Test.

civictheme · Dec 13, 2024 · 32ab68c · 32ab68c
1 parent ba582ec
commit 32ab68c
Show file tree

Hide file tree

Showing 2 changed files with 143 additions and 139 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -271,11 +271,11 @@ job-build: &job-build
         no_output_timeout: 30m
     # Optionally run Shipshape audit.
     - when:
-        condition: $SHIPSHAPE_RUN_AUDIT == 1
+        condition: << parameters.shipshape_run_audit >>
         steps:
           - run:
               name: Audit code with shipshape
-              command: docker compose exec -T cli sh -c "/usr/local/bin/shipshape -o junit > /app/.logs/test_results/shipshape-results.xml" || [ "${DREVOPS_CI_SHIPSHAPE_IGNORE_FAILURE:-0}" -eq 1 ]
+              command: docker compose exec -T cli sh -c "/usr/local/bin/shipshape -e -o junit > /app/.logs/test_results/shipshape-results.xml" || [ "${DREVOPS_CI_SHIPSHAPE_IGNORE_FAILURE:-0}" -eq 1 ]
     - run:
         name: Process test logs and artifacts
         command: |
@@ -367,6 +367,10 @@ jobs:
   # GovCMS profile, no sub-theme.
   build-govcms:
     <<: *runner_config
+    parameters:
+      shipshape_run_audit:
+        default: true
+        type: env_var_name
     environment:
       DRUPAL_PROFILE: govcms
       CIVICTHEME_SUBTHEME_ACTIVATION_SKIP: 1

diff --git a/shipshape.yml b/shipshape.yml
@@ -98,143 +98,143 @@ checks:
 #          truthy: true
 #        - key: required_roles.authenticated
 #          value: authenticated
-#    - name: '[FILE] Ensure only admins can register accounts'
-#      file: user.settings.yml
-#      ignore-missing: true
-#      path: config/default
-#      values:
-#        - key: register
-#          value: admin_only
-#    - name: '[FILE] Ensure CSS & JS aggregations are enabled'
-#      file: system.performance.yml
-#      ignore-missing: true
-#      path: config/default
-#      values:
-#        - key: css.preprocess
-#          value: true
-#          truthy: true
-#        - key: js.preprocess
-#          value: true
-#          truthy: true
-#    - name: '[FILE] Ensure no error log displayed'
-#      file: system.logging.yml
-#      ignore-missing: true
-#      path: config/default
-#      values:
-#        - key: error_level
-#          value: hide
-#    - name: '[FILE] Detect module files in theme folder'
-#      pattern: '.*.info.yml'
-#      ignore-missing: true
-#      path: 'themes'
-#      values:
-#        - key: type
-#          value: theme
-#  drush-yaml:
-#    - name: '[DATABASE] Validate active install profile'
-#      command: 'config:get --include-overridden core.extension'
-#      config-name: core.extension
-#      values:
-#        - key: profile
-#          value: govcms
-#    - name: '[DATABASE] Validate active TFA'
-#      severity: high
-#      command: 'config:get --include-overridden tfa.settings'
-#      config-name: tfa.settings
-#      values:
-#        - key: enabled
-#          value: true
-#          truthy: true
-#        - key: required_roles.authenticated
-#          value: authenticated
-#    - name: '[DATABASE] Ensure only admins can register accounts'
-#      command: 'config:get --include-overridden user.settings'
-#      config-name: user.settings
-#      values:
-#        - key: register
-#          value: admin_only
-#    - name: '[DATABASE] Ensure CSS & JS aggregations are enabled'
-#      command: 'config:get --include-overridden system.performance'
-#      config-name: system.performance
-#      values:
-#        - key: css.preprocess
-#          value: true
-#          truthy: true
-#        - key: js.preprocess
-#          value: true
-#          truthy: true
-#    - name: '[DATABASE] Ensure no error log displayed'
-#      command: 'config:get --include-overridden system.logging'
-#      config-name: user.settings
-#      values:
-#        - key: error_level
-#          value: hide
-#  drupal-file-module:
-#    - name: '[FILE] Verify enabled modules'
-#      severity: high
-#      path: config/default
-#      required:
-#        - govcms_security
-#        - httpav
-#        - lagoon_logs
-#        - tfa
-#      disallowed:
-#        - clamav
-#        - dblog
-#        - devel
-#        - module_permissions_ui
-#        - statistics
-#        - update
-#        - redirect_404
-#    - name: '[FILE] Deprecated modules'
-#      path: config/default
-#      required: []
-#      disallowed:
-#        - redirect_404
-#  drupal-db-module:
-#    - name: '[DATABASE] Active modules audit'
-#      severity: high
-#      required:
-#        - govcms_security
-#        - httpav
-#        - lagoon_logs
-#        - tfa
-#      disallowed:
-#        - clamav
-#        - dblog
-#        - devel
-#        - module_permissions_ui
-#        - statistics
-#        - update
-#        - redirect_404
-#    - name: '[DATABASE] Deprecated modules'
-#      required: []
-#      disallowed:
-#        - redirect_404
-#  drupal-db-permissions:
-#    - name: '[DATABASE] Disallowed permissions on active site'
-#      severity: high
-#      disallowed:
-#        - administer config permissions
-#        - administer modules
-#        - administer permissions
-#        - administer seckit
-#        - administer site configuration
-#        - administer software updates
-#        - import configuration
-#        - synchronize configuration
-#        - use PHP for google analytics tracking visibility
-#  drupal-role-permissions:
-#    - name: '[DATABASE] Authenticated role check'
-#      severity: high
-#      rid: 'authenticated'
-#      required-permissions:
-#        - 'setup own tfa'
-#  drupal-admin-user:
-#    - name: '[DATABASE] Active user roles admin check'
-#      severity: high
-#  drupal-user-forbidden:
-#    - name: '[DATABASE] Active User 1 check'
+    - name: '[FILE] Ensure only admins can register accounts'
+      file: user.settings.yml
+      ignore-missing: true
+      path: config/default
+      values:
+        - key: register
+          value: admin_only
+    - name: '[FILE] Ensure CSS & JS aggregations are enabled'
+      file: system.performance.yml
+      ignore-missing: true
+      path: config/default
+      values:
+        - key: css.preprocess
+          value: true
+          truthy: true
+        - key: js.preprocess
+          value: true
+          truthy: true
+    - name: '[FILE] Ensure no error log displayed'
+      file: system.logging.yml
+      ignore-missing: true
+      path: config/default
+      values:
+        - key: error_level
+          value: hide
+    - name: '[FILE] Detect module files in theme folder'
+      pattern: '.*.info.yml'
+      ignore-missing: true
+      path: 'themes'
+      values:
+        - key: type
+          value: theme
+  drush-yaml:
+    - name: '[DATABASE] Validate active install profile'
+      command: 'config:get --include-overridden core.extension'
+      config-name: core.extension
+      values:
+        - key: profile
+          value: govcms
+    - name: '[DATABASE] Validate active TFA'
+      severity: high
+      command: 'config:get --include-overridden tfa.settings'
+      config-name: tfa.settings
+      values:
+        - key: enabled
+          value: true
+          truthy: true
+        - key: required_roles.authenticated
+          value: authenticated
+    - name: '[DATABASE] Ensure only admins can register accounts'
+      command: 'config:get --include-overridden user.settings'
+      config-name: user.settings
+      values:
+        - key: register
+          value: admin_only
+    - name: '[DATABASE] Ensure CSS & JS aggregations are enabled'
+      command: 'config:get --include-overridden system.performance'
+      config-name: system.performance
+      values:
+        - key: css.preprocess
+          value: true
+          truthy: true
+        - key: js.preprocess
+          value: true
+          truthy: true
+    - name: '[DATABASE] Ensure no error log displayed'
+      command: 'config:get --include-overridden system.logging'
+      config-name: user.settings
+      values:
+        - key: error_level
+          value: hide
+  drupal-file-module:
+    - name: '[FILE] Verify enabled modules'
+      severity: high
+      path: config/default
+      required:
+        - govcms_security
+        - httpav
+        - lagoon_logs
+        - tfa
+      disallowed:
+        - clamav
+        - dblog
+        - devel
+        - module_permissions_ui
+        - statistics
+        - update
+        - redirect_404
+    - name: '[FILE] Deprecated modules'
+      path: config/default
+      required: []
+      disallowed:
+        - redirect_404
+  drupal-db-module:
+    - name: '[DATABASE] Active modules audit'
+      severity: high
+      required:
+        - govcms_security
+        - httpav
+        - lagoon_logs
+        - tfa
+      disallowed:
+        - clamav
+        - dblog
+        - devel
+        - module_permissions_ui
+        - statistics
+        - update
+        - redirect_404
+    - name: '[DATABASE] Deprecated modules'
+      required: []
+      disallowed:
+        - redirect_404
+  drupal-db-permissions:
+    - name: '[DATABASE] Disallowed permissions on active site'
+      severity: high
+      disallowed:
+        - administer config permissions
+        - administer modules
+        - administer permissions
+        - administer seckit
+        - administer site configuration
+        - administer software updates
+        - import configuration
+        - synchronize configuration
+        - use PHP for google analytics tracking visibility
+  drupal-role-permissions:
+    - name: '[DATABASE] Authenticated role check'
+      severity: high
+      rid: 'authenticated'
+      required-permissions:
+        - 'setup own tfa'
+  drupal-admin-user:
+    - name: '[DATABASE] Active user roles admin check'
+      severity: high
+  drupal-user-forbidden:
+    - name: '[DATABASE] Active User 1 check'
   yamllint:
     - name: '[FILE] Yaml lint platform files'
       severity: high