Application Tests - win-acme #1347
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Application Tests - win-acme | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '0 2 * * 6' | |
jobs: | |
win_acme: | |
name: "win_acme" | |
runs-on: windows-latest | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "[ PREPARE ] get RunnerIP" | |
run: | | |
Get-NetIPAddress -AddressFamily IPv4 | |
# $runner_ip=(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'Ethernet').IPAddress | |
$runner_ip=(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'vEthernet (nat)').IPAddress | |
echo RUNNER_IP=$runner_ip >> $env:GITHUB_ENV | |
- name: "[ PREPARE ] echo RunnerIP" | |
run: echo $env:RUNNER_IP | |
- name: "[ PREPARE ] Create DNS entries " | |
run: | | |
Invoke-RestMethod -ContentType "application/json" -Method PUT -Uri ${{ secrets.CF_DYNAMOP_URL }} -Headers @{Authorization="Bearer ${{ secrets.CF_TOKEN }}"} -UseBasicParsing -Body '{"type":"A","name":"${{ secrets.CF_WINACME1_NAME }}","content":"${{ env.RUNNER_IP }}","ttl":120,"proxied":false}' | |
- name: "[ PREPARE ] Build local acme2certifier environment" | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
pip install django==3.2 | |
pip install django-sslserver | |
pip install pyyaml | |
cp examples/db_handler/django_handler.py acme_srv/db_handler.py | |
cp examples/django/* .\ -Recurse -Force | |
(Get-Content .github/django_settings.py) -replace '/var/www/acme2certifier/volume/db.sqlite3', 'volume/db.sqlite3' | Set-Content acme2certifier/settings.py | |
(Get-Content acme2certifier/settings.py) -replace 'django.contrib.staticfiles', 'sslserver' | Set-Content acme2certifier/settings.py | |
cat acme2certifier/settings.py | |
cp examples/ca_handler/openssl_ca_handler.py acme2certifier/ca_handler.py | |
cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg acme_srv/acme_srv.cfg | |
cp .github/acme2certifier_cert.pem acme2certifier/acme2certifier_cert.pem | |
cp .github/acme2certifier_key.pem acme2certifier/acme2certifier_key.pem | |
mkdir .\volume/acme_ca/certs | |
cp test/ca/*.pem volume/acme_ca/ | |
certutil -addstore -enterprise -f -v root volume\acme_ca\root-ca-cert.pem | |
certutil -addstore -enterprise -f -v root volume\acme_ca\sub-ca-cert.pem | |
- name: "[ PREPARE ] configure server" | |
run: | | |
python manage.py makemigrations | |
python manage.py migrate | |
python manage.py loaddata acme_srv/fixture/status.yaml | |
- name: "[ PREPARE ] try to get up the server" | |
run: | | |
Start-Process powershell {python .\manage.py runserver 0.0.0.0:8080 3>&1 2>&1 > volume\redirection.log} | |
- name: "[ PREPARE ] Sleep for 5s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 5s | |
- name: "[ TEST ] Test if directory ressource is accessible" | |
run: | | |
get-Process python | |
Invoke-RestMethod -Uri http://127.0.0.1:8080/directory -NoProxy -TimeoutSec 5 | |
[System.Net.Dns]::GetHostByName('localhost').HostName | |
([System.Net.Dns]::GetHostByName(($env:computerName))).Hostname | |
- name: "[ PREPARE ] Download win-acme" | |
run: | | |
Invoke-RestMethod -Uri https://github.com/win-acme/win-acme/releases/download/v2.2.8.1635/win-acme.v2.2.8.1635.x64.trimmed.zip -OutFile win-acme.zip | |
Expand-Archive .\win-acme.zip | |
mkdir win-acme\certs | |
dir win-acme\* | |
- name: "[ ENROLL ] Enroll certificate via win-acme" | |
run: | | |
.\win-acme\wacs.exe --baseuri http://127.0.0.1:8080 [email protected] --pemfilespath win-acme\certs --source manual --host ${{ secrets.CF_WINACME1_NAME }},${{ secrets.CF_WINACME2_NAME }} --store pemfiles --force | |
- name: "[ PREPARE ] try to get up the sslserver" | |
run: | | |
Start-Process powershell {python .\manage.py runsslserver 0.0.0.0:443 --certificate acme2certifier/acme2certifier_cert.pem --key acme2certifier/acme2certifier_key.pem 3>&1 2>&1 > volume\redirection_ssl.log} | |
- name: "[ PREPARE ] Sleep for 5s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 5s | |
- name: "[ TEST ] Test if directory ressource is accessible" | |
run: | | |
get-Process python | |
Invoke-RestMethod -SkipCertificateCheck -Uri https://localhost -NoProxy -TimeoutSec 5 | |
[System.Net.Dns]::GetHostByName('localhost').HostName | |
([System.Net.Dns]::GetHostByName(($env:computerName))).Hostname | |
- name: "[ PREPARE ] Install and configure Posh-ACME" | |
run: | | |
Install-Module -Name Posh-ACME -Scope CurrentUser -Force | |
- name: "Create account via Posh-ACME" | |
run: | | |
set-PAServer -DirectoryUrl https://localhost/directory -SkipCertificateCheck | |
$DebugPreference = 'Continue' | |
New-PAAccount -Contact '[email protected]' | |
$ACC_1 = (Get-PAAccount | Out-String -Stream | Select-String -Pattern "valid") | |
echo ACC1=$ACC_1 >> $env:GITHUB_ENV | |
Export-PAAccountKEy -OutputFile foo.key | |
echo $env:ACC_1 | |
- name: "Recreate account via Posh-ACME" | |
run: | | |
$DebugPreference = 'Continue' | |
Get-PAAccount | Remove-PAAccount -Force | |
Get-PAAccount | |
New-PAAccount -Contact '[email protected]' -AcceptTOS -OnlyReturnExisting -KeyFile foo.key | |
Get-PAAccount -Refresh | |
$ACC_2 = (Get-PAAccount | Out-String -Stream | Select-String -Pattern "valid") | |
echo ACC2=$ACC_2 >> $env:GITHUB_ENV | |
echo $env:ACC_2 | |
- name: "Rollover account key" | |
run: | | |
$DebugPreference = 'Continue' | |
Set-PAAccount -KeyRollover | |
- name: "[ ENROLL ] Enroll Certificate via Posh-ACME" | |
# if: $env:ACC_1 == env.ACC_2 | |
run: | | |
$DebugPreference = 'Continue' | |
New-PACertificate ${{ secrets.CF_WINACME1_NAME }} -Plugin WebSelfHost -PluginArgs @{} -Force | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir ${{ github.workspace }}\artifact\upload | |
cp volume ${{ github.workspace }}\artifact\upload/ -Recurse -Force | |
cp acme_srv\acme_srv.cfg ${{ github.workspace }}\artifact\upload | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: win-acme.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ |