mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-11-22 16:32:48 +01:00
CI/CD: Test against both Boulder and Pebble
This commit is contained in:
parent
3f65c8c6c1
commit
b77392a5c8
22
.github/workflows/test.yml
vendored
22
.github/workflows/test.yml
vendored
@ -71,7 +71,7 @@ jobs:
|
||||
name: docker-gen.tar
|
||||
path: docker-gen.tar
|
||||
|
||||
docker-specs-testing:
|
||||
docker-specs-tests:
|
||||
needs: companion-build
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
@ -92,7 +92,7 @@ jobs:
|
||||
- if: ${{ failure() }}
|
||||
run: test/github_actions/containers-logs.sh
|
||||
|
||||
integration-testing:
|
||||
integration-tests:
|
||||
needs:
|
||||
- companion-build
|
||||
- nginx-proxy-build
|
||||
@ -100,6 +100,7 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
setup: [2containers, 3containers]
|
||||
acme-ca: [pebble]
|
||||
test-name:
|
||||
[
|
||||
docker_api,
|
||||
@ -112,12 +113,18 @@ jobs:
|
||||
force_renew,
|
||||
acme_accounts,
|
||||
private_keys,
|
||||
ocsp_must_staple,
|
||||
container_restart,
|
||||
permissions_default,
|
||||
permissions_custom,
|
||||
symlinks,
|
||||
]
|
||||
include:
|
||||
- setup: 2containers
|
||||
test-name: ocsp_must_staple
|
||||
acme-ca: boulder
|
||||
- setup: 3containers
|
||||
test-name: ocsp_must_staple
|
||||
acme-ca: boulder
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
@ -133,7 +140,11 @@ jobs:
|
||||
echo "127.0.0.1 $domain" | sudo tee -a /etc/hosts
|
||||
done
|
||||
- name: Setup Pebble
|
||||
if: ${{ matrix.acme-ca == 'pebble' }}
|
||||
run: test/setup/setup-pebble.sh
|
||||
- name: Setup Boulder
|
||||
if: ${{ matrix.acme-ca == 'boulder' }}
|
||||
run: test/setup/setup-boulder.sh
|
||||
- name: Download nginx-proxy Patched Image
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
@ -149,6 +160,7 @@ jobs:
|
||||
- name: Setup NGINX Proxy
|
||||
env:
|
||||
SETUP: ${{ matrix.setup }}
|
||||
ACME_CA: ${{ matrix.acme-ca }}
|
||||
run: test/setup/setup-nginx-proxy.sh
|
||||
# ADD BUILDED IMAGE
|
||||
- name: Download Builded Image
|
||||
@ -161,6 +173,10 @@ jobs:
|
||||
- name: Integration Testing
|
||||
env:
|
||||
SETUP: ${{ matrix.setup }}
|
||||
ACME_CA: ${{ matrix.acme-ca }}
|
||||
run: test/run.sh -t ${{ matrix.test-name }} "$IMAGE"
|
||||
- if: ${{ failure() }}
|
||||
env:
|
||||
SETUP: ${{ matrix.setup }}
|
||||
ACME_CA: ${{ matrix.acme-ca }}
|
||||
run: test/github_actions/containers-logs.sh
|
||||
|
@ -10,7 +10,8 @@ fi
|
||||
|
||||
containers+=("$NGINX_CONTAINER_NAME")
|
||||
[[ $SETUP = "3containers" ]] && containers+=("$DOCKER_GEN_CONTAINER_NAME")
|
||||
containers+=(pebble challtestserv)
|
||||
[[ $ACME_CA = "boulder" ]] && containers+=(boulder)
|
||||
[[ $ACME_CA = "pebble" ]] && containers+=(pebble challtestserv)
|
||||
|
||||
for container in "${containers[@]}"; do
|
||||
bold_echo "Docker container output for $container"
|
||||
|
@ -2,6 +2,22 @@
|
||||
|
||||
set -e
|
||||
|
||||
case $ACME_CA in
|
||||
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
|
||||
esac
|
||||
|
||||
case $SETUP in
|
||||
|
||||
2containers)
|
||||
@ -13,7 +29,7 @@ case $SETUP in
|
||||
-v /usr/share/nginx/html \
|
||||
-v /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
jwilder/nginx-proxy
|
||||
;;
|
||||
|
||||
@ -27,7 +43,7 @@ case $SETUP in
|
||||
-v /etc/nginx/vhost.d \
|
||||
-v /usr/share/nginx/html \
|
||||
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine
|
||||
|
||||
docker run -d \
|
||||
@ -36,7 +52,7 @@ case $SETUP in
|
||||
-v "${GITHUB_WORKSPACE}/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro" \
|
||||
-v /var/run/docker.sock:/tmp/docker.sock:ro \
|
||||
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
jwilder/docker-gen \
|
||||
-notify-sighup "$NGINX_CONTAINER_NAME" -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
|
||||
;;
|
||||
|
@ -2,6 +2,18 @@
|
||||
|
||||
## Test for ACME accounts handling.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -32,7 +44,7 @@ run_nginx_container "${domains[0]}"
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
||||
# Test if the expected folder / file / content are there.
|
||||
json_file="/etc/acme.sh/default/ca/pebble/account.json"
|
||||
json_file="/etc/acme.sh/default/ca/$ACME_CA/account.json"
|
||||
if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/default" ]]; then
|
||||
echo "The /etc/acme.sh/default folder does not exist."
|
||||
elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
|
||||
@ -59,7 +71,7 @@ run_nginx_container "${domains[1]}"
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name"
|
||||
|
||||
# Test if the expected folder / file / content are there.
|
||||
json_file="/etc/acme.sh/${default_email}/ca/pebble/account.json"
|
||||
json_file="/etc/acme.sh/${default_email}/ca/$ACME_CA/account.json"
|
||||
if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$default_email" ]]; then
|
||||
echo "The /etc/acme.sh/$default_email folder does not exist."
|
||||
elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
|
||||
@ -76,7 +88,7 @@ if ! docker run --rm -d \
|
||||
-e "VIRTUAL_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_EMAIL=${container_email}" \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null ; \
|
||||
then
|
||||
echo "Failed to start test web server for ${domains[2]}"
|
||||
@ -88,7 +100,7 @@ fi
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name"
|
||||
|
||||
# Test if the expected folder / file / content are there.
|
||||
json_file="/etc/acme.sh/${container_email}/ca/pebble/account.json"
|
||||
json_file="/etc/acme.sh/${container_email}/ca/$ACME_CA/account.json"
|
||||
if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$container_email" ]]; then
|
||||
echo "The /etc/acme.sh/$container_email folder does not exist."
|
||||
elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then
|
||||
|
@ -2,6 +2,18 @@
|
||||
|
||||
## Test for spliting SAN certificates into single domain certificates by NGINX container env variables
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -47,7 +59,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
||||
-e "VIRTUAL_HOST=${TEST_DOMAINS}" \
|
||||
-e "LETSENCRYPT_HOST=${hosts}" \
|
||||
-e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for $hosts"
|
||||
|
@ -2,6 +2,18 @@
|
||||
|
||||
## Test for standalone certificates.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -34,7 +46,7 @@ EOF
|
||||
if ! docker run --rm -d \
|
||||
--name "$subdomain" \
|
||||
-e "VIRTUAL_HOST=$subdomain" \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for $subdomain"
|
||||
|
@ -2,6 +2,18 @@
|
||||
|
||||
## Test for LETSENCRYPT_RESTART_CONTAINER variable.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -42,7 +54,7 @@ for domain in "${domains[@]}"; do
|
||||
-e "VIRTUAL_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_RESTART_CONTAINER=true" \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"
|
||||
|
@ -2,6 +2,18 @@
|
||||
|
||||
## Test for OCSP Must-Staple extension.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -31,7 +43,7 @@ if docker run --rm -d \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
-e "ACME_OCSP=true" \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for ${domains[0]} (ACME_OCSP=true)"
|
||||
|
@ -2,6 +2,18 @@
|
||||
|
||||
## Test for private keys types
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -42,7 +54,7 @@ for key in "${!key_types[@]}"; do
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_KEYSIZE=${key}" \
|
||||
--network acme_net \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for ${key}"
|
||||
|
@ -22,7 +22,18 @@ function run_le_container {
|
||||
if [[ "$SETUP" == '3containers' ]]; then
|
||||
cli_args_arr+=(--env "NGINX_DOCKER_GEN_CONTAINER=$DOCKER_GEN_CONTAINER_NAME")
|
||||
fi
|
||||
|
||||
|
||||
if [[ "$ACME_CA" == 'boulder' ]]; then
|
||||
cli_args_arr+=(--env "ACME_CA_URI=http://boulder:4001/directory")
|
||||
cli_args_arr+=(--network boulder_bluenet)
|
||||
elif [[ "$ACME_CA" == 'pebble' ]]; then
|
||||
cli_args_arr+=(--env "ACME_CA_URI=https://pebble:14000/dir")
|
||||
cli_args_arr+=(--env "CA_BUNDLE=/pebble.minica.pem")
|
||||
cli_args_arr+=(--network acme_net)
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
if docker run -d \
|
||||
--name "$name" \
|
||||
--volumes-from "$NGINX_CONTAINER_NAME" \
|
||||
@ -33,10 +44,7 @@ function run_le_container {
|
||||
--env "TEST_MODE=true" \
|
||||
--env "DHPARAM_BITS=256" \
|
||||
--env "DEBUG=1" \
|
||||
--env "ACME_CA_URI=https://pebble:14000/dir" \
|
||||
--env "CA_BUNDLE=/pebble.minica.pem" \
|
||||
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
|
||||
--network acme_net \
|
||||
"$image" > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started letsencrypt container for test ${name%%_2*}"
|
||||
@ -53,12 +61,22 @@ function run_nginx_container {
|
||||
local le_host="${1:?}"
|
||||
local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
|
||||
local container_name="${2:-$virtual_host}"
|
||||
|
||||
local -a cli_args_arr
|
||||
if [[ "$ACME_CA" == 'boulder' ]]; then
|
||||
cli_args_arr+=(--network boulder_bluenet)
|
||||
elif [[ "$ACME_CA" == 'pebble' ]]; then
|
||||
cli_args_arr+=(--network acme_net)
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
|
||||
if docker run --rm -d \
|
||||
--name "$container_name" \
|
||||
-e "VIRTUAL_HOST=$virtual_host" \
|
||||
-e "LETSENCRYPT_HOST=$le_host" \
|
||||
--network acme_net \
|
||||
"${cli_args_arr[@]}" \
|
||||
nginx:alpine > /dev/null ; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."
|
||||
|
Loading…
Reference in New Issue
Block a user