From 4c325288f4ca1064f2ab24161b2fd1f06ad37b37 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Sun, 12 Jul 2026 13:54:45 -0700 Subject: [PATCH 01/11] ci: modernize Monitor workflow --- .github/workflows/plugin-ci-workflow.yml | 73 +++++++++++++++--------- 1 file changed, 45 insertions(+), 28 deletions(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 1b63343..aa9472e 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -19,17 +19,35 @@ # | http://www.cacti.net/ | # +-------------------------------------------------------------------------+ -name: Plugin Integration Tests +name: Monitor CI on: push: branches: - main - develop + paths: + - '**.php' + - '.github/workflows/plugin-ci-workflow.yml' + - 'composer.json' + - 'composer.lock' pull_request: branches: - main - develop + paths: + - '**.php' + - '.github/workflows/plugin-ci-workflow.yml' + - 'composer.json' + - 'composer.lock' + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: monitor-ci-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: integration-test: @@ -38,12 +56,12 @@ jobs: strategy: fail-fast: false matrix: - php: ['8.1', '8.2', '8.3', '8.4'] + php: ['7.4', '8.1', '8.4'] os: [ubuntu-latest] services: mariadb: - image: mariadb:10.6 + image: mariadb:10.11 env: MYSQL_ROOT_PASSWORD: cactiroot MYSQL_DATABASE: cacti @@ -81,11 +99,10 @@ jobs: - name: Check PHP version run: php -v - - name: Run apt-get update - run: sudo apt-get update - - name: Install System Dependencies - run: sudo apt-get install -y apache2 snmp snmpd rrdtool fping libapache2-mod-php + run: | + sudo apt-get update + sudo apt-get install --yes --no-install-recommends apache2 snmp snmpd rrdtool fping libapache2-mod-php - name: Start SNMPD Agent and Test run: | @@ -95,40 +112,35 @@ jobs: - name: Setup Permissions run: | sudo chown -R www-data:runner ${{ github.workspace }}/cacti - sudo find ${{ github.workspace }}/cacti -type d -exec chmod 775 {} \; - sudo find ${{ github.workspace }}/cacti -type f -exec chmod 664 {} \; + sudo find ${{ github.workspace }}/cacti -type d -exec chmod 775 {} + + sudo find ${{ github.workspace }}/cacti -type f -exec chmod 664 {} + sudo chmod +x ${{ github.workspace }}/cacti/cmd.php sudo chmod +x ${{ github.workspace }}/cacti/poller.php - - name: Create MySQL Config - run: | - echo -e "[client]\nuser = root\npassword = cactiroot\nhost = 127.0.0.1\n" > ~/.my.cnf - cat ~/.my.cnf - - name: Initialize Cacti Database env: - MYSQL_AUTH_USR: '--defaults-file=~/.my.cnf' + MYSQL_PWD: cactiroot run: | - mysql $MYSQL_AUTH_USR -e 'CREATE DATABASE IF NOT EXISTS cacti;' - mysql $MYSQL_AUTH_USR -e "CREATE USER IF NOT EXISTS 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';" - mysql $MYSQL_AUTH_USR -e "GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost';" - mysql $MYSQL_AUTH_USR -e "GRANT SELECT ON mysql.time_zone_name TO 'cactiuser'@'localhost';" - mysql $MYSQL_AUTH_USR -e "FLUSH PRIVILEGES;" - mysql $MYSQL_AUTH_USR cacti < ${{ github.workspace }}/cacti/cacti.sql - mysql $MYSQL_AUTH_USR -e "INSERT INTO settings (name, value) VALUES ('path_php_binary', '/usr/bin/php')" cacti + mysql --host=127.0.0.1 --user=root -e 'CREATE DATABASE IF NOT EXISTS cacti;' + mysql --host=127.0.0.1 --user=root -e "CREATE USER IF NOT EXISTS 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';" + mysql --host=127.0.0.1 --user=root -e "GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost';" + mysql --host=127.0.0.1 --user=root -e "GRANT SELECT ON mysql.time_zone_name TO 'cactiuser'@'localhost';" + mysql --host=127.0.0.1 --user=root -e "FLUSH PRIVILEGES;" + mysql --host=127.0.0.1 --user=root cacti < ${{ github.workspace }}/cacti/cacti.sql + mysql --host=127.0.0.1 --user=root -e "INSERT INTO settings (name, value) VALUES ('path_php_binary', '/usr/bin/php')" cacti - name: Validate composer files run: | cd ${{ github.workspace }}/cacti if [ -f composer.json ]; then - composer validate --strict || true + composer validate --strict fi - name: Install Composer Dependencies run: | cd ${{ github.workspace }}/cacti if [ -f composer.json ]; then - sudo composer install --prefer-dist --no-progress + composer install --prefer-dist --no-interaction --no-progress fi - name: Create Cacti config.php @@ -173,10 +185,7 @@ jobs: - name: Check PHP Syntax for Plugin run: | cd ${{ github.workspace }}/cacti/plugins/monitor - if find . -name '*.php' -exec php -l {} 2>&1 \; | grep -iv 'no syntax errors detected'; then - echo "Syntax errors found!" - exit 1 - fi + find . -path './vendor' -prune -o -name '*.php' -print0 | xargs -0 -n1 php -l - name: Remove the plugins directory exclusion from the .phpstan.neon run: sed '/plugins/d' -i .phpstan.neon @@ -214,3 +223,11 @@ jobs: echo "=== Cacti Log ===" sudo cat ${{ github.workspace }}/cacti/log/cacti.log fi + + - name: Upload Cacti log + if: failure() + uses: actions/upload-artifact@v4 + with: + name: cacti-log-php-${{ matrix.php }} + path: ${{ github.workspace }}/cacti/log/cacti.log + if-no-files-found: ignore From a06ae88543e0c7b51f01fada93339a288c3625bc Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Sun, 12 Jul 2026 22:58:45 -0700 Subject: [PATCH 02/11] ci: pin integration tests to Cacti 1.2.31 --- .github/workflows/plugin-ci-workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index aa9472e..407d802 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -82,6 +82,7 @@ jobs: uses: actions/checkout@v5 with: repository: Cacti/cacti + ref: release/1.2.31 path: cacti - name: Checkout Monitor Plugin From 0547614e73f3a9fc541a86872a865d2ec82b7911 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 01:56:46 -0700 Subject: [PATCH 03/11] ci(security): pin GitHub Actions to commit SHAs Pin actions/checkout (v5), shivammathur/setup-php (v2) and actions/upload-artifact (v4) to full commit SHAs with a trailing # vX comment. Mutable tags let a compromised or force-pushed tag run arbitrary code in CI; pinning to an immutable SHA is the supply-chain-hardening best practice and matches the SHA-pinned checkout used in the core security workflow. --- .github/workflows/plugin-ci-workflow.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 407d802..90bc40d 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -79,19 +79,19 @@ jobs: steps: - name: Checkout Cacti - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: repository: Cacti/cacti ref: release/1.2.31 path: cacti - name: Checkout Monitor Plugin - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: path: cacti/plugins/monitor - name: Install PHP ${{ matrix.php }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2 with: php-version: ${{ matrix.php }} extensions: intl, mysql, gd, ldap, gmp, xml, curl, json, mbstring @@ -227,7 +227,7 @@ jobs: - name: Upload Cacti log if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: cacti-log-php-${{ matrix.php }} path: ${{ github.workspace }}/cacti/log/cacti.log From 3f5e186fd3e0f758ed4e94485beb1aa592172baf Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:01:02 -0700 Subject: [PATCH 04/11] Allow Cacti dependency validation warnings --- .github/workflows/plugin-ci-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 90bc40d..5cccb6d 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -134,7 +134,7 @@ jobs: run: | cd ${{ github.workspace }}/cacti if [ -f composer.json ]; then - composer validate --strict + composer validate --no-check-publish fi - name: Install Composer Dependencies From ce0698b5164396eb2554d723b17f79a6fcaddeae Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:03:55 -0700 Subject: [PATCH 05/11] Align Monitor matrix with Cacti dependencies --- .github/workflows/plugin-ci-workflow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 5cccb6d..563792e 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -56,7 +56,7 @@ jobs: strategy: fail-fast: false matrix: - php: ['7.4', '8.1', '8.4'] + php: ['8.1', '8.4'] os: [ubuntu-latest] services: @@ -141,7 +141,7 @@ jobs: run: | cd ${{ github.workspace }}/cacti if [ -f composer.json ]; then - composer install --prefer-dist --no-interaction --no-progress + sudo composer install --prefer-dist --no-interaction --no-progress fi - name: Create Cacti config.php From a9ef8b0fd21953841fc246a7a30aa47fcf2f266b Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:09:34 -0700 Subject: [PATCH 06/11] Fix Monitor PHPStan working directory --- .github/workflows/plugin-ci-workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 563792e..6aa058e 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -191,6 +191,7 @@ jobs: - name: Remove the plugins directory exclusion from the .phpstan.neon run: sed '/plugins/d' -i .phpstan.neon working-directory: ${{ github.workspace }}/cacti + working-directory: ${{ github.workspace }}/cacti - name: Mark composer scripts executable run: sudo chmod +x ${{ github.workspace }}/cacti/include/vendor/bin/* From 8f5769bdde32484b49934e430e9c5375ce2215d7 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:34:45 -0700 Subject: [PATCH 07/11] Fix duplicate Monitor workflow key --- .github/workflows/plugin-ci-workflow.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 6aa058e..563792e 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -191,7 +191,6 @@ jobs: - name: Remove the plugins directory exclusion from the .phpstan.neon run: sed '/plugins/d' -i .phpstan.neon working-directory: ${{ github.workspace }}/cacti - working-directory: ${{ github.workspace }}/cacti - name: Mark composer scripts executable run: sudo chmod +x ${{ github.workspace }}/cacti/include/vendor/bin/* From cca839602f5bd7da655cf6ef7b94ecef36f6b283 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:44:34 -0700 Subject: [PATCH 08/11] Guard optional PHPStan configuration --- .github/workflows/plugin-ci-workflow.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 563792e..dfefa20 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -189,7 +189,10 @@ jobs: find . -path './vendor' -prune -o -name '*.php' -print0 | xargs -0 -n1 php -l - name: Remove the plugins directory exclusion from the .phpstan.neon - run: sed '/plugins/d' -i .phpstan.neon + run: | + if [ -f .phpstan.neon ]; then + sed '/plugins/d' -i .phpstan.neon + fi working-directory: ${{ github.workspace }}/cacti - name: Mark composer scripts executable From eea95f64df8d142a7da4993136eec31dee63dd89 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:46:47 -0700 Subject: [PATCH 09/11] Guard optional Composer vendor binaries --- .github/workflows/plugin-ci-workflow.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index dfefa20..e05477c 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -196,7 +196,10 @@ jobs: working-directory: ${{ github.workspace }}/cacti - name: Mark composer scripts executable - run: sudo chmod +x ${{ github.workspace }}/cacti/include/vendor/bin/* + run: | + if [ -d "${{ github.workspace }}/cacti/include/vendor/bin" ]; then + sudo find "${{ github.workspace }}/cacti/include/vendor/bin" -maxdepth 1 -type f -exec chmod +x {} + + fi - name: Run Linter on base code run: composer run-script lint ${{ github.workspace }}/cacti/plugins/monitor From 219571c49aae3085e5d0578e9f6253e6c566ecfd Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Mon, 13 Jul 2026 23:49:34 -0700 Subject: [PATCH 10/11] Skip unavailable Composer quality scripts --- .github/workflows/plugin-ci-workflow.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index e05477c..0ecfe85 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -202,11 +202,21 @@ jobs: fi - name: Run Linter on base code - run: composer run-script lint ${{ github.workspace }}/cacti/plugins/monitor + run: | + if composer run-script --list | grep -qE '^ lint'; then + composer run-script lint ${{ github.workspace }}/cacti/plugins/monitor + else + echo 'Composer lint script is not defined; skipping.' + fi working-directory: ${{ github.workspace }}/cacti - name: Checking coding standards on base code - run: composer run-script phpcsfixer ${{ github.workspace }}/cacti/plugins/monitor + run: | + if composer run-script --list | grep -qE '^ phpcsfixer'; then + composer run-script phpcsfixer ${{ github.workspace }}/cacti/plugins/monitor + else + echo 'Composer phpcsfixer script is not defined; skipping.' + fi working-directory: ${{ github.workspace }}/cacti # - name: Run PHPStan at Level 6 on base code outside of Composer due to technical issues From 8e38688f573b2dad96b6f8052362b010fcf5d0c0 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Tue, 14 Jul 2026 03:31:35 -0700 Subject: [PATCH 11/11] ci: restore full PHP 8.1-8.4 integration matrix Keep 1.2.31 pin while covering mid-stream PHP releases. Signed-off-by: Thomas Vincent --- .github/workflows/plugin-ci-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plugin-ci-workflow.yml b/.github/workflows/plugin-ci-workflow.yml index 0ecfe85..b09000d 100644 --- a/.github/workflows/plugin-ci-workflow.yml +++ b/.github/workflows/plugin-ci-workflow.yml @@ -56,7 +56,7 @@ jobs: strategy: fail-fast: false matrix: - php: ['8.1', '8.4'] + php: ['8.1', '8.2', '8.3', '8.4'] os: [ubuntu-latest] services: