CI/CD: Test against both Boulder and Pebble

.github/workflows/test.yml

@@ -71,7 +71,7 @@ jobs:
           name: docker-gen.tar
           path: docker-gen.tar
 
-  docker-specs-testing:
+  docker-specs-tests:
     needs: companion-build
     runs-on: ubuntu-latest
 
@@ -92,7 +92,7 @@ jobs:
       - if: ${{ failure() }}
         run: test/github_actions/containers-logs.sh
 
-  integration-testing:
+  integration-tests:
     needs: 
       - companion-build
       - nginx-proxy-build
@@ -100,6 +100,7 @@ jobs:
       fail-fast: false
       matrix:
         setup: [2containers, 3containers]
+        acme-ca: [pebble]
         test-name:
           [
             docker_api,
@@ -112,12 +113,18 @@ jobs:
             force_renew,
             acme_accounts,
             private_keys,
-            ocsp_must_staple,
             container_restart,
             permissions_default,
             permissions_custom,
             symlinks,
           ]
+        include:
+          - setup: 2containers
+            test-name: ocsp_must_staple
+            acme-ca: boulder
+          - setup: 3containers
+            test-name: ocsp_must_staple
+            acme-ca: boulder
     runs-on: ubuntu-latest
 
     steps:
@@ -133,7 +140,11 @@ jobs:
               echo "127.0.0.1 $domain" | sudo tee -a /etc/hosts
           done
       - name: Setup Pebble
+        if: ${{ matrix.acme-ca == 'pebble' }}
         run: test/setup/setup-pebble.sh
+      - name: Setup Boulder
+        if: ${{ matrix.acme-ca == 'boulder' }}
+        run: test/setup/setup-boulder.sh
       - name: Download nginx-proxy Patched Image
         uses: actions/download-artifact@v2
         with:
@@ -149,6 +160,7 @@ jobs:
       - name: Setup NGINX Proxy
         env:
           SETUP: ${{ matrix.setup }}
+          ACME_CA: ${{ matrix.acme-ca }}
         run: test/setup/setup-nginx-proxy.sh
       # ADD BUILDED IMAGE
       - name: Download Builded Image
@@ -161,6 +173,10 @@ jobs:
       - name: Integration Testing
         env:
           SETUP: ${{ matrix.setup }}
+          ACME_CA: ${{ matrix.acme-ca }}
         run: test/run.sh -t ${{ matrix.test-name }} "$IMAGE"
       - if: ${{ failure() }}
+        env:
+          SETUP: ${{ matrix.setup }}
+          ACME_CA: ${{ matrix.acme-ca }}
         run: test/github_actions/containers-logs.sh

test/github_actions/containers-logs.sh

@@ -10,7 +10,8 @@ fi
 
 containers+=("$NGINX_CONTAINER_NAME")
 [[ $SETUP = "3containers" ]] && containers+=("$DOCKER_GEN_CONTAINER_NAME")
-containers+=(pebble challtestserv)
+[[ $ACME_CA = "boulder" ]] && containers+=(boulder)
+[[ $ACME_CA = "pebble" ]] && containers+=(pebble challtestserv)
 
 for container in "${containers[@]}"; do
   bold_echo "Docker container output for $container"

test/setup/setup-nginx-proxy.sh

@@ -2,6 +2,22 @@
 
 set -e
 
+case $ACME_CA in
+
+  pebble)
+    test_net='acme_net'
+  ;;
+
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+
+esac
+
 case $SETUP in
 
   2containers)
@@ -13,7 +29,7 @@ case $SETUP in
       -v /usr/share/nginx/html \
       -v /var/run/docker.sock:/tmp/docker.sock:ro \
       --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
-      --network acme_net \
+      --network "$test_net" \
       jwilder/nginx-proxy
     ;;
 
@@ -27,7 +43,7 @@ case $SETUP in
       -v /etc/nginx/vhost.d \
       -v /usr/share/nginx/html \
       --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
-      --network acme_net \
+      --network "$test_net" \
       nginx:alpine
 
     docker run -d \
@@ -36,7 +52,7 @@ case $SETUP in
       -v "${GITHUB_WORKSPACE}/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro" \
       -v /var/run/docker.sock:/tmp/docker.sock:ro \
       --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
-      --network acme_net \
+      --network "$test_net" \
       jwilder/docker-gen \
       -notify-sighup "$NGINX_CONTAINER_NAME" -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
     ;;

test/tests/acme_accounts/run.sh

@@ -2,6 +2,18 @@
 
 ## Test for ACME accounts handling.
 
+case $ACME_CA in
+  pebble)
+    test_net='acme_net'
+  ;;
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+esac
+
 if [[ -z $GITHUB_ACTIONS ]]; then
   le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@@ -32,7 +44,7 @@ run_nginx_container "${domains[0]}"
 wait_for_symlink "${domains[0]}" "$le_container_name"
 
 # Test if the expected folder / file / content are there.
-json_file="/etc/acme.sh/default/ca/pebble/account.json"
+json_file="/etc/acme.sh/default/ca/$ACME_CA/account.json"
 if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/default" ]]; then
   echo "The /etc/acme.sh/default folder does not exist."
 elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
@@ -59,7 +71,7 @@ run_nginx_container "${domains[1]}"
 wait_for_symlink "${domains[1]}" "$le_container_name"
 
 # Test if the expected folder / file / content are there.
-json_file="/etc/acme.sh/${default_email}/ca/pebble/account.json"
+json_file="/etc/acme.sh/${default_email}/ca/$ACME_CA/account.json"
 if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$default_email" ]]; then
   echo "The /etc/acme.sh/$default_email folder does not exist."
 elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
@@ -76,7 +88,7 @@ if ! docker run --rm -d \
   -e "VIRTUAL_HOST=${domains[2]}" \
   -e "LETSENCRYPT_HOST=${domains[2]}" \
   -e "LETSENCRYPT_EMAIL=${container_email}" \
-  --network acme_net \
+  --network "$test_net" \
   nginx:alpine > /dev/null ; \
 then
   echo "Failed to start test web server for ${domains[2]}"
@@ -88,7 +100,7 @@ fi
 wait_for_symlink "${domains[2]}" "$le_container_name"
 
 # Test if the expected folder / file / content are there.
-json_file="/etc/acme.sh/${container_email}/ca/pebble/account.json"
+json_file="/etc/acme.sh/${container_email}/ca/$ACME_CA/account.json"
 if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$container_email" ]]; then
   echo "The /etc/acme.sh/$container_email folder does not exist."
 elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then

test/tests/certs_single_domain/run.sh

@@ -2,6 +2,18 @@
 
 ## Test for spliting SAN certificates into single domain certificates by NGINX container env variables
 
+case $ACME_CA in
+  pebble)
+    test_net='acme_net'
+  ;;
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+esac
+
 if [[ -z $GITHUB_ACTIONS ]]; then
   le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@@ -47,7 +59,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
     -e "VIRTUAL_HOST=${TEST_DOMAINS}" \
     -e "LETSENCRYPT_HOST=${hosts}" \
     -e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
-    --network acme_net \
+    --network "$test_net" \
     nginx:alpine > /dev/null;
   then
     echo "Could not start test web server for $hosts"

test/tests/certs_standalone/run.sh

@@ -2,6 +2,18 @@
 
 ## Test for standalone certificates.
 
+case $ACME_CA in
+  pebble)
+    test_net='acme_net'
+  ;;
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+esac
+
 if [[ -z $GITHUB_ACTIONS ]]; then
   le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@@ -34,7 +46,7 @@ EOF
 if ! docker run --rm -d \
     --name "$subdomain" \
     -e "VIRTUAL_HOST=$subdomain" \
-    --network acme_net \
+    --network "$test_net" \
     nginx:alpine > /dev/null;
 then
   echo "Could not start test web server for $subdomain"

test/tests/container_restart/run.sh

@@ -2,6 +2,18 @@
 
 ## Test for LETSENCRYPT_RESTART_CONTAINER variable.
 
+case $ACME_CA in
+  pebble)
+    test_net='acme_net'
+  ;;
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+esac
+
 if [[ -z $GITHUB_ACTIONS ]]; then
   le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@@ -42,7 +54,7 @@ for domain in "${domains[@]}"; do
     -e "VIRTUAL_HOST=${domain}" \
     -e "LETSENCRYPT_HOST=${domain}" \
     -e "LETSENCRYPT_RESTART_CONTAINER=true" \
-    --network acme_net \
+    --network "$test_net" \
     nginx:alpine > /dev/null; \
   then
     [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"

test/tests/ocsp_must_staple/run.sh

@@ -2,6 +2,18 @@
 
 ## Test for OCSP Must-Staple extension.
 
+case $ACME_CA in
+  pebble)
+    test_net='acme_net'
+  ;;
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+esac
+
 if [[ -z $GITHUB_ACTIONS ]]; then
   le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@@ -31,7 +43,7 @@ if docker run --rm -d \
   -e "VIRTUAL_HOST=${domains[0]}" \
   -e "LETSENCRYPT_HOST=${domains[0]}" \
   -e "ACME_OCSP=true" \
-  --network acme_net \
+  --network "$test_net" \
   nginx:alpine > /dev/null; \
 then
   [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for ${domains[0]} (ACME_OCSP=true)"

test/tests/private_keys/run.sh

@@ -2,6 +2,18 @@
 
 ## Test for private keys types
 
+case $ACME_CA in
+  pebble)
+    test_net='acme_net'
+  ;;
+  boulder)
+    test_net='boulder_bluenet'
+  ;;
+  *)
+    echo "$0 $ACME_CA: invalid option."
+    exit 1
+esac
+
 if [[ -z $GITHUB_ACTIONS ]]; then
   le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@@ -42,7 +54,7 @@ for key in "${!key_types[@]}"; do
     -e "VIRTUAL_HOST=${domains[0]}" \
     -e "LETSENCRYPT_HOST=${domains[0]}" \
     -e "LETSENCRYPT_KEYSIZE=${key}" \
-    --network acme_net \
+    --network "$test_net" \
     nginx:alpine > /dev/null;
   then
     echo "Could not start test web server for ${key}"

test/tests/test-functions.sh

@@ -22,7 +22,18 @@ function run_le_container {
   if [[ "$SETUP" == '3containers' ]]; then
     cli_args_arr+=(--env "NGINX_DOCKER_GEN_CONTAINER=$DOCKER_GEN_CONTAINER_NAME")
   fi
-  
+
+  if [[ "$ACME_CA" == 'boulder' ]]; then
+    cli_args_arr+=(--env "ACME_CA_URI=http://boulder:4001/directory")
+    cli_args_arr+=(--network boulder_bluenet)
+  elif [[ "$ACME_CA" == 'pebble' ]]; then
+    cli_args_arr+=(--env "ACME_CA_URI=https://pebble:14000/dir")
+    cli_args_arr+=(--env "CA_BUNDLE=/pebble.minica.pem")
+    cli_args_arr+=(--network acme_net)
+  else
+    return 1
+  fi
+
   if docker run -d \
     --name "$name" \
     --volumes-from "$NGINX_CONTAINER_NAME" \
@@ -33,10 +44,7 @@ function run_le_container {
     --env "TEST_MODE=true" \
     --env "DHPARAM_BITS=256" \
     --env "DEBUG=1" \
-    --env "ACME_CA_URI=https://pebble:14000/dir" \
-    --env "CA_BUNDLE=/pebble.minica.pem" \
     --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
-    --network acme_net \
     "$image" > /dev/null; \
   then
     [[ "${DRY_RUN:-}" == 1 ]] && echo "Started letsencrypt container for test ${name%%_2*}"
@@ -53,12 +61,22 @@ function run_nginx_container {
   local le_host="${1:?}"
   local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
   local container_name="${2:-$virtual_host}"
+  
+  local -a cli_args_arr
+  if [[ "$ACME_CA" == 'boulder' ]]; then
+    cli_args_arr+=(--network boulder_bluenet)
+  elif [[ "$ACME_CA" == 'pebble' ]]; then
+    cli_args_arr+=(--network acme_net)
+  else
+    return 1
+  fi
+
   [[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
   if docker run --rm -d \
     --name "$container_name" \
     -e "VIRTUAL_HOST=$virtual_host" \
     -e "LETSENCRYPT_HOST=$le_host" \
-    --network acme_net \
+    "${cli_args_arr[@]}" \
     nginx:alpine > /dev/null ; \
   then
     [[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."