Skip to content

Docker tests and push #336

Docker tests and push

Docker tests and push #336

Workflow file for this run

name: CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
env:
ACTIONS_RUNNER_DEBUG: true
ACTIONS_STEP_DEBUG: true
NIPAPD_IMAGE: nipap/nipapd
WWW_IMAGE: nipap/nipap-www
jobs:
test:
runs-on: ubuntu-22.04
strategy:
matrix:
install: [ pip, apt ]
upgrade: [ true, false ]
exclude:
- install: pip
upgrade: true
fail-fast: false
steps:
- name: "Check out NIPAP repository"
uses: actions/checkout@v2
- name: "Install dependencies and prepare NIPAP"
run: |
# Set up NIPAP repo
echo "deb http://spritelink.github.io/NIPAP/repos/apt testing main extra" | sudo tee /etc/apt/sources.list.d/nipap.list
wget -O - https://spritelink.github.io/NIPAP/nipap.gpg.key | sudo apt-key add -
sudo apt update -qq
# Install dependencies for build and test
sudo apt install -y \
devscripts \
fakeroot \
debhelper \
dh-python \
junit4 \
libldap-dev \
libsasl2-dev \
python3-docutils \
python3-nose \
python3-requests \
python3-setuptools \
python3-wheel \
python3-all \
default-jdk \
gradle \
rename \
postgresql-14-ip4r
sudo service postgresql start
pg_isready
sed -e 's/username = guest/username = unittest/' -e 's/password = guest/password = gottatest/' nipap-cli/nipaprc > ~/.nipaprc
chmod 0600 ~/.nipaprc
# Set up CA and generate SSL cert
mkdir /tmp/ca
openssl genrsa -out /tmp/ca/ca.key 2048
openssl req -new -x509 -key /tmp/ca/ca.key -out /tmp/ca/ca.crt -subj '/C=SE/O=NIPAP Test CA'
sudo cp /tmp/ca/ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
openssl genrsa -out /tmp/ca/test.key 2048
openssl req -new -key /tmp/ca/test.key -out /tmp/ca/test.csr -subj "/CN=127.0.0.1"
openssl x509 -req -in /tmp/ca/test.csr -CA /tmp/ca/ca.crt -CAkey /tmp/ca/ca.key -CAcreateserial -out /tmp/ca/test.crt
cat /tmp/ca/test.crt /tmp/ca/test.crt > /tmp/ca/test.bundle.crt
sudo chmod -R a+r /tmp/ca
- name: "Install using pip"
if: ${{ matrix.install == 'pip' }}
run: |
# install nipap dependencies
sudo -H pip3 install -r nipap/requirements.txt
# SQL
sudo su -c "cd nipap/sql; PGPASSWORD=papin make install" postgres
# move configuration file into place
sudo mkdir /etc/nipap
sudo cp nipap/nipap.conf.dist /etc/nipap/nipap.conf
sudo sed -e "s/{{LISTEN_ADDRESS}}/127.0.0.1/" -e "s/{{LISTEN_PORT}}/1337/" -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -e "s/{{DB_USERNAME}}/nipap/" -e "s/{{DB_NAME}}/nipap/" -e "s/{{DB_PASSWORD}}/papin/" -e "s/{{DB_SSLMODE}}/require/" -e "s/{{DB_PORT}}/5432/" -e "s/{{DB_HOST}}/localhost/" -e "s/{{SYSLOG}}/true/" -i /etc/nipap/nipap.conf
# create local user for unittest
sudo nipap/nipap-passwd create-database
sudo nipap/nipap-passwd add -u unittest -p gottatest -n unittest
sudo nipap/nipap-passwd add -u readonly -p gottatest --readonly -n "Read-only user for running unit tests"
# install pynipap
cd pynipap; sudo python3 setup.py install; cd ..
# install nipap-cli dependencies
sudo -H pip3 install -r nipap-cli/requirements.txt
# start nipap backend
nipap/nipapd --no-pid-file -c /etc/nipap/nipap.conf -df 2>&1 > /tmp/nipap.log &
- name: "Install latest release from apt"
if: ${{ matrix.install == 'apt' && matrix.upgrade == true }}
run: |
# Install NIPAP packages from official repo
sudo apt install -qq nipapd nipap-www nipap-cli
# populate answers to nipapd package install questions and reconfigure
echo 'set nipapd/database_host localhost' | sudo debconf-communicate
echo 'set nipapd/local_db_autoconf true' | sudo debconf-communicate
echo 'set nipapd/startup true' | sudo debconf-communicate
echo 'set nipapd/local_db_upgrade true' | sudo debconf-communicate
sudo dpkg-reconfigure nipapd
# Enable SSL
sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf
# create local user for unittest and restart
sudo nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n unittest
sudo systemctl restart nipapd.service
# add some data to the database that we can verify later
nosetests3 tests/upgrade-before.py
# bump version so that we know we are upgrading beyond what is installed
(echo -e 'Version 9999.9.9\n------------------\n * Test version for automatic upgrade test'; cat NEWS) > NEWS2
mv NEWS2 NEWS
make bumpversion
- name: "Build and install Debian packages"
if: ${{ matrix.install == 'apt' }}
run: |
# build new NIPAP packages
make builddeb
# install the newly built nipap packages
sudo apt install -o Dpkg::Options::="--force-confnew" ./nipap*.deb ./python*-pynipap*.deb
# populate answers to nipapd package install questions and reconfigure
echo 'set nipapd/database_host localhost' | sudo debconf-communicate
echo 'set nipapd/local_db_autoconf true' | sudo debconf-communicate
echo 'set nipapd/startup true' | sudo debconf-communicate
echo 'set nipapd/local_db_upgrade true' | sudo debconf-communicate
sudo dpkg-reconfigure nipapd
# Enable SSL
if [ `grep -c ssl_port /etc/nipap/nipap.conf` -eq 0 ]; then \
# No SSL config in file - add from scratch
sudo sed '/^port *=.*/a ssl_port = 1338\nssl_cert_file = \/tmp\/ca\/test.bundle.crt\nssl_key_file = \/tmp\/ca\/test.key' -i /etc/nipap/nipap.conf; \
else \
sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf; \
fi
# create local user for unittests
sudo nipap/nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n "User for running unit tests"
sudo nipap/nipap-passwd add -u readonly -p gottatest -f /etc/nipap/local_auth.db --readonly -n "Read-only user for running unit tests"
sudo sed -e "s/^db_host *=.*/db_host = localhost/" -e "s/{{SYSLOG}}/true/" -e "s/^debug.\+/debug = true/" -e "s/^user/#user/" -i /etc/nipap/nipap.conf
sudo systemctl restart nipapd.service
- name: "Verify pre-upgrade data"
if: ${{ matrix.upgrade == true }}
run: nosetests3 tests/upgrade-after.py
- name: "Run test suite"
env:
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
run: |
nosetests3 tests/test_xmlrpc.py
nosetests3 tests/nipaptest.py
nosetests3 tests/test_cli.py
nosetests3 tests/test_nipap_ro.py
nosetests3 tests/test_rest.py
make -C jnipap test
- name: "Accident analysis"
if: failure()
run: |
sudo cat /etc/nipap/nipap.conf || true
sudo cat /var/log/syslog || true
sudo cat /var/log/postgresql/postgresql-*-main.log || true
sudo cat /tmp/nipap.log || true
docker:
name: "Test Docker deployment"
runs-on: ubuntu-22.04
steps:
- name: "Set up QEMU"
uses: docker/setup-qemu-action@v3
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Check out NIPAP repository"
uses: actions/checkout@v2
- name: "Hadolint nipapd"
uses: hadolint/[email protected]
with:
Dockerfile: Dockerfile.nipapd
- name: "Hadolint WWW"
uses: hadolint/[email protected]
with:
Dockerfile: Dockerfile.www
- name: "nipapd metadata"
id: nipapd_meta
uses: docker/metadata-actio@v4
with:
images: ${{ env.NIPAPD_IMAGE }}
tags: |
type=sha
- name: "Build nipapd Docker image"
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.nipapd
load: true
tags: ${{ env.NIPAPD_IMAGE }}:ci ${{ steps.nipapd_meta.outputs.tags }}
push: false
- name: "www metadata"
id: www_meta
uses: docker/metadata-actio@v4
with:
images: ${{ env.WWW_IMAGE }}
tags: |
type=sha
- name: "Build www Docker image"
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.www
load: true
tags: ${{ env.WWW_IMAGE }}:ci ${{ steps.www_meta.outputs.tags }}
push: false
- name: "Setup Docker test"
run: |
# Install dependencies
sudo apt install -y \
libldap-dev \
libsasl2-dev \
python3-wheel \
python3-nose \
python3-requests \
postgresql-14-ip4r
sudo -H pip3 install -r nipap/requirements.txt # needed to run test suite
# Set up PostgreSQL
sudo service postgresql start
pg_isready
sudo su -c "cd nipap/sql; PGPASSWORD=papin make install" postgres
# Start nipapd container
docker run --network=host -d --name=nipapd_ci -e DB_HOST=127.0.0.1 -e DB_USERNAME=nipap -e DB_PASSWORD=papin ${{ env.NIPAPD_IMAGE }}:ci
sleep 10
docker logs nipapd_ci
# Set up for test
sudo mkdir -p /etc/nipap
sudo docker cp nipapd_ci:/etc/nipap/nipap.conf /etc/nipap/
sudo docker cp nipapd_ci:/etc/nipap/local_auth.db /etc/nipap/
docker exec -t nipapd_ci nipap-passwd add -u unittest -p gottatest -n unittest
docker exec -t nipapd_ci nipap-passwd add -u readonly -p gottatest --readonly -n "Read-only user for running unit tests"
- name: "Run docker tests"
run: |
# Run tests
nosetests3 tests/test_xmlrpc.py
nosetests3 tests/nipaptest.py
nosetests3 tests/test_nipap_ro.py
nosetests3 tests/test_rest.py
- name: "Login to Docker Hub"
if: ${{ github.ref_name == 'master' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: "Build and push nipapd Docker image"
if: ${{ github.ref_name == 'master' }}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.nipapd
load: true
tags: ${{ steps.nipapd_meta.outputs.tags }}
push: true
- name: "Build and push www Docker image"
if: ${{ github.ref_name == 'master' }}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.www
load: true
tags: ${{ steps.www_meta.outputs.tags }}
push: true