[wf] sleep in asa-handler workflow to avoid testing starts to early #1097
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CA handler tests - OpenSSL | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel ] | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 2 * * 6' | |
| jobs: | |
| openssl_ca_handler_tests: | |
| name: "openssl_ca_handler_tests" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| websrv: ['apache2', 'nginx'] | |
| dbhandler: ['wsgi', 'django'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Build container" | |
| uses: ./.github/actions/container_prep | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| - name: "Setup a2c with openssl_ca_handler - default" | |
| run: | | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Setup a2c with openssl_ca_handler - with template" | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo echo -e "\nopenssl_conf: volume/acme_ca/openssl.cnf" >> examples/Docker/data/acme_srv.cfg | |
| sudo touch examples/Docker/data/acme_ca/openssl.cnf | |
| sudo chmod 777 examples/Docker/data/acme_ca/openssl.cnf | |
| sudo echo -e "[extensions]\nbasicConstraints = critical, CA:FALSE\nsubjectKeyIdentifier = hash, issuer:always\nauthorityKeyIdentifier = keyid:always, issuer:always" >> examples/Docker/data/acme_ca/openssl.cnf | |
| sudo echo -e "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement\nextendedKeyUsage = critical, serverAuth, OCSPSigning\n" >> examples/Docker/data/acme_ca/openssl.cnf | |
| cd examples/Docker/ | |
| docker-compose restart | |
| - name: "With Tempßlate - enrollment" | |
| uses: ./.github/actions/wf_specific/openssl_ca_handler/enroll_w_teamplate | |
| - name: "Setup a2c with openssl_ca_handler - cn_enforce" | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo echo -e "\ncn_enforce: True" >> examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| - name: "With CN enforce - enrollment" | |
| uses: ./.github/actions/wf_specific/openssl_ca_handler/enroll_cn_enforce | |
| - name: "Setup a2c with openssl_ca_handler - adjust cert_validity" | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo sed -i "s/cert_validity_days: 30/cert_validity_days: 3650\ncert_validity_adjust: True/g" examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| - name: "With cert_validity - enrollment" | |
| uses: ./.github/actions/wf_specific/openssl_ca_handler/enroll_adjust_cert_validity | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
| sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data acme-sh certbot lego | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: openssl_ca_handler_tests-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| openssl_ca_handler_tests_rpm: | |
| name: "openssl_ca_handler_tests_rpm" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rhversion: [8, 9] | |
| execscript: ['rpm_tester.sh', 'django_tester.sh'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare Alma environment" | |
| uses: ./.github/actions/rpm_prep | |
| with: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| RH_VERSION: ${{ matrix.rhversion }} | |
| - name: "Setup a2c with openssl_ca_handler" | |
| if: matrix.execscript == 'rpm_tester.sh' | |
| run: | | |
| sudo mkdir -p data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| - name: "Setup a2c with openssl_ca_handler for django" | |
| if: matrix.execscript == 'django_tester.sh' | |
| run: | | |
| sudo mkdir -p data/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/$EXEC_SCRIPT | |
| env: | |
| EXEC_SCRIPT: ${{ matrix.execscript }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Setup a2c with openssl_ca_handler - with template" | |
| if: matrix.execscript == 'rpm_tester.sh' | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo echo -e "\nopenssl_conf: volume/acme_ca/openssl.cnf" >> data/acme_srv.cfg | |
| sudo touch data/acme_ca/openssl.cnf | |
| sudo chmod 777 data/acme_ca/openssl.cnf | |
| sudo echo -e "[extensions]\nbasicConstraints = critical, CA:FALSE\nsubjectKeyIdentifier = critical, hash, issuer:always\nauthorityKeyIdentifier = keyid:always, issuer:always" >> data/acme_ca/openssl.cnf | |
| sudo echo -e "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement\nextendedKeyUsage = critical, serverAuth, OCSPSigning\n" >> data/acme_ca/openssl.cnf | |
| - name: "Setup a2c with openssl_ca_handler - with template" | |
| if: matrix.execscript == 'django_tester.sh' | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo echo -e "\nopenssl_conf: volume/acme_ca/openssl.cnf" >> data/volume/acme_srv.cfg | |
| sudo touch data/volume/acme_ca/openssl.cnf | |
| sudo chmod 777 data/volume/acme_ca/openssl.cnf | |
| sudo echo -e "[extensions]\nbasicConstraints = critical, CA:FALSE\nsubjectKeyIdentifier = critical, hash, issuer:always\nauthorityKeyIdentifier = keyid:always, issuer:always" >> data/volume/acme_ca/openssl.cnf | |
| sudo echo -e "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement\nextendedKeyUsage = critical, serverAuth, OCSPSigning\n" >> data/volume/acme_ca/openssl.cnf | |
| - name: "Reconfigure a2c" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/$EXEC_SCRIPT restart | |
| env: | |
| EXEC_SCRIPT: ${{ matrix.execscript }} | |
| - name: "With Tempßlate - enrollment" | |
| uses: ./.github/actions/wf_specific/openssl_ca_handler/enroll_w_teamplate | |
| - name: "Setup a2c with openssl_ca_handler - cn_enforce" | |
| if: matrix.execscript == 'rpm_tester.sh' | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo echo -e "\ncn_enforce: True" >> data/acme_srv.cfg | |
| - name: "Setup a2c with openssl_ca_handler for django - cn_enforce" | |
| if: matrix.execscript == 'django_tester.sh' | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo echo -e "\ncn_enforce: True" >> data/volume/acme_srv.cfg | |
| - name: "Reconfigure a2c" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/$EXEC_SCRIPT restart | |
| env: | |
| EXEC_SCRIPT: ${{ matrix.execscript }} | |
| - name: "With CN enforce - enrollment" | |
| if: matrix.execscript == 'rpm_tester.sh' | |
| uses: ./.github/actions/wf_specific/openssl_ca_handler/enroll_cn_enforce | |
| - name: "Setup a2c with openssl_ca_handler - adjust cert_validity" | |
| if: matrix.execscript == 'rpm_tester.sh' | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo sed -i "s/cert_validity_days: 30/cert_validity_days: 3650\ncert_validity_adjust: True/g" data/acme_srv.cfg | |
| - name: "Setup a2c with openssl_ca_handler for django - adjust cert_validity" | |
| if: matrix.execscript == 'django_tester.sh' | |
| run: | | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg | |
| sudo chmod 777 data/volume/acme_srv.cfg | |
| sudo sed -i "s/cert_validity_days: 30/cert_validity_days: 3650\ncert_validity_adjust: True/g" data/volume/acme_srv.cfg | |
| - name: "Reconfigure a2c" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/$EXEC_SCRIPT restart | |
| env: | |
| EXEC_SCRIPT: ${{ matrix.execscript }} | |
| - name: "With cert_validity - enrollment" | |
| uses: ./.github/actions/wf_specific/openssl_ca_handler/enroll_adjust_cert_validity | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
| sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
| docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
| docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh certbot lego | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: openssl-openssl_ca_handler_tests_rpm-rh${{ matrix.rhversion }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ |