bitnami/openldap/bin/ldapadd -H ldap://ldap:3389 -D cn=admin,dc=symfony,dc=com -w symfony -f src/Symfony/Component/Ldap/Tests/Fixtures/data/fixtures.ldif && /opt/bitnami/openldap/bin/ldapdelete -H ldap://ldap:3389 -D cn=admin,dc=symfony,dc=com -w symfony cn=a,ou=users,dc=symfony,dc=com"

	- name: Install dependencies
	run: \|
	COMPOSER_HOME="$(composer config home)"
	([ -d "$COMPOSER_HOME" ] \|\| mkdir "$COMPOSER_HOME") && cp .github/composer-config.json "$COMPOSER_HOME/config.json"
	export COMPOSER_ROOT_VERSION=$(grep ' VERSION = ' src/Symfony/Component/HttpKernel/Kernel.php \| grep -P -o '[0-9]+\.[0-9]+').x-dev
	echo COMPOSER_ROOT_VERSION=$COMPOSER_ROOT_VERSION >> $GITHUB_ENV

	echo "::group::composer update"
	composer update --no-progress --ansi
	echo "::endgroup::"

	echo "::group::install phpunit"
	./phpunit install
	echo "::endgroup::"

	- name: Run tests
	run: ./phpunit --group integration -v
	env:
	REDIS_HOST: 'localhost:16379'
	REDIS_AUTHENTICATED_HOST: 'localhost:16380'
	REDIS_CLUSTER_HOSTS: 'localhost:7000 localhost:7001 localhost:7002 localhost:7003 localhost:7004 localhost:7005'
	REDIS_SENTINEL_HOSTS: 'unreachable-host:26379 localhost:26379 localhost:26379'
	REDIS_SENTINEL_SERVICE: redis_sentinel
	MESSENGER_REDIS_DSN: redis://127.0.0.1:7006/messages
	MESSENGER_AMQP_DSN: amqp://localhost/%2f/messages
	MESSENGER_SQS_DSN: "sqs://localhost:4566/messages?sslmode=disable&poll_timeout=0.01"
	MESSENGER_SQS_FIFO_QUEUE_DSN: "sqs://localhost:4566/messages.fifo?sslmode=disable&poll_timeout=0.01"
	KAFKA_BROKER: 127.0.0.1:9092
	POSTGRES_HOST: localhost
	PGBOUNCER_HOST: localhost:6432

	#- name: Run HTTP push tests
	# if: matrix.php == '8.1'
	# run: \|
	# [ -d .phpunit ] && mv .phpunit .phpunit.bak
	# wget -q https://github.com/symfony/binary-utils/releases/download/v0.1/vulcain_0.1.3_Linux_x86_64.tar.gz -O - \| tar xz && mv vulcain /usr/local/bin
	# docker run --rm -e COMPOSER_ROOT_VERSION -v $(pwd):/app -v $(which composer):/usr/local/bin/composer -v $(which vulcain):/usr/local/bin/vulcain -w /app php:8.1-alpine ./phpunit src/Symfony/Component/HttpClient/Tests/CurlHttpClientTest.php --filter testHttp2Push
	# sudo rm -rf .phpunit
	# [ -d .phpunit.bak ] && mv .phpunit.bak .phpunit

	- name: Check for changes in translation files
	id: changed-translation-files
	run: \|
	echo 'changed='$((git diff --quiet HEAD~1 HEAD -- 'src/*/Resources/translations/.xlf' \|\| (echo 'true' && exit 1)) && echo 'false') >> $GITHUB_OUTPUT

	- name: Check Translation Status
	if: steps.changed-translation-files.outputs.changed == 'true'
	run: \|
	php src/Symfony/Component/Translation/Resources/bin/translation-status.php -v
	php .github/sync-translations.php
	git diff --exit-code src/ \|\| (echo '::error::Run "php .github/sync-translations.php" to fix XLIFF files.' && exit 1)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Do not try to clear CSRF on stateless request #34478

Workflow file

[Security] Do not try to clear CSRF on stateless request #34478

Jobs

Run details

Workflow file for this run