Merge branch 'devel'

grindsa · Sep 26, 2020 · 1061753 · 1061753
2 parents ddb3b3b + dc665d7
commit 1061753
Show file tree

Hide file tree

Showing 28 changed files with 2,761 additions and 383 deletions.
diff --git a/.github/workflows/acme_sh-application-test.yml b/.github/workflows/acme_sh-application-test.yml
@@ -9,66 +9,8 @@ on:
     - cron:  '0 2 * * 6'
 
 jobs:
-  docker-compose_apache2_wsgi:
-    name: "Docker compose - apache2 wsgi"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-  docker-compose_nginx_wsgi:
-    name: "Docker compose - nginx wsgi"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        sed -i "s/apache2/nginx/g" .env
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-  docker-compose_apache2_django:
-    name: "Docker compose - apache2 django"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        sed -i "s/wsgi/django/g" .env
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-  docker-compose_nginx_django:
-    name: "Docker compose - nginx django"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        sed -i "s/wsgi/django/g" .env
-        sed -i "s/apache2/nginx/g" .env
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-
   acme_sh_apache2_wsgi:
     name: "acme_sh_apache2_wsgi"
-    needs: [docker-compose_apache2_django]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -82,10 +24,14 @@ jobs:
     - name: "[ PREPARE ] Build docker-compose (apache2_wsgi)"
       working-directory: examples/Docker/
       run: |
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
@@ -175,7 +121,6 @@ jobs:
 
   acme_sh_apache2_django:
     name: "acme_sh_apache2_django"
-    needs: [docker-compose_apache2_django]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -190,10 +135,14 @@ jobs:
       working-directory: examples/Docker/
       run: |
         sed -i "s/wsgi/django/g" .env
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler and django config"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
@@ -284,7 +233,6 @@ jobs:
 
   acme_sh_nginx_wsgi:
     name: "acme_sh_nginx_wsgi"
-    needs: [docker-compose_nginx_wsgi]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -299,10 +247,14 @@ jobs:
       working-directory: examples/Docker/
       run: |
         sed -i "s/apache2/nginx/g" .env
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
@@ -392,7 +344,6 @@ jobs:
 
   acme_sh_nginx_django:
     name: "acme_sh_nginx_django"
-    needs: [docker-compose_nginx_django]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -408,10 +359,14 @@ jobs:
       run: |
         sed -i "s/wsgi/django/g" .env
         sed -i "s/apache2/nginx/g" .env
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler and django config"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py

diff --git a/.github/workflows/ca_handler_tests.yml b/.github/workflows/ca_handler_tests.yml
@@ -5,7 +5,6 @@ on:
   pull_request:
     branches: [ devel ]
   schedule:
-    # * is a special character in YAML so you have to quote this string
     - cron:  '0 2 * * 6'
 
 jobs:
@@ -19,10 +18,14 @@ jobs:
     - name: "[ PREPARE ] Build docker-compose (apache2_wsgi)"
       working-directory: examples/Docker/
       run: |
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] prepare acme.sh container"
       run: |
         docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:dev daemon
@@ -64,6 +67,47 @@ jobs:
         docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail 'acme-sh@example.com' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
         # openssl verify -CAfile acme.sh/acme-sh.acme/ca.cer acme-sh/acme-sh.acme/acme-sh.acme.cer
 
+    - name: "[ PREPARE ] setup nclm ca_handler"
+      run: |
+        sudo cp examples/ca_handler/nclm_ca_handler.py examples/Docker/data/ca_handler.py
+        sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
+        sudo chmod 777 examples/Docker/data/acme_srv.cfg
+        sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg
+        sudo echo "api_host: ${{ secrets.NCLM_API_HOST }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "api_user: ${{ secrets.NCLM_API_USER }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "api_password: ${{ secrets.NCLM_API_PASSWORD }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "tsg_name: ${{ secrets.NCLM_TSG_NAME }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "ca_name: ${{ secrets.NCLM_CA_NAME }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "ca_id_list: [${{ secrets.NCLM_CA_ID_LIST }}]" >> examples/Docker/data/acme_srv.cfg
+        cd examples/Docker/
+        docker-compose restart
+        docker-compose logs
+
+    - name: "[ ENROLL ] via nclm ca_handler"
+      run: |
+        docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail 'acme-sh@example.com' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
+        # openssl verify -CAfile acme.sh/acme-sh.acme/ca.cer acme-sh/acme-sh.acme/acme-sh.acme.cer
+
+    - name: "[ PREPARE ] setup certifier ca_handler"
+      run: |
+        sudo cp examples/ca_handler/certifier_ca_handler.py examples/Docker/data/ca_handler.py
+        sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
+        sudo chmod 777 examples/Docker/data/acme_srv.cfg
+        sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg
+        sudo echo "api_host: ${{ secrets.NCM_API_HOST }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "api_user: ${{ secrets.NCM_API_USER }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "api_password: ${{ secrets.NCM_API_PASSWORD }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "ca_name: ${{ secrets.NCM_CA_NAME }}" >> examples/Docker/data/acme_srv.cfg
+        sudo echo "ca_bundle: ${{ secrets.NCM_CA_BUNDLE }}" >> examples/Docker/data/acme_srv.cfg
+        cd examples/Docker/
+        docker-compose restart
+        docker-compose logs
+
+    - name: "[ ENROLL ] via certifier ca_handler"
+      run: |
+        docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail 'acme-sh@example.com' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
+        # openssl verify -CAfile acme.sh/acme-sh.acme/ca.cer acme-sh/acme-sh.acme/acme-sh.acme.cer
+
     - name: "[ PREPARE ] patch est_ca handler for testrfc7030.com"
       run: |
         sudo apt-get install curl openssl patch
@@ -117,7 +161,7 @@ jobs:
       if: ${{ failure() }}
       run: |
         mkdir -p ${{ github.workspace }}/artifact/upload
-        sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
+        # sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
         sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
         cd examples/Docker
         docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log

diff --git a/.github/workflows/certbot-application-test.yml b/.github/workflows/certbot-application-test.yml
@@ -9,66 +9,9 @@ on:
     - cron:  '0 2 * * 6'
 
 jobs:
-  docker-compose_apache2_wsgi:
-    name: "Docker compose - apache2 wsgi"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-  docker-compose_nginx_wsgi:
-    name: "Docker compose - nginx wsgi"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        sed -i "s/apache2/nginx/g" .env
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-  docker-compose_apache2_django:
-    name: "Docker compose - apache2 django"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        sed -i "s/wsgi/django/g" .env
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
-  docker-compose_nginx_django:
-    name: "Docker compose - nginx django"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: "Build the stack"
-      working-directory: examples/Docker/
-      run: |
-        sed -i "s/wsgi/django/g" .env
-        sed -i "s/apache2/nginx/g" .env
-        docker network create acme
-        docker-compose up -d
-        docker-compose logs
-    - name: "Test http://acme-srv/directory is accessable"
-      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
 
   certbot_apache2_wsgi:
     name: "certbot_apache2_wsgi"
-    needs: [docker-compose_apache2_django]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -81,10 +24,14 @@ jobs:
     - name: "[ PREPARE ] Build docker-compose (apache2_wsgi)"
       working-directory: examples/Docker/
       run: |
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
@@ -150,7 +97,6 @@ jobs:
 
   certbot_apache2_django:
     name: "certbot_apache2_django"
-    needs: [docker-compose_apache2_django]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -164,10 +110,14 @@ jobs:
       working-directory: examples/Docker/
       run: |
         sed -i "s/wsgi/django/g" .env
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler and django config"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
@@ -234,7 +184,6 @@ jobs:
 
   certbot_nginx_wsgi:
     name: "certbot_nginx_wsgi"
-    needs: [docker-compose_nginx_wsgi]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -248,10 +197,14 @@ jobs:
       working-directory: examples/Docker/
       run: |
         sed -i "s/apache2/nginx/g" .env
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
@@ -317,7 +270,6 @@ jobs:
 
   certbot_nginx_django:
     name: "certbot_nginx_django"
-    needs: [docker-compose_nginx_django]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -332,10 +284,14 @@ jobs:
       run: |
         sed -i "s/wsgi/django/g" .env
         sed -i "s/apache2/nginx/g" .env
+        sudo mkdir -p data
         docker network create acme
         docker-compose up -d
         docker-compose logs
 
+    - name: "Test http://acme-srv/directory is accessable"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
     - name: "[ PREPARE ] setup openssl ca_handler and django config"
       run: |
         sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py