bump

grindsa · Dec 20, 2024 · 1cb0c67 · 1cb0c67
1 parent 4d664d6
commit 1cb0c67
Showing 1 changed file with 120 additions and 24 deletions.
diff --git a/.github/workflows/ca_handler_tests_cmp.yml b/.github/workflows/ca_handler_tests_cmp.yml
@@ -88,13 +88,35 @@ jobs:
         CMP_RA_CERT: ${{ secrets.CMP_RA_CERT }}
         CMP_TRUSTED: ${{ secrets.CMP_TRUSTED }}
 
-    - name: "Test enrollment"
-      uses: ./.github/actions/acme_clients
+    - name: "Sleep for 10s"
+      uses: juliangruber/sleep-action@v2.0.3
       with:
-        REVOCATION: "false"
-        VERIFY_CERT: "false"
-        USE_CERTBOT: "false"
-        TEST_ADL: "true"
+        time: 10s
+
+    - name: "Test http://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
+    - name: "Test if https://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
+
+    - name: "Enroll acme.sh"
+      run: |
+        docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
+        awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
+        openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
+        sudo rm -rf acme-sh/*
+
+    - name: "Allowed domainlist feature - Enroll lego (fail)"
+      continue-on-error: true
+      id: legofail01
+      run: |
+        docker run -i --rm -v $PWD/lego:/.lego/ --name lego --network acme goacme/lego -s  http://acme-srv -a --email "lego@example.com" -d lego --tls run
+
+    - name: "Allowed domainlist feature - check  result "
+      if: ${{ steps.legofail01.outcome != 'failure' }}
+      run: |
+        echo "legofail outcome is ${{steps.legofail01.outcome }}"
+        exit 1
 
     - name: "Verify allowed_domainlist error"
       run: |
@@ -134,19 +156,51 @@ jobs:
         CMP_REF: ${{ secrets.CMP_REF }}
         CMP_SECRET: ${{ secrets.CMP_SECRET }}
 
-    - name: "Test enrollment"
-      uses: ./.github/actions/acme_clients
+    - name: "Sleep for 10s"
+      uses: juliangruber/sleep-action@v2.0.3
       with:
-        REVOCATION: "false"
-        VERIFY_CERT: "false"
-        USE_CERTBOT: "false"
-        TEST_ADL: "true"
+        time: 10s
+
+    - name: "Sleep for 10s"
+      uses: juliangruber/sleep-action@v2.0.3
+      with:
+        time: 10s
+
+    - name: "Test http://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
+    - name: "Test if https://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
+
+    - name: "Enroll acme.sh"
+      run: |
+        docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
+        awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
+        openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
+
+    - name: "Allowed domainlist feature - Enroll lego (fail)"
+      continue-on-error: true
+      id: legofail02
+      run: |
+        docker run -i --rm -v $PWD/lego:/.lego/ --name lego --network acme goacme/lego -s  http://acme-srv -a --email "lego@example.com" -d lego --tls run
+
+    - name: "Allowed domainlist feature - check  result "
+      if: ${{ steps.legofail02.outcome != 'failure' }}
+      run: |
+        echo "legofail outcome is ${{steps.legofail02.outcome }}"
+        exit 1
 
     - name: "Verify allowed_domainlist error"
       run: |
         cd examples/Docker
         docker-compose logs | grep "allowed_domainlist" | grep -i "either CN or SANs are not allowed by configuration"
 
+    - name: "Check container configuration"
+      uses: ./.github/actions/container_check
+      with:
+        DB_HANDLER: ${{ matrix.dbhandler }}
+        WEB_SRV: ${{ matrix.websrv }}
+
     - name: "[ * ] collecting test logs"
       if: ${{ failure() }}
       run: |
@@ -249,13 +303,34 @@ jobs:
       run: |
         docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh
 
-    - name: "Test enrollment"
-      uses: ./.github/actions/acme_clients
+    - name: "Sleep for 10s"
+      uses: juliangruber/sleep-action@v2.0.3
       with:
-        REVOCATION: "false"
-        VERIFY_CERT: "false"
-        USE_CERTBOT: "false"
-        TEST_ADL: "true"
+        time: 10s
+
+    - name: "Test http://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
+    - name: "Test if https://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
+
+    - name: "Enroll acme.sh"
+      run: |
+        docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
+        awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
+        openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
+
+    - name: "Allowed domainlist feature - Enroll lego (fail)"
+      continue-on-error: true
+      id: legofail01
+      run: |
+        docker run -i --rm -v $PWD/lego:/.lego/ --name lego --network acme goacme/lego -s  http://acme-srv -a --email "lego@example.com" -d lego --tls run
+
+    - name: "Allowed domainlist feature - check  result "
+      if: ${{ steps.legofail01.outcome != 'failure' }}
+      run: |
+        echo "legofail outcome is ${{steps.legofail01.outcome }}"
+        exit 1
 
     - name: "Verify allowed_domainlist error"
       run: |
@@ -362,13 +437,34 @@ jobs:
       run: |
         docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh
 
-    - name: "Test enrollment"
-      uses: ./.github/actions/acme_clients
+    - name: "Sleep for 10s"
+      uses: juliangruber/sleep-action@v2.0.3
       with:
-        REVOCATION: "false"
-        VERIFY_CERT: "false"
-        USE_CERTBOT: "false"
-        TEST_ADL: "true"
+        time: 10s
+
+    - name: "Test http://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
+
+    - name: "Test if https://acme-srv/directory is accessible"
+      run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
+
+    - name: "Enroll acme.sh"
+      run: |
+        docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
+        awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
+        openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
+
+    - name: "Allowed domainlist feature - Enroll lego (fail)"
+      continue-on-error: true
+      id: legofail01
+      run: |
+        docker run -i --rm -v $PWD/lego:/.lego/ --name lego --network acme goacme/lego -s  http://acme-srv -a --email "lego@example.com" -d lego --tls run
+
+    - name: "Allowed domainlist feature - check  result "
+      if: ${{ steps.legofail01.outcome != 'failure' }}
+      run: |
+        echo "legofail outcome is ${{steps.legofail01.outcome }}"
+        exit 1
 
     - name: "Verify allowed_domainlist error"
       run: |