[wf] push images of latest and 2nd latest version #157
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upgrade Tests | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel ] | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 2 * * 6' | |
| jobs: | |
| container_upgrade: | |
| name: "container_upgrade" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| websrv: ['apache2', 'nginx'] | |
| dbhandler: ['wsgi', 'django'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare container environment" | |
| uses: ./.github/actions/container_prep | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| CONTAINER_BUILD: false | |
| DJANGO_DB: mariadb | |
| - name: "Configure acme2certifier" | |
| run: | | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg | |
| sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| echo "" >> examples/Docker/data/acme_srv.cfg | |
| echo "handler_file: examples/ca_handler/openssl_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| - name: "Install a2c 0.19.3" | |
| run: | | |
| docker run -d -p 80:80 -p 443:443 --rm -id --network acme --name=acme-srv -v "$(pwd)/examples/Docker/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:0.19.3-apache2-wsgi | |
| docker logs acme-srv | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Delete acme-sh, letsencypt and lego folders" | |
| run: | | |
| docker stop acme-srv | |
| sudo rm -rf lego/* | |
| sudo rm -rf acme-sh/* | |
| sudo rm -rf certbot/* | |
| - name: "Build container" | |
| uses: ./.github/actions/container_build | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| - name: "Spin-up a2c instance" | |
| uses: ./.github/actions/container_up | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Check container configuration" | |
| uses: ./.github/actions/container_check | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: apache2-wsgi-upgrade.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| rpm_build: | |
| name: "rpm_build" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: update version number in spec file and path in nginx ssl config | |
| run: | | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "rpm update" | |
| git add examples/nginx | |
| git commit -a -m "rpm update" | |
| - name: build RPM package | |
| id: rpm | |
| uses: grindsa/rpmbuild@alma9 | |
| with: | |
| spec_file: "examples/install_scripts/rpm/acme2certifier.spec" | |
| - run: echo "path is ${{ steps.rpm.outputs.rpm_dir_path }}" | |
| - name: "Upload RPM package" | |
| uses: actions/upload-artifact@master | |
| with: | |
| name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| path: ${{ steps.rpm.outputs.rpm_dir_path }}/noarch/ | |
| rpm_wsgi_upgrade_nginx: | |
| name: "rpm_wsgi_upgrade_nginx" | |
| runs-on: ubuntu-latest | |
| needs: rpm_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: Download rpm package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| path: /tmp/ | |
| - name: "Setup environment for alma installation" | |
| run: | | |
| docker network create acme | |
| sudo mkdir -p data/volume | |
| sudo mkdir -p data/acme2certifier | |
| sudo mkdir -p data/nginx/conf.d | |
| sudo chmod -R 777 data | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem | |
| sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf | |
| sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf | |
| - name: "Retrieve rpms from SBOM repo" | |
| run: | | |
| git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom | |
| cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data | |
| env: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| - name: "Prepare acme_srv.cfg with openssl_ca_handler" | |
| run: | | |
| sudo mkdir acme-sh | |
| sudo mkdir -p data/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME | |
| sudo touch data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Almalinux instance" | |
| run: | | |
| cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
| sudo docker cp data/nginx acme-srv:/etc | |
| sudo docker cp data/volume/ acme-srv:/opt/acme2certifier/ | |
| docker exec acme-srv chmod -R 777 /opt/acme2certifier/volume | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Update acme2certifier" | |
| run: | | |
| docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp | |
| docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| docker exec -w /opt/acme2certifier acme-srv python3 tools/db_update.py | |
| docker restart acme-srv | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/wsgi_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: rpm_wsgi_upgrade_nginx.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| rpm_django_upgrade_nginx_mariadb: | |
| name: "rpm_django_upgrade_nginx_mariadb" | |
| runs-on: ubuntu-latest | |
| needs: rpm_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: update version number in spec file and path in nginx ssl config | |
| run: | | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "rpm update" | |
| git add examples/nginx | |
| git commit -a -m "rpm update" | |
| - name: Download rpm package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| path: /tmp/ | |
| - name: "Setup environment for alma installation" | |
| run: | | |
| sudo mkdir acme-sh | |
| docker network create acme | |
| sudo mkdir -p data/volume | |
| sudo mkdir -p data/acme2certifier | |
| sudo mkdir -p data/nginx/conf.d | |
| sudo chmod -R 777 data | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| sudo cp examples/Docker/almalinux-systemd/django_tester.sh data | |
| sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem | |
| sudo cp .github/django_settings_mariadb.py data/acme2certifier/settings.py | |
| # sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py | |
| sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py | |
| sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf | |
| sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf | |
| - name: "Instanciate mariadb" | |
| uses: ./.github/actions/mariadb_prep | |
| - name: "Retrieve rpms from SBOM repo" | |
| run: | | |
| git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom | |
| cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data | |
| env: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| - name: "Configure acme2certifier" | |
| run: | | |
| sudo mkdir -p data/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Almalinux instance" | |
| run: | | |
| cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Update acme2certifier" | |
| run: | | |
| docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp | |
| docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| docker exec -w /opt/acme2certifier acme-srv python3 tools/django_update.py | |
| docker restart acme-srv | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: rpm_django_upgrade_nginx_mariadb.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| rpm_django_upgrade_nginx_sqlite: | |
| name: "rpm_django_upgrade_nginx_sqlite" | |
| runs-on: ubuntu-latest | |
| needs: rpm_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: update version number in spec file and path in nginx ssl config | |
| run: | | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "rpm update" | |
| git add examples/nginx | |
| git commit -a -m "rpm update" | |
| - name: Download rpm package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| path: /tmp/ | |
| - name: "Setup environment for alma installation" | |
| run: | | |
| sudo mkdir acme-sh | |
| docker network create acme | |
| sudo mkdir -p data/volume | |
| sudo mkdir -p data/acme2certifier | |
| sudo mkdir -p data/nginx/conf.d | |
| sudo chmod -R 777 data | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| sudo cp examples/Docker/almalinux-systemd/django_tester.sh data | |
| sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem | |
| sudo cp .github/django_settings.py data/acme2certifier/settings.py | |
| sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py | |
| sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py | |
| sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf | |
| sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf | |
| - name: "Retrieve rpms from SBOM repo" | |
| run: | | |
| git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom | |
| cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data | |
| env: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| - name: "Configure acme2certifier" | |
| run: | | |
| sudo mkdir -p data/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Almalinux instance" | |
| run: | | |
| cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Update acme2certifier" | |
| run: | | |
| docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp | |
| docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| docker exec -w /opt/acme2certifier acme-srv python3 tools/django_update.py | |
| docker restart acme-srv | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: rpm_django_upgrade_nginx_sqlite.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| rpm_django_upgrade_nginx_psql: | |
| name: "rpm_django_upgrade_nginx_psql" | |
| runs-on: ubuntu-latest | |
| needs: rpm_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: update version number in spec file and path in nginx ssl config | |
| run: | | |
| sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "rpm update" | |
| git add examples/nginx | |
| git commit -a -m "rpm update" | |
| - name: Download rpm package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| path: /tmp/ | |
| - name: "Setup environment for alma installation" | |
| run: | | |
| sudo mkdir acme-sh | |
| docker network create acme | |
| sudo mkdir -p data/volume | |
| sudo mkdir -p data/acme2certifier | |
| sudo mkdir -p data/nginx/conf.d | |
| sudo chmod -R 777 data | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm | |
| sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data | |
| sudo cp examples/Docker/almalinux-systemd/django_tester.sh data | |
| sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem | |
| sudo cp .github/django_settings_psql.py data/acme2certifier/settings.py | |
| # sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py | |
| sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py | |
| sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf | |
| sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d | |
| sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf | |
| - name: "Instanciate postgres" | |
| uses: ./.github/actions/psql_prep | |
| - name: "Retrieve rpms from SBOM repo" | |
| run: | | |
| git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom | |
| cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data | |
| env: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| - name: "Configure acme2certifier" | |
| run: | | |
| sudo mkdir -p data/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Almalinux instance" | |
| run: | | |
| cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache | |
| docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Update acme2certifier" | |
| run: | | |
| docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp | |
| docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm | |
| docker exec -w /opt/acme2certifier acme-srv python3 tools/django_update.py | |
| docker restart acme-srv | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: rpm_django_upgrade_nginx_psql.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| deb_build: | |
| name: "deb_build" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "deb build and upload" | |
| uses: ./.github/actions/deb_build_upload | |
| deb_upgrade_wsgi: | |
| name: "deb_upgrade_wsgi" | |
| needs: deb_build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare environment" | |
| run: | | |
| docker network create acme | |
| mkdir acme-sh | |
| mkdir certbot | |
| mkdir -p data/volume | |
| - name: "Download a2c 0.23 deb package" | |
| run: | | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: Download debian package | |
| uses: actions/download-artifact@v4 | |
| continue-on-error: true | |
| with: | |
| name: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| path: data/ | |
| - name: List files | |
| run: ls -la data/ | |
| - name: "Instanciate Ubuntu 22.04" | |
| run: | | |
| docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Install a2c" | |
| run: | | |
| docker exec acme-srv apt-get update | |
| docker exec acme-srv apt-get -y upgrade | |
| docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3 | |
| docker exec acme-srv ls -la /tmp/acme2certifier/ | |
| docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb | |
| - name: "Configure a2c" | |
| run: | | |
| sudo cp .github/acme2certifier.pem data/volume/acme2certifier.pem | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_wsgi_ssl.conf /etc/apache2/sites-available/acme2certifier_ssl.conf | |
| docker exec acme-srv a2enmod ssl | |
| docker exec acme-srv a2ensite acme2certifier | |
| docker exec acme-srv a2ensite acme2certifier_ssl | |
| docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf | |
| docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme2certifier.pem /var/www/acme2certifier/volume/ | |
| docker exec acme-srv systemctl start apache2 | |
| - name: "Setup xca-handler" | |
| run: | | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/ | |
| docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume | |
| docker exec acme-srv systemctl restart apache2 | |
| docker exec acme-srv systemctl status apache2 | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Upgrade a2c" | |
| run: | | |
| docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/db_update.py | |
| docker exec acme-srv systemctl restart apache2 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Test http://acme-srv/directory is accessible after upgrade" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of wsgi_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/wsgi_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
| docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: deb_upgrade_wsgi.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| deb_upgrade_django_sqlite: | |
| name: "deb_upgrade_django_sqlite" | |
| runs-on: ubuntu-latest | |
| needs: deb_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare environment" | |
| run: | | |
| docker network create acme | |
| mkdir acme-sh | |
| mkdir certbot | |
| mkdir -p data/volume | |
| - name: "Download a2c 0.23 deb package" | |
| run: | | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: Download debian package | |
| uses: actions/download-artifact@v4 | |
| continue-on-error: true | |
| with: | |
| name: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| path: data/ | |
| - name: List files | |
| run: ls -la data/ | |
| - name: "Instanciate Ubuntu 22.04" | |
| run: | | |
| docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Install a2c" | |
| run: | | |
| docker exec acme-srv apt-get update | |
| docker exec acme-srv apt-get -y upgrade | |
| docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3 | |
| docker exec acme-srv ls -la /tmp/acme2certifier/ | |
| docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb | |
| - name: "Configure a2c" | |
| run: | | |
| sudo cp .github/acme2certifier.pem data/volume/acme2certifier.pem | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_django.conf /etc/apache2/sites-available/acme2certifier.conf | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_django_ssl.conf /etc/apache2/sites-available/acme2certifier_ssl.conf | |
| docker exec acme-srv a2enmod ssl | |
| docker exec acme-srv a2ensite acme2certifier | |
| docker exec acme-srv a2ensite acme2certifier_ssl | |
| docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf | |
| docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme2certifier.pem /var/www/acme2certifier/volume/ | |
| docker exec acme-srv systemctl start apache2 | |
| - name: "Setup xca-handler" | |
| run: | | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME | |
| sudo cp .github/django_settings.py data/volume/settings.py | |
| docker exec acme-srv bash -c "cp -R /var/www/acme2certifier/examples/django/* /var/www/acme2certifier/" | |
| docker exec acme-srv cp -r /var/www/acme2certifier/examples/db_handler/django_handler.py /var/www/acme2certifier/acme_srv/db_handler.py | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/settings.py /var/www/acme2certifier/acme2certifier/ | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py | |
| docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume | |
| docker exec acme-srv systemctl restart apache2 | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Upgrade a2c" | |
| run: | | |
| docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py | |
| docker exec acme-srv systemctl restart apache2 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Test http://acme-srv/directory is accessible after upgrade" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
| docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: deb_upgrade_django_sqlite.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| deb_upgrade_django_mariadb: | |
| name: "deb_upgrade_django_mariadb" | |
| runs-on: ubuntu-latest | |
| needs: deb_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare environment" | |
| run: | | |
| docker network create acme | |
| mkdir acme-sh | |
| mkdir certbot | |
| mkdir -p data/volume | |
| - name: "Install mariadb" | |
| working-directory: examples/Docker/ | |
| run: | | |
| # docker run --name mariadbsrv --network acme -v $PWD/data/mysql:/var/lib/mysql -e MARIADB_ROOT_PASSWORD=foobar -d mariadb | |
| docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Configure mariadb" | |
| working-directory: examples/Docker/ | |
| run: | | |
| docker exec mariadbsrv mariadb -u root --password=foobar -e"CREATE DATABASE acme2certifier CHARACTER SET UTF8;" | |
| docker exec mariadbsrv mariadb -u root --password=foobar -e"GRANT ALL PRIVILEGES ON acme2certifier.* TO 'acme2certifier'@'%' IDENTIFIED BY '1mmSvDFl';" | |
| docker exec mariadbsrv mariadb -u root --password=foobar -e"FLUSH PRIVILEGES;" | |
| - name: "Download a2c 0.23 deb package" | |
| run: | | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: Download debian package | |
| uses: actions/download-artifact@v4 | |
| continue-on-error: true | |
| with: | |
| name: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| path: data/ | |
| - name: List files | |
| run: ls -la data/ | |
| - name: "Instanciate Ubuntu 22.04" | |
| run: | | |
| docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Install a2c" | |
| run: | | |
| docker exec acme-srv apt-get update | |
| docker exec acme-srv apt-get -y upgrade | |
| docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3 | |
| docker exec acme-srv ls -la /tmp/acme2certifier/ | |
| docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb | |
| - name: "Configure a2c" | |
| run: | | |
| sudo cp .github/acme2certifier.pem data/volume/acme2certifier.pem | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_django.conf /etc/apache2/sites-available/acme2certifier.conf | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_django_ssl.conf /etc/apache2/sites-available/acme2certifier_ssl.conf | |
| docker exec acme-srv a2enmod ssl | |
| docker exec acme-srv a2ensite acme2certifier | |
| docker exec acme-srv a2ensite acme2certifier_ssl | |
| docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf | |
| docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme2certifier.pem /var/www/acme2certifier/volume/ | |
| docker exec acme-srv systemctl start apache2 | |
| - name: "Setup xca-handler" | |
| run: | | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME | |
| sudo cp .github/django_settings_mariadb.py data/volume/settings.py | |
| docker exec acme-srv bash -c "cp -R /var/www/acme2certifier/examples/django/* /var/www/acme2certifier/" | |
| docker exec acme-srv cp -r /var/www/acme2certifier/examples/db_handler/django_handler.py /var/www/acme2certifier/acme_srv/db_handler.py | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/settings.py /var/www/acme2certifier/acme2certifier/ | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py | |
| docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume | |
| docker exec acme-srv systemctl restart apache2 | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Upgrade a2c" | |
| run: | | |
| docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py | |
| docker exec acme-srv systemctl restart apache2 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Test http://acme-srv/directory is accessible after upgrade" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier | |
| docker exec mariadbsrv mysqldump -u root --password=foobar acme2certifier > /tmp/acme2certifier.sql | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp /tmp/acme2certifier.sql ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
| docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: deb_upgrade_django_mariadb.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| deb_upgrade_django_psql: | |
| name: "deb_upgrade_django_psql" | |
| runs-on: ubuntu-latest | |
| needs: deb_build | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare environment" | |
| run: | | |
| docker network create acme | |
| mkdir acme-sh | |
| mkdir certbot | |
| mkdir -p data/volume | |
| - name: "postgres environment" | |
| run: | | |
| sudo mkdir -p /tmp/data/pgsql | |
| sudo cp .github/a2c.psql /tmp/data/pgsql/a2c.psql | |
| sudo cp .github/pgpass /tmp//data/pgsql/pgpass | |
| sudo chmod 600 /tmp/data/pgsql/pgpass | |
| - name: "Install postgres" | |
| working-directory: /tmp | |
| run: | | |
| docker run --name postgresdbsrv --network acme -e POSTGRES_PASSWORD=foobar -d postgres | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Configure postgres" | |
| working-directory: /tmp | |
| run: | | |
| docker run -v "$(pwd)/data/pgsql/a2c.psql":/tmp/a2c.psql -v "$(pwd)/data/pgsql/pgpass:/root/.pgpass" --rm --network acme postgres psql -U postgres -h postgresdbsrv -f /tmp/a2c.psql | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Download a2c 0.23 deb package" | |
| run: | | |
| wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb | |
| - name: Retrieve Version from version.py | |
| run: | | |
| echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV | |
| - run: echo "Latest tag is ${{ env.TAG_NAME }}" | |
| - name: Download debian package | |
| uses: actions/download-artifact@v4 | |
| continue-on-error: true | |
| with: | |
| name: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| path: data/ | |
| - name: List files | |
| run: ls -la data/ | |
| - name: "Instanciate Ubuntu 22.04" | |
| run: | | |
| docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Install a2c" | |
| run: | | |
| docker exec acme-srv apt-get update | |
| docker exec acme-srv apt-get -y upgrade | |
| docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3 | |
| docker exec acme-srv ls -la /tmp/acme2certifier/ | |
| docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb | |
| - name: "Configure a2c" | |
| run: | | |
| sudo cp .github/acme2certifier.pem data/volume/acme2certifier.pem | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_django.conf /etc/apache2/sites-available/acme2certifier.conf | |
| docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_django_ssl.conf /etc/apache2/sites-available/acme2certifier_ssl.conf | |
| docker exec acme-srv a2enmod ssl | |
| docker exec acme-srv a2ensite acme2certifier | |
| docker exec acme-srv a2ensite acme2certifier_ssl | |
| docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf | |
| docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme2certifier.pem /var/www/acme2certifier/volume/ | |
| docker exec acme-srv systemctl start apache2 | |
| - name: "Setup xca-handler" | |
| run: | | |
| sudo touch data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg | |
| sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg | |
| sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME | |
| sudo cp .github/django_settings_psql.py data/volume/settings.py | |
| docker exec acme-srv bash -c "cp -R /var/www/acme2certifier/examples/django/* /var/www/acme2certifier/" | |
| docker exec acme-srv cp -r /var/www/acme2certifier/examples/db_handler/django_handler.py /var/www/acme2certifier/acme_srv/db_handler.py | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/ | |
| docker exec acme-srv cp /tmp/acme2certifier/volume/settings.py /var/www/acme2certifier/acme2certifier/ | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py | |
| docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume | |
| docker exec acme-srv systemctl restart apache2 | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Upgrade a2c" | |
| run: | | |
| docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb | |
| docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py | |
| docker exec acme-srv systemctl restart apache2 | |
| - name: "Sleep for 5s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 5s | |
| - name: "Test http://acme-srv/directory is accessible after upgrade" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Get hashes of django_handler.py and db_handler.py" | |
| run: | | |
| echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV | |
| - run: echo "Hash1 is ${{ env.HASH1 }}" | |
| - run: echo "Hash2 is ${{ env.HASH2 }}" | |
| - name: Compare hashes | |
| if: env.HASH1 != env.HASH2 | |
| run: | | |
| exit 1 | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
| docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: deb_upgrade_django_psql.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ |