WSGI handler tests #1498
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: WSGI handler tests | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel, db_file_customization ] | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 2 * * 6' | |
| jobs: | |
| a2_cust_db_file: | |
| name: "a2_cust_db_file" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "[ PREPARE ] Build docker-compose (apache2_wsgi)" | |
| working-directory: examples/Docker/ | |
| run: | | |
| sudo apt-get install -y docker-compose | |
| sudo mkdir -p data | |
| docker network create acme | |
| sudo cp ../../.github/openssl_ca_handler.py_acme_srv_default_handler.cfg data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo echo "" >> data/acme_srv.cfg | |
| sudo echo "[DBhandler]" >> data/acme_srv.cfg | |
| sudo echo "dbfile: volume/a2c.db" >> data/acme_srv.cfg | |
| sudo echo "[Directory]" >> data/acme_srv.cfg | |
| sudo echo "url_prefix: /foo" >> data/acme_srv.cfg | |
| docker-compose up -d | |
| docker-compose logs | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "[ PREPARE ] setup openssl ca_handler" | |
| run: | | |
| sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| cd examples/Docker/ | |
| docker-compose restart | |
| docker-compose logs | |
| - name: "Test http://acme-srv/directory is accessible again" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "[ PREPARE ] prepare acme.sh container" | |
| run: | | |
| docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon | |
| - name: "[ ENROLL ] acme.sh" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force | |
| openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ ENROLL ] lego" | |
| run: | | |
| mkdir lego | |
| docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http run | |
| sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: a2_custdb.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| nginx_cust_db_file: | |
| name: "nginx_cust__db_file" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "[ PREPARE ] Build docker-compose (nginx_wsgi)" | |
| working-directory: examples/Docker/ | |
| run: | | |
| sudo apt-get install -y docker-compose | |
| sed -i "s/apache2/nginx/g" .env | |
| sudo mkdir -p data | |
| docker network create acme | |
| sudo cp ../../.github/openssl_ca_handler.py_acme_srv_default_handler.cfg data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo echo "" >> data/acme_srv.cfg | |
| sudo echo "[DBhandler]" >> data/acme_srv.cfg | |
| sudo echo "dbfile: volume/a2c.db" >> data/acme_srv.cfg | |
| sudo echo "[Directory]" >> data/acme_srv.cfg | |
| sudo echo "url_prefix: /foo" >> data/acme_srv.cfg | |
| docker-compose up -d | |
| docker-compose logs | |
| sleep 5 | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "[ PREPARE ] setup openssl ca_handler" | |
| run: | | |
| sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| cd examples/Docker/ | |
| docker-compose restart | |
| docker-compose logs | |
| sleep 5 | |
| - name: "Test http://acme-srv/directory is accessible again" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "[ PREPARE ] prepare acme.sh container" | |
| run: | | |
| docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon | |
| - name: "[ ENROLL ] acme.sh" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force | |
| openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ ENROLL ] lego" | |
| run: | | |
| mkdir lego | |
| docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http run | |
| sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: nginx_cust_db.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| rpm_cust_db_file: | |
| name: "rpm_cust_db_file" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rhversion: [8, 9] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: update version number in spec file | |
| run: | | |
| # sudo sed -i "s/Source0:.*/Source0: %{name}-%{version}.tar.gz/g" examples/install_scripts/rpm/acme2certifier.spec | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec | |
| cat examples/install_scripts/rpm/acme2certifier.spec | |
| - name: build RPM package | |
| id: rpm | |
| uses: grindsa/rpmbuild@alma9 | |
| with: | |
| spec_file: "examples/install_scripts/rpm/acme2certifier.spec" | |
| - run: echo "path is ${{ steps.rpm.outputs.rpm_dir_path }}" | |
| - name: "[ PREPARE ] setup environment for alma installation" | |
| run: | | |
| docker network create acme | |
| sudo mkdir -p data | |
| sudo chmod -R 777 data | |
| sudo cp ${{ steps.rpm.outputs.rpm_dir_path }}noarch/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm data | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| - name: "[ PREPARE ] create letsencrypt and lego folder" | |
| run: | | |
| mkdir certbot | |
| mkdir lego | |
| - name: "Retrieve rpms from SBOM repo" | |
| run: | | |
| git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom | |
| cp /tmp/sbom/rpm-repo/RPMs/rhel${{ matrix.rhversion }}/*.rpm data | |
| env: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| - name: "[ PREPARE ] prepare acme_srv.cfg with openssl_ca_handler" | |
| run: | | |
| sudo mkdir -p data/acme_ca/certs/ | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo echo "[DBhandler]" >> data/acme_srv.cfg | |
| sudo echo "dbfile: volume/a2c.db" >> data/acme_srv.cfg | |
| sudo echo "[Directory]" >> data/acme_srv.cfg | |
| sudo echo "url_prefix: /foo" >> data/acme_srv.cfg | |
| - name: "[ PREPARE ] Almalinux instance" | |
| run: | | |
| sudo cp examples/Docker/almalinux-systemd/Dockerfile data | |
| sudo sed -i "s/FROM almalinux:9/FROM almalinux:${{ matrix.rhversion }}/g" data/Dockerfile | |
| cat data/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd | |
| - name: "[ RUN ] Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "[ PREPARE ] prepare acme.sh container" | |
| run: | | |
| docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon | |
| - name: "[ ENROLL ] acme.sh" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force | |
| openssl verify -CAfile data/acme_ca/root-ca-cert.pem -untrusted data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ ENROLL ] lego" | |
| run: | | |
| docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http run | |
| sudo openssl verify -CAfile data/acme_ca/root-ca-cert.pem -untrusted data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
| docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: rpm_cust_db_file-rh${{ matrix.rhversion }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ |