pad.libre-service.eu-etherpad/.travis.yml
webzwo0i ceb09ce99a
security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373)
Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.
2020-10-01 10:39:01 +01:00

118 lines
4.9 KiB
YAML

language: node_js
node_js:
- "lts/*"
services:
- docker
cache: false
before_install:
- sudo add-apt-repository -y ppa:libreoffice/ppa
- sudo apt-get update
- sudo apt-get -y install libreoffice
- sudo apt-get -y install libreoffice-pdfimport
install:
- "bin/installDeps.sh"
- "export GIT_HASH=$(git rev-parse --verify --short HEAD)"
# Installing some plugins
script:
- "tests/frontend/travis/runner.sh"
env:
global:
- secure: "WMGxFkOeTTlhWB+ChMucRtIqVmMbwzYdNHuHQjKCcj8HBEPdZLfCuK/kf4rG\nVLcLQiIsyllqzNhBGVHG1nyqWr0/LTm8JRqSCDDVIhpyzp9KpCJQQJG2Uwjk\n6/HIJJh/wbxsEdLNV2crYU/EiVO3A4Bq0YTHUlbhUqG3mSCr5Ec="
- secure: "gejXUAHYscbR6Bodw35XexpToqWkv2ifeECsbeEmjaLkYzXmUUNWJGknKSu7\nEUsSfQV8w+hxApr1Z+jNqk9aX3K1I4btL3cwk2trnNI8XRAvu1c1Iv60eerI\nkE82Rsd5lwUaMEh+/HoL8ztFCZamVndoNgX7HWp5J/NRZZMmh4g="
jobs:
include:
# we can only frontend tests from the ether/ organization and not from forks.
# To request tests to be run ask a maintainer to fork your repo to ether/
- if: fork = false
name: "Test the Frontend without Plugins"
install:
#FIXME
- "sed 's/\"loglevel\": \"INFO\",/\"loglevel\": \"WARN\",/g' settings.json.template > settings.json"
- "tests/frontend/travis/sauce_tunnel.sh"
- "bin/installDeps.sh"
- "export GIT_HASH=$(git rev-parse --verify --short HEAD)"
script:
- "tests/frontend/travis/runner.sh"
- name: "Run the Backend tests without Plugins"
install:
- "bin/installDeps.sh"
- "cd src && npm install && cd -"
script:
- "tests/frontend/travis/runnerBackend.sh"
## Temporarily commented out the Dockerfile tests
# - name: "Test the Dockerfile"
# install:
# - "cd src && npm install && cd -"
# script:
# - "docker build -t etherpad:test ."
# - "docker run -d -p 9001:9001 etherpad:test && sleep 3"
# - "cd src && npm run test-container"
- name: "Load test Etherpad without Plugins"
install:
- "bin/installDeps.sh"
- "cd src && npm install && cd -"
- "npm install -g etherpad-load-test"
script:
- "tests/frontend/travis/runnerLoadTest.sh"
# we can only frontend tests from the ether/ organization and not from forks.
# To request tests to be run ask a maintainer to fork your repo to ether/
- if: fork = false
name: "Test the Frontend Plugins only"
install:
#FIXME
- "sed 's/\"loglevel\": \"INFO\",/\"loglevel\": \"WARN\",/g' settings.json.template > settings.json"
- "tests/frontend/travis/sauce_tunnel.sh"
- "bin/installDeps.sh"
- "rm tests/frontend/specs/*"
- "npm install ep_hash_auth ep_cursortrace ep_subscript_and_superscript ep_headings2 ep_author_hover ep_align ep_webrtc ep_table_of_contents ep_font_size ep_markdown ep_spellcheck"
- "export GIT_HASH=$(git rev-parse --verify --short HEAD)"
script:
- "tests/frontend/travis/runner.sh"
- name: "Run the Backend tests with Plugins"
install:
- "bin/installDeps.sh"
- "npm install ep_hash_auth ep_cursortrace ep_subscript_and_superscript ep_headings2 ep_author_hover ep_align ep_webrtc ep_table_of_contents ep_font_size ep_markdown ep_spellcheck"
- "cd src && npm install && cd -"
script:
- "tests/frontend/travis/runnerBackend.sh"
## Temporarily commented out the Dockerfile tests
# - name: "Test the Dockerfile"
# install:
# - "cd src && npm install && cd -"
# script:
# - "docker build -t etherpad:test ."
# - "docker run -d -p 9001:9001 etherpad:test && sleep 3"
# - "cd src && npm run test-container"
- name: "Load test Etherpad with Plugins"
install:
- "bin/installDeps.sh"
- "npm install ep_hash_auth ep_cursortrace ep_subscript_and_superscript ep_headings2 ep_comments_page ep_author_hover ep_align ep_webrtc ep_table_of_contents ep_font_size ep_markdown ep_spellcheck"
- "cd src && npm install && cd -"
- "npm install -g etherpad-load-test"
script:
- "tests/frontend/travis/runnerLoadTest.sh"
- name: "Test rate limit"
install:
- "docker network create --subnet=172.23.42.0/16 ep_net"
- "docker build -f Dockerfile -t epl-debian-slim ."
- "docker build -f tests/ratelimit/Dockerfile.nginx -t nginx-latest ."
- "docker build -f tests/ratelimit/Dockerfile.anotherip -t anotherip ."
- "docker run -p 8081:80 --rm --network ep_net --ip 172.23.42.1 -d nginx-latest"
- "docker run --name etherpad-docker -p 9000:9001 --rm --network ep_net --ip 172.23.42.2 -e 'TRUST_PROXY=true' epl-debian-slim &"
- "docker run --rm --network ep_net --ip 172.23.42.3 --name anotherip -dt anotherip"
- "./bin/installDeps.sh"
script:
- "cd tests/ratelimit && bash testlimits.sh"
notifications:
irc:
channels:
- "irc.freenode.org#etherpad-lite-dev"