[fix] openssl handler #1871
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Application Tests - acme_sh | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '0 2 * * 6' | |
jobs: | |
acme_container_tests: | |
name: "acme_container_tests" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
accountkeylength: [2048, ec-256, ec-521] | |
keylength: [2048, ec-521] | |
websrv: ['apache2', 'nginx'] | |
dbhandler: ['wsgi', 'django'] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "create folders" | |
run: | | |
mkdir acme-sh | |
- name: "Build docker-compose (${{ matrix.websrv }}_${{ matrix.dbhandler }})" | |
working-directory: examples/Docker/ | |
run: | | |
sudo apt-get install -y docker-compose | |
sudo mkdir -p data | |
sed -i "s/wsgi/$DB_HANDLER/g" .env | |
sed -i "s/apache2/$WEB_SRV/g" .env | |
cat .env | |
docker network create acme | |
docker-compose up -d | |
docker-compose logs | |
env: | |
WEB_SRV: ${{ matrix.websrv }} | |
DB_HANDLER: ${{ matrix.dbhandler }} | |
- name: "setup openssl ca_handler" | |
run: | | |
sudo mkdir -p examples/Docker/data/acme_ca/certs | |
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
docker-compose logs | |
- name: "[ WAIT ] Sleep for 10s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 10s | |
- name: "Test http://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
- name: "Test if https://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
- name: "[ PREPARE ] prepare acme.sh container" | |
run: | | |
docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon | |
- name: "[ ENROLL ] HTTP-01 single domain acme.sh" | |
run: | | |
docker exec -i acme-sh acme.sh --server http://acme-srv --keylength ${{ matrix.keylength }} --accountkeylength ${{ matrix.accountkeylength }} --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="_ecc" | |
fi | |
openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer | |
- name: "[ RENEW ] HTTP-01 single domain acme.sh" | |
run: | | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="--ecc" | |
fi | |
docker exec -i acme-sh acme.sh --server http://acme-srv --keylength ${{ matrix.keylength }} --renew --force ${ECC} -d acme-sh.acme --standalone --debug 3 --output-insecure | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="_ecc" | |
fi | |
openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer | |
- name: "[ REVOKE ] HTTP-01 single domain acme.sh" | |
run: | | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="--ecc" | |
fi | |
docker exec -i acme-sh acme.sh --server http://acme-srv --revoke ${ECC} -d acme-sh.acme --standalone --debug 2 --output-insecure | |
- name: "[ ENROLL ] HTTP-01 2x domain acme.sh" | |
run: | | |
docker exec -i acme-sh acme.sh --server http://acme-srv --keylength ${{ matrix.keylength }} --issue -d acme-sh.acme -d acme-sh. --standalone --debug 3 --output-insecure | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="_ecc" | |
fi | |
openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer | |
- name: "[ RENEW ] HTTP-01 2x domain acme.sh" | |
run: | | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="--ecc" | |
fi | |
docker exec -i acme-sh acme.sh --server http://acme-srv --keylength ${{ matrix.keylength }} --renew --force ${ECC} -d acme-sh.acme -d acme-sh. --standalone --debug 3 --output-insecure | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="_ecc" | |
fi | |
openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer | |
- name: "[ REVOKE ] HTTP-01 2x domain acme.sh" | |
run: | | |
if ([ "${{ matrix.keylength }}" == "ec-256" ] || [ "${{ matrix.keylength }}" == "ec-384" ] || [ "${{ matrix.keylength }}" == "ec-521" ]) ; then | |
ECC="--ecc" | |
fi | |
docker exec -i acme-sh acme.sh --server http://acme-srv --revoke ${ECC} -d acme-sh.acme -d acme-sh. --standalone --debug 3 --output-insecure | |
- name: "[ DEACTIVATE ] acme.sh" | |
run: | | |
docker exec -i acme-sh acme.sh --server http://acme-srv --deactivate-account --debug 2 --output-insecure | |
- name: "[ * ] collecting test data" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
cd examples/Docker | |
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data acme-sh | |
- name: "[ * ] uploading artifacts" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: acme_container_tests${{ matrix.websrv }}-${{ matrix.dbhandler }}-${{ matrix.accountkeylength }}_key-${{ matrix.keylength }}.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ |