Skip to content

fix: file upload security issue #74

fix: file upload security issue

fix: file upload security issue #74

Workflow file for this run

name: unit-tests
on:
pull_request:
push:
branches:
- master
jobs:
run-tests:
name: python-${{ matrix.python-version }},django-${{ matrix.django-version }},${{ matrix.shard_name }}
if: (github.repository == 'edx/edx-platform-private') || (github.repository == 'openedx/edx-platform' && (startsWith(github.base_ref, 'open-release') == false))
runs-on: [ edx-platform-runner ]
strategy:
matrix:
python-version:
- "3.8"
django-version:
- "pinned"
#- "4.0"
# When updating the shards, remember to make the same changes in
# .github/workflows/unit-tests-gh-hosted.yml
shard_name:
- "lms-1"
- "lms-2"
- "lms-3"
- "lms-4"
- "lms-5"
- "lms-6"
- "openedx-1"
- "openedx-2"
- "openedx-3"
- "openedx-4"
- "cms-1"
- "cms-2"
- "common-1"
- "common-2"
- "xmodule-1"
# We expect Django 4.0 to fail, so don't stop when it fails.
continue-on-error: ${{ matrix.django-version == '4.0' }}
steps:
- name: sync directory owner
run: sudo chown runner:runner -R .*
- name: checkout repo
uses: actions/checkout@v3
- name: start mongod server for tests
run: |
sudo mkdir -p /data/db
sudo chmod -R a+rw /data/db
mongod &
- name: install requirements
run: |
sudo make test-requirements
if [[ "${{ matrix.django-version }}" != "pinned" ]]; then
sudo pip install "django~=${{ matrix.django-version }}.0"
sudo pip check # fail if this test-reqs/Django combination is broken
fi
- name: list installed package versions
run: |
sudo pip freeze
- name: Setup and run tests
uses: ./.github/actions/unit-tests
- name: Renaming coverage data file
run: |
mv reports/.coverage reports/${{ matrix.shard_name }}.coverage
- name: Upload coverage
uses: actions/upload-artifact@v3
with:
name: coverage
path: reports/${{matrix.shard_name}}.coverage
# This job aggregates test results. It's the required check for branch protection.
# https://github.com/marketplace/actions/alls-green#why
# https://github.com/orgs/community/discussions/33579
success:
name: Tests successful
if: (github.repository == 'edx/edx-platform-private') || (github.repository == 'openedx/edx-platform' && (startsWith(github.base_ref, 'open-release') == false))
needs:
- run-tests
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
# uses: re-actors/[email protected]
uses: re-actors/alls-green@13b4244b312e8a314951e03958a2f91519a6a3c9
with:
jobs: ${{ toJSON(needs) }}
compile-warnings-report:
runs-on: [ edx-platform-runner ]
needs: [ run-tests ]
steps:
- name: sync directory owner
run: sudo chown runner:runner -R .*
- uses: actions/checkout@v3
- name: collect pytest warnings files
uses: actions/download-artifact@v2
with:
name: pytest-warnings-json
path: test_root/log
- name: display structure of downloaded files
run: ls -la test_root/log
- name: compile warnings report
run: |
python openedx/core/process_warnings.py --dir-path test_root/log --html-path reports/pytest_warnings/warning_report_all.html
- name: save warning report
if: success()
uses: actions/upload-artifact@v3
with:
name: pytest-warning-report-html
path: |
reports/pytest_warnings/warning_report_all.html
# Combine and upload coverage reports.
coverage:
needs: run-tests
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [ 3.8 ]
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Setup Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Download all artifacts
uses: actions/download-artifact@v3
with:
name: coverage
path: reports
- name: Install Python dependencies
run: |
pip install -r requirements/edx/coverage.txt
- name: Run coverage
run: |
coverage combine reports/*
coverage report
coverage xml
- uses: codecov/codecov-action@v3