[TEST] - Add QA testing workflow

.github/workflows/Dockerfile.build-extension

@@ -0,0 +1,75 @@
+# syntax=docker/dockerfile:1.7
+
+ARG BASE_IMAGE=ubuntu:20.04
+ARG PHP_VERSION=8.3
+ARG PHP_SRC_REF=PHP-${PHP_VERSION}
+
+FROM ${BASE_IMAGE} AS base
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Etc/UTC \
+    LC_ALL=C.UTF-8 \
+    LANG=C.UTF-8 \
+    LANGUAGE=C.UTF-8
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends tzdata ca-certificates git wget curl xz-utils \
+ && ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime \
+ && echo "${TZ}" > /etc/timezone \
+ && dpkg-reconfigure -f noninteractive tzdata \
+ && update-ca-certificates \
+ && git config --global http.sslCAInfo /etc/ssl/certs/ca-certificates.crt \
+ && git config --global http.sslVerify true \
+ && rm -rf /var/lib/apt/lists/*
+
+# Builder: toolchain + dev libs
+FROM base AS build-deps
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential autoconf bison re2c pkg-config \
+    libxml2-dev libsqlite3-dev libcurl4-openssl-dev libssl-dev \
+    libzip-dev libonig-dev libjpeg-dev libpng-dev libwebp-dev \
+    libicu-dev libreadline-dev libxslt1-dev default-libmysqlclient-dev \
+    wget tar \
+ && rm -rf /var/lib/apt/lists/*
+
+
+# Fetch php-src
+FROM build-deps AS php-src
+ARG PHP_SRC_REF
+WORKDIR /usr/src
+RUN git clone --depth 1 --branch "${PHP_SRC_REF}" https://github.com/php/php-src.git
+WORKDIR /usr/src/php-src
+RUN ./buildconf --force
+
+
+# Build PHP
+FROM php-src AS php-build
+# Configure flags mirror your workflow; adjust as needed
+RUN ./configure \
+      --prefix=/usr/local \
+      --with-config-file-path=/usr/local/lib \
+      --with-config-file-scan-dir=/usr/local/etc/php/conf.d \
+      --enable-mbstring \
+      --enable-pcntl \
+      --enable-intl \
+      --with-curl \
+      --with-mysqli \
+      --with-openssl \
+      --with-zlib \
+      --with-zip \
+ && make -j"$(nproc)" \
+ && make install \
+ && strip /usr/local/bin/php || true
+
+
+FROM build-deps AS dev
+COPY --from=php-build /usr/local /usr/local
+# Sanity check and helpful defaults
+RUN php -v && php -m | grep -E 'curl|mysqli' >/dev/null
+ENV PATH="/usr/local/bin:${PATH}"
+
+RUN mkdir -p /usr/local/etc/php/conf.d
+WORKDIR /work
+CMD ["php", "-v"]
+

.github/workflows/Dockerfile.build-libs

@@ -0,0 +1,25 @@
+# Dockerfile
+FROM ubuntu:20.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Base tools & dependencies for building Go c-shared libs and running protoc
+RUN apt-get update && \
+    apt-get install -y software-properties-common && \
+    add-apt-repository ppa:longsleep/golang-backports && \
+    apt-get update && \
+    apt-get install -y golang-go protobuf-compiler protobuf-compiler-grpc && \
+    rm -rf /var/lib/apt/lists/*
+
+# Go env 
+ENV GOPATH=/go
+ENV GOBIN=/go/bin
+ENV PATH=$GOBIN:/usr/local/go/bin:/usr/lib/go/bin:$PATH
+
+# Install protoc Go plugins
+RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@latest && \
+    go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+
+WORKDIR /workspace
+
+CMD ["/bin/bash"]

.github/workflows/Dockerfile.centos-php-test

@@ -0,0 +1,33 @@
+# syntax=docker/dockerfile:1.7
+# CentOS Stream 9 test image with PHP (from Remi) preinstalled per version,
+# plus httpd (mod_php), nginx + php-fpm, MySQL server and Python deps.
+
+ARG BASE_IMAGE=quay.io/centos/centos:stream9
+ARG PHP_VERSION=8.3
+
+FROM ${BASE_IMAGE}
+SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
+
+
+# Remi repo + chosen PHP stream
+ARG PHP_VERSION
+RUN yum install -y yum-utils
+RUN dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm 
+RUN yum install -y gcc 
+RUN yum install -y python3-devel
+RUN dnf --assumeyes module reset php
+RUN dnf --assumeyes --nogpgcheck module install php:remi-${PHP_VERSION}
+RUN dnf --assumeyes install php-pdo
+RUN dnf --assumeyes install php-mysqlnd
+RUN yum install -y mod_php nginx php-fpm procps-ng mysql-server
+
+
+# Python deps used by your test harness
+RUN python3 -m pip install --no-cache-dir --upgrade pip \
+ && python3 -m pip install --no-cache-dir flask requests psutil
+
+ RUN yum install -y httpd
+# Quality-of-life
+ENV TZ=Etc/UTC
+WORKDIR /work
+CMD ["bash"]

.github/workflows/Dockerfile.ubuntu-php-test

@@ -0,0 +1,113 @@
+# syntax=docker/dockerfile:1.7
+FROM ubuntu:24.04
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG PHP_VERSION=7.2
+
+ENV PHP_VERSION=${PHP_VERSION}
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      ca-certificates curl gnupg lsb-release tzdata locales \
+      software-properties-common apt-transport-https \
+      git make unzip xz-utils \
+      # web servers & DB (installed later after PPA)
+      && rm -rf /var/lib/apt/lists/*
+
+# Timezone to UTC
+RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
+    echo "Etc/UTC" > /etc/timezone && \
+    dpkg-reconfigure -f noninteractive tzdata
+
+
+RUN add-apt-repository -y universe && \
+    add-apt-repository -y ppa:ondrej/php
+
+RUN apt-get update
+
+RUN set -eux; \
+    PHP_PKG="php${PHP_VERSION}"; \
+    apt-get install -y --no-install-recommends \
+      nginx \
+      apache2 \
+      mariadb-server \
+      ${PHP_PKG} ${PHP_PKG}-cli ${PHP_PKG}-common ${PHP_PKG}-fpm \
+      ${PHP_PKG}-curl ${PHP_PKG}-sqlite3 ${PHP_PKG}-mysql \
+      ${PHP_PKG}-mbstring ${PHP_PKG}-xml ${PHP_PKG}-zip ${PHP_PKG}-opcache \
+      libapache2-mod-php${PHP_VERSION} \
+    ; \
+    # Apache: switch to prefork for mod_php scenario and enable rewrite
+    a2dismod mpm_event || true; \
+    a2dismod mpm_worker || true; \
+    a2enmod mpm_prefork rewrite || true
+
+# ---- Python toolchain used by tests ----
+ENV PIP_DISABLE_PIP_VERSION_CHECK=1 \
+  PYTHONDONTWRITEBYTECODE=1 \
+  VIRTUAL_ENV=/opt/ci-venv \
+  PATH="/opt/ci-venv/bin:${PATH}"
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    python3 python3-venv python3-pip python3-dev \
+  && python3 -m venv "$VIRTUAL_ENV" \
+  && "$VIRTUAL_ENV/bin/pip" install --no-cache-dir \
+       flask pandas psutil requests \
+  && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+#  PHP-CGI + Apache CGI modules for tests that require CGI
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+      php${PHP_VERSION}-cgi \
+      apache2-bin; \
+    a2enmod cgi cgid || true; \
+    mkdir -p /usr/lib/cgi-bin; \
+    # Provide a php-cgi wrapper in the standard location
+    ln -sf /usr/bin/php-cgi /usr/lib/cgi-bin/php-cgi
+
+# Helper: start MariaDB 
+RUN mkdir -p /usr/local/bin /var/lib/mysql /run/mysqld && \
+    printf '%s\n' '#!/usr/bin/env bash' \
+      'set -euo pipefail' \
+      'mkdir -p /var/lib/mysql /run/mysqld' \
+      'chown -R mysql:mysql /var/lib/mysql /run/mysqld' \
+      'if [ ! -d /var/lib/mysql/mysql ]; then' \
+      '  mysqld --initialize-insecure --user=mysql --datadir=/var/lib/mysql' \
+      'fi' \
+      'mysqld --user=mysql --datadir=/var/lib/mysql &' \
+      'pid=$!' \
+      'for i in {1..30}; do mysqladmin ping --silent && break; sleep 1; done' \
+      'mysql -u root -e "CREATE DATABASE IF NOT EXISTS db;" || true' \
+      'mysql -u root -e "ALTER USER '\''root'\''@'\''localhost'\'' IDENTIFIED BY '\''pwd'\''; FLUSH PRIVILEGES;" || true' \
+      'wait $pid' \
+    > /usr/local/bin/start-mariadb && \
+    chmod +x /usr/local/bin/start-mariadb
+
+# Robust Apache PHP switcher (handles module names, MPM, restart, verification)
+RUN printf '%s\n' '#!/usr/bin/env bash' \
+      'set -euo pipefail' \
+      'ver="${1:-${PHP_VERSION:-8.2}}"' \
+      'a2dismod mpm_event >/dev/null 2>&1 || true' \
+      'a2dismod mpm_worker >/dev/null 2>&1 || true' \
+      'a2enmod  mpm_prefork >/dev/null 2>&1 || true' \
+      'if ! a2query -m "php${ver}" >/dev/null 2>&1; then' \
+      '  apt-get update && apt-get install -y --no-install-recommends "libapache2-mod-php${ver}"' \
+      'fi' \
+      'for m in php5 php7 php7.0 php7.1 php7.2 php7.3 php7.4 php8 php8.0 php8.1 php8.2 php8.3 php8.4; do' \
+      '  a2query -m "$m" >/dev/null 2>&1 && a2dismod "$m" >/dev/null 2>&1 || true' \
+      'done' \
+      'a2enmod "php${ver}"' \
+      'apache2ctl -t' \
+      'apache2ctl -k graceful || apache2ctl -k restart' \
+      'if ! apache2ctl -M 2>/dev/null | grep -Eiq "php[0-9]*_module"; then' \
+      '  echo "Apache does not have a PHP module loaded:"' \
+      '  apache2ctl -M || true' \
+      '  exit 1' \
+      'fi' \
+      'echo "Apache now using mod_php for PHP ${ver}"' \
+    > /usr/local/bin/a2-switch-php && \
+    chmod +x /usr/local/bin/a2-switch-php
+
+
+WORKDIR /work
+

.github/workflows/build-centos-php-test-images.yml

@@ -0,0 +1,94 @@
+name: Build CentOS PHP test images
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/Dockerfile.centos-php-test
+      - .github/workflows/build-centos-php-test-images.yml
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: aikidosec/firewall-php-test-centos
+  VERSION: v1
+
+jobs:
+  build-amd64:
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        php_version: ['7.4','8.0','8.1','8.2','8.3','8.4']
+      fail-fast: false
+    permissions: { contents: read, packages: write }
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build & push (amd64)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: .github/workflows/Dockerfile.centos-php-test
+          platforms: linux/amd64
+          push: true
+          build-args: |
+            PHP_VERSION=${{ matrix.php_version }}
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-amd64-${{ env.VERSION }}
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-${{ matrix.php_version }}-amd64-${{ env.VERSION }}
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-${{ matrix.php_version }}-amd64-${{ env.VERSION }},mode=max
+
+  build-arm64:
+    runs-on: ubuntu-24.04-arm
+    strategy:
+      matrix:
+        php_version: ['7.4','8.0','8.1','8.2','8.3','8.4']
+      fail-fast: false
+    permissions: { contents: read, packages: write }
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build & push (arm64)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: .github/workflows/Dockerfile.centos-php-test
+          platforms: linux/arm64
+          push: true
+          build-args: |
+            PHP_VERSION=${{ matrix.php_version }}
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.php_version }}-arm64-${{ env.VERSION }}
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-${{ matrix.php_version }}-arm64-${{ env.VERSION }}
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache-${{ matrix.php_version }}-arm64-${{ env.VERSION }},mode=max
+
+  publish-manifests:
+    runs-on: ubuntu-24.04
+    needs: [build-amd64, build-arm64]
+    strategy:
+      matrix:
+        php_version: ['7.4','8.0','8.1','8.2','8.3','8.4']
+      fail-fast: false
+    permissions: { contents: read, packages: write }
+    steps:
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create multi-arch manifest
+        run: |
+          IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          V=${{ matrix.php_version }}
+          docker buildx imagetools create \
+            --tag ${IMAGE}:${V}-${{ env.VERSION }} \
+            ${IMAGE}:${V}-amd64-${{ env.VERSION }} \
+            ${IMAGE}:${V}-arm64-${{ env.VERSION }}