test: Fix tests on Ubuntu 22.04

Fixes #89
bodgit · Sep 23, 2023 · e155da6 · e155da6
1 parent 0fe7e6c
commit e155da6
Show file tree

Hide file tree

Showing 13 changed files with 244 additions and 112 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,129 @@
+name: Build
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+  schedule:
+    - cron: 0 0 * * 1
+
+jobs:
+  test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        go:
+          - '1.19'
+          - '1.20'
+
+    env:
+      DNS_HOST: ns.example.com
+      DNS_PORT: 8053
+      DNS_REALM: EXAMPLE.COM
+      DNS_USERNAME: test
+      DNS_PASSWORD: password
+      DNS_KEYTAB: ${{ github.workspace }}/testdata/test.keytab
+      KRB5_CONFIG: ${{ github.workspace }}/testdata/krb5.conf
+      KRB5_KTNAME: ${{ github.workspace }}/testdata/dns.keytab
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go }}
+
+      #- name: golangci-lint
+      #  uses: golangci/golangci-lint-action@v3
+      #  if: github.event_name == 'pull_request'
+      #  with:
+      #    only-new-issues: true
+
+      - name: Install Kerberos client
+        run: |
+          sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq libkrb5-dev krb5-user
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build KDC image
+        uses: docker/build-push-action@v5
+        with:
+          context: "{{defaultContext}}:testdata"
+          load: true
+          tags: kdc
+          target: kdc
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build DNS image
+        uses: docker/build-push-action@v5
+        with:
+          context: "{{defaultContext}}:testdata"
+          load: true
+          tags: ns
+          target: ns
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Extract keytab
+        uses: docker/build-push-action@v5
+        with:
+          context: "{{defaultContext}}:testdata"
+          outputs: type=local,dest=testdata
+          target: keytab
+
+      - name: Pull containers into Podman
+        run: |
+          podman pull docker-daemon:kdc:latest
+          podman pull docker-daemon:ns:latest
+
+      - name: Create infrastructure
+        run: |
+          podman run -d \
+            -v /etc/localtime:/etc/localtime:ro \
+            -p 127.0.0.1:8088:8088 \
+            -p 127.0.0.1:8088:8088/udp \
+            -p 127.0.0.1:8464:8464 \
+            -p 127.0.0.1:8464:8464/udp \
+            --name kdc kdc
+          podman run -d \
+            -v /etc/localtime:/etc/localtime:ro \
+            -p 127.0.0.1:${DNS_PORT}:${DNS_PORT} \
+            --name ns --hostname $DNS_HOST ns
+          echo 127.0.0.1 $DNS_HOST | sudo tee -a /etc/hosts
+          echo $DNS_PASSWORD | KRB5_TRACE=/dev/stdout kinit ${DNS_USERNAME}@${DNS_REALM}
+
+      - name: Test (gokrb5)
+        run: go test -v -coverprofile=gokrb5.out ./...
+
+      - name: Test (apcera)
+        run: go test -v -coverprofile=apcera.out -tags apcera ./...
+
+      - name: Build (SSPI)
+        run: go build ./...
+        env:
+          GOARCH: amd64
+          GOOS: windows
+
+      - name: Install coverage tools
+        run: |
+          go get github.com/wadey/gocovmerge
+          go get github.com/mattn/goveralls
+        env:
+          GO111MODULE: off
+
+      - name: Merge coverage reports
+        run: gocovmerge gokrb5.out apcera.out >cover.out
+
+      - name: Send coverage
+        run: goveralls -coverprofile=cover.out -service=github
+        env:
+          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -0,0 +1,37 @@
+name: Clean up per-branch caches
+
+on:
+  pull_request:
+    types:
+      - closed
+  workflow_dispatch:
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+
+          BRANCH=refs/pull/${{ github.event.pull_request.number }}/merge
+
+          echo "Fetching list of cache keys"
+          keys=$(gh actions-cache list -R $GITHUB_REPOSITORY -B $BRANCH -L 100 | cut -f 1)
+
+          set +e
+          echo "Deleting caches..."
+          for key in $keys ; do
+            gh actions-cache delete $key -R $GITHUB_REPOSITORY -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
@@ -0,0 +1,43 @@
+name: Lint pull request
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+
+    permissions:
+      pull-requests: write
+
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        if: always() && steps.lint_pr_title.outputs.error_message != null
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        if: steps.lint_pr_title.outputs.error_message == null
+        with:
+          header: pr-title-lint-error
+          delete: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,17 @@
+name: Track releases
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Run release-please
+        uses: google-github-actions/release-please-action@v3
+        with:
+          command: manifest
+          token: ${{ secrets.RELEASE_TOKEN }}
diff --git a/README.md b/README.md
@@ -3,8 +3,8 @@
 [![Coverage Status](https://coveralls.io/repos/github/bodgit/tsig/badge.svg?branch=master)](https://coveralls.io/github/bodgit/tsig?branch=master)
 [![Go Report Card](https://goreportcard.com/badge/github.com/bodgit/tsig)](https://goreportcard.com/report/github.com/bodgit/tsig)
 [![GoDoc](https://godoc.org/github.com/bodgit/tsig?status.svg)](https://godoc.org/github.com/bodgit/tsig)
+![Go version](https://img.shields.io/badge/Go-1.20-brightgreen.svg)
 ![Go version](https://img.shields.io/badge/Go-1.19-brightgreen.svg)
-![Go version](https://img.shields.io/badge/Go-1.18-brightgreen.svg)
 
 # Additional TSIG methods
 

diff --git a/testdata/docker/Dockerfile → testdata/Dockerfile b/testdata/docker/Dockerfile → testdata/Dockerfile
@@ -1,9 +1,7 @@
-FROM centos/systemd:latest as kdc
+FROM rockylinux/rockylinux:9-ubi-init as kdc
 
-EXPOSE 88
-EXPOSE 464
-
-STOPSIGNAL SIGRTMIN+3
+EXPOSE 8088
+EXPOSE 8464
 
 RUN yum install -y krb5-workstation && yum update -y && yum clean all
 COPY --chown=root:root krb5.conf /etc/krb5.conf
@@ -21,21 +19,19 @@ RUN kdb5_util create -s -r EXAMPLE.COM -P $(echo ${RANDOM}${RANDOM}${RANDOM} | m
 RUN kadmin.local addprinc -pw password test
 RUN kadmin.local ktadd -norandkey -k /etc/test.keytab test
 RUN kadmin.local addprinc -randkey DNS/ns.example.com
-RUN kadmin.local ktadd -k /etc/named.keytab DNS/ns.example.com
-
-FROM centos/systemd:latest as ns
+RUN kadmin.local ktadd -k /etc/dns.keytab DNS/ns.example.com
 
-EXPOSE 53
+FROM rockylinux/rockylinux:9-ubi-init as ns
 
-STOPSIGNAL SIGRTMIN+3
+EXPOSE 8053
 
 RUN yum install -y krb5-workstation && yum update -y && yum clean all
 COPY --chown=root:root krb5.conf /etc/krb5.conf
 RUN chmod 644 /etc/krb5.conf
 
 RUN yum install -y bind bind-utils && yum clean all
-COPY --from=kdc --chown=root:named /etc/named.keytab /etc/named.keytab
-RUN chmod 640 /etc/named.keytab
+COPY --from=kdc --chown=root:named /etc/dns.keytab /etc/dns.keytab
+RUN chmod 640 /etc/dns.keytab
 
 RUN systemctl enable named.service
 
@@ -46,3 +42,4 @@ RUN chmod 644 /var/named/dynamic/db.*
 
 FROM scratch as keytab
 COPY --from=kdc /etc/test.keytab /test.keytab
+COPY --from=kdc /etc/dns.keytab /dns.keytab
diff --git a/testdata/docker/db.10.168.192.in-addr.arpa → testdata/db.10.168.192.in-addr.arpa b/testdata/docker/db.10.168.192.in-addr.arpa → testdata/db.10.168.192.in-addr.arpa
diff --git a/testdata/docker/db.example.com → testdata/db.example.com b/testdata/docker/db.example.com → testdata/db.example.com
diff --git a/testdata/docker/kadm5.acl → testdata/kadm5.acl b/testdata/docker/kadm5.acl → testdata/kadm5.acl
diff --git a/testdata/docker/kdc.conf → testdata/kdc.conf b/testdata/docker/kdc.conf → testdata/kdc.conf
@@ -1,6 +1,8 @@
 [kdcdefaults]
- kdc_ports = 88
- kdc_tcp_ports = 88
+ kadmind_port = 8749
+ kdc_ports = 8088
+ kdc_tcp_ports = 8088
+ kpasswd_port = 8464
 
 [realms]
  EXAMPLE.COM = {