[wf] max-paralell statement in all workflows #1671

Workflow file for this run

.github/workflows/dns-test.yml at edbf17b

	name: DNS-01 challenge tests

	on:
	push:
	pull_request:
	branches: [ devel ]
	schedule:
	# * is a special character in YAML so you have to quote this string
	- cron: '0 2 * * 6'

	jobs:
	dns_challenge_tests:
	name: "dns_challenge_tests"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	max-parallel: 2
	matrix:
	websrv: ['apache2', 'nginx']
	dbhandler: ['wsgi', 'django']
	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: "Build container"
	uses: ./.github/actions/container_prep
	with:
	DB_HANDLER: ${{ matrix.dbhandler }}
	WEB_SRV: ${{ matrix.websrv }}

	- name: "Prepare acme_srv.cfg with certifier_ca_handler"
	uses: ./.github/actions/wf_specific/certifier_ca_handler/certifier_setup_no_profile
	with:
	WCCE_SSH_ACCESS_KEY: ${{ secrets.WCCE_SSH_ACCESS_KEY }}
	WCCE_SSH_KNOWN_HOSTS: ${{ secrets.WCCE_SSH_KNOWN_HOSTS }}
	WCCE_SSH_USER: ${{ secrets.WCCE_SSH_USER }}
	WCCE_SSH_HOST: ${{ secrets.WCCE_SSH_HOST }}
	WCCE_SSH_PORT: ${{ secrets.WCCE_SSH_PORT }}
	NCM_API_HOST: ${{ secrets.NCM_API_HOST }}
	NCM_API_USER: ${{ secrets.NCM_API_USER }}
	NCM_API_PASSWORD: ${{ secrets.NCM_API_PASSWORD }}
	NCM_CA_NAME: ${{ secrets.NCM_CA_NAME }}
	ACME_SRV_SRC: .github/openssl_ca_handler.py_acme_srv_default_handler_dns.cfg
	DATA_PATH: examples/Docker/data

	- name: "Restart a2c"
	run: \|
	cd examples/Docker/
	docker-compose restart
	docker-compose logs

	- name: "Sleep for 10s"
	uses: juliangruber/sleep-action@v2.0.3
	with:
	time: 10s

	- name: "Test http://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

	- name: "Test if https://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory

	- name: "Prepare acme.sh container"
	run: \|
	docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon
	sudo cp .github/dns_test.sh acme-sh/
	docker exec -i acme-sh apk add dnsmasq
	docker exec -i acme-sh dnsmasq
	docker exec -i acme-sh mv /acme.sh/dns_test.sh /root/.acme.sh/dnsapi/
	docker exec -i acme-sh chmod +x /root/.acme.sh/dnsapi/dns_test.sh

	- name: "Set DNS server"
	run: \|
	cd examples/Docker/
	docker-compose stop
	docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh
	sudo sed -i "s/DNS-IP/$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)/g" data/acme_srv.cfg
	docker-compose start
	docker-compose logs

	- name: "Enroll acme.sh - single domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d acme-sh.single --standalone --debug 3 --output-insecure --force
	awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.single_ecc/ca.cer
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.single_ecc/acme-sh.single.cer

	- name: "Enroll acme.sh - two domains"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d acme-sh.first --dns dns_test -d acme-sh.second --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.first_ecc/acme-sh.first.cer

	- name: "Enroll acme.sh - single wildcard domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d *.acme-sh.wildcard --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.wildcard_ecc/acme-sh.wildcard.cer

	- name: "Enroll acme.sh - double wildcard domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d .acme-sh.first-wildcard --dns dns_test -d .acme-sh.second-wildcard --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/.acme-sh.first-wildcard_ecc/.acme-sh.first-wildcard.cer

	- name: "Enroll acme.sh - domain and wildcard domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d acme-sh.fqdn-wildcard --dns dns_test -d *.acme-sh.fqdn-wildcard --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.fqdn-wildcard_ecc/acme-sh.fqdn-wildcard.cer

	- name: "check TXT record exists"
	if: ${{ failure() }}
	run: \|
	docker exec -i acme-sh ps -a
	docker exec -i acme-sh netstat -anu
	cd examples/Docker/
	docker-compose logs
	dig -t TXT _acme-challenge.acme-sh.single @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.first @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.second @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.wildcard @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.first-wildcard @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.second-wildcard @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
	cd examples/Docker
	docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: dns_challenge_tests-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/


	dns_challenge_tests_rpm:
	name: "dns_challenge_tests_rpm"
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	max-parallel: 1
	matrix:
	rhversion: [8, 9]

	steps:
	- name: "checkout GIT"
	uses: actions/checkout@v4

	- name: "Prepare Alma environment"
	uses: ./.github/actions/rpm_prep
	with:
	GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
	GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
	RH_VERSION: ${{ matrix.rhversion }}

	- name: "Prepare acme_srv.cfg with certifier_ca_handler"
	uses: ./.github/actions/wf_specific/certifier_ca_handler/certifier_setup_no_profile
	with:
	WCCE_SSH_ACCESS_KEY: ${{ secrets.WCCE_SSH_ACCESS_KEY }}
	WCCE_SSH_KNOWN_HOSTS: ${{ secrets.WCCE_SSH_KNOWN_HOSTS }}
	WCCE_SSH_USER: ${{ secrets.WCCE_SSH_USER }}
	WCCE_SSH_HOST: ${{ secrets.WCCE_SSH_HOST }}
	WCCE_SSH_PORT: ${{ secrets.WCCE_SSH_PORT }}
	NCM_API_HOST: ${{ secrets.NCM_API_HOST }}
	NCM_API_USER: ${{ secrets.NCM_API_USER }}
	NCM_API_PASSWORD: ${{ secrets.NCM_API_PASSWORD }}
	NCM_CA_NAME: ${{ secrets.NCM_CA_NAME }}
	ACME_SRV_SRC: .github/openssl_ca_handler.py_acme_srv_default_handler_dns.cfg
	DATA_PATH: data

	- name: "Prepare acme.sh container"
	run: \|
	docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon
	sudo cp .github/dns_test.sh acme-sh/
	docker exec -i acme-sh apk add dnsmasq
	docker exec -i acme-sh dnsmasq
	docker exec -i acme-sh mv /acme.sh/dns_test.sh /root/.acme.sh/dnsapi/
	docker exec -i acme-sh chmod +x /root/.acme.sh/dnsapi/dns_test.sh

	- name: "Set DNS server"
	run: \|
	docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh
	sudo sed -i "s/DNS-IP/$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)/g" data/acme_srv.cfg

	- name: "Execute install scipt"
	run: \|
	docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh

	- name: "Test http://acme-srv/directory is accessible"
	run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

	- name: "Enroll acme.sh - single domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d acme-sh.single --standalone --debug 3 --output-insecure --force
	awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.single_ecc/ca.cer
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.single_ecc/acme-sh.single.cer

	- name: "Enroll acme.sh - two domains"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d acme-sh.first --dns dns_test -d acme-sh.second --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.first_ecc/acme-sh.first.cer

	- name: "Enroll acme.sh - single wildcard domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d *.acme-sh.wildcard --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.wildcard_ecc/acme-sh.wildcard.cer

	- name: "Enroll acme.sh - double wildcard domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d .acme-sh.first-wildcard --dns dns_test -d .acme-sh.second-wildcard --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/.acme-sh.first-wildcard_ecc/.acme-sh.first-wildcard.cer

	- name: "Enroll acme.sh - domain and wildcard domain"
	run: \|
	docker exec -i acme-sh acme.sh --dnssleep 10 --server http://acme-srv --accountemail 'acme-sh@example.com' --issue --dns dns_test -d acme-sh.fqdn-wildcard --dns dns_test -d *.acme-sh.fqdn-wildcard --standalone --debug 3 --output-insecure --force
	openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.fqdn-wildcard_ecc/acme-sh.fqdn-wildcard.cer

	- name: "check TXT record exists"
	if: ${{ failure() }}
	run: \|
	docker exec -i acme-sh ps -a
	docker exec -i acme-sh netstat -anu
	cd examples/Docker/
	docker-compose logs
	dig -t TXT _acme-challenge.acme-sh.single @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.first @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.second @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.wildcard @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.first-wildcard @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)
	dig -t TXT _acme-challenge.acme-sh.second-wildcard @$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' acme-sh)

	- name: "[ * ] collecting test logs"
	if: ${{ failure() }}
	run: \|
	mkdir -p ${{ github.workspace }}/artifact/upload
	docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
	sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
	sudo rm ${{ github.workspace }}/artifact/data/*.rpm
	sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
	docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig
	docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf
	docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
	sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh

	- name: "[ * ] uploading artificates"
	uses: actions/upload-artifact@v4
	if: ${{ failure() }}
	with:
	name: dns-rpm-rh${{ matrix.rhversion }}.tar.gz
	path: ${{ github.workspace }}/artifact/upload/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[wf] max-paralell statement in all workflows #1671

Workflow file

[wf] max-paralell statement in all workflows #1671

Jobs

Run details

Workflow file for this run