Merge branch 'code-scanner' into min-devel #1659
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Application Tests - lego | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '0 2 * * 6' | |
jobs: | |
lego_apache2_wsgi: | |
name: "lego_apache2_wsgi" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
keylength: [rsa2048, rsa4096, ec256] | |
websrv: ['apache2', 'nginx'] | |
dbhandler: ['wsgi', 'django'] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Build docker-compose (${{ matrix.websrv }}_${{ matrix.dbhandler }})" | |
working-directory: examples/Docker/ | |
run: | | |
sudo mkdir -p data | |
sed -i "s/wsgi/$DB_HANDLER/g" .env | |
sed -i "s/apache2/$WEB_SRV/g" .env | |
cat .env | |
docker network create acme | |
docker-compose up -d | |
docker-compose logs | |
env: | |
WEB_SRV: ${{ matrix.websrv }} | |
DB_HANDLER: ${{ matrix.dbhandler }} | |
- name: "setup a2c with certifier_ca_handler" | |
run: | | |
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
sudo cp test/ca/certsrv_ca_certs.pem examples/Docker/data/ca_certs.pem | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: examples/ca_handler/certifier_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "api_host: $NCM_API_HOST" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "api_user: $NCM_API_USER" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "api_password: $NCM_API_PASSWORD" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_name: $NCM_CA_NAME" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: $NCM_CA_BUNDLE" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
docker-compose logs | |
env: | |
NCM_API_HOST: ${{ secrets.NCM_API_HOST }} | |
NCM_API_USER: ${{ secrets.NCM_API_USER }} | |
NCM_API_PASSWORD: ${{ secrets.NCM_API_PASSWORD }} | |
NCM_CA_NAME: ${{ secrets.NCM_CA_NAME }} | |
NCM_CA_BUNDLE: ${{ secrets.NCM_CA_BUNDLE }} | |
- name: "create lego folder" | |
run: | | |
mkdir lego | |
- name: "Enroll HTTP-01 single domain lego" | |
run: | | |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --key-type ${{ matrix.keylength }} --email "lego@example.com" -d lego.acme --http run | |
sudo chmod 777 lego/certificates/lego.acme.issuer.crt | |
sudo cp lego/certificates/lego.acme.issuer.crt lego.acme.issuer.crt | |
sudo awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < lego.acme.issuer.crt | |
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt | |
- name: "Renew HTTP-01 single domain lego" | |
run: | | |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --key-type ${{ matrix.keylength }} --email "lego@example.com" -d lego.acme --http renew | |
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt | |
- name: "Revoke HTTP-01 single domain lego" | |
run: | | |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --key-type ${{ matrix.keylength }} --email "lego@example.com" -d lego.acme revoke | |
- name: "Enroll HTTP-01 2x domain lego" | |
run: | | |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --key-type ${{ matrix.keylength }} --email "lego@example.com" -d lego.acme -d lego --http run | |
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt | |
- name: "Renew HTTP-01 2x domain lego" | |
run: | | |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --key-type ${{ matrix.keylength }} --email "lego@example.com" -d lego.acme -d lego --http renew | |
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt | |
- name: "Revoke HTTP-01 2x domain lego" | |
run: | | |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --key-type ${{ matrix.keylength }} --email "lego@example.com" -d lego.acme revoke | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
cd examples/Docker | |
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data lego | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: lego_tests-${{ matrix.keylength }}-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |