chore(ci): move PHP unit tests to GitHub workflows#118
Conversation
5f6f9f7 to
df7209d
Compare
|
Frustrating - 2 FTP servers were used in the testing on drone. I tried explicitly putting 127.0.0.1 and/or 172.17.0.1 with the same result. This kind of thing worked easily with a test mail server: It was available on the standard email ports, and the tests found and used it. What do I need to do to get an FTP server responding on ports 20/21? |
dj4oC
left a comment
There was a problem hiding this comment.
Adds a new reusable php-unit-ftp.yml GitHub Actions workflow plus two new CI matrix jobs (proftp, vsftp) to replace the old Drone-based PHP unit test run, including FTP test servers.
Findings
Security: No exposed real secrets or credential leakage — the test/test FTP login is a dummy, ephemeral value confined to a throwaway --network host container that only lives for the job's lifetime. permissions: contents: read is preserved, and no existing security-relevant CI gate (code style, semantic-commit check) is touched or weakened by this change.
Stability (blocking): This is very likely the actual root cause of the FTP login failures the author is stuck on. In both the Run proftp service and Run vsftp service steps, the credential/config values are declared only as step-level shell env vars (FTP_USERNAME/FTP_PASSWORD for proftp; FTP_USER/FTP_PASS/PASV_MIN_PORT/PASV_MAX_PORT/PASV_ADDR_RESOLVE/PASV_ADDRESS for vsftp) — but the docker run commands never forward them into the container via -e:
docker run -d --rm --network host \
--name proftp \
driesva/proftpd:1.3.8
Neither driesva/proftpd:1.3.8 nor fauria/vsftpd will boot with a test/test account or the intended passive-port range; they'll fall back to whatever default account/config ships in the image. That matches exactly the Could not login with connection ...username: test error reported in the PR comment — it isn't a port-20/21-exposure problem (host networking already avoids that), it's that the containers were never actually told to create the test user. Suggested fix: add -e FTP_USERNAME="$FTP_USERNAME" -e FTP_PASSWORD="$FTP_PASSWORD" to the proftp docker run, and -e FTP_USER="$FTP_USER" -e FTP_PASS="$FTP_PASS" -e PASV_MIN_PORT="$PASV_MIN_PORT" -e PASV_MAX_PORT="$PASV_MAX_PORT" -e PASV_ADDR_RESOLVE="$PASV_ADDR_RESOLVE" -e PASV_ADDRESS="$PASV_ADDRESS" to the vsftp one (worth double-checking each image's documented env-var names, since proftpd images vary on FTP_USER vs FTP_USERNAME). Secondary/minor: there's no wait or health-check after docker run -d before the server is relied on later in the job — once login works, a short retry/wait loop would guard against races on a cold container start.
Performance: Nothing blocking — the added matrix scope (proftp/vsftp × php × db) mirrors the existing php-unit reusable workflow pattern and isn't excessive.
Test coverage: n/a — CI infra only, no PHP source or assertions changed. Once the containers actually boot with the intended credentials, these jobs will give this app its first GH Actions coverage of the FTP backend (previously only exercised on Drone).
Verdict
Changes requested
🤖 Automated review by Claude Code (security · stability · performance · coverage)
Generated by Claude Code
🤖 Automated review by Claude Code (security · stability · performance · coverage) Generated by Claude Code |
|
The unit tests with with All fail with the same problem, "Operation now in progress". |
Fixed that by specifying the correct host name "localhost" in Added a commit to delete |
|
And thanks to Claude for suggesting how to pass env variables through into the |
No description provided.