Skip to content
Upgrade Tests

[fix] headerinfo workflow #139

Sign in to view logs

[fix] headerinfo workflow

[fix] headerinfo workflow #139

Workflow file for this run

.github/workflows/upgrade_tests.yml at 224fec2
name: Upgrade Tests
on:
push:
pull_request:
branches: [ devel ]
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 2 * * 6'
jobs:
wsgi_upgrade_apache2:
name: "wsgi_upgrade_apache2"
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
working-directory: examples/Docker/
run: |
docker network create acme
- name: "Configure acme2certifier"
run: |
# sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
sudo mkdir -p examples/Docker/data/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/
sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem
sudo chmod 777 examples/Docker/data/acme_srv.cfg
echo "" >> examples/Docker/data/acme_srv.cfg
echo "handler_file: examples/ca_handler/openssl_ca_handler.py" >> examples/Docker/data/acme_srv.cfg
- name: "Install a2c 0.19.3"
run: |
docker run -d -p 80:80 -p 443:443 --rm -id --network acme --name=acme-srv -v "$(pwd)/examples/Docker/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:0.19.3-apache2-wsgi
docker logs acme-srv
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Upgrade to latest a2c build"
working-directory: examples/Docker/
run: |
sudo apt-get install -y docker-compose
docker stop acme-srv
sudo chmod -R 777 data
# sed -i "s/wsgi/django/g" .env
docker-compose up -d
docker-compose logs
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
docker logs acme2certifier_acme-srv_1
docker exec mariadbsrv mysqldump -u root --password=foobar acme2certifier > /tmp/acme2certifer.sql
mkdir -p ${{ github.workspace }}/artifact/upload
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
sudo cp /tmp/acme2certifer.sql ${{ github.workspace }}/artifact/data/
cd examples/Docker
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: apache2-wsgi-upgrade.tar.gz
path: ${{ github.workspace }}/artifact/upload/
wsgi_upgrade_nginx:
name: "wsgi_upgrade_nginx"
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
working-directory: examples/Docker/
run: |
docker network create acme
- name: "Configure acme2certifier"
run: |
# sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
sudo mkdir -p examples/Docker/data/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/
sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem
sudo chmod 777 examples/Docker/data/acme_srv.cfg
echo "" >> examples/Docker/data/acme_srv.cfg
echo "handler_file: examples/ca_handler/openssl_ca_handler.py" >> examples/Docker/data/acme_srv.cfg
- name: "Install a2c 0.19.3"
run: |
docker run -d -p 80:80 -p 443:443 --rm -id --network acme --name=acme-srv -v "$(pwd)/examples/Docker/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:0.19.3-nginx-wsgi
docker logs acme-srv
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Upgrade to latest a2c build"
working-directory: examples/Docker/
run: |
sudo apt-get install -y docker-compose
docker stop acme-srv
sudo chmod -R 777 data
sed -i "s/apache2/nginx/g" .env
docker-compose up -d
docker-compose logs
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
docker logs acme2certifier_acme-srv_1
docker exec mariadbsrv mysqldump -u root --password=foobar acme2certifier > /tmp/acme2certifer.sql
mkdir -p ${{ github.workspace }}/artifact/upload
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
sudo cp /tmp/acme2certifer.sql ${{ github.workspace }}/artifact/data/
cd examples/Docker
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: nginx-wsgi-upgrade.tar.gz
path: ${{ github.workspace }}/artifact/upload/
django_upgrade_apache2:
name: "django_upgrade_apache2"
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
working-directory: examples/Docker/
run: |
docker network create acme
sudo mkdir -p data/mysql
- name: "Install mariadb"
working-directory: examples/Docker/
run: |
# docker run --name mariadbsrv --network acme -v $PWD/data/mysql:/var/lib/mysql -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Configure mariadb"
working-directory: examples/Docker/
run: |
docker exec mariadbsrv mariadb -u root --password=foobar -e"CREATE DATABASE acme2certifier CHARACTER SET UTF8;"
docker exec mariadbsrv mariadb -u root --password=foobar -e"GRANT ALL PRIVILEGES ON acme2certifier.* TO 'acme2certifier'@'%' IDENTIFIED BY '1mmSvDFl';"
docker exec mariadbsrv mariadb -u root --password=foobar -e"FLUSH PRIVILEGES;"
- name: "Configure acme2certifier"
run: |
# sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py
sudo mkdir -p examples/Docker/data/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/
sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
sudo cp .github/django_settings_mariadb.py examples/Docker/data/settings.py
sudo chmod 777 examples/Docker/data/settings.py
sudo sed -i "s/ 'acme_srv'/ 'acme'/g" examples/Docker/data/settings.py
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem
sudo chmod 777 examples/Docker/data/acme_srv.cfg
echo "" >> examples/Docker/data/acme_srv.cfg
echo "handler_file: examples/ca_handler/openssl_ca_handler.py" >> examples/Docker/data/acme_srv.cfg
- name: "Install a2c 0.19.3"
run: |
docker run -d -p 80:80 -p 443:443 --rm -id --network acme --name=acme-srv -v "$(pwd)/examples/Docker/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:0.19.3-apache2-django
docker logs acme-srv
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Upgrade to latest a2c build"
working-directory: examples/Docker/
run: |
sudo apt-get install -y docker-compose
docker stop acme-srv
sudo chmod -R 777 data
sed -i "s/wsgi/django/g" .env
docker-compose up -d
docker-compose logs
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
docker logs acme2certifier_acme-srv_1
docker exec mariadbsrv mysqldump -u root --password=foobar acme2certifier > /tmp/acme2certifer.sql
mkdir -p ${{ github.workspace }}/artifact/upload
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
sudo cp /tmp/acme2certifer.sql ${{ github.workspace }}/artifact/data/
cd examples/Docker
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: apache2-django-upgrade.tar.gz
path: ${{ github.workspace }}/artifact/upload/
django_upgrade_nginx:
name: "django_upgrade_nginx"
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
working-directory: examples/Docker/
run: |
docker network create acme
sudo mkdir -p data/mysql
- name: "Install mariadb"
working-directory: examples/Docker/
run: |
# docker run --name mariadbsrv --network acme -v $PWD/data/mysql:/var/lib/mysql -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Configure mariadb"
working-directory: examples/Docker/
run: |
docker exec mariadbsrv mariadb -u root --password=foobar -e"CREATE DATABASE acme2certifier CHARACTER SET UTF8;"
docker exec mariadbsrv mariadb -u root --password=foobar -e"GRANT ALL PRIVILEGES ON acme2certifier.* TO 'acme2certifier'@'%' IDENTIFIED BY '1mmSvDFl';"
docker exec mariadbsrv mariadb -u root --password=foobar -e"FLUSH PRIVILEGES;"
- name: "Configure acme2certifier"
run: |
sudo mkdir -p examples/Docker/data/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/
sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg
sudo cp .github/django_settings_mariadb.py examples/Docker/data/settings.py
sudo chmod 777 examples/Docker/data/settings.py
sudo sed -i "s/ 'acme_srv'/ 'acme'/g" examples/Docker/data/settings.py
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem
sudo chmod 777 examples/Docker/data/acme_srv.cfg
echo "" >> examples/Docker/data/acme_srv.cfg
echo "handler_file: examples/ca_handler/openssl_ca_handler.py" >> examples/Docker/data/acme_srv.cfg
- name: "Install a2c 0.19.3"
run: |
docker run -d -p 80:80 -p 443:443 --rm -id --network acme --name=acme-srv -v "$(pwd)/examples/Docker/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:0.19.3-nginx-django
docker logs acme-srv
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Upgrade to latest a2c build"
working-directory: examples/Docker/
run: |
sudo apt-get install -y docker-compose
docker stop acme-srv
sudo chmod -R 777 data
sed -i "s/wsgi/django/g" .env
sed -i "s/apache2/nginx/g" .env
docker-compose up -d
docker-compose logs
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile examples/Docker/data/acme_ca/root-ca-cert.pem -untrusted examples/Docker/data/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
docker logs acme2certifier_acme-srv_1
docker exec mariadbsrv mysqldump -u root --password=foobar acme2certifier > /tmp/acme2certifer.sql
mkdir -p ${{ github.workspace }}/artifact/upload
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/
sudo cp /tmp/acme2certifer.sql ${{ github.workspace }}/artifact/data/
cd examples/Docker
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: nginx-django-upgrade.tar.gz
path: ${{ github.workspace }}/artifact/upload/
rpm_build:
name: "rpm_build"
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: update version number in spec file and path in nginx ssl config
run: |
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf
git config --global user.email "[email protected]"
git config --global user.name "rpm update"
git add examples/nginx
git commit -a -m "rpm update"
- name: build RPM package
id: rpm
uses: grindsa/rpmbuild@alma9
with:
spec_file: "examples/install_scripts/rpm/acme2certifier.spec"
- run: echo "path is ${{ steps.rpm.outputs.rpm_dir_path }}"
- name: "Upload RPM package"
uses: actions/upload-artifact@master
with:
name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
path: ${{ steps.rpm.outputs.rpm_dir_path }}/noarch/
rpm_wsgi_upgrade_nginx:
name: "rpm_wsgi_upgrade_nginx"
runs-on: ubuntu-latest
needs: rpm_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: Download rpm package
uses: actions/download-artifact@v4
with:
name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
path: /tmp/
- name: List files
run: ls -la /tmp/
- name: "Setup environment for alma installation"
run: |
docker network create acme
sudo mkdir -p data/volume
sudo mkdir -p data/acme2certifier
sudo mkdir -p data/nginx/conf.d
sudo chmod -R 777 data
sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm
sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data
sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem
sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf
sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf
- name: "Retrieve rpms from SBOM repo"
run: |
git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom
cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data
env:
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
- name: "Prepare acme_srv.cfg with openssl_ca_handler"
run: |
sudo mkdir acme-sh
sudo mkdir -p data/volume/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/
sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME
sudo touch data/acme_srv.cfg
sudo chmod 777 data/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg
sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Almalinux instance"
run: |
cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache
docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd
- name: "[ RUN ] Execute install scipt"
run: |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh
sudo docker cp data/nginx acme-srv:/etc
sudo docker cp data/volume/ acme-srv:/opt/acme2certifier/
docker exec acme-srv chmod -R 777 /opt/acme2certifier/volume
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "[ CURL ] install curl and socat and test connction"
run: |
sudo apt-get install -y curl socat
curl -f http://localhost:22280
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Update acme2certifier"
run: |
docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp
docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
docker exec -w /opt/acme2certifier acme-srv python3 tools/db_update.py
docker restart acme-srv
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/wsgi_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo rm ${{ github.workspace }}/artifact/data/*.rpm
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: rpm_wsgi_upgrade_nginx.tar.gz
path: ${{ github.workspace }}/artifact/upload/
rpm_django_upgrade_nginx_mariadb:
name: "rpm_django_upgrade_nginx_mariadb"
runs-on: ubuntu-latest
needs: rpm_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: update version number in spec file and path in nginx ssl config
run: |
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf
git config --global user.email "[email protected]"
git config --global user.name "rpm update"
git add examples/nginx
git commit -a -m "rpm update"
- name: Download rpm package
uses: actions/download-artifact@v4
with:
name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
path: /tmp/
- name: List files
run: ls -la /tmp/
- name: "Setup environment for alma installation"
run: |
sudo mkdir acme-sh
docker network create acme
sudo mkdir -p data/volume
sudo mkdir -p data/acme2certifier
sudo mkdir -p data/nginx/conf.d
sudo chmod -R 777 data
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm
sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data
sudo cp examples/Docker/almalinux-systemd/django_tester.sh data
sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem
sudo cp .github/django_settings_mariadb.py data/acme2certifier/settings.py
# sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py
sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py
sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf
sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf
- name: "Install mariadb"
working-directory: examples/Docker/
run: |
# docker run --name mariadbsrv --network acme -v $PWD/data/mysql:/var/lib/mysql -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Configure mariadb"
working-directory: examples/Docker/
run: |
docker exec mariadbsrv mariadb -u root --password=foobar -e"CREATE DATABASE acme2certifier CHARACTER SET UTF8;"
docker exec mariadbsrv mariadb -u root --password=foobar -e"GRANT ALL PRIVILEGES ON acme2certifier.* TO 'acme2certifier'@'%' IDENTIFIED BY '1mmSvDFl';"
docker exec mariadbsrv mariadb -u root --password=foobar -e"FLUSH PRIVILEGES;"
- name: "Retrieve rpms from SBOM repo"
run: |
git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom
cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data
env:
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
- name: "Configure acme2certifier"
run: |
sudo mkdir -p data/volume/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/
sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Almalinux instance"
run: |
cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache
docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd
- name: "[ RUN ] Execute install scipt"
run: |
docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "[ CURL ] install curl and socat and test connction"
run: |
sudo apt-get install -y curl socat
curl -f http://localhost:22280
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Update acme2certifier"
run: |
docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp
docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
docker exec -w /opt/acme2certifier acme-srv python3 tools/django_update.py
docker restart acme-srv
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo rm ${{ github.workspace }}/artifact/data/*.rpm
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: rpm_django_upgrade_nginx_mariadb.tar.gz
path: ${{ github.workspace }}/artifact/upload/
rpm_django_upgrade_nginx_sqlite:
name: "rpm_django_upgrade_nginx_sqlite"
runs-on: ubuntu-latest
needs: rpm_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: update version number in spec file and path in nginx ssl config
run: |
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf
git config --global user.email "[email protected]"
git config --global user.name "rpm update"
git add examples/nginx
git commit -a -m "rpm update"
- name: Download rpm package
uses: actions/download-artifact@v4
with:
name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
path: /tmp/
- name: List files
run: ls -la /tmp/
- name: "Setup environment for alma installation"
run: |
sudo mkdir acme-sh
docker network create acme
sudo mkdir -p data/volume
sudo mkdir -p data/acme2certifier
sudo mkdir -p data/nginx/conf.d
sudo chmod -R 777 data
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm
sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data
sudo cp examples/Docker/almalinux-systemd/django_tester.sh data
sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem
sudo cp .github/django_settings.py data/acme2certifier/settings.py
sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py
sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py
sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf
sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf
- name: "Retrieve rpms from SBOM repo"
run: |
git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom
cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data
env:
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
- name: "Configure acme2certifier"
run: |
sudo mkdir -p data/volume/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/
sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Almalinux instance"
run: |
cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache
docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd
- name: "[ RUN ] Execute install scipt"
run: |
docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "[ CURL ] install curl and socat and test connction"
run: |
sudo apt-get install -y curl socat
curl -f http://localhost:22280
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Update acme2certifier"
run: |
docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp
docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
docker exec -w /opt/acme2certifier acme-srv python3 tools/django_update.py
docker restart acme-srv
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo rm ${{ github.workspace }}/artifact/data/*.rpm
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: rpm_django_upgrade_nginx_sqlite.tar.gz
path: ${{ github.workspace }}/artifact/upload/
rpm_django_upgrade_nginx_psql:
name: "rpm_django_upgrade_nginx_psql"
runs-on: ubuntu-latest
needs: rpm_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: update version number in spec file and path in nginx ssl config
run: |
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf
git config --global user.email "[email protected]"
git config --global user.name "rpm update"
git add examples/nginx
git commit -a -m "rpm update"
- name: Download rpm package
uses: actions/download-artifact@v4
with:
name: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
path: /tmp/
- name: List files
run: ls -la /tmp/
- name: "Setup environment for alma installation"
run: |
sudo mkdir acme-sh
docker network create acme
sudo mkdir -p data/volume
sudo mkdir -p data/acme2certifier
sudo mkdir -p data/nginx/conf.d
sudo chmod -R 777 data
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier-0.23.2-1.0.noarch.rpm
sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data
sudo cp examples/Docker/almalinux-systemd/django_tester.sh data
sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem
sudo cp .github/django_settings_psql.py data/acme2certifier/settings.py
# sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py
sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py
sudo cp examples/nginx/nginx_acme_srv.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv.conf
sudo cp examples/nginx/nginx_acme_srv_ssl.conf data/nginx/conf.d
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" data/nginx/conf.d/nginx_acme_srv_ssl.conf
- name: "postgres environment"
run: |
sudo mkdir -p /tmp/data/pgsql
sudo cp .github/a2c.psql /tmp/data/pgsql/a2c.psql
sudo cp .github/pgpass /tmp//data/pgsql/pgpass
sudo chmod 600 /tmp/data/pgsql/pgpass
- name: "Install postgres"
working-directory: /tmp
run: |
docker run --name postgresdbsrv --network acme -e POSTGRES_PASSWORD=foobar -d postgres
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Configure postgres"
working-directory: /tmp
run: |
docker run -v "$(pwd)/data/pgsql/a2c.psql":/tmp/a2c.psql -v "$(pwd)/data/pgsql/pgpass:/root/.pgpass" --rm --network acme postgres psql -U postgres -h postgresdbsrv -f /tmp/a2c.psql
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Retrieve rpms from SBOM repo"
run: |
git clone https://$GH_SBOM_USER:[email protected]/$GH_SBOM_USER/sbom /tmp/sbom
cp /tmp/sbom/rpm-repo/RPMs/rhel9/*.rpm data
env:
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }}
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }}
- name: "Configure acme2certifier"
run: |
sudo mkdir -p data/volume/acme_ca/certs
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/
sudo cp test/ca/acme2certifier-clean.xdb data/volume/acme_ca/$XCA_DB_NAME
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Almalinux instance"
run: |
cat examples/Docker/almalinux-systemd/Dockerfile | docker build -t almalinux-systemd -f - . --no-cache
docker run -d -id --privileged --network acme -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux-systemd
- name: "[ RUN ] Execute install scipt"
run: |
docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
- name: "[ CURL ] install curl and socat and test connction"
run: |
sudo apt-get install -y curl socat
curl -f http://localhost:22280
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Register certbot"
run: |
sudo mkdir -p "$(pwd)/examples/Docker/data/certbot"
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "Update acme2certifier"
run: |
docker cp /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm acme-srv:/tmp
docker exec acme-srv yum -y localinstall /tmp/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
docker exec -w /opt/acme2certifier acme-srv python3 tools/django_update.py
docker restart acme-srv
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /opt/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /opt/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via https"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --insecure --debug 3 --output-insecure --force
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/examples/Docker/data/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile data/volume/acme_ca/root-ca-cert.pem -untrusted data/volume/acme_ca/sub-ca-cert.pem examples/Docker/data/certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier
docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo rm ${{ github.workspace }}/artifact/data/*.rpm
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: rpm_django_upgrade_nginx_psql.tar.gz
path: ${{ github.workspace }}/artifact/upload/
deb_build:
name: "deb_build"
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: "Prepare environment to build deb package"
run: |
sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get -y install build-essential fakeroot dpkg-dev devscripts debhelper
rm setup.py
cp -R examples/install_scripts/debian ./
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" debian/changelog
cd ../
tar cvfz ../acme2certifier_${{ env.TAG_NAME }}.orig.tar.gz ./
- name: "Build debian package"
run: |
dpkg-buildpackage -uc -us
mkdir -p ${{ github.workspace }}/artifact/upload
cp ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb ${{ github.workspace }}/artifact/upload
- name: "Upload debian package"
uses: actions/upload-artifact@master
with:
name: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
path: ${{ github.workspace }}/artifact/upload
deb_upgrade_wsgi:
name: "deb_upgrade_wsgi"
needs: deb_build
runs-on: ubuntu-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
docker network create acme
mkdir acme-sh
mkdir certbot
mkdir -p data/volume
- name: "Download a2c 0.23 deb package"
run: |
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: Download debian package
uses: actions/download-artifact@v4
with:
name: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
path: data/
- name: List files
run: ls -la data/
- name: "Instanciate Ubuntu 22.04"
run: |
docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Install a2c"
run: |
docker ps -a
docker exec acme-srv apt-get update
docker exec acme-srv apt-get -y upgrade
docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3
docker exec acme-srv ls -la /tmp/acme2certifier/
docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb
- name: "Configure a2c"
run: |
docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf
docker exec acme-srv a2ensite acme2certifier
docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf
docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/
docker exec acme-srv systemctl start apache2
- name: "Setup xca-handler"
run: |
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME
docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg
docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/
docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume
docker exec acme-srv systemctl restart apache2
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible "
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Register certbot"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "Upgrade a2c"
run: |
# docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-1_all.deb
# docker exec acme-srv apt-get install -y -o Dpkg::Options::="--force-confask,confnew,confmiss" /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-1_all.deb
docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-1_all.deb
docker exec -w /var/www/acme2certifier acme-srv python3 tools/db_update.py
docker exec acme-srv systemctl restart apache2
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible after upgrade"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of wsgi_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/wsgi_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/
docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: deb_upgrade_wsgi.tar.gz
path: ${{ github.workspace }}/artifact/upload/
deb_upgrade_django_sqlite:
name: "deb_upgrade_django_sqlite"
runs-on: ubuntu-latest
needs: deb_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
docker network create acme
mkdir acme-sh
mkdir certbot
mkdir -p data/volume
- name: "Download a2c 0.23 deb package"
run: |
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: Download debian package
uses: actions/download-artifact@v4
with:
name: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
path: data/
- name: List files
run: ls -la data/
- name: "Instanciate Ubuntu 22.04"
run: |
docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Install a2c"
run: |
docker ps -a
docker exec acme-srv apt-get update
docker exec acme-srv apt-get -y upgrade
docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3
docker exec acme-srv ls -la /tmp/acme2certifier/
docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb
- name: "Configure a2c"
run: |
docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf
docker exec acme-srv a2ensite acme2certifier
docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf
docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/
docker exec acme-srv systemctl start apache2
- name: "Setup xca-handler"
run: |
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME
sudo cp .github/django_settings.py data/volume/settings.py
docker exec acme-srv bash -c "cp -R /var/www/acme2certifier/examples/django/* /var/www/acme2certifier/"
docker exec acme-srv cp -r /var/www/acme2certifier/examples/db_handler/django_handler.py /var/www/acme2certifier/acme_srv/db_handler.py
docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg
docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/
docker exec acme-srv cp /tmp/acme2certifier/volume/settings.py /var/www/acme2certifier/acme2certifier/
docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py
docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume
docker exec acme-srv systemctl restart apache2
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible "
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Register certbot"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "Upgrade a2c"
run: |
docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-1_all.deb
docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py
docker exec acme-srv systemctl restart apache2
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible after upgrade"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/
docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: deb_upgrade_django_sqlite.tar.gz
path: ${{ github.workspace }}/artifact/upload/
deb_upgrade_django_mariadb:
name: "deb_upgrade_django_mariadb"
runs-on: ubuntu-latest
needs: deb_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
docker network create acme
mkdir acme-sh
mkdir certbot
mkdir -p data/volume
- name: "Install mariadb"
working-directory: examples/Docker/
run: |
# docker run --name mariadbsrv --network acme -v $PWD/data/mysql:/var/lib/mysql -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Configure mariadb"
working-directory: examples/Docker/
run: |
docker exec mariadbsrv mariadb -u root --password=foobar -e"CREATE DATABASE acme2certifier CHARACTER SET UTF8;"
docker exec mariadbsrv mariadb -u root --password=foobar -e"GRANT ALL PRIVILEGES ON acme2certifier.* TO 'acme2certifier'@'%' IDENTIFIED BY '1mmSvDFl';"
docker exec mariadbsrv mariadb -u root --password=foobar -e"FLUSH PRIVILEGES;"
- name: "Download a2c 0.23 deb package"
run: |
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: Download debian package
uses: actions/download-artifact@v4
with:
name: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
path: data/
- name: List files
run: ls -la data/
- name: "Instanciate Ubuntu 22.04"
run: |
docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Install a2c"
run: |
docker ps -a
docker exec acme-srv apt-get update
docker exec acme-srv apt-get -y upgrade
docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3
docker exec acme-srv ls -la /tmp/acme2certifier/
docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb
- name: "Configure a2c"
run: |
docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf
docker exec acme-srv a2ensite acme2certifier
docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf
docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/
docker exec acme-srv systemctl start apache2
- name: "Setup xca-handler"
run: |
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME
sudo cp .github/django_settings_mariadb.py data/volume/settings.py
docker exec acme-srv bash -c "cp -R /var/www/acme2certifier/examples/django/* /var/www/acme2certifier/"
docker exec acme-srv cp -r /var/www/acme2certifier/examples/db_handler/django_handler.py /var/www/acme2certifier/acme_srv/db_handler.py
docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg
docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/
docker exec acme-srv cp /tmp/acme2certifier/volume/settings.py /var/www/acme2certifier/acme2certifier/
docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py
docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume
docker exec acme-srv systemctl restart apache2
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible "
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Register certbot"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "Upgrade a2c"
run: |
docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-1_all.deb
docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py
docker exec acme-srv systemctl restart apache2
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible after upgrade"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier
docker exec mariadbsrv mysqldump -u root --password=foobar acme2certifier > /tmp/acme2certifier.sql
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo cp /tmp/acme2certifier.sql ${{ github.workspace }}/artifact/data/
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/
docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: deb_upgrade_django_mariadb.tar.gz
path: ${{ github.workspace }}/artifact/upload/
deb_upgrade_django_psql:
name: "deb_upgrade_django_psql"
runs-on: ubuntu-latest
needs: deb_build
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
docker network create acme
mkdir acme-sh
mkdir certbot
mkdir -p data/volume
- name: "postgres environment"
run: |
sudo mkdir -p /tmp/data/pgsql
sudo cp .github/a2c.psql /tmp/data/pgsql/a2c.psql
sudo cp .github/pgpass /tmp//data/pgsql/pgpass
sudo chmod 600 /tmp/data/pgsql/pgpass
- name: "Install postgres"
working-directory: /tmp
run: |
docker run --name postgresdbsrv --network acme -e POSTGRES_PASSWORD=foobar -d postgres
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Configure postgres"
working-directory: /tmp
run: |
docker run -v "$(pwd)/data/pgsql/a2c.psql":/tmp/a2c.psql -v "$(pwd)/data/pgsql/pgpass:/root/.pgpass" --rm --network acme postgres psql -U postgres -h postgresdbsrv -f /tmp/a2c.psql
- name: "Sleep for 10s"
uses: juliangruber/[email protected]
with:
time: 10s
- name: "Download a2c 0.23 deb package"
run: |
wget -P data/ https://github.com/grindsa/acme2certifier/releases/download/0.23.2/acme2certifier_0.23.2-1_all.deb
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
- name: Download debian package
uses: actions/download-artifact@v4
with:
name: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
path: data/
- name: List files
run: ls -la data/
- name: "Instanciate Ubuntu 22.04"
run: |
docker run -d --name acme-srv --network acme --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:22.04
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Install a2c"
run: |
docker ps -a
docker exec acme-srv apt-get update
docker exec acme-srv apt-get -y upgrade
docker exec acme-srv apt-get install -y apache2 apache2-data libapache2-mod-wsgi-py3
docker exec acme-srv ls -la /tmp/acme2certifier/
docker exec acme-srv apt-get install -y /tmp/acme2certifier/acme2certifier_0.23.2-1_all.deb
- name: "Configure a2c"
run: |
docker exec acme-srv cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf
docker exec acme-srv a2ensite acme2certifier
docker exec acme-srv rm /etc/apache2/sites-enabled/000-default.conf
docker exec acme-srv mkdir -p /var/www/acme2certifier/volume/
docker exec acme-srv systemctl start apache2
- name: "Setup xca-handler"
run: |
sudo touch data/volume/acme_srv.cfg
sudo chmod 777 data/volume/acme_srv.cfg
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/volume/acme_srv.cfg
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/volume/acme_srv.cfg
sudo echo "xdb_file: /var/www/acme2certifier/volume/$XCA_DB_NAME" >> data/volume/acme_srv.cfg
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/volume/acme_srv.cfg
sudo echo "passphrase: $XCA_PASSPHRASE" >> data/volume/acme_srv.cfg
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/volume/acme_srv.cfg
sudo echo "template_name: $XCA_TEMPLATE" >> data/volume/acme_srv.cfg
sudo cp test/ca/acme2certifier-clean.xdb data/volume/$XCA_DB_NAME
sudo cp .github/django_settings_psql.py data/volume/settings.py
docker exec acme-srv bash -c "cp -R /var/www/acme2certifier/examples/django/* /var/www/acme2certifier/"
docker exec acme-srv cp -r /var/www/acme2certifier/examples/db_handler/django_handler.py /var/www/acme2certifier/acme_srv/db_handler.py
docker exec acme-srv cp /tmp/acme2certifier/volume/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg
docker exec acme-srv cp /tmp/acme2certifier/volume/$XCA_DB_NAME /var/www/acme2certifier/volume/
docker exec acme-srv cp /tmp/acme2certifier/volume/settings.py /var/www/acme2certifier/acme2certifier/
docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py
docker exec acme-srv chown -R www-data.www-data /var/www/acme2certifier/volume
docker exec acme-srv systemctl restart apache2
env:
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }}
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }}
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }}
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }}
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible "
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Register certbot"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot register --agree-tos -m '[email protected]' --server http://acme-srv --no-eff-email
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "Upgrade a2c"
run: |
docker exec acme-srv apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' /tmp/acme2certifier/acme2certifier_${{ env.TAG_NAME }}-1_all.deb
docker exec -w /var/www/acme2certifier acme-srv python3 tools/django_update.py
docker exec acme-srv systemctl restart apache2
- name: "Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "Test http://acme-srv/directory is accessible after upgrade"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
- name: "Get hashes of django_handler.py and db_handler.py"
run: |
echo HASH1=$(docker exec acme-srv sha256sum /var/www/acme2certifier/examples/db_handler/django_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
echo HASH2=$(docker exec acme-srv sha256sum /var/www/acme2certifier/acme_srv/db_handler.py | awk -F ' ' '{ print $1 }') >> $GITHUB_ENV
- run: echo "Hash1 is ${{ env.HASH1 }}"
- run: echo "Hash2 is ${{ env.HASH2 }}"
- name: Compare hashes
if: env.HASH1 != env.HASH2
run: |
exit 1
- name: "Enroll acme.sh via http"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure --force
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Enroll certbot HTTP-01 single domain"
run: |
docker run -i --rm --name certbot --network acme -v "$(pwd)/certbot":/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir -p ${{ github.workspace }}/artifact/upload
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /var/www/acme2certifier
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/
docker exec acme-srv cat /var/log/apache2/error.log > ${{ github.workspace }}/artifact/acme-srv.log
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-sh certbot acme-srv.log
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: deb_upgrade_django_psql.tar.gz
path: ${{ github.workspace }}/artifact/upload/