Skip to content

Application Tests - win-acme #1359

Application Tests - win-acme

Application Tests - win-acme #1359

name: Application Tests - win-acme
on:
push:
pull_request:
branches: [ devel ]
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 2 * * 6'
jobs:
win_acme:
name: "win_acme"
runs-on: windows-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "[ PREPARE ] get RunnerIP"
run: |
Get-NetIPAddress -AddressFamily IPv4
# $runner_ip=(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'Ethernet').IPAddress
$runner_ip=(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'vEthernet (nat)').IPAddress
echo RUNNER_IP=$runner_ip >> $env:GITHUB_ENV
- name: "[ PREPARE ] echo RunnerIP"
run: echo $env:RUNNER_IP
- name: "[ PREPARE ] Create DNS entries "
run: |
Invoke-RestMethod -ContentType "application/json" -Method PUT -Uri ${{ secrets.CF_DYNAMOP_URL }} -Headers @{Authorization="Bearer ${{ secrets.CF_TOKEN }}"} -UseBasicParsing -Body '{"type":"A","name":"${{ secrets.CF_WINACME1_NAME }}","content":"${{ env.RUNNER_IP }}","ttl":120,"proxied":false}'
- name: "[ PREPARE ] Build local acme2certifier environment"
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install django==3.2
pip install django-sslserver
pip install pyyaml
cp examples/db_handler/django_handler.py acme_srv/db_handler.py
cp examples/django/* .\ -Recurse -Force
(Get-Content .github/django_settings.py) -replace '/var/www/acme2certifier/volume/db.sqlite3', 'volume/db.sqlite3' | Set-Content acme2certifier/settings.py
(Get-Content acme2certifier/settings.py) -replace 'django.contrib.staticfiles', 'sslserver' | Set-Content acme2certifier/settings.py
cat acme2certifier/settings.py
cp examples/ca_handler/openssl_ca_handler.py acme2certifier/ca_handler.py
cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg acme_srv/acme_srv.cfg
cp .github/acme2certifier_cert.pem acme2certifier/acme2certifier_cert.pem
cp .github/acme2certifier_key.pem acme2certifier/acme2certifier_key.pem
mkdir .\volume/acme_ca/certs
cp test/ca/*.pem volume/acme_ca/
certutil -addstore -enterprise -f -v root volume\acme_ca\root-ca-cert.pem
certutil -addstore -enterprise -f -v root volume\acme_ca\sub-ca-cert.pem
- name: "[ PREPARE ] configure server"
run: |
python manage.py makemigrations
python manage.py migrate
python manage.py loaddata acme_srv/fixture/status.yaml
- name: "[ PREPARE ] try to get up the server"
run: |
Start-Process powershell {python .\manage.py runserver 0.0.0.0:8080 3>&1 2>&1 > volume\redirection.log}
- name: "[ PREPARE ] Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "[ TEST ] Test if directory ressource is accessible"
run: |
get-Process python
Invoke-RestMethod -Uri http://127.0.0.1:8080/directory -NoProxy -TimeoutSec 5
[System.Net.Dns]::GetHostByName('localhost').HostName
([System.Net.Dns]::GetHostByName(($env:computerName))).Hostname
- name: "[ PREPARE ] Download win-acme"
run: |
Invoke-RestMethod -Uri https://github.com/win-acme/win-acme/releases/download/v2.2.8.1635/win-acme.v2.2.8.1635.x64.trimmed.zip -OutFile win-acme.zip
Expand-Archive .\win-acme.zip
mkdir win-acme\certs
dir win-acme\*
- name: "[ ENROLL ] Enroll certificate via win-acme"
run: |
.\win-acme\wacs.exe --baseuri http://127.0.0.1:8080 --emailaddress=grindsa@bar.local --pemfilespath win-acme\certs --source manual --host ${{ secrets.CF_WINACME1_NAME }},${{ secrets.CF_WINACME2_NAME }} --store pemfiles --force
- name: "[ PREPARE ] try to get up the sslserver"
run: |
Start-Process powershell {python .\manage.py runsslserver 0.0.0.0:443 --certificate acme2certifier/acme2certifier_cert.pem --key acme2certifier/acme2certifier_key.pem 3>&1 2>&1 > volume\redirection_ssl.log}
- name: "[ PREPARE ] Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "[ TEST ] Test if directory ressource is accessible"
run: |
get-Process python
Invoke-RestMethod -SkipCertificateCheck -Uri https://localhost -NoProxy -TimeoutSec 5
[System.Net.Dns]::GetHostByName('localhost').HostName
([System.Net.Dns]::GetHostByName(($env:computerName))).Hostname
- name: "[ PREPARE ] Install and configure Posh-ACME"
run: |
Install-Module -Name Posh-ACME -Scope CurrentUser -Force
- name: "Create account via Posh-ACME"
run: |
set-PAServer -DirectoryUrl https://localhost/directory -SkipCertificateCheck
$DebugPreference = 'Continue'
New-PAAccount -Contact 'foo@bar.local'
$ACC_1 = (Get-PAAccount | Out-String -Stream | Select-String -Pattern "valid")
echo ACC1=$ACC_1 >> $env:GITHUB_ENV
Export-PAAccountKEy -OutputFile foo.key
echo $env:ACC_1
- name: "Recreate account via Posh-ACME"
run: |
$DebugPreference = 'Continue'
Get-PAAccount | Remove-PAAccount -Force
Get-PAAccount
New-PAAccount -Contact 'win4@bar.local' -AcceptTOS -OnlyReturnExisting -KeyFile foo.key
Get-PAAccount -Refresh
$ACC_2 = (Get-PAAccount | Out-String -Stream | Select-String -Pattern "valid")
echo ACC2=$ACC_2 >> $env:GITHUB_ENV
echo $env:ACC_2
- name: "Rollover account key"
run: |
$DebugPreference = 'Continue'
Set-PAAccount -KeyRollover
- name: "[ ENROLL ] Enroll Certificate via Posh-ACME"
# if: $env:ACC_1 == env.ACC_2
run: |
$DebugPreference = 'Continue'
New-PACertificate ${{ secrets.CF_WINACME1_NAME }} -Plugin WebSelfHost -PluginArgs @{} -Force
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir ${{ github.workspace }}\artifact\upload
cp volume ${{ github.workspace }}\artifact\upload/ -Recurse -Force
cp acme_srv\acme_srv.cfg ${{ github.workspace }}\artifact\upload
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: win-acme.tar.gz
path: ${{ github.workspace }}/artifact/upload/