1
0

CI/CD: Test against both Boulder and Pebble

This commit is contained in:
Nicolas Duchon 2020-12-27 22:50:12 +01:00
parent 3f65c8c6c1
commit b77392a5c8
No known key found for this signature in database
GPG Key ID: EA3151C66A4D79E7
10 changed files with 144 additions and 21 deletions

@ -71,7 +71,7 @@ jobs:
name: docker-gen.tar
path: docker-gen.tar
docker-specs-testing:
docker-specs-tests:
needs: companion-build
runs-on: ubuntu-latest
@ -92,7 +92,7 @@ jobs:
- if: ${{ failure() }}
run: test/github_actions/containers-logs.sh
integration-testing:
integration-tests:
needs:
- companion-build
- nginx-proxy-build
@ -100,6 +100,7 @@ jobs:
fail-fast: false
matrix:
setup: [2containers, 3containers]
acme-ca: [pebble]
test-name:
[
docker_api,
@ -112,12 +113,18 @@ jobs:
force_renew,
acme_accounts,
private_keys,
ocsp_must_staple,
container_restart,
permissions_default,
permissions_custom,
symlinks,
]
include:
- setup: 2containers
test-name: ocsp_must_staple
acme-ca: boulder
- setup: 3containers
test-name: ocsp_must_staple
acme-ca: boulder
runs-on: ubuntu-latest
steps:
@ -133,7 +140,11 @@ jobs:
echo "127.0.0.1 $domain" | sudo tee -a /etc/hosts
done
- name: Setup Pebble
if: ${{ matrix.acme-ca == 'pebble' }}
run: test/setup/setup-pebble.sh
- name: Setup Boulder
if: ${{ matrix.acme-ca == 'boulder' }}
run: test/setup/setup-boulder.sh
- name: Download nginx-proxy Patched Image
uses: actions/download-artifact@v2
with:
@ -149,6 +160,7 @@ jobs:
- name: Setup NGINX Proxy
env:
SETUP: ${{ matrix.setup }}
ACME_CA: ${{ matrix.acme-ca }}
run: test/setup/setup-nginx-proxy.sh
# ADD BUILDED IMAGE
- name: Download Builded Image
@ -161,6 +173,10 @@ jobs:
- name: Integration Testing
env:
SETUP: ${{ matrix.setup }}
ACME_CA: ${{ matrix.acme-ca }}
run: test/run.sh -t ${{ matrix.test-name }} "$IMAGE"
- if: ${{ failure() }}
env:
SETUP: ${{ matrix.setup }}
ACME_CA: ${{ matrix.acme-ca }}
run: test/github_actions/containers-logs.sh

@ -10,7 +10,8 @@ fi
containers+=("$NGINX_CONTAINER_NAME")
[[ $SETUP = "3containers" ]] && containers+=("$DOCKER_GEN_CONTAINER_NAME")
containers+=(pebble challtestserv)
[[ $ACME_CA = "boulder" ]] && containers+=(boulder)
[[ $ACME_CA = "pebble" ]] && containers+=(pebble challtestserv)
for container in "${containers[@]}"; do
bold_echo "Docker container output for $container"

@ -2,6 +2,22 @@
set -e
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
case $SETUP in
2containers)
@ -13,7 +29,7 @@ case $SETUP in
-v /usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
--network acme_net \
--network "$test_net" \
jwilder/nginx-proxy
;;
@ -27,7 +43,7 @@ case $SETUP in
-v /etc/nginx/vhost.d \
-v /usr/share/nginx/html \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
--network acme_net \
--network "$test_net" \
nginx:alpine
docker run -d \
@ -36,7 +52,7 @@ case $SETUP in
-v "${GITHUB_WORKSPACE}/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro" \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
--network acme_net \
--network "$test_net" \
jwilder/docker-gen \
-notify-sighup "$NGINX_CONTAINER_NAME" -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
;;

@ -2,6 +2,18 @@
## Test for ACME accounts handling.
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
if [[ -z $GITHUB_ACTIONS ]]; then
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
else
@ -32,7 +44,7 @@ run_nginx_container "${domains[0]}"
wait_for_symlink "${domains[0]}" "$le_container_name"
# Test if the expected folder / file / content are there.
json_file="/etc/acme.sh/default/ca/pebble/account.json"
json_file="/etc/acme.sh/default/ca/$ACME_CA/account.json"
if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/default" ]]; then
echo "The /etc/acme.sh/default folder does not exist."
elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
@ -59,7 +71,7 @@ run_nginx_container "${domains[1]}"
wait_for_symlink "${domains[1]}" "$le_container_name"
# Test if the expected folder / file / content are there.
json_file="/etc/acme.sh/${default_email}/ca/pebble/account.json"
json_file="/etc/acme.sh/${default_email}/ca/$ACME_CA/account.json"
if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$default_email" ]]; then
echo "The /etc/acme.sh/$default_email folder does not exist."
elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
@ -76,7 +88,7 @@ if ! docker run --rm -d \
-e "VIRTUAL_HOST=${domains[2]}" \
-e "LETSENCRYPT_HOST=${domains[2]}" \
-e "LETSENCRYPT_EMAIL=${container_email}" \
--network acme_net \
--network "$test_net" \
nginx:alpine > /dev/null ; \
then
echo "Failed to start test web server for ${domains[2]}"
@ -88,7 +100,7 @@ fi
wait_for_symlink "${domains[2]}" "$le_container_name"
# Test if the expected folder / file / content are there.
json_file="/etc/acme.sh/${container_email}/ca/pebble/account.json"
json_file="/etc/acme.sh/${container_email}/ca/$ACME_CA/account.json"
if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$container_email" ]]; then
echo "The /etc/acme.sh/$container_email folder does not exist."
elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then

@ -2,6 +2,18 @@
## Test for spliting SAN certificates into single domain certificates by NGINX container env variables
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
if [[ -z $GITHUB_ACTIONS ]]; then
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
else
@ -47,7 +59,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
-e "VIRTUAL_HOST=${TEST_DOMAINS}" \
-e "LETSENCRYPT_HOST=${hosts}" \
-e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
--network acme_net \
--network "$test_net" \
nginx:alpine > /dev/null;
then
echo "Could not start test web server for $hosts"

@ -2,6 +2,18 @@
## Test for standalone certificates.
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
if [[ -z $GITHUB_ACTIONS ]]; then
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
else
@ -34,7 +46,7 @@ EOF
if ! docker run --rm -d \
--name "$subdomain" \
-e "VIRTUAL_HOST=$subdomain" \
--network acme_net \
--network "$test_net" \
nginx:alpine > /dev/null;
then
echo "Could not start test web server for $subdomain"

@ -2,6 +2,18 @@
## Test for LETSENCRYPT_RESTART_CONTAINER variable.
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
if [[ -z $GITHUB_ACTIONS ]]; then
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
else
@ -42,7 +54,7 @@ for domain in "${domains[@]}"; do
-e "VIRTUAL_HOST=${domain}" \
-e "LETSENCRYPT_HOST=${domain}" \
-e "LETSENCRYPT_RESTART_CONTAINER=true" \
--network acme_net \
--network "$test_net" \
nginx:alpine > /dev/null; \
then
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"

@ -2,6 +2,18 @@
## Test for OCSP Must-Staple extension.
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
if [[ -z $GITHUB_ACTIONS ]]; then
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
else
@ -31,7 +43,7 @@ if docker run --rm -d \
-e "VIRTUAL_HOST=${domains[0]}" \
-e "LETSENCRYPT_HOST=${domains[0]}" \
-e "ACME_OCSP=true" \
--network acme_net \
--network "$test_net" \
nginx:alpine > /dev/null; \
then
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for ${domains[0]} (ACME_OCSP=true)"

@ -2,6 +2,18 @@
## Test for private keys types
case $ACME_CA in
pebble)
test_net='acme_net'
;;
boulder)
test_net='boulder_bluenet'
;;
*)
echo "$0 $ACME_CA: invalid option."
exit 1
esac
if [[ -z $GITHUB_ACTIONS ]]; then
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
else
@ -42,7 +54,7 @@ for key in "${!key_types[@]}"; do
-e "VIRTUAL_HOST=${domains[0]}" \
-e "LETSENCRYPT_HOST=${domains[0]}" \
-e "LETSENCRYPT_KEYSIZE=${key}" \
--network acme_net \
--network "$test_net" \
nginx:alpine > /dev/null;
then
echo "Could not start test web server for ${key}"

@ -22,7 +22,18 @@ function run_le_container {
if [[ "$SETUP" == '3containers' ]]; then
cli_args_arr+=(--env "NGINX_DOCKER_GEN_CONTAINER=$DOCKER_GEN_CONTAINER_NAME")
fi
if [[ "$ACME_CA" == 'boulder' ]]; then
cli_args_arr+=(--env "ACME_CA_URI=http://boulder:4001/directory")
cli_args_arr+=(--network boulder_bluenet)
elif [[ "$ACME_CA" == 'pebble' ]]; then
cli_args_arr+=(--env "ACME_CA_URI=https://pebble:14000/dir")
cli_args_arr+=(--env "CA_BUNDLE=/pebble.minica.pem")
cli_args_arr+=(--network acme_net)
else
return 1
fi
if docker run -d \
--name "$name" \
--volumes-from "$NGINX_CONTAINER_NAME" \
@ -33,10 +44,7 @@ function run_le_container {
--env "TEST_MODE=true" \
--env "DHPARAM_BITS=256" \
--env "DEBUG=1" \
--env "ACME_CA_URI=https://pebble:14000/dir" \
--env "CA_BUNDLE=/pebble.minica.pem" \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
--network acme_net \
"$image" > /dev/null; \
then
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started letsencrypt container for test ${name%%_2*}"
@ -53,12 +61,22 @@ function run_nginx_container {
local le_host="${1:?}"
local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
local container_name="${2:-$virtual_host}"
local -a cli_args_arr
if [[ "$ACME_CA" == 'boulder' ]]; then
cli_args_arr+=(--network boulder_bluenet)
elif [[ "$ACME_CA" == 'pebble' ]]; then
cli_args_arr+=(--network acme_net)
else
return 1
fi
[[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
if docker run --rm -d \
--name "$container_name" \
-e "VIRTUAL_HOST=$virtual_host" \
-e "LETSENCRYPT_HOST=$le_host" \
--network acme_net \
"${cli_args_arr[@]}" \
nginx:alpine > /dev/null ; \
then
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."