Skip to content

Commit 061de93

Browse files
brandonpaytonbrandonpayton
authored
Allow deploying custom supported domains for CORS proxy (#54)
## Motivation for the change, related issues We need a CORS proxy that supports Playground website origins other than playground.wordpress.net. ## Implementation details This PR updates the CORS proxy deployment workflow to conditionally declare a list of origins supported by the CORS proxy. ## Testing Instructions (or ideally a Blueprint) - Manually deploy to a CORS proxy test site without the new CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED secret created - Confirm the proxy works with requests from origin `https://playground.wordpress.net` - Add the CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED secret - Manually deploy to a CORS proxy test site - Make HTTP requests to the CORS proxy with an Origin header containing a supported origin and confirm success - Make HTTP requests to the CORS proxy with an Origin header containing a unsupported origin and confirm failure
1 parent 877321e commit 061de93

File tree

1 file changed

+48
-19
lines changed

1 file changed

+48
-19
lines changed

.github/workflows/deploy-cors-proxy.yml

Lines changed: 48 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -10,23 +10,24 @@ jobs:
1010
build_and_deploy:
1111
# Only run this workflow from the trunk branch and when it's triggered by a maintainer listed below
1212
# TODO: Can we check for group membership?
13-
if: >
14-
github.ref == 'refs/heads/trunk' && (
15-
github.event_name == 'workflow_run' ||
16-
github.event_name == 'workflow_dispatch' ||
17-
github.actor == 'adamziel' ||
18-
github.actor == 'dmsnell' ||
19-
github.actor == 'bgrgicak' ||
20-
github.actor == 'brandonpayton' ||
21-
github.actor == 'zaerl' ||
22-
github.actor == 'akirk' ||
23-
github.actor == 'janjakes'
24-
)
13+
# TODO Uncomment before merging
14+
# if: >
15+
# github.ref == 'refs/heads/trunk' && (
16+
# github.event_name == 'workflow_run' ||
17+
# github.event_name == 'workflow_dispatch' ||
18+
# github.actor == 'adamziel' ||
19+
# github.actor == 'dmsnell' ||
20+
# github.actor == 'bgrgicak' ||
21+
# github.actor == 'brandonpayton' ||
22+
# github.actor == 'zaerl' ||
23+
# github.actor == 'akirk' ||
24+
# github.actor == 'janjakes'
25+
# )
2526

2627
# Specify runner + deployment step
2728
runs-on: ubuntu-latest
2829
environment:
29-
name: playground-wordpress-net-wp-cloud
30+
name: cors-proxy-wp-cloud
3031
steps:
3132
- uses: actions/checkout@v4
3233
with:
@@ -43,26 +44,54 @@ jobs:
4344
4445
- name: Deploy to CORS proxy server
4546
shell: bash
46-
# TODO: Use completely separate environments for website and CORS proxy deployments
47+
env:
48+
CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED: ${{ secrets.CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED }}
4749
run: |
4850
mkdir -p ~/.ssh
49-
echo "${{ secrets.DEPLOY_WEBSITE_TARGET_HOST_KEY }}" >> ~/.ssh/known_hosts
50-
echo "${{ secrets.DEPLOY_WEBSITE_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
51+
echo "${{ secrets.DEPLOY_CORS_PROXY_TARGET_HOST_KEY }}" >> ~/.ssh/known_hosts
52+
echo "${{ secrets.DEPLOY_CORS_PROXY_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
5153
chmod 0600 ~/.ssh/*
5254
5355
# CORS proxy files
5456
rsync --verbose --archive --compress -e "ssh -i ~/.ssh/id_ed25519" \
5557
--exclude 'tests/' --include '*/' --include '*.php' --exclude '*' \
5658
--delete --delete-excluded --prune-empty-dirs \
5759
packages/playground/php-cors-proxy/ \
58-
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_WEBSITE_TARGET_HOST }}:'~/updated-proxy-files'
60+
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_CORS_PROXY_TARGET_HOST }}:'~/updated-proxy-files'
5961
6062
# Host-specific deployment scripts and server config
6163
rsync --verbose --archive --compress -e "ssh -i ~/.ssh/id_ed25519" --delete \
6264
packages/playground/php-cors-proxy-deployment/ \
63-
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_WEBSITE_TARGET_HOST }}:'~/cors-proxy-deployment'
65+
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_CORS_PROXY_TARGET_HOST }}:'~/cors-proxy-deployment'
6466
6567
# Apply update
6668
ssh -i ~/.ssh/id_ed25519 \
67-
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_WEBSITE_TARGET_HOST }} \
69+
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_CORS_PROXY_TARGET_HOST }} \
6870
-tt -C '~/cors-proxy-deployment/apply-update.sh'
71+
72+
# If configured, support CORS responses for a custom list of origins
73+
if [[ -n "${CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED}" ]]; then
74+
CUSTOM_ORIGINS_PHP="<?php define('PLAYGROUND_CORS_PROXY_SUPPORTED_ORIGINS', array("
75+
76+
for origin in $CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED; do
77+
if ! (
78+
[[ $origin =~ ^https?://([a-zA-Z0-9-]+\.)*[a-zA-Z]{2,}$ ]] ||
79+
[[ $origin =~ ^https?://([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] ||
80+
[[ $origin =~ ^https?://^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ ]]
81+
); then
82+
echo "Unable to use CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED"
83+
echo "Invalid origin: '$origin'"
84+
exit -1;
85+
fi
86+
87+
echo "Adding custom supported origin: '$origin'"
88+
CUSTOM_ORIGINS_PHP+="'$origin', "
89+
done
90+
91+
CUSTOM_ORIGINS_PHP+='));'
92+
93+
echo "$CUSTOM_ORIGINS_PHP" > custom-redirects.php
94+
rsync -avz -e "ssh -i ~/.ssh/id_ed25519" \
95+
custom-redirects.php \
96+
${{ secrets.DEPLOY_CORS_PROXY_TARGET_USER }}@${{ secrets.DEPLOY_CORS_PROXY_TARGET_HOST }}:'~/htdocs/'
97+
fi

0 commit comments

Comments
 (0)