Manual Installation tests #965
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manual Installation tests | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel ] | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 2 * * 6' | |
| jobs: | |
| apache2_wsgi: | |
| name: "apache2_wsgi" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Get runner ip" | |
| run: | | |
| echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
| echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
| - run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
| - name: Branch name | |
| run: echo running on branch ${GITHUB_REF##*/} | |
| - name: "Run install script" | |
| run: | | |
| sudo mkdir -p data | |
| chmod a+rx examples/install_scripts/a2c-ubuntu22-apache2.sh | |
| examples/install_scripts/a2c-ubuntu22-apache2.sh ${GITHUB_REF##*/} | |
| - name: "Local modification to get a2c running" | |
| run: | | |
| sudo apt-get install -y socat | |
| sudo sed -i "s/Listen 80/Listen 8080/g" /etc/apache2/ports.conf | |
| sudo sed -i "s/*:80/*:8080/g" /etc/apache2/sites-available/acme2certifier.conf | |
| sudo sed -i "s/examples\/ca_handler/\/var\/www\/acme2certifier\/examples\/ca_handler/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/volume\/acme_ca/\/var\/www\/acme2certifier\/volume\/acme_ca/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/challenge_validation_disable: False/challenge_validation_disable: True/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo service apache2 restart | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: curl -f http://127.0.0.1:8080/directory | |
| - name: "Enroll via acme.sh" | |
| run: | | |
| docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name=acme-sh neilpang/acme.sh:latest --issue --server http://${{ env.RUNNER_IP }}:8080 --accountemail '[email protected]' -d acme-sh.acme --standalone --debug 3 --output-insecure | |
| openssl verify -CAfile /var/www/acme2certifier/volume/acme_ca/root-ca-cert.pem -untrusted /var/www/acme2certifier/volume/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp /var/log/apache2 ${{ github.workspace }}/artifact/data/ | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: apache.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| nginx_wsgi: | |
| name: "nginx_wsgi" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Get runner ip" | |
| run: | | |
| echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
| echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
| - run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
| - name: Branch name | |
| run: echo running on branch ${GITHUB_REF##*/} | |
| - name: "Run install script" | |
| run: | | |
| sudo mkdir -p data | |
| sh examples/install_scripts/a2c-ubuntu22-nginx.sh | |
| - name: "Local modification to get a2c running" | |
| run: | | |
| sudo apt-get install -y socat | |
| sudo sed -i "s/listen 80/listen 8080/g" /etc/nginx/sites-enabled/acme_srv.conf | |
| sudo sed -i "s/listen [::]:80/listen [::]:8080/g" /etc/nginx/sites-enabled/acme_srv.conf | |
| sudo sed -i "s/examples\/ca_handler/\/var\/www\/acme2certifier\/examples\/ca_handler/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/volume\/acme_ca/\/var\/www\/acme2certifier\/volume\/acme_ca/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/challenge_validation_disable: False/challenge_validation_disable: True/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo service nginx restart | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name=acme-sh neilpang/acme.sh:latest --issue --server http://${{ env.RUNNER_IP }}:8080 --accountemail '[email protected]' -d acme-sh.acme --standalone --debug 3 --output-insecure | |
| openssl verify -CAfile /var/www/acme2certifier/volume/acme_ca/root-ca-cert.pem -untrusted /var/www/acme2certifier/volume/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp /var/log/apache2 ${{ github.workspace }}/artifact/data/ | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: nginx.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| alma_nginx_wsgi: | |
| name: "alma_nginx_wsgi" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Get runner ip" | |
| run: | | |
| echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
| echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
| - run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
| - name: Branch name | |
| run: echo running on branch ${GITHUB_REF##*/} | |
| - name: "Prepare environment" | |
| run: | | |
| docker network create acme | |
| mkdir -p acme-sh | |
| echo "exit 0" >> examples/install_scripts/a2c-centos9-nginx.sh | |
| - name: "Almalinux instance" | |
| run: | | |
| cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme --name=acme-srv -v "$(pwd)/":/tmp/acme2certifier almalinux-systemd | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/examples/Docker/almalinux-systemd/script_tester.sh | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' -d acme-sh.acme --standalone --debug 3 --output-insecure | |
| openssl verify -CAfile test/ca/root-ca-cert.pem -untrusted test/ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: alma_nginx_wsgi.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| alma_nginx_wsgi_rpm: | |
| name: "alma_nginx_wsgi_rpm" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Branch name | |
| run: echo running on branch ${GITHUB_REF##*/} | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: update version number in spec file | |
| run: | | |
| # sudo sed -i "s/Source0:.*/Source0: %{name}-%{version}.tar.gz/g" examples/install_scripts/rpm/acme2certifier.spec | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec | |
| cat examples/install_scripts/rpm/acme2certifier.spec | |
| - name: build RPM package | |
| id: rpm | |
| uses: grindsa/rpmbuild@alma9 | |
| with: | |
| spec_file: "examples/install_scripts/rpm/acme2certifier.spec" | |
| - run: echo "path is ${{ steps.rpm.outputs.rpm_dir_path }}" | |
| - name: "Setup environment" | |
| run: | | |
| docker network create acme | |
| mkdir -p data/acme_ca/certs/ | |
| sudo cp ${{ steps.rpm.outputs.rpm_dir_path }}noarch/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm data | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| - name: "Almalinux instance" | |
| run: | | |
| cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd | |
| - name: "[ RUN ] Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' -d acme-sh.acme --standalone --debug 3 --output-insecure | |
| openssl verify -CAfile test/ca/root-ca-cert.pem -untrusted test/ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: alma_nginx_wsgi_rpm.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| deb_apache2: | |
| name: "deb_apache2" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Get runner ip" | |
| run: | | |
| echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
| echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
| - run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: "Prepare environment to build deb package" | |
| run: | | |
| sudo apt-get update && sudo apt-get -y upgrade | |
| sudo apt-get -y install build-essential fakeroot dpkg-dev devscripts debhelper | |
| rm setup.py | |
| cp -R examples/install_scripts/debian ./ | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" debian/changelog | |
| cd ../ | |
| tar cvfz ../acme2certifier_${{ env.TAG_NAME }}.orig.tar.gz ./ | |
| - name: "Build debian package" | |
| run: | | |
| dpkg-buildpackage -uc -us | |
| dpkg -c ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb | |
| - name: Install apache2 and acme2certifier packages" | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3 | |
| sudo apt-get install -y ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb | |
| - name: "configure a2c" | |
| run: | | |
| sudo cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf | |
| sudo a2ensite acme2certifier | |
| sudo rm /etc/apache2/sites-enabled/000-default.conf | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo mkdir -p /var/www/acme2certifier/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem /var/www/acme2certifier/volume/acme_ca/ | |
| sudo chown -R www-data.www-data /var/www/acme2certifier/volume | |
| sudo systemctl start apache2 | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: curl -f http://127.0.0.1/directory | |
| - name: "Modfiy configuration to allow certifiate enrollment" | |
| run: | | |
| # sudo apt-get install -y socat | |
| sudo sed -i "s/Listen 80/Listen 8080/g" /etc/apache2/ports.conf | |
| sudo sed -i "s/*:80/*:8080/g" /etc/apache2/sites-available/acme2certifier.conf | |
| sudo sed -i "s/examples\/ca_handler/\/var\/www\/acme2certifier\/examples\/ca_handler/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/volume\/acme_ca/\/var\/www\/acme2certifier\/volume\/acme_ca/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/challenge_validation_disable: False/challenge_validation_disable: True/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo systemctl restart apache2 | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: curl -f http://127.0.0.1:8080/directory | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name=acme-sh neilpang/acme.sh:latest --issue --server http://${{ env.RUNNER_IP }}:8080 --accountemail '[email protected]' -d acme-sh.acme --standalone --debug 3 --output-insecure | |
| openssl verify -CAfile /var/www/acme2certifier/volume/acme_ca/root-ca-cert.pem -untrusted /var/www/acme2certifier/volume/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp /var/log/apache2 ${{ github.workspace }}/artifact/data/ | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: deb_apache.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| deb_nginx: | |
| name: "deb_nginx" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Get runner ip" | |
| run: | | |
| echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
| echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
| - run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: "Prepare environment to build deb package" | |
| run: | | |
| sudo apt-get update && sudo apt-get -y upgrade | |
| sudo apt-get -y install build-essential fakeroot dpkg-dev devscripts debhelper | |
| rm setup.py | |
| cp -R examples/install_scripts/debian ./ | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" debian/changelog | |
| cd ../ | |
| tar cvfz ../acme2certifier_${{ env.TAG_NAME }}.orig.tar.gz ./ | |
| - name: "Build debian package" | |
| run: | | |
| dpkg-buildpackage -uc -us | |
| dpkg -c ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb | |
| - name: "Install nginx and acme2certifier packages" | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3-pip nginx uwsgi uwsgi-plugin-python3 | |
| sudo apt-get install -y ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb | |
| - name: "Prepare local modification to get a2c running" | |
| run: | | |
| sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv.conf | |
| sudo cp examples/nginx/nginx_acme_srv.conf /etc/nginx/sites-available/acme_srv.conf | |
| sudo rm /etc/nginx/sites-enabled/default | |
| sudo ln -s /etc/nginx/sites-available/acme_srv.conf /etc/nginx/sites-enabled/acme_srv.conf | |
| sudo chown -R www-data.www-data /var/www/acme2certifier/ | |
| sudo systemctl start nginx | |
| - name: "Modify uwsgi configuration file" | |
| run: | | |
| sed -i "s/\/run\/uwsgi\/acme.sock/acme.sock/g" examples/nginx/acme2certifier.ini | |
| sed -i "s/nginx/www-data/g" examples/nginx/acme2certifier.ini | |
| echo "plugins=python3" >> examples/nginx/acme2certifier.ini | |
| sudo cp examples/nginx/acme2certifier.ini /var/www/acme2certifier | |
| - name: "Create a2c service" | |
| run: | | |
| cat <<EOT > acme2certifier.service | |
| [Unit] | |
| Description=uWSGI instance to serve acme2certifier | |
| After=network.target | |
| [Service] | |
| User=www-data | |
| Group=www-data | |
| WorkingDirectory=/var/www/acme2certifier | |
| Environment="PATH=/var/www/acme2certifier" | |
| ExecStart=uwsgi --ini acme2certifier.ini | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOT | |
| sudo cp acme2certifier.service /etc/systemd/system/acme2certifier.service | |
| sudo systemctl start acme2certifier | |
| sudo systemctl enable acme2certifier | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: curl -f http://127.0.0.1/directory | |
| - name: "Configure ca_handler" | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo mkdir -p /var/www/acme2certifier/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem /var/www/acme2certifier/volume/acme_ca/ | |
| sudo chown -R www-data.www-data /var/www/acme2certifier/volume | |
| - name: "Modfiy configuration to allow certifiate enrollment" | |
| run: | | |
| sudo sed -i "s/listen 80/listen 8080/g" /etc/nginx/sites-enabled/acme_srv.conf | |
| sudo sed -i "s/listen [::]:80/listen [::]:8080/g" /etc/nginx/sites-enabled/acme_srv.conf | |
| sudo sed -i "s/examples\/ca_handler/\/var\/www\/acme2certifier\/examples\/ca_handler/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/volume\/acme_ca/\/var\/www\/acme2certifier\/volume\/acme_ca/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo sed -i "s/challenge_validation_disable: False/challenge_validation_disable: True/g" /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| sudo systemctl restart nginx | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: curl -f http://127.0.0.1:8080/directory | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name=acme-sh neilpang/acme.sh:latest --issue --server http://${{ env.RUNNER_IP }}:8080 --accountemail '[email protected]' -d acme-sh.acme --standalone --debug 3 --output-insecure | |
| openssl verify -CAfile /var/www/acme2certifier/volume/acme_ca/root-ca-cert.pem -untrusted /var/www/acme2certifier/volume/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp /var/log/nginx ${{ github.workspace }}/artifact/data/ | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: deb_nginx.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |