diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 00000000..ad5d30fa --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,61 @@ +name: Automatic Linter +on: + push: + paths-ignore: + - '**.md' + +jobs: + lint: + runs-on: ubuntu-latest + permissions: + contents: write + services: + redis: + image: redis:7 + ports: + - 6379:6379 + options: --entrypoint redis-server + strategy: + fail-fast: true + matrix: + php: [8.3] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: 8.3 + tools: composer:v2 + coverage: none + + - name: Install dependencies + run: | + composer install + + - name: Run Rector + run: | + ./vendor/bin/rector --dry-run + + - name: Run Laravel Pint + run: | + ./vendor/bin/pint --test + +# - name: "Import GPG key" +# id: import-gpg +# uses: crazy-max/ghaction-import-gpg@v6 +# with: +# gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} +# passphrase: ${{ secrets.GPG_PASSPHRASE }} +# git_user_signingkey: true +# git_commit_gpgsign: true +# +# - name: Commit linted files +# uses: stefanzweifel/git-auto-commit-action@v5 +# with: +# commit_message: "Automatic linter" +# commit_author: "${{ steps.import-gpg.outputs.name }} <${{ steps.import-gpg.outputs.email }}>" +# commit_user_name: ${{ steps.import-gpg.outputs.name }} +# commit_user_email: ${{ steps.import-gpg.outputs.email }} diff --git a/.github/workflows/pr_agent.yml b/.github/workflows/pr_agent.yml index 97eaa8ff..ae9d668d 100644 --- a/.github/workflows/pr_agent.yml +++ b/.github/workflows/pr_agent.yml @@ -1,7 +1,7 @@ name: PR Agent on: - pull_request: + push: issue_comment: jobs: diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 88e62c85..1e0aae01 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -1,12 +1,10 @@ name: Unit & Functional Tests on: - pull_request: - paths-ignore: - - "**.md" - push: - paths-ignore: - - '**.md' + workflow_run: + workflows: [Automatic Linter] + types: + - completed jobs: test: diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml deleted file mode 100644 index ff9b196b..00000000 --- a/.github/workflows/sast.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: Static Application Security Testing - -on: - pull_request: - paths-ignore: - - "**.md" - push: - paths-ignore: - - '**.md' - -jobs: - test: - runs-on: ubuntu-latest - services: - mysql: - image: mysql:8 - env: - MYSQL_DATABASE: platform - MYSQL_ROOT_PASSWORD: password - ports: - - 33306:3306 - options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 - redis: - image: redis:7 - ports: - - 6379:6379 - options: --entrypoint redis-server - strategy: - fail-fast: true - matrix: - php: [8.3] - - name: PHP ${{ matrix.php }} - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup PHP - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ matrix.php }} - extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, gd, gmp, intl, json, mysql, readline, sodium, bcmath, pcov - tools: composer:v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup problem matchers - run: | - echo "::add-matcher::${{ runner.tool_cache }}/php.json" - echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" - - - name: Install dependencies - run: | - composer install --no-interaction --no-progress - composer dump-autoload - - - name: Run Rector - run: | - ./vendor/bin/rector process --dry-run - - - name: Run Laravel Pint - run: | - ./vendor/bin/pint --test - diff --git a/.github/workflows/security_checker.yml b/.github/workflows/security_checker.yml index 6b812d30..30bfb89f 100644 --- a/.github/workflows/security_checker.yml +++ b/.github/workflows/security_checker.yml @@ -1,12 +1,10 @@ name: Security Checker on: - pull_request: - paths-ignore: - - '**.md' - push: - paths-ignore: - - '**.md' + workflow_run: + workflows: [Automatic Linter] + types: + - completed jobs: security-checker: diff --git a/src/GraphQL/Schemas/Primary/Substrate/Mutations/BatchTransferMutation.php b/src/GraphQL/Schemas/Primary/Substrate/Mutations/BatchTransferMutation.php index 7ddddfeb..f3a671a2 100644 --- a/src/GraphQL/Schemas/Primary/Substrate/Mutations/BatchTransferMutation.php +++ b/src/GraphQL/Schemas/Primary/Substrate/Mutations/BatchTransferMutation.php @@ -18,7 +18,6 @@ use Enjin\Platform\Interfaces\PlatformBlockchainTransaction; use Enjin\Platform\Interfaces\PlatformGraphQlMutation; use Enjin\Platform\Models\Transaction; -use Enjin\Platform\Rules\IsCollectionOwner; use Enjin\Platform\Rules\MaxBigInt; use Enjin\Platform\Rules\MaxTokenBalance; use Enjin\Platform\Rules\MinBigInt; @@ -191,7 +190,7 @@ protected function rulesCommon(array $args): array protected function rulesWithValidation(array $args): array { return [ - 'collectionId' => [new IsCollectionOwner()], + 'collectionId' => ['exists:collections,collection_chain_id'], ...$this->getTokenFieldRulesExist('recipients.*.simpleParams', $args), ...$this->getTokenFieldRulesExist('recipients.*.operatorParams', $args), 'recipients.*.simpleParams.amount' => [new MinBigInt(1), new MaxBigInt(Hex::MAX_UINT128), new MaxTokenBalance()], @@ -205,6 +204,7 @@ protected function rulesWithValidation(array $args): array protected function rulesWithoutValidation(array $args): array { return [ + 'collectionId' => [new MinBigInt(2000), new MaxBigInt(Hex::MAX_UINT128)], ...$this->getTokenFieldRules('recipients.*.simpleParams', $args), ...$this->getTokenFieldRules('recipients.*.operatorParams', $args), 'recipients.*.simpleParams.amount' => [new MinBigInt(1), new MaxBigInt(Hex::MAX_UINT128)], diff --git a/src/GraphQL/Schemas/Primary/Substrate/Mutations/BurnMutation.php b/src/GraphQL/Schemas/Primary/Substrate/Mutations/BurnMutation.php index a7f979ea..6fbefaf9 100644 --- a/src/GraphQL/Schemas/Primary/Substrate/Mutations/BurnMutation.php +++ b/src/GraphQL/Schemas/Primary/Substrate/Mutations/BurnMutation.php @@ -122,11 +122,10 @@ public static function getEncodableParams(...$params): array */ protected function rulesWithValidation(array $args): array { - $removeTokenStorage = Arr::get($args, 'params.removeTokenStorage', false); - $min = $removeTokenStorage ? 0 : 1; + $min = Arr::get($args, 'params.removeTokenStorage', false) ? 0 : 1; return [ - 'collectionId' => ['bail', $removeTokenStorage ? new IsCollectionOwner() : 'exists:collections,collection_chain_id'], + 'collectionId' => [$removeTokenStorage ? new IsCollectionOwner() : 'exists:collections,collection_chain_id'], 'params.amount' => [new MinBigInt($min), new MaxTokenBalance()], ...$this->getTokenFieldRulesExist('params'), ]; diff --git a/src/GraphQL/Schemas/Primary/Substrate/Mutations/OperatorTransferTokenMutation.php b/src/GraphQL/Schemas/Primary/Substrate/Mutations/OperatorTransferTokenMutation.php index 4be2647e..de745be8 100644 --- a/src/GraphQL/Schemas/Primary/Substrate/Mutations/OperatorTransferTokenMutation.php +++ b/src/GraphQL/Schemas/Primary/Substrate/Mutations/OperatorTransferTokenMutation.php @@ -17,7 +17,6 @@ use Enjin\Platform\Interfaces\PlatformGraphQlMutation; use Enjin\Platform\Models\Substrate\OperatorTransferParams; use Enjin\Platform\Models\Transaction; -use Enjin\Platform\Rules\IsCollectionOwner; use Enjin\Platform\Rules\MaxBigInt; use Enjin\Platform\Rules\MaxTokenBalance; use Enjin\Platform\Rules\MinBigInt; @@ -154,8 +153,9 @@ protected function rulesCommon(array $args): array */ protected function rulesWithValidation(array $args): array { + // TODO: We need to have a rule that checks if the signed has approval on the source collection / token and if enough approval balance return [ - 'collectionId' => [new IsCollectionOwner()], + 'collectionId' => ['exists:collections,collection_chain_id'], 'params.amount' => [new MinBigInt(0), new MaxBigInt(Hex::MAX_UINT128), new MaxTokenBalance()], ...$this->getTokenFieldRulesExist('params'), ]; @@ -167,6 +167,7 @@ protected function rulesWithValidation(array $args): array protected function rulesWithoutValidation(array $args): array { return [ + 'collectionId' => [new MinBigInt(2000), new MaxBigInt(Hex::MAX_UINT128)], 'params.amount' => [new MinBigInt(0), new MaxBigInt(Hex::MAX_UINT128)], ...$this->getTokenFieldRules('params')]; } diff --git a/src/GraphQL/Schemas/Primary/Substrate/Mutations/SimpleTransferTokenMutation.php b/src/GraphQL/Schemas/Primary/Substrate/Mutations/SimpleTransferTokenMutation.php index 9ad9ed8b..7db1210c 100644 --- a/src/GraphQL/Schemas/Primary/Substrate/Mutations/SimpleTransferTokenMutation.php +++ b/src/GraphQL/Schemas/Primary/Substrate/Mutations/SimpleTransferTokenMutation.php @@ -17,7 +17,6 @@ use Enjin\Platform\Interfaces\PlatformGraphQlMutation; use Enjin\Platform\Models\Substrate\SimpleTransferParams; use Enjin\Platform\Models\Transaction; -use Enjin\Platform\Rules\IsCollectionOwner; use Enjin\Platform\Rules\MaxBigInt; use Enjin\Platform\Rules\MaxTokenBalance; use Enjin\Platform\Rules\MinBigInt; @@ -153,7 +152,7 @@ protected function rulesCommon(array $args): array protected function rulesWithValidation(array $args): array { return [ - 'collectionId' => [new IsCollectionOwner()], + 'collectionId' => ['exists:collections,collection_chain_id'], 'params.amount' => [new MinBigInt(1), new MaxBigInt(Hex::MAX_UINT128), new MaxTokenBalance()], ...$this->getTokenFieldRulesExist('params'), ]; @@ -165,6 +164,7 @@ protected function rulesWithValidation(array $args): array protected function rulesWithoutValidation(array $args): array { return [ + 'collectionId' => [new MinBigInt(2000), new MaxBigInt(Hex::MAX_UINT128)], 'params.amount' => [new MinBigInt(1), new MaxBigInt(Hex::MAX_UINT128)], ...$this->getTokenFieldRules('params'), ];