Tnauth Tests #1829

Workflow file for this run

.github/workflows/tnauth-test.yml at 224fec2

	name: Tnauth Tests

	on:
	push:
	pull_request:
	branches: [ devel ]
	schedule:
	# * is a special character in YAML so you have to quote this string
	- cron: '0 2 * * 6'

	jobs:
	tnauth_tests:
	name: "tnauth_tests"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	websrv: ['apache2', 'nginx']
	dbhandler: ['wsgi', 'django']

	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: "Build docker-compose (${{ matrix.websrv }}_${{ matrix.dbhandler }})"
	working-directory: examples/Docker/
	run: \|
	sudo apt-get install -y docker-compose
	sudo mkdir -p data
	sed -i "s/wsgi/$DB_HANDLER/g" .env
	sed -i "s/apache2/$WEB_SRV/g" .env
	cat .env
	docker network create acme
	docker-compose up -d
	docker-compose logs
	env:
	WEB_SRV: ${{ matrix.websrv }}
	DB_HANDLER: ${{ matrix.dbhandler }}

	- name: "Setup openssl ca_handler"
	run: \|
	sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem
	sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem
	sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem
	sudo cp .github/django_settings.py examples/Docker/data/settings.py
	sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
	sudo mkdir -p examples/Docker/data/acme_ca/certs
	sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/
	sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
	sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: True/g" examples/Docker/data/acme_srv.cfg
	cd examples/Docker/
	docker-compose restart
	docker-compose logs

	- name: "Sleep for 10s"
	uses: juliangruber/[email protected]
	with:
	time: 10s

	- name: "Test http://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

	- name: "Test if https://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory

	- name: "Install curl and socat and test connction"
	run: \|
	sudo apt-get install -y curl socat
	curl -f http://localhost:22280

	- name: "Install acme.sh"
	run: \|
	mkdir /tmp/acme_sh
	curl -kL https://github.com/grindsa/acme.sh/archive/tnauth_list_support.tar.gz \| tar xz -C /tmp/acme_sh --strip-components=1

	- name: "Enroll certificate using tnauth identifier"
	run: \|
	cd /tmp/acme_sh
	/tmp/acme_sh/acme.sh --server http://127.0.0.1:22280 --accountemail [email protected] --issue -d cert.acme.local --tnauth 123456 --spctoken 1234 --standalone --force --debug 2

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
	cd examples/Docker
	docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: tnauth-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/

	tnauth_rpm_tests:
	name: "tnauth_rpm_tests"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	rhversion: [8, 9]
	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: Retrieve Version from version.py
	run: \|
	echo TAG_NAME=$(cat acme_srv/version.py \| grep -i __version__ \| head -n 1 \| sed 's/__version__ = //g' \| sed s/\'//g) >> $GITHUB_ENV
	- run: echo "Latest tag is ${{ env.TAG_NAME }}"

	- name: update version number in spec file
	run: \|
	# sudo sed -i "s/Source0:.*/Source0: %{name}-%{version}.tar.gz/g" examples/install_scripts/rpm/acme2certifier.spec
	sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec
	cat examples/install_scripts/rpm/acme2certifier.spec

	- name: build RPM package
	id: rpm
	uses: grindsa/rpmbuild@alma9
	with:
	spec_file: "examples/install_scripts/rpm/acme2certifier.spec"

	- run: echo "path is ${{ steps.rpm.outputs.rpm_dir_path }}"

	- name: "[ PREPARE ] setup environment for alma installation"
	run: \|
	docker network create acme
	sudo mkdir -p data
	sudo chmod -R 777 data
	sudo cp ${{ steps.rpm.outputs.rpm_dir_path }}noarch/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm data
	sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data

	- name: "Retrieve rpms from SBOM repo"
	run: \|
	git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom
	cp /tmp/sbom/rpm-repo/RPMs/rhel${{ matrix.rhversion }}/*.rpm data
	env:
	GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
	GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}

	- name: "[ PREPARE ] prepare acme_srv.cfg with openssl_ca_handler"
	run: \|
	mkdir -p data/acme_ca
	sudo mkdir -p examples/Docker/data/acme_ca/certs
	sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/
	sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg
	sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: True/g" data/acme_srv.cfg

	- name: "[ PREPARE ] Almalinux instance"
	run: \|
	sudo cp examples/Docker/almalinux-systemd/Dockerfile data
	sudo sed -i "s/FROM almalinux:9/FROM almalinux:${{ matrix.rhversion }}/g" data/Dockerfile
	cat data/Dockerfile \| docker build -t almalinux-systemd -f - . --no-cache
	docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd

	- name: "[ RUN ] Execute install scipt"
	run: \|
	docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh

	- name: "Test http://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

	- name: "[ CURL ] install curl and socat and test connction"
	run: \|
	sudo apt-get install -y curl socat
	curl -f http://localhost:22280

	- name: "[ ACME.SH ] install acme.sh"
	run: \|
	mkdir /tmp/acme_sh
	curl -kL https://github.com/grindsa/acme.sh/archive/tnauth_list_support.tar.gz \| tar xz -C /tmp/acme_sh --strip-components=1

	- name: "[ ACME.SH ] enroll certificate using tnauth identifier"
	run: \|
	cd /tmp/acme_sh
	/tmp/acme_sh/acme.sh --server http://127.0.0.1:22280 --accountemail [email protected] --issue -d cert.acme.local --tnauth 123456 --spctoken 1234 --standalone --force --debug 2

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
	sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
	sudo rm ${{ github.workspace }}/artifact/data/*.rpm
	# sudo cp -rp /tmp/acme_sh/ ${{ github.workspace }}/artifact/acme_sh/
	docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig
	docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf
	docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: tnauth-rpm-rh${{ matrix.rhversion }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tnauth Tests #1829

Workflow file

Tnauth Tests #1829

Jobs

Run details

Workflow file for this run