Automate audit through graphql-http

.gitattributes

@@ -1,6 +1,7 @@
 * text=auto
 
 /.github export-ignore
+/audit export-ignore
 /benchmarks export-ignore
 /docs export-ignore
 /tests export-ignore

.github/workflows/validate.yml

@@ -184,6 +184,20 @@ jobs:
       - name: "Upload to Codecov"
         uses: codecov/codecov-action@v2
 
+  audit:
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        working-directory: audit
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - run: make setup
+
+      - run: make audit
+
   benchmarks:
     runs-on: ubuntu-latest
 

Makefile

@@ -17,7 +17,7 @@ build: ## Build the local Docker containers
 
 .PHONY: up
 up: ## Bring up the docker-compose stack
-	docker-compose up -d
+	docker-compose up --detach
 
 .PHONY: fix
 fix: rector php-cs-fixer ## Automatic code fixes

audit/Makefile

@@ -0,0 +1,24 @@
+dcclient=$$(echo "docker-compose exec -T client")
+
+.PHONY: help
+help: ## Displays this list of targets with descriptions
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(firstword $(MAKEFILE_LIST)) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[32m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: setup
+setup: build ## Setup the local environment
+
+.PHONY: build
+build: ## Build the local Docker containers
+	docker-compose build --pull
+
+.PHONY: up
+up: ## Bring up the docker-compose stack
+	docker-compose up --detach
+
+.PHONY: audit
+audit: up ## Runs tests with PHPUnit
+	${dcclient} deno test --allow-net
+
+.PHONY: fmt
+fmt: up ## Runs tests with PHPUnit
+	${dcclient} deno fmt test.ts

audit/docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  server:
+    build:
+      context: ../
+      dockerfile: audit/server.dockerfile
+    entrypoint: 'php artisan serve --host=0.0.0.0'
+    healthcheck:
+      test: curl -f http://localhost:8000/graphql?query=%7B__typename%7D || exit 1
+      interval: 3s
+      timeout: 1s
+
+  client:
+    image: denoland/deno:1.31.3
+    working_dir: /workdir
+    volumes:
+      - ./:/workdir
+    entrypoint: /bin/bash
+    tty: true

audit/server.dockerfile

@@ -0,0 +1,20 @@
+FROM php:8.1-cli
+
+WORKDIR /app
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+
+RUN apt-get update && \
+    apt-get install --yes \
+        git \
+        rsync \
+        libzip-dev \
+        zip \
+    && docker-php-ext-install \
+        zip \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN composer create-project --no-progress laravel/laravel /app
+RUN composer require --no-progress nuwave/lighthouse:dev-master
+COPY . /app/vendor/nuwave/lighthouse
+RUN php artisan vendor:publish --tag=lighthouse-schema

audit/test.ts

@@ -0,0 +1,27 @@
+import { serverAudits } from "npm:graphql-http";
+
+for (
+  const audit of serverAudits({
+    url: "http://server:8000/graphql",
+  })
+) {
+  // if (audit.name !== 'MUST accept application/json and match the content-type') continue;
+  Deno.test(
+    audit.name,
+    // { sanitizeResources: false },
+    async () => {
+      const result = await audit.fn();
+      // Clean up dangling resources
+      console.log(result);
+      // if ("response" in result) {
+      //   await result.response.body?.cancel();
+      // }
+      if (result.status === "error") {
+        throw result.reason;
+      }
+      if (result.status === "warn") {
+        console.warn(result.reason); // or throw if you want full compliance (warnings are not requirements)
+      }
+    },
+  );
+}