Ari Tests #616

Workflow file for this run

.github/workflows/ari-test.yml at 82d539d

	name: Ari Tests

	on:
	push:
	pull_request:
	branches: [ devel ]
	schedule:
	# * is a special character in YAML so you have to quote this string
	- cron: '0 2 * * 6'

	jobs:

	ari_container_tests:
	name: "ari_container_tests"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	websrv: ['apache2', 'nginx']
	dbhandler: ['wsgi', 'django']
	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: "Build container"
	uses: ./.github/actions/container_prep
	with:
	DB_HANDLER: ${{ matrix.dbhandler }}
	WEB_SRV: ${{ matrix.websrv }}

	- name: "Setup openssl ca_handler"
	run: \|
	sudo mkdir -p examples/Docker/data/acme_ca/certs
	sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/
	sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg
	sudo chmod 777 examples/Docker/data/acme_srv.cfg
	sudo echo -e "\n\n[Renewalinfo]" >> examples/Docker/data/acme_srv.cfg
	sudo echo "renewal_force: True" >> examples/Docker/data/acme_srv.cfg
	cd examples/Docker/
	docker-compose restart
	docker-compose logs

	- name: "Sleep for 10s"
	uses: juliangruber/[email protected]
	with:
	time: 10s

	- name: "Create lego folder"
	run: \|
	mkdir lego

	- name: "Test http://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

	- name: "Test if https://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory

	- name: "Enroll lego"
	run: \|
	docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http run
	sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt

	- name: "Renew lego"
	run: \|
	docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http renew --no-random-sleep 2> ari.txt
	grep "renewalInfo endpoint indicates that renewal is needed" ari.txt
	cat ari.txt
	sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt

	- name: "Check container configuration"
	uses: ./.github/actions/container_check
	with:
	DB_HANDLER: ${{ matrix.dbhandler }}
	WEB_SRV: ${{ matrix.websrv }}

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
	sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/
	cd examples/Docker
	docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data lego

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: ari_container-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/

	ari_wsgi_rpm:
	name: "ari_wsgi_rpm"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	rhversion: [8, 9]
	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: "Prepare Alma environment"
	uses: ./.github/actions/rpm_prep
	with:
	GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
	GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
	RH_VERSION: ${{ matrix.rhversion }}

	- name: "Prepare acme_srv.cfg with openssl_ca_handler"
	run: \|
	sudo mkdir -p data/acme_ca/certs
	sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/
	sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg
	sudo chmod 777 data/acme_srv.cfg
	sudo echo -e "\n\n[Renewalinfo]" >> data/acme_srv.cfg
	sudo echo "renewal_force: True" >> data/acme_srv.cfg

	- name: "Execute install scipt"
	run: \|
	docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh

	- name: "Create lego folder"
	run: \|
	mkdir lego

	- name: "Enroll HTTP-01 single domain lego"
	run: \|
	docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http run
	sudo openssl verify -CAfile data/acme_ca/root-ca-cert.pem -untrusted data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt

	- name: "Renew HTTP-01 single domain lego"
	run: \|
	docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http renew --no-random-sleep 2> ari.txt
	grep "renewalInfo endpoint indicates that renewal is needed" ari.txt
	cat ari.txt
	sudo openssl verify -CAfile data/acme_ca/root-ca-cert.pem -untrusted data/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
	sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
	sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
	sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/
	sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/
	sudo rm ${{ github.workspace }}/artifact/data/*.rpm
	docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig
	docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf
	docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh certbot lego

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: ari_wsgi_rpm-rh${{ matrix.rhversion }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/


	ari_django_rpm:
	name: "ari_django_rpm"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	rhversion: [8, 9]
	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: "Prepare Alma environment"
	uses: ./.github/actions/rpm_prep
	with:
	GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
	GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
	RH_VERSION: ${{ matrix.rhversion }}

	- name: "Create lego folder"
	run: \|
	mkdir lego

	- name: "Prepare acme_srv.cfg with openssl_ca_handler"
	run: \|
	sudo mkdir -p data/volume/acme_ca/certs
	sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/
	sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg
	sudo chmod 777 data/volume/acme_srv.cfg
	sudo echo -e "\n\n[Renewalinfo]" >> data/volume/acme_srv.cfg
	sudo echo "renewal_force: True" >> data/volume/acme_srv.cfg

	- name: "Execute install scipt"
	run: \|
	docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh

	- name: "Test http://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

	- name: "Test if https://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory

	- name: "Enroll HTTP-01 single domain lego"
	run: \|
	docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http run
	sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt

	- name: "Renew HTTP-01 single domain lego"
	run: \|
	docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s http://acme-srv -a --email "[email protected]" -d lego.acme --http renew --no-random-sleep 2> ari.txt
	grep "renewalInfo endpoint indicates that renewal is needed" ari.txt
	cat ari.txt
	sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem lego/certificates/lego.acme.crt

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
	docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx
	sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
	sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/
	sudo rm ${{ github.workspace }}/artifact/data/*.rpm
	docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig
	docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf
	docker exec acme-srv rpm -qa > ${{ github.workspace }}/artifact/data/packages.txt
	docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log lego

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: ari_django_rpm-rh${{ matrix.rhversion }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ari Tests #616

Workflow file

Ari Tests #616

Jobs

Run details

Workflow file for this run