[fix] msca_handler.py url parameter #1537
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ipv6-test | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel ] | |
| jobs: | |
| ipv6_tests: | |
| name: "ipv6_tests" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| websrv: ['apache2', 'nginx'] | |
| dbhandler: ['wsgi', 'django'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Build container" | |
| uses: ./.github/actions/container_prep | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| IPV6: true | |
| - name: "Setup openssl ca_handler" | |
| run: | | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| - name: "Sleep for 10s" | |
| uses: juliangruber/[email protected] | |
| with: | |
| time: 10s | |
| - name: "Test http://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
| - name: "Test if https://acme-srv/directory is accessible" | |
| run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
| - name: "Prepare acme.sh container" | |
| run: | | |
| docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --keylength 2048 --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --listen-v6 --debug 3 --output-insecure | |
| openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer | |
| - name: "Enroll acme.sh using ipv6 with ipv4 fallback" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --keylength 2048 --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --listen-v4 --debug 3 --output-insecure --force | |
| openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: ipv6_tests-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| rpm_ipv6: | |
| name: "rpm_ipv6" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rhversion: [8, 9] | |
| execscript: ['rpm_tester.sh', 'django_tester.sh'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare Alma environment" | |
| uses: ./.github/actions/rpm_prep | |
| with: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| RH_VERSION: ${{ matrix.rhversion }} | |
| IPV6: true | |
| - name: "[ PREPARE ] create lego and certbot folder" | |
| run: | | |
| mkdir lego | |
| mkdir certbot | |
| - name: "Stup openssl ca_handler" | |
| if: matrix.execscript == 'rpm_tester.sh' | |
| run: | | |
| mkdir -p data/acme_ca | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
| - name: "Setup openssl ca_handler" | |
| if: matrix.execscript == 'django_tester.sh' | |
| run: | | |
| sudo mkdir -p data/volume/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
| sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg | |
| - name: "Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/$EXEC_SCRIPT | |
| env: | |
| EXEC_SCRIPT: ${{ matrix.execscript }} | |
| - name: "Prepare acme.sh container" | |
| run: | | |
| docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon | |
| - name: "Enroll acme.sh" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --listen-v6 --debug 3 --output-insecure | |
| awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer | |
| openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "Enroll acme.sh using ipv6 with ipv4 fallback" | |
| run: | | |
| docker exec -i acme-sh acme.sh --server http://acme-srv --keylength 2048 --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --listen-v4 --debug 3 --output-insecure --force | |
| openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
| docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: rpm_ipv6-rh${{ matrix.rhversion }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |