feat(k8s-test): Try login and obtain API token #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: k8s Deployment | ||
| on: | ||
| workflow_call: | ||
| env: | ||
| DD_HOSTNAME: defectdojo.default.minikube.local | ||
| HELM_RABBIT_BROKER_SETTINGS: " \ | ||
| --set redis.enabled=false \ | ||
| --set rabbitmq.enabled=true \ | ||
| --set celery.broker=rabbitmq \ | ||
| --set createRabbitMqSecret=true \ | ||
| " | ||
| HELM_REDIS_BROKER_SETTINGS: " \ | ||
| --set redis.enabled=true \ | ||
| --set rabbitmq.enabled=false \ | ||
| --set celery.broker=redis \ | ||
| --set createRedisSecret=true \ | ||
| " | ||
| HELM_MYSQL_DATABASE_SETTINGS: " \ | ||
| --set database=mysql \ | ||
| --set postgresql.enabled=false \ | ||
| --set mysql.enabled=true \ | ||
| --set createMysqlSecret=true \ | ||
| " | ||
| HELM_PG_DATABASE_SETTINGS: " \ | ||
| --set database=postgresql \ | ||
| --set postgresql.enabled=true \ | ||
| --set mysql.enabled=false \ | ||
| --set createPostgresqlSecret=true \ | ||
| " | ||
| jobs: | ||
| setting_minikube_cluster: | ||
| name: Kubernetes Deployment | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| # databases, broker and k8s are independent, so we don't need to test each combination | ||
| # lastest k8s version (https://kubernetes.io/releases/) and oldest supported version from aws | ||
| # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions) | ||
| - databases: pgsql | ||
| brokers: redis | ||
| k8s: 'v1.26.11' | ||
| os: debian | ||
| - databases: mysql | ||
| brokers: rabbit | ||
| k8s: 'v1.26.11' | ||
| os: debian | ||
| - databases: pgsql | ||
| brokers: rabbit | ||
| k8s: 'v1.29.2' | ||
| os: debian | ||
| - databases: mysql | ||
| brokers: redis | ||
| k8s: 'v1.29.2' | ||
| os: debian | ||
| - databases: pgsql | ||
| brokers: rabbit | ||
| k8s: 'v1.29.2' | ||
| os: alpine | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Minikube | ||
| uses: manusa/[email protected] | ||
| with: | ||
| minikube version: 'v1.31.2' | ||
| kubernetes version: ${{ matrix.k8s }} | ||
| driver: docker | ||
| start args: '--addons=ingress --cni calico' | ||
| github token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Status of minikube | ||
| run: |- | ||
| minikube status | ||
| - name: Load images from artifacts | ||
| uses: actions/download-artifact@v3 | ||
| - name: Load docker images | ||
| timeout-minutes: 10 | ||
| run: |- | ||
| eval $(minikube docker-env) | ||
| docker load -i nginx/nginx-${{ matrix.os }}_img | ||
| docker load -i django/django-${{ matrix.os }}_img | ||
| docker images | ||
| - name: Configure HELM repos | ||
| run: |- | ||
| helm repo add bitnami https://charts.bitnami.com/bitnami | ||
| helm dependency list ./helm/defectdojo | ||
| helm dependency update ./helm/defectdojo | ||
| - name: Set confings into Outputs | ||
| id: set | ||
| run: |- | ||
| echo "pgsql=${{ env.HELM_PG_DATABASE_SETTINGS }}" >> $GITHUB_ENV | ||
| echo "mysql=${{ env.HELM_MYSQL_DATABASE_SETTINGS }}" >> $GITHUB_ENV | ||
| echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV | ||
| echo "rabbit=${{ env.HELM_RABBIT_BROKER_SETTINGS }}" >> $GITHUB_ENV | ||
| - name: Deploying Djano application with ${{ matrix.databases }} ${{ matrix.brokers }} | ||
| timeout-minutes: 10 | ||
| run: |- | ||
| helm install \ | ||
| --timeout 800s \ | ||
| defectdojo \ | ||
| ./helm/defectdojo \ | ||
| --set django.ingress.enabled=true \ | ||
| --set imagePullPolicy=Never \ | ||
| ${{ env[matrix.databases] }} \ | ||
| ${{ env[matrix.brokers] }} \ | ||
| --set createSecret=true \ | ||
| --set tag=${{ matrix.os }} \ | ||
| # --set imagePullSecrets=defectdojoregistrykey | ||
| - name: Check deployment status | ||
| run: |- | ||
| kubectl get pods | ||
| kubectl get ingress | ||
| kubectl get services | ||
| - name: Check Application | ||
| timeout-minutes: 10 | ||
| run: |- | ||
| to_complete () { | ||
| kubectl wait --for=$1 $2 --timeout=500s --selector=$3 2>/tmp/test || true | ||
| if [[ -s /tmp/test ]]; then | ||
| echo "ERROR: $2" | ||
| cat /tmp/test | ||
| echo "INFO: status:" | ||
| kubectl get pods | ||
| echo "INFO: logs:" | ||
| kubectl logs --selector=$3 --all-containers=true | ||
| exit 1 | ||
| fi | ||
| return ${?} | ||
| } | ||
| echo "Waiting for init job..." | ||
| to_complete "condition=Complete" job "defectdojo.org/component=initializer" | ||
| echo "Waiting for celery pods..." | ||
| to_complete "condition=ready" pod "defectdojo.org/component=celery" | ||
| echo "Waiting for django pod..." | ||
| to_complete "condition=ready" pod "defectdojo.org/component=django" | ||
| echo "Pods up and ready to rumbole" | ||
| kubectl get pods | ||
| RETRY=0 | ||
| while : | ||
| do | ||
| OUT=$(kubectl run curl --quiet=true --image=curlimages/curl:7.73.0 \ | ||
| --overrides='{ "apiVersion": "v1" }' \ | ||
| --restart=Never -i --rm -- -s -m 20 -I --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \ | ||
| | jq -r '.spec.clusterIP'`/login?next=/) | ||
| echo $OUT | ||
| CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2` | ||
| echo $CR | ||
| if [[ $CR -ne 200 ]]; then | ||
| echo $RETRY | ||
| if [[ $RETRY -gt 2 ]]; then | ||
| kubectl get pods | ||
| echo `kubectl logs --tail=30 -l defectdojo.org/component=django -c uwsgi` | ||
| echo "ERROR: cannot display login screen; got HTTP code $CR" | ||
| exit 1 | ||
| else | ||
| ((RETRY++)) | ||
| echo "Attempt $RETRY to get login page" | ||
| sleep 5 | ||
| fi | ||
| else | ||
| echo "Result received" | ||
| break | ||
| fi | ||
| done | ||
| ADMIN_PASS=$(kubectl get secret/defectdojo -o json | jq -r '.data.DD_ADMIN_PASSWORD' | base64 -d) | ||
| echo "Simple Login check" | ||
| OUT=$(kubectl run curl --quiet=true --image=curlimages/curl:7.73.0 \ | ||
| --overrides='{ "apiVersion": "v1" }' \ | ||
| --restart=Never -i --rm -- -s -m 20 -I --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \ | ||
| | jq -r '.spec.clusterIP'`/login?next=/ --data-raw "username=admin&password=$ADMIN_PASS") | ||
| echo $OUT | ||
| CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2` | ||
| echo $CR | ||
| if [[ $CR -ne 200 ]]; then | ||
| echo "ERROR: login is not possible; got HTTP code $CR" | ||
| exit 1 | ||
| else | ||
| echo "Result received" | ||
| fi | ||
| echo "Simple API check" | ||
| OUT=$(kubectl run curl --quiet=true --image=curlimages/curl:7.73.0 \ | ||
| --overrides='{ "apiVersion": "v1" }' \ | ||
| --restart=Never -i --rm -- -s -m 20 -I --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \ | ||
| | jq -r '.spec.clusterIP'`/api/v2/api-token-auth/ --data-raw "username=admin&password=$ADMIN_PASS") | ||
| echo $OUT | ||
| CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2` | ||
| echo $CR | ||
| if [[ $CR -ne 200 ]]; then | ||
| echo "ERROR: login is not possible; got HTTP code $CR" | ||
| exit 1 | ||
| else | ||
| echo "Result received" | ||
| fi | ||
| echo "Final Check of components" | ||
| errors=`kubectl get pods | grep Error | awk '{print $1}'` | ||
| if [[ ! -z $errors ]]; then | ||
| echo "Few pods with errors" | ||
| for line in $errors; do | ||
| echo "Dumping log from $line" | ||
| kubectl logs --tail 50 $line | ||
| done | ||
| exit 1 | ||
| else | ||
| echo "DD K8S successfully deployed" | ||
| fi | ||
| curl 'http://localhost:8080/login?next=/' \ | ||
| -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8' \ | ||
| -H 'Accept-Language: en-GB,en' \ | ||
| -H 'Cache-Control: no-cache' \ | ||
| -H 'Connection: keep-alive' \ | ||
| -H 'Content-Type: application/x-www-form-urlencoded' \ | ||
| -H 'Cookie: firefly_session=eyJpdiI6IlNrTjZoTThFQWwvVlgrQjN0ZUd1dVE9PSIsInZhbHVlIjoiZk55Mm85VTFhU0ZpZndjM3F0d3d1T3FNUWMxRmNVT0krS0JremsxTDBLdWJlbFNsdDhYdHhHeFBiaU5mZmNuSlNCRWsvaEVuUG45ZzVQTEwzQUkyMWtFR08vU0JRaU80aVJ4NWMrNFI5cVN4ZHRTTllZVFhEVU1VTlBDVHdVQXciLCJtYWMiOiI3OTY5M2M2YzliZDNlNDc2NDllMjUyMDliNzU0NjBlYWFmNzM5MjczYjg1MWNiYWZkOTIwZDNhM2JjYmFiYmRlIiwidGFnIjoiIn0%3D; connect.sid=s%3Aa6qlcBd8drYUT9T0OmLxWxtpYOzs9o6V.ZS5pTqajXzIUkpA07owtWtVngJ%2BZQP71gMglhPQgUI4; access_token=eyJpdiI6IjBUU21kL01ra3E4MHZ3djF1dlJqUkE9PSIsInZhbHVlIjoiUHFFV3NQSmhiTWFtRWtLRHFkTWNGRXBHancyYTJuYWgvQWdxSDh3ODhwOUhPdHdXcDNGN2t6Uy9Oa0lrM1IveUEzbitLYnQrZE5xWVplS3htVmxHclhSaE9zZ0xlMVhadW0yNnppa2dZK1YxMHAxeEx0UlF2R09oYjd6aUpZaUpReHMzeS9QazhZbWVhblFWand4emNjbng4emtjR3pEQmszYktqNU1zb2xXVCtsYzhYUElLeGVRL0JaeU9GM0pjek9vTUNYVlFMS1BhSGs1RzZPejVZT3piaEdyY0VnVlM5RGhlZ0FVcmxPK2pWOWZXUzgwN1ZCa2FmKzFvMlA5SkwvZ2FGbzNRakk1SHptSXV2OXJDTTBMYnJOVEUxRnpVMFpzRFhjYklsd2doK245Umw2NTRscWpXMk5TTkJMTk5LNVFvS211UmdvNWlaTEMxU3VTaUlXTThYcFFnRVQvM2xtL3YvYkFReDRLblFxR3dCTUd2bUt1VVlaRU1oSEw2dnRLOTZ5OUxsWmR5bnJWUmpMQkdjeWwzNlhzM1d5ejJuUXpUaXBZYmxUM0xFNTJsbTAyRm9DNmJSaytNeFJidUlrd3V2Z2laNy8vdzZQRGtQODhRU0czcnppYTY5dFhzVTY1TWVaM3A4Z1VFNW5POG5YUmt6NS90TUJtT1E1ZnFJMXV0K2h6aUtNbE9tVWt4QlhncElPZ2hvL1ZBRWtqVW5nUXRNY0tqZFprRkp2emFoMnBZR3pJNEkxSDBRL1R2enlYZzAwWTZvZnNjcDNnVkhzdHNHSFBZTW9LK1ZiMHJhSzhtd0JmYlQ0UHZDb3hhaDQrQUp4ZTZwTHJla1YycWZhRmJrNkl1UmtUWUVGakdLSy9UaFpDVHZZQnF2aTlwN2FKQ0JjdURlMkcwS0Y3NXZzZ2IvSnNnZStMZnVWYVV4SGdjbDFaWlZHc1JLTjVSOEw4MGJpVkQybXRPUW5LUVV0Uy9aQkRjVnp2by9JWFhwWmRhbEcyUnVRMXQzK1I2eGthSzNCSUJWclpHaVR0UHRiMHA0cTZlekZ2bm1pQW01VVlGS2svQ3p3NjYyY2puOTJHUTZhakR1NFZGemd6VzBEYi9leWxmdzBEYmhsZXNXeU8zTE1GeVZ2Nk8rZlZjVU9jTTZzMjI4a2docWIxRXdPSVJBSjd4dGNQV1pOalBndmdiclJNY1hhUGh0TXNYOXJmQjNWN3hOYlE5OHZOWk9LRVhUUDRybWtsMGdkSnFGNWFXRHlNWGtleWJ1R0IwWkcwYU52NUF4anp5QW9XZHF0Wi9RWHFQRGZ1UEFZZ0U0Ylk0ZGZFRlphZ2VXS09NZmlpdnl0bHp4WkF3Rm9lR0J4SXNuYTNpYkhmYnNwQUc2amlSNk5XN3ZpSzRuRnVod2F6MEpUTzBaNUVRQW03MEg5TldyVnptWHJvSG9hMU1raDZSRTJNWnNydlRtcm1RZG93aTNHSGtmQ0FHdkVOZWFJdUNKVGl6dlhMbFRJcUNRV2l6NnVyWEl0UTFwT0x1Z0Izd1Zud2ZtK1BOSXVxM2hHaVZyV1lJZHY4SVBoa1ZGcmpDeDd5aEIxVGoxcGlVOFBDcXhUT0xOZ0F5ZFBVaURzYTZNWVI3QkxIYWFlSzFTZHBYbXRqWXdWT0NPaW1GR09mTEdScWlvQitIWXJFZ3pnQURVR0NKSTZ1QVI0dlB5SnRjN1dIb2ZRQlpBZm5qVlNOVStvSWxIMlRwVENCRXJNcjhlekx5eFVLVVZ3dDZQcVQrMEZGbnUwb21weUFZM2FLaHZrNVA1djg3dzA5cFlYd1JwUT09IiwibWFjIjoiNzBjMzcwYTQwNDA5NTRhMmNmNTBiMGNmM2NkMmMyMWUwNjBlNTRiZWU1OGEzZjZhYjU0NzU4NmE3NDE3YWI1ZSIsInRhZyI6IiJ9; base_url=eyJpdiI6IkhmRWZaR250QTJIR1IzRTdaS2Z1dUE9PSIsInZhbHVlIjoiMTl6cnFoRTM4a09wSEdGMHQ5aFNVUnJuMllVc29vTEU5K0dxRDZaS1IrUGhuREdoWjlwT1R5bkUxMm9Id0wwM1NmY2Jkby8weHJrVUt3SlVJZHRuZEJSanNZdndjcmF1dWkwWStXd2VXSms9IiwibWFjIjoiZmE2OGEwNzQ0OWVlZjEyMTk4OWVhMjhmMWI3ZWU5YThjMmMzMTkyOTgxN2ZmNmI3NmMzN2U5NjRlZGE1NDZmYSIsInRhZyI6IiJ9; vanity_url=eyJpdiI6IlB1L3Vaa0tzTUlFV2dCY2hSMTVxYlE9PSIsInZhbHVlIjoiZ2ZzczFHN25Vck14enZkYlY5OGpPcWZIenJCcVhaVFFEY3NUL3NkeGE3NE5rMUxxZnV2c3R6Rk9aclJRbzR1UElBMWJQWEFqWGwzZm5pVXN1ckQzOWN5Y1ZGczFLcUFJWVZpU1djMkpaVk09IiwibWFjIjoiZGNiNmU2ZDcxYmMxM2RmZGQyNWI2NjlmYTUyMmUyMDJhODY5MmIwOTMzZDI3YzNiMGRkMmVhM2NkOWFjYTlhYiIsInRhZyI6IiJ9; refresh_token=eyJpdiI6IksxVGJMZ2VVVnMza0RRUFNvMzN5L2c9PSIsInZhbHVlIjoidmpNN2g2Nkg2ZlVQQnlRWG8wMUlPUGdNWVIyUG1pVjlzd1l2Uzg4anloRHplVmF5TXdhR09TUFZPNVNiM21ZTSIsIm1hYyI6ImY1NTExNjI1NWY2MGZkNzA4ZWQ0ZDFiZGVhNDFjYjRlYTI3YzAwYTg2N2NjODMwNWI1M2YyMDJiZGY1M2VkMzciLCJ0YWciOiIifQ%3D%3D; flow=eyJpdiI6IkN5OTdJYWI1REFrWThQQnFGTVA1L3c9PSIsInZhbHVlIjoibnNNbExHa2JoNXphWldESkJaQ2dnR1R3SS9TazY2R0tncmFlYkJ0OC9LYzc1Ym93OXRzcFFtTjkrUTZ4aGxMWCIsIm1hYyI6ImFhMzUwOTY2OGZhOWRhYjQ5YWEwYjNmYWMzOTU5OGVmYTE4NzkyZjNjNzJiN2RlZDMyYjcwOTAwYjUyMjViMWMiLCJ0YWciOiIifQ%3D%3D; csrftoken=HGbxIy9Yy0PMTPBXePHxsM6x6ZaWl832' \ | ||
| -H 'Origin: http://localhost:8080' \ | ||
| -H 'Pragma: no-cache' \ | ||
| -H 'Referer: http://localhost:8080/login?next=/' \ | ||
| -H 'Sec-Fetch-Dest: document' \ | ||
| -H 'Sec-Fetch-Mode: navigate' \ | ||
| -H 'Sec-Fetch-Site: same-origin' \ | ||
| -H 'Sec-Fetch-User: ?1' \ | ||
| -H 'Sec-GPC: 1' \ | ||
| -H 'Upgrade-Insecure-Requests: 1' \ | ||
| -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36' \ | ||
| -H 'sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Brave";v="126"' \ | ||
| -H 'sec-ch-ua-mobile: ?0' \ | ||
| -H 'sec-ch-ua-platform: "macOS"' \ | ||
| --data-raw 'csrfmiddlewaretoken=uMiPBTX9Ue7LmofKGBjWruu3seKEheQC1ijc9hWXi4Mn53GxKgQjJ6qqo3KqscJu&username=admin&password=admin' | ||
