Add testing infrastructure, CI/CD, and security fixes #1

Open

deco wants to merge 7 commits from feature/testing-ci-improvements into main

pull from: feature/testing-ci-improvements

merge into: deco:main

deco:main

Conversation 0 Commits 7 Files changed 13 +1116 -81

deco commented 2026-01-24 02:32:20 +02:00

Owner

Copy link

Summary

• Add PHPUnit test infrastructure with unit tests for helper functions and API class
• Add Forgejo Actions CI/CD workflows (lint, test, security, release)
• Fix security issues identified in code review
• Add project documentation index

Changes

• Security: Cryptographically secure credential generation, XSS prevention, sensitive data redaction in logs
• Bug fix: Add missing editUser() method, fix curl error handling
• Refactor: Extract resolveUserId() helper to eliminate code duplication
• CI/CD: Automated testing on push, release packaging on tags
• Docs: PROJECT_INDEX.md for quick onboarding

Test plan

• CI workflow passes (lint, test, security jobs)
• Manual test in WHMCS environment
• Verify release workflow creates valid package

## Summary - Add PHPUnit test infrastructure with unit tests for helper functions and API class - Add Forgejo Actions CI/CD workflows (lint, test, security, release) - Fix security issues identified in code review - Add project documentation index ## Changes - **Security**: Cryptographically secure credential generation, XSS prevention, sensitive data redaction in logs - **Bug fix**: Add missing `editUser()` method, fix curl error handling - **Refactor**: Extract `resolveUserId()` helper to eliminate code duplication - **CI/CD**: Automated testing on push, release packaging on tags - **Docs**: PROJECT_INDEX.md for quick onboarding ## Test plan - [ ] CI workflow passes (lint, test, security jobs) - [ ] Manual test in WHMCS environment - [ ] Verify release workflow creates valid package

deco added 5 commits 2026-01-24 02:32:21 +02:00

fix: Security and code quality improvements ... c13e944d5a

- Add missing editUser() method that was causing fatal errors
- Replace insecure rand() with cryptographically secure random_int()
- Extract duplicated user lookup logic to resolveUserId() helper
- Add htmlentities escaping to form inputs in manage.tpl (XSS fix)
- Change private methods to protected for testability

test: Add PHPUnit test infrastructure ... a8c3a9bdc2

- Add composer.json with PHPUnit dev dependency
- Add phpunit.xml configuration
- Add test bootstrap with WHMCS mocks
- Add HelperFunctionsTest for credential generation and package ID logic
- Add XtreamUIAPITest for API class parsing methods

ci: Add Forgejo Actions workflows ... d9408180a2

- Add CI workflow with lint, test, and security jobs
  - Triggers on main, feature/*, fix/*, hotfix/* branches
  - Triggers on PRs to main
- Add release workflow for automated packaging on version tags
- Update .gitignore for composer, phpunit, and local tooling files

docs: Add project index for quick onboarding ... 2b4da4e1e8

- Add PROJECT_INDEX.md with human-readable project overview
- Add PROJECT_INDEX.json with machine-readable metadata
- Documents project structure, API methods, and config options

fix: Address code review findings ... c6492d736b

Security fixes:
- Redact sensitive data (passwords, MAC) before logging
- Escape exception messages in admin HTML to prevent XSS
- Handle curl_exec returning false before strlen()

CI/CD fixes:
- Create subdirectories before cp -r in release workflow
- Use composer.json instead of gitignored composer.lock for cache key

deco added 1 commit 2026-01-24 02:35:56 +02:00

ci: Add setup-php action for self-hosted runners 6f2c828246

deco added 1 commit 2026-01-24 02:40:26 +02:00

ci: Remove setup-php action, expect PHP on runner 41f46dd714

Some checks failed

Hide all checks

CI / Security Checks (push) Successful in 11s

Details

CI / PHP Syntax Check (push) Failing after 11s

Details

CI / PHP Syntax Check (pull_request) Failing after 11s

Details

CI / PHPUnit Tests (push) Has been skipped

Details

CI / PHPUnit Tests (pull_request) Has been skipped

Details

CI / Security Checks (pull_request) Successful in 12s

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feature/testing-ci-improvements:feature/testing-ci-improvements

git switch feature/testing-ci-improvements

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff feature/testing-ci-improvements

git switch feature/testing-ci-improvements

git rebase main

git switch main

git merge --ff-only feature/testing-ci-improvements

git switch feature/testing-ci-improvements

git rebase main

git switch main

git merge --no-ff feature/testing-ci-improvements

git switch main

git merge --squash feature/testing-ci-improvements

git switch main

git merge --ff-only feature/testing-ci-improvements

git switch main

git merge feature/testing-ci-improvements

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

deco/xtreamui_direct!1

No description provided.