Merge branch 'code-scanner' into min-devel #393
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Application Tests - Caddy | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel ] | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 2 * * 6' | |
| jobs: | |
| caddy_container_tests: | |
| name: "caddy_container_tests" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ports: ['-p 80:80 -p 443:443', '-p 443:443'] | |
| websrv: ['apache2', 'nginx'] | |
| dbhandler: ['wsgi', 'django'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Build docker-compose (${{ matrix.websrv }}_${{ matrix.dbhandler }})" | |
| working-directory: examples/Docker/ | |
| run: | | |
| sudo mkdir -p data | |
| sed -i "s/wsgi/$DB_HANDLER/g" .env | |
| sed -i "s/apache2/$WEB_SRV/g" .env | |
| cat .env | |
| docker network create acme | |
| docker-compose up -d | |
| docker-compose logs | |
| env: | |
| WEB_SRV: ${{ matrix.websrv }} | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| - name: "setup a2c with certifier_ca_handler" | |
| run: | | |
| sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
| sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
| sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
| sudo cp test/ca/certsrv_ca_certs.pem examples/Docker/data/ca_certs.pem | |
| sudo touch examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
| sudo echo "handler_file: examples/ca_handler/certifier_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "api_host: $NCM_API_HOST" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "api_user: $NCM_API_USER" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "api_password: $NCM_API_PASSWORD" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_name: $NCM_CA_NAME" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_bundle: $NCM_CA_BUNDLE" >> examples/Docker/data/acme_srv.cfg | |
| sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
| cd examples/Docker/ | |
| docker-compose restart | |
| docker-compose logs | |
| env: | |
| NCM_API_HOST: ${{ secrets.NCM_API_HOST }} | |
| NCM_API_USER: ${{ secrets.NCM_API_USER }} | |
| NCM_API_PASSWORD: ${{ secrets.NCM_API_PASSWORD }} | |
| NCM_CA_NAME: ${{ secrets.NCM_CA_NAME }} | |
| NCM_CA_BUNDLE: ${{ secrets.NCM_CA_BUNDLE }} | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/sleep-action@v2.0.3 | |
| with: | |
| time: 10s | |
| - name: "Test http://acme-srv/directory is accessable" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Test if https://acme-srv/directory is accessable" | |
| run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
| - name: "Create caddy folder and copy configuratation files" | |
| run: | | |
| mkdir caddy | |
| cp .github/Caddyfile caddy/ | |
| cp .github/acme2certifier_cabundle.pem caddy | |
| - name: "Enroll certificate with Caddy" | |
| run: | | |
| docker run -d --rm ${{ matrix.ports }} --network acme -v $PWD/caddy/Caddyfile:/etc/caddy/Caddyfile -v$PWD/caddy/acme2certifier_cabundle.pem:/tmp/acme2certifier_cabundle.pem -v $(pwd)/caddy/config:/config -v $(pwd)/caddy/data:/data --name=caddy caddy:2 | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/sleep-action@v2.0.3 | |
| with: | |
| time: 10s | |
| - name: "Check for logs indicating successful enrollment" | |
| run: | | |
| docker logs caddy 2>&1 | grep "successfully downloaded available certificate chains" | |
| docker logs caddy 2>&1 | grep "certificate obtained successfully" | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp caddy/ ${{ github.workspace }}/artifact/caddy/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/a2c.log | |
| docker logs caddy 2> ${{ github.workspace }}/artifact/caddy.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log caddy.log data caddy | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: caddy_container_tests-${{ github.run_id }}.${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ |