diff --git a/.circleci/config.yml b/.circleci/config.yml index b8298cd69..28fc9ba8f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -301,41 +301,41 @@ jobs: # Isolated theme build within a vanilla Drupal installation. # This replicates (to a degree) what Drupal CI would do. -# build-isolated-php-82: -# <<: *runner_config -# docker: -# - image: cimg/php:8.2-browsers -# environment: -# DRUPAL_VERSION: 10.3 -# DRUPAL_PROJECT_SHA: 10.x -# <<: *job-build-isolated -# -# build-isolated-php-83: -# <<: *runner_config -# docker: -# - image: cimg/php:8.3-browsers -# environment: -# DRUPAL_VERSION: 10.3 -# DRUPAL_PROJECT_SHA: 10.x -# <<: *job-build-isolated -# -# build-isolated-php-83-legacy: -# <<: *runner_config -# docker: -# - image: cimg/php:8.3-browsers -# environment: -# DRUPAL_VERSION: 10.3 -# DRUPAL_PROJECT_SHA: 10.x -# <<: *job-build-isolated -# -# build-isolated-php-83-next: -# <<: *runner_config -# docker: -# - image: cimg/php:8.3-browsers -# environment: -# DRUPAL_VERSION: 10@beta -# DRUPAL_PROJECT_SHA: 10.x -# <<: *job-build-isolated + build-isolated-php-82: + <<: *runner_config + docker: + - image: cimg/php:8.2-browsers + environment: + DRUPAL_VERSION: 10.3 + DRUPAL_PROJECT_SHA: 10.x + <<: *job-build-isolated + + build-isolated-php-83: + <<: *runner_config + docker: + - image: cimg/php:8.3-browsers + environment: + DRUPAL_VERSION: 10.3 + DRUPAL_PROJECT_SHA: 10.x + <<: *job-build-isolated + + build-isolated-php-83-legacy: + <<: *runner_config + docker: + - image: cimg/php:8.3-browsers + environment: + DRUPAL_VERSION: 10.3 + DRUPAL_PROJECT_SHA: 10.x + <<: *job-build-isolated + + build-isolated-php-83-next: + <<: *runner_config + docker: + - image: cimg/php:8.3-browsers + environment: + DRUPAL_VERSION: 10@beta + DRUPAL_PROJECT_SHA: 10.x + <<: *job-build-isolated # build-isolated-php-84: # <<: *runner_config @@ -547,30 +547,30 @@ workflows: # Commit workflow. Runs for every commit push to the remote repository. commit: jobs: -# - build-isolated-php-82: -# filters: -# branches: -# ignore: /^content\/.*/ -# tags: -# only: /.*/ -# - build-isolated-php-83: -# filters: -# branches: -# ignore: /^content\/.*/ -# tags: -# only: /.*/ -# - build-isolated-php-83-legacy: -# filters: -# branches: -# ignore: /^content\/.*/ -# tags: -# only: /.*/ -# - build-isolated-php-83-next: -# filters: -# branches: -# ignore: /^content\/.*/ -# tags: -# only: /.*/ + - build-isolated-php-82: + filters: + branches: + ignore: /^content\/.*/ + tags: + only: /.*/ + - build-isolated-php-83: + filters: + branches: + ignore: /^content\/.*/ + tags: + only: /.*/ + - build-isolated-php-83-legacy: + filters: + branches: + ignore: /^content\/.*/ + tags: + only: /.*/ + - build-isolated-php-83-next: + filters: + branches: + ignore: /^content\/.*/ + tags: + only: /.*/ # - build-isolated-php-84: # filters: # branches: @@ -584,11 +584,11 @@ workflows: # tags: # only: /.*/ - build-minimal: -# requires: -# - build-isolated-php-82 -# - build-isolated-php-83 -# - build-isolated-php-83-legacy -# - build-isolated-php-83-next + requires: + - build-isolated-php-82 + - build-isolated-php-83 + - build-isolated-php-83-legacy + - build-isolated-php-83-next # - build-isolated-php-84 # - build-isolated-php-84-next filters: @@ -597,11 +597,11 @@ workflows: tags: only: /.*/ - build-minimal-subtheme: -# requires: -# - build-isolated-php-82 -# - build-isolated-php-83 -# - build-isolated-php-83-legacy -# - build-isolated-php-83-next + requires: + - build-isolated-php-82 + - build-isolated-php-83 + - build-isolated-php-83-legacy + - build-isolated-php-83-next # - build-isolated-php-84 # - build-isolated-php-84-next filters: @@ -610,11 +610,11 @@ workflows: tags: only: /.*/ - build-govcms: -# requires: -# - build-isolated-php-82 -# - build-isolated-php-83 -# - build-isolated-php-83-legacy -# - build-isolated-php-83-next + requires: + - build-isolated-php-82 + - build-isolated-php-83 + - build-isolated-php-83-legacy + - build-isolated-php-83-next # - build-isolated-php-84 # - build-isolated-php-84-next filters: @@ -623,11 +623,11 @@ workflows: tags: only: /.*/ - build-govcms-subtheme: -# requires: -# - build-isolated-php-82 -# - build-isolated-php-83 -# - build-isolated-php-83-legacy -# - build-isolated-php-83-next + requires: + - build-isolated-php-82 + - build-isolated-php-83 + - build-isolated-php-83-legacy + - build-isolated-php-83-next # - build-isolated-php-84 # - build-isolated-php-84-next filters: @@ -636,11 +636,11 @@ workflows: tags: only: /.*/ - build-govcms-subtheme-sibling: -# requires: -# - build-isolated-php-82 -# - build-isolated-php-83 -# - build-isolated-php-83-legacy -# - build-isolated-php-83-next + requires: + - build-isolated-php-82 + - build-isolated-php-83 + - build-isolated-php-83-legacy + - build-isolated-php-83-next # - build-isolated-php-84 # - build-isolated-php-84-next filters: @@ -648,43 +648,43 @@ workflows: ignore: /^content\/.*/ tags: only: /.*/ -# -# - build-content-corporate: -# requires: -# - build-minimal -# - build-minimal-subtheme -# - build-govcms -# - build-govcms-subtheme -# - build-govcms-subtheme-sibling -# filters: -# branches: -# only: /^develop$|^release\/.*|^hotfix\/.*/ -# tags: -# only: /.*/ -# - build-content-highereducation: -# requires: -# - build-minimal -# - build-minimal-subtheme -# - build-govcms -# - build-govcms-subtheme -# - build-govcms-subtheme-sibling -# filters: -# branches: -# only: /^develop$|^release\/.*|^hotfix\/.*/ -# tags: -# only: /.*/ -# - build-content-government: -# requires: -# - build-minimal -# - build-minimal-subtheme -# - build-govcms -# - build-govcms-subtheme -# - build-govcms-subtheme-sibling -# filters: -# branches: -# only: /^develop$|^release\/.*|^hotfix\/.*/ -# tags: -# only: /.*/ + + - build-content-corporate: + requires: + - build-minimal + - build-minimal-subtheme + - build-govcms + - build-govcms-subtheme + - build-govcms-subtheme-sibling + filters: + branches: + only: /^develop$|^release\/.*|^hotfix\/.*/ + tags: + only: /.*/ + - build-content-highereducation: + requires: + - build-minimal + - build-minimal-subtheme + - build-govcms + - build-govcms-subtheme + - build-govcms-subtheme-sibling + filters: + branches: + only: /^develop$|^release\/.*|^hotfix\/.*/ + tags: + only: /.*/ + - build-content-government: + requires: + - build-minimal + - build-minimal-subtheme + - build-govcms + - build-govcms-subtheme + - build-govcms-subtheme-sibling + filters: + branches: + only: /^develop$|^release\/.*|^hotfix\/.*/ + tags: + only: /.*/ - deploy: requires: @@ -720,13 +720,13 @@ workflows: tags: ignore: /.*/ -# - mirror-into-content-branches: -# requires: -# - build-content-corporate -# - build-content-highereducation -# - build-content-government -# filters: -# branches: -# only: develop -# tags: -# ignore: /.*/ + - mirror-into-content-branches: + requires: + - build-content-corporate + - build-content-highereducation + - build-content-government + filters: + branches: + only: develop + tags: + ignore: /.*/ diff --git a/.env b/.env index 082736bab..273605841 100644 --- a/.env +++ b/.env @@ -40,7 +40,7 @@ DREVOPS_TZ="Australia/Melbourne" ################################################################################ # Drupal profile name (used only when installing from profile). -#DRUPAL_PROFILE=minimal +DRUPAL_PROFILE=minimal # Drupal theme name. DRUPAL_THEME=civictheme diff --git a/phpstan-govcms.neon b/phpstan-govcms.neon index f178c7e24..9d70a8db6 100644 --- a/phpstan-govcms.neon +++ b/phpstan-govcms.neon @@ -91,3 +91,9 @@ parameters: message: 'please change the code' - method: 'SQLite3Result::*()' message: 'please change the code' + disallowedStaticCalls: + - method: 'Drupal::httpClient()' + message: 'please change the code' + disallowedNamespaces: + - class: 'GuzzleHttp\Client' + message: 'please change the code' diff --git a/shipshape.yml b/shipshape.yml index 7dc65393f..e6692969c 100644 --- a/shipshape.yml +++ b/shipshape.yml @@ -4,6 +4,17 @@ checks: severity: high path: web/themes/contrib/civictheme disallowed-pattern: '^(adminer|phpmyadmin|bigdump)?\.php$' +# - name: '[FILE] Executable files' +# severity: normal +# path: ./ +# disallowed-pattern: '.*\.(bin|deb|dmg|elf|exe|msi|sh)+$' +# exclude-pattern: '^(vendor|web/core|web/modules/contrib)+.*' +# - name: '[FILE] Sensitive public files' +# path: web/sites/default/files +# disallowed-pattern: '.*\.(sql|php|sh|py|bz2|gz|tar|tgz|zip)+$' +# exclude-pattern: '.*\.(css|js)\.gz?$' +# skip-dir: +# - private - name: '[FILE] Executable files' severity: normal path: web/themes/contrib/civictheme @@ -169,23 +180,23 @@ checks: values: - key: error_level value: hide - drupal-file-module: - - name: '[FILE] Verify enabled modules' - severity: high - path: config/default - required: - - govcms_security - - httpav - - lagoon_logs - - tfa - disallowed: - - clamav - - dblog - - devel - - module_permissions_ui - - statistics - - update - - redirect_404 +# drupal-file-module: +# - name: '[FILE] Verify enabled modules' +# severity: high +# path: config/default +# required: +# - govcms_security +# - httpav +# - lagoon_logs +# - tfa +# disallowed: +# - clamav +# - dblog +# - devel +# - module_permissions_ui +# - statistics +# - update +# - redirect_404 - name: '[FILE] Deprecated modules' path: config/default required: []