WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
01/22/2025 03:13:21 PM (14 months ago)
Author:
johnbillion
Message:

Build/Test Tools: Improve the security and correctness of the GitHub Actions workflows files.

This includes removing use of dangerous inline GitHub Actions expressions, preventing word splitting, further tightening permissions, and generally improving many aspects of the workflows.

This also introduces a new workflow that runs Actionlint to detect incorrect and insecure code and configuration in workflow files.

Props johnbillion, swissspidy, flixos90, desrosj.

See #62221

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/docker-compose.yml

    r59668 r59679  
    3939
    4040    environment:
    41       - LOCAL_PHP_XDEBUG=${LOCAL_PHP_XDEBUG-false}
    42       - XDEBUG_MODE=${LOCAL_PHP_XDEBUG_MODE-develop,debug}
    43       - LOCAL_PHP_MEMCACHED=${LOCAL_PHP_MEMCACHED-false}
    44       - PHP_FPM_UID=${PHP_FPM_UID-1000}
    45       - PHP_FPM_GID=${PHP_FPM_GID-1000}
    46       - GITHUB_REF=${GITHUB_REF-false}
    47       - GITHUB_EVENT_NAME=${GITHUB_EVENT_NAME-false}
    48       - HOST_PATH=${PWD-}/${LOCAL_DIR-src}
     41      LOCAL_PHP_XDEBUG: ${LOCAL_PHP_XDEBUG-false}
     42      XDEBUG_MODE: ${LOCAL_PHP_XDEBUG_MODE-develop,debug}
     43      LOCAL_PHP_MEMCACHED: ${LOCAL_PHP_MEMCACHED-false}
     44      PHP_FPM_UID: ${PHP_FPM_UID-1000}
     45      PHP_FPM_GID: ${PHP_FPM_GID-1000}
     46      GITHUB_REF: ${GITHUB_REF-false}
     47      GITHUB_EVENT_NAME: ${GITHUB_EVENT_NAME-false}
     48      HOST_PATH: ${PWD-}/${LOCAL_DIR-src}
    4949
    5050    volumes:
     
    8484
    8585    healthcheck:
    86       test: [ "CMD-SHELL", "if [ \"$LOCAL_DB_TYPE\" = \"mariadb\" ]; then case \"$LOCAL_DB_VERSION\" in 5.5|10.0|10.1|10.2|10.3) mysqladmin ping -h localhost || exit $$?;; *) mariadb-admin ping -h localhost || exit $$?;; esac; else mysqladmin ping -h localhost || exit $$?; fi" ]
     86      test: [
     87        'CMD-SHELL',
     88        'if [ "$LOCAL_DB_TYPE" = "mariadb" ]; then case "$LOCAL_DB_VERSION" in 5.5|10.0|10.1|10.2|10.3) mysqladmin ping -h localhost || exit $$?;; *) mariadb-admin ping -h localhost || exit $$?;; esac; else mysqladmin ping -h localhost || exit $$?; fi'
     89      ]
    8790      timeout: 5s
    8891      interval: 5s
     
    99102
    100103    environment:
    101       - LOCAL_PHP_XDEBUG=${LOCAL_PHP_XDEBUG-false}
    102       - LOCAL_PHP_MEMCACHED=${LOCAL_PHP_MEMCACHED-false}
    103       - PHP_FPM_UID=${PHP_FPM_UID-1000}
    104       - PHP_FPM_GID=${PHP_FPM_GID-1000}
    105       - HOST_PATH=${PWD-}/${LOCAL_DIR-src}
     104      LOCAL_PHP_XDEBUG: ${LOCAL_PHP_XDEBUG-false}
     105      LOCAL_PHP_MEMCACHED: ${LOCAL_PHP_MEMCACHED-false}
     106      PHP_FPM_UID: ${PHP_FPM_UID-1000}
     107      PHP_FPM_GID: ${PHP_FPM_GID-1000}
     108      HOST_PATH: ${PWD-}/${LOCAL_DIR-src}
    106109
    107110    volumes:
Note: See TracChangeset for help on using the changeset viewer.