[wf] sleep in asa-handler workflow to avoid testing starts to early #736
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CA handler tests - OpenXPKI handler | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote the string | |
- cron: '0 2 * * 6' | |
jobs: | |
ejb_ca_tests: | |
name: "openxpki_hander_handler_tests docker image" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
websrv: ['apache2', 'nginx'] | |
dbhandler: ['wsgi', 'django'] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Get runner ip" | |
run: | | |
echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
- run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
- name: "Instanciate OpenXPKI server" | |
uses: ./.github/actions/wf_specific/openxpki_ca_handler/openxpki_prep | |
with: | |
RUNNER_IP: ${{ env.RUNNER_IP }} | |
WORKING_DIR: ${{ github.workspace }}/examples/Docker | |
- name: "Build container" | |
uses: ./.github/actions/container_prep | |
with: | |
DB_HANDLER: ${{ matrix.dbhandler }} | |
WEB_SRV: ${{ matrix.websrv }} | |
- name: "Setup a2c with est_ca_handler" | |
run: | | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: examples/ca_handler/est_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "est_host: https://openxpki:8443" >> examples/Docker/data/acme_srv.cfg | |
# sudo echo "est_host: https://$OPENXPKI_IP:8443" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "est_client_cert: volume/acme_ca/client_crt.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "est_client_key: volume/acme_ca/client_key.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: volume/acme_ca/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
REVOCATION: "false" | |
USE_CERTBOT: "false" | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
sudo rm -rf certbot/* | |
- name: "Setup a2c with est_ca_handler using pksc12" | |
run: | | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: examples/ca_handler/est_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "est_host: https://openxpki:8443" >> examples/Docker/data/acme_srv.cfg | |
# sudo echo "est_host: https://$OPENXPKI_IP:8443" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "est_client_cert: volume/acme_ca/client_crt.p12" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cert_passphrase: Test1234" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: volume/acme_ca/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
REVOCATION: "false" | |
USE_CERTBOT: "false" | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
sudo rm -rf certbot/* | |
- name: "Setup a2c with openxpki_ca_handler" | |
run: | | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: examples/ca_handler/openxpki_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "host: https://openxpki:8443" >> examples/Docker/data/acme_srv.cfg | |
# sudo echo "host: https://$OPENXPKI_IP:8443" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "client_cert: volume/acme_ca/client_crt.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "client_key: volume/acme_ca/client_key.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: volume/acme_ca/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cert_profile_name: tls-server" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "endpoint_name: enroll" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "polling_timeout: 60" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
TEST_ADL: "true" | |
- name: "Verify allowed_domainlist error" | |
run: | | |
cd examples/Docker | |
docker-compose logs | grep "allowed_domainlist" | grep -i "either CN or SANs are not allowed by configuration" | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
sudo rm -rf certbot/* | |
- name: "Reconfigure a2c (pkcs12 support)" | |
run: | | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: examples/ca_handler/openxpki_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "host: https://openxpki:8443" >> examples/Docker/data/acme_srv.cfg | |
# sudo echo "host: https://$OPENXPKI_IP:8443" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "client_cert: volume/acme_ca/client_crt.p12" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cert_passphrase: Test1234" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: volume/acme_ca/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cert_profile_name: tls-server" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "endpoint_name: enroll" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "polling_timeout: 60" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
TEST_ADL: "true" | |
- name: "Verify allowed_domainlist error" | |
run: | | |
cd examples/Docker | |
docker-compose logs | grep "allowed_domainlist" | grep -i "either CN or SANs are not allowed by configuration" | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
docker logs openxpki-docker_openxpki-server_1 > ${{ github.workspace }}/artifact/openxpki.log | |
cd examples/Docker | |
docker-compose logs > ${{ github.workspace }}/artifact/a2c.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz openxpki.log a2c.log data acme-sh certbot lego | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: openxpki-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |
openxpki_ca_handler_tests_rpm: | |
name: " openxpki_ca_handler_tests_rpm" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
rhversion: [8, 9] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Get runner ip" | |
run: | | |
echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
- run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
- name: "Instanciate OpenXPKI server" | |
uses: ./.github/actions/wf_specific/openxpki_ca_handler/openxpki_prep | |
with: | |
RUNNER_IP: ${{ env.RUNNER_IP }} | |
WORKING_DIR: ${{ github.workspace }} | |
- name: "Prepare Alma environment" | |
uses: ./.github/actions/rpm_prep | |
with: | |
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
RH_VERSION: ${{ matrix.rhversion }} | |
- name: "Setup a2c with est_ca_handler" | |
run: | | |
sudo touch data/acme_srv.cfg | |
sudo chmod 777 data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/est_ca_handler.py" >> data/acme_srv.cfg | |
sudo echo "est_host: https://openxpki:8443" >> data/acme_srv.cfg | |
# sudo echo "est_host: https://$OPENXPKI_IP:8443" >> data/acme_srv.cfg | |
sudo echo "est_client_cert: /opt/acme2certifier/volume/acme_ca/client_crt.pem" >> data/acme_srv.cfg | |
sudo echo "est_client_key: /opt/acme2certifier/volume/acme_ca/client_key.pem" >> data/acme_srv.cfg | |
sudo echo "ca_bundle: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Execute install scipt" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
REVOCATION: "false" | |
USE_CERTBOT: "false" | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf certbot/* | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
- name: "Setup a2c with est_ca_handler (pkcs12)" | |
run: | | |
sudo touch data/acme_srv.cfg | |
sudo chmod 777 data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/est_ca_handler.py" >> data/acme_srv.cfg | |
sudo echo "est_host: https://openxpki:8443" >> data/acme_srv.cfg | |
sudo echo "est_client_cert: /opt/acme2certifier/volume/acme_ca/client_crt.p12" >> data/acme_srv.cfg | |
sudo echo "cert_passphrase: Test1234" >> data/acme_srv.cfg | |
sudo echo "ca_bundle: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Reconfigure a2c" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
- name: "Execute install scipt" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
REVOCATION: "false" | |
USE_CERTBOT: "false" | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf certbot/* | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
- name: "Setup a2c with openxpki_ca_handler" | |
run: | | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/openxpki_ca_handler.py" >> data/acme_srv.cfg | |
sudo echo "host: https://openxpki:8443" >> data/acme_srv.cfg | |
# sudo echo "host: https://$OPENXPKI_IP:8443" >> data/acme_srv.cfg | |
sudo echo "client_cert: /opt/acme2certifier/volume/acme_ca/client_crt.pem" >> data/acme_srv.cfg | |
sudo echo "client_key: /opt/acme2certifier/volume/acme_ca/client_key.pem" >> data/acme_srv.cfg | |
sudo echo "ca_bundle: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg | |
sudo echo "cert_profile_name: tls-server" >> data/acme_srv.cfg | |
sudo echo "endpoint_name: enroll" >> data/acme_srv.cfg | |
sudo echo "polling_timeout: 60" >> data/acme_srv.cfg | |
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> data/acme_srv.cfg | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Reconfigure a2c " | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
TEST_ADL: "true" | |
- name: "Verify allowed_domainlist error" | |
run: | | |
docker exec acme-srv grep -i "either CN or SANs are not allowed by configuration" /var/log/messages | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf certbot/* | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
- name: "Reconfigure a2c (pkcs12 support)" | |
run: | | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/openxpki_ca_handler.py" >> data/acme_srv.cfg | |
sudo echo "host: https://openxpki:8443" >> data/acme_srv.cfg | |
# sudo echo "host: https://$OPENXPKI_IP:8443" >> data/acme_srv.cfg | |
sudo echo "client_cert: /opt/acme2certifier/volume/acme_ca/client_crt.p12" >> data/acme_srv.cfg | |
sudo echo "cert_passphrase: Test1234" >> data/acme_srv.cfg | |
sudo echo "ca_bundle: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg | |
sudo echo "cert_profile_name: tls-server" >> data/acme_srv.cfg | |
sudo echo "endpoint_name: enroll" >> data/acme_srv.cfg | |
sudo echo "polling_timeout: 60" >> data/acme_srv.cfg | |
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> data/acme_srv.cfg | |
env: | |
OPENXPKI_IP: ${{ env.RUNNER_IP }} | |
- name: "Reconfigure a2c " | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
TEST_ADL: "true" | |
- name: "Verify allowed_domainlist error" | |
run: | | |
docker exec acme-srv grep -i "either CN or SANs are not allowed by configuration" /var/log/messages | |
- name: "Delete acme-sh, letsencypt and lego folders" | |
run: | | |
sudo rm -rf certbot/* | |
sudo rm -rf lego/* | |
sudo rm -rf acme-sh/* | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
docker logs openxpki-docker_openxpki-server_1 > ${{ github.workspace }}/artifact/openxpki_server.log | |
docker logs openxpki-docker_openxpki-client_1 > ${{ github.workspace }}/artifact/openxpki_client.log | |
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
docker exec acme-srv rpm -qa > ${{ github.workspace }}/artifact/data/packages.txt | |
docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data openxpki_server.log openxpki_client.log acme-srv.log acme-sh | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: openxpki_rpm-rh${{ matrix.rhversion }}.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ |