diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index e85e88f..eed4fc7 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,2 +1 @@ -# These are supported funding model platforms custom: https://btcpayserver.org/donate/ diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md deleted file mode 100644 index da29d20..0000000 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -name: Bug report -about: File a bug report -title: '' -labels: '' -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Your BTCPay Environment (please complete the following information):** -- BTCPay Server Version [available in the right bottom corner of footer] -- Deployment Method: [e.g. Docker, Manual, Third-Party-hoist] - - Browser [e.g. chrome, safari] - -**Logs (if applicable)** -Basic logs can be found in Server Settings > Logs. More logs https://docs.btcpayserver.org/Troubleshooting/#2-looking-through-the-logs - -**Setup Parameters** -If you're reporting a deployment issue run `. btcpay-setup.sh -i` and paste your the parameters by obscuring private information. - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml new file mode 100644 index 0000000..8f50991 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -0,0 +1,79 @@ +name: 🐛 Bug Report +description: File a bug report +title: "[Bug]: " +labels: ["bug"] +body: + - type: markdown + attributes: + value: | + ### ❗️ Read this before submitting your bug report: + - **Provide as much detail as possible** - error logs, screenshots, your exact configuration. If the issue cannot be reproduced, it cannot be fixed. + - **Avoid reporting "error 500" or "white page" errors** - this is a universal error message that does not provide enough information to qualify the issue. Enable debug mode in the Performance section of PrestaShop or manually in `/config/defines.inc.php` and try again. You should get a proper error message. + - Thank you for taking the time to fill out this bug report! + - type: textarea + id: version + attributes: + label: What is your BTCPay Server version? + description: You can see the version in the footer's bottom right corner + placeholder: I'm running BTCPay v1.X.X.X + validations: + required: true + - type: textarea + id: deployment + attributes: + label: How did you deploy BTCPay Server? + description: Docker, manual, third-party host? Read more on deployment methods [here](https://docs.btcpayserver.org/Deployment/) + placeholder: I'm running BTCPay Server on a... + validations: + required: true + - type: textarea + id: module-version + attributes: + label: What is version of the PrestaShop plugin are you using? + description: You can see the version in the header of the configuration page or in the module list + placeholder: I'm running BTCPay v1.X.X.X + validations: + required: true + - type: textarea + id: what-happened + attributes: + label: What happened? + description: A clear and concise description of what the bug is. + placeholder: Tell us what you see! + validations: + required: true + - type: textarea + id: reproduce + attributes: + label: How did you encounter this bug? + description: Step by step describe how did you encounter the bug? + placeholder: 1. I clicked X 2. Then I clicked Y 3. See error + validations: + required: true + - type: textarea + id: logoutput + attributes: + label: Relevant log output + description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. PrestaShop logs can be found in Advanced Parameters > Logs. + render: shell + - type: textarea + id: browser + attributes: + label: What browser do you use (if useful)? + description: Provide your browser and it's version. If you replicated issues on multiple browsers, let us know which ones. + placeholder: For example Safari 15.00, Chrome 10.0, Tor, Edge, etc + validations: + required: false + - type: textarea + id: additonal + attributes: + label: Additional information + description: Feel free to provide additional information. Screenshots are always helpful. + - type: checkboxes + id: terms + attributes: + label: Are you sure this is a bug report? + description: By submitting this report, you agree that this is not a support or a feature request. For general questions please read our [documentation](https://docs.btcpayserver.org). You can ask questions [on our community chat](https://chat.btcpayserver.org) + options: + - label: I confirm this is a bug report + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 6623a59..75c54a2 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,5 +1,11 @@ -blank_issues_enabled: false +blank_issues_enabled: true contact_links: - - name: Community Support Chat + - name: 📝 Official Documentation + url: https://docs.btcpayserver.org + about: Check our documentation for answers to common questions + - name: 💬 Community Support Chat url: https://chat.btcpayserver.org/ - about: Ask general questions and get community support in real-time. + about: Ask general questions and get community support in real-time + - name: 🙏 PrestaShop Support + url: https://www.prestashop-project.org/support/ + about: Read up on how you can get support for your PrestaShop store diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml new file mode 100644 index 0000000..5f878e0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -0,0 +1,37 @@ +name: 🚀 Feature request +description: Suggest a new feature or enhancement +title: "[Feature request]: " +labels: ["enhancement"] +body: + - type: markdown + attributes: + value: | + Thank you for submitting a feature request! + - type: checkboxes + attributes: + label: Search before asking + description: > + Please search the [issues](https://github.com/btcpayserver/prestashop-plugin/issues) to see if a similar feature request already exists. + options: + - label: > + I have searched the repository [issues](https://github.com/btcpayserver/prestashop-plugin/issues) and found no similar feature requests. + required: true + - type: textarea + attributes: + label: Description + description: A short description of your feature. + placeholder: | + What new feature would you like to see in this module? + validations: + required: true + - type: textarea + attributes: + label: Use case + description: | + Describe the use case of your feature request. It will help us understand and prioritize the feature request. + placeholder: | + How would this feature be used, and who would use it? + - type: textarea + attributes: + label: Additional + description: Anything else you would like to share? diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 4c3216d..0000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: Feature request -about: Suggest a new feature or enhancement -title: '' -labels: '' -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Sketch/Image/Wireframe/Mockup** - If applicable provide examples, wireframes, sketches or images to better explain your idea. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 67921d5..0000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,16 +0,0 @@ - - -| Questions | Answers -| ------------- | ------------------------------------------------------- -| Description? | Please be specific when describing the PR.
Every detail helps: versions, browser/server configuration, specific module/theme, etc. Feel free to add more information below this table. -| Type? | bug fix / improvement / new feature / refacto / critical -| BC breaks? | yes / no -| Deprecations? | yes / no -| Fixed ticket? | Fixes btcpayserver/prestashop-plugin#{issue number here}. -| How to test? | Please indicate how to best verify that this PR is correct. - - diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 815f867..9f59904 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,34 @@ version: 2 updates: + # Ensure root composer is up-to-date - package-ecosystem: composer directory: / schedule: interval: daily - open-pull-requests-limit: 10 + open-pull-requests-limit: 5 + reviewers: + - BitcoinMitchell + labels: + - dependencies + + # Ensure module composer is up-to-date + - package-ecosystem: composer + directory: /modules/btcpay + schedule: + interval: daily + open-pull-requests-limit: 5 + reviewers: + - BitcoinMitchell + labels: + - dependencies + + # Ensure workflows are up-to-date + - package-ecosystem: github-actions + directory: "/.github/workflows" + schedule: + interval: daily + open-pull-requests-limit: 5 + reviewers: + - BitcoinMitchell labels: - dependencies diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..5628a86 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,35 @@ +# Description + +Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. + +- Fixes # (issue) +- Depends on # (issue or pr) + +# Type of change + +Please delete options that are not relevant. + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Refactor (non-breaking change which improves the codebase) + +# How Has This Been Tested? + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Test A +- [ ] Test B + +**Test Configuration**: +* BTCPay Server version: +* PrestaShop version: +* PHP version: + +# Checklist: + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] I have checked my code and corrected any misspellings diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 30d90bb..3c7aac7 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -29,11 +29,21 @@ jobs: restore-keys: "${{ runner.os }}-composer-" - name: "Validate composer" run: "composer validate" - - name: "Install Composer dependencies" - run: "composer install --prefer-dist --no-progress --no-suggest --optimize-autoloader" + - name: "Install all dependencies" + run: "make install" + - uses: "actions/cache@v3" + with: + path: "~/.cache/local-php-security-checker" + key: "local-php-security-checker-cache" # Ensure our dependencies are fine - name: "Local PHP Security Checker" uses: "docker://pplotka/local-php-security-checker-github-actions:v1.0.0" with: + cache_dir: "~/.cache/local-php-security-checker" + path: "./composer.lock" + - name: "Local PHP Security Checker - Module" + uses: "docker://pplotka/local-php-security-checker-github-actions:v1.0.0" + with: + cache_dir: "~/.cache/local-php-security-checker" path: "./modules/btcpay/composer.lock" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b01bd6b..e6cb766 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,24 +35,14 @@ jobs: - name: "Make zip" run: "make" - # Make a release from the tag + # Make a release from the tag and upload the zip - name: "Create Release" id: "create_release" - uses: "actions/create-release@v1" - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" # This token is provided by Actions, you do not need to create your own token - with: - tag_name: "${{ github.ref }}" - release_name: "Release ${{ github.ref }}" - - # Upload the zip to the release - - name: "Upload Release Asset" - id: "upload-release-asset" - uses: "actions/upload-release-asset@v1" + uses: "softprops/action-gh-release@v1" env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: - upload_url: "${{ steps.create_release.outputs.upload_url }}" # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps - asset_path: "./build/btcpay.zip" - asset_name: "btcpay.zip" - asset_content_type: "application/zip" + name: "Release ${{ github.ref }}" + files: "./build/btcpay.zip" + fail_on_unmatched_files: true + generate_release_notes: true diff --git a/SECURITY.md b/SECURITY.md index 7859ca7..da0a51d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,7 +1,74 @@ -Security issues and bugs should be reported privately, via email. To report a security issue, please send an email to **security@btcpayserver.org** (not for support). +# Reporting a potential Vulnerability. + +We take the security of our project seriously, and we encourage responsible disclosure of any vulnerabilities that may be found. To facilitate this process, we have established the following vulnerability reporting process. -You will receive a reply indicating the next steps in handling your report. If for some reason you do not receive a reply within 24 hours, please follow up via email to ensure the original message was received. +We appreciate your efforts to disclose your findings responsibly. -After the initial reply to your report, you will be informed of the progress towards a fix and full announcement. You may be asked to provide additional information or guidance. +##### 1. Reporting Channel +If you believe you have discovered a vulnerability in our project, please email us at `security@btcpayserver.org`. Alternatively, you may report the vulnerability to us through [huntr.dev](https://huntr.dev/repos/btcpayserver/btcpayserver/). -We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. +Please allow for up to 2 business days for an acknowledgement of receipt. If you receive no response within 2 business days, please follow up via email to ensure the original message was received. + +Upon review of your report, you may be asked to provide additional information or guidance. + + + +##### 2. In-Scope + +We welcome reports of vulnerabilities in repositories owned by the [BTCPay Server GitHub Organization](https://github.com/btcpayserver). This includes any issues related to the confidentiality, integrity, or availability of systems or data in these systems. + +##### 3. Out of Scope + +1. Any BTCPay Server deployment that has been customized in any way. To facilitate reproducibility, please verify that the BTCPay Server instance is based on the un-altered source-code or [Docker deployment](https://docs.btcpayserver.org/Docker/). +2. Any BTCPay Server plugin that is not authored by `btcpayserver` as stated by the author tag in-app. + +##### 4. Preferred Reporting Template + +We encourage the use of a reporting template that includes a detailed description of the vulnerability, any evidence or proof of concept, and steps to reproduce the vulnerability. + +Please find an example of an email template [at the end of this document](#7-reporting-template-example). + +##### 5. Timeline for Remediation + +While we will work to remediate the reported vulnerability within 90 business days from the acknowledgment of the report, being a team of volunteers, we cannot guarantee this timeline to be accurate at all time. + +We will provide regular updates to the reporter until the vulnerability is resolved. + +##### 6. Timeline to Public Disclosure + +We will work with the reporter to define a suitable timeline to public disclosure once the vulnerability is remediated. + + + +##### 7. Reporting Template Example + + +Feel free to use the below template to report a vulnerability. + +``` +Subject: Vulnerability Report - BTCPay Server + +Dear BTCPay Server team, +I am writing to report a security vulnerability that I have identified in BTCPay Server. I believe this vulnerability poses a significant threat to the security of the project and its users. + +Here are the details of the vulnerability: + +* Vulnerability description: [Provide a clear and concise description of the vulnerability] +* Impact: [Describe the potential impact of the vulnerability, ie. any potential consequences for the project, its users, or any third parties] +* Affected version(s): [Specify which version(s) of the project are affected by the vulnerability] +* Steps to reproduce & Proof of Concept: [Provide a step-by-step guide to reproduce the vulnerability, including any screenshots and code snippets you feel would help] +* Severity: [Provide your assessment of the severity of the vulnerability, using a scale such as Warning/Low/Medium/High/Critical] +* Mitigation or Fix: [Provide your recommendation for a solution or mitigation strategy for the vulnerability] + +If needed, I [agree/do not agree] to be invited into a Github private fork for the purpose of helping resolve this vulnerability. [Please include a link to your github profile] + +Please let me know if you need any further information or if you would like to discuss this vulnerability in more detail. + +Thank you for your attention to this matter. + +Sincerely, +[Your Name/Handle] +```