diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0b6a422..2d1d46d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,7 +71,7 @@ jobs: name: docker-gen.tar path: docker-gen.tar - docker-specs-testing: + docker-specs-tests: needs: companion-build runs-on: ubuntu-latest @@ -92,7 +92,7 @@ jobs: - if: ${{ failure() }} run: test/github_actions/containers-logs.sh - integration-testing: + integration-tests: needs: - companion-build - nginx-proxy-build @@ -100,6 +100,7 @@ jobs: fail-fast: false matrix: setup: [2containers, 3containers] + acme-ca: [pebble] test-name: [ docker_api, @@ -112,12 +113,18 @@ jobs: force_renew, acme_accounts, private_keys, - ocsp_must_staple, container_restart, permissions_default, permissions_custom, symlinks, ] + include: + - setup: 2containers + test-name: ocsp_must_staple + acme-ca: boulder + - setup: 3containers + test-name: ocsp_must_staple + acme-ca: boulder runs-on: ubuntu-latest steps: @@ -133,7 +140,11 @@ jobs: echo "127.0.0.1 $domain" | sudo tee -a /etc/hosts done - name: Setup Pebble + if: ${{ matrix.acme-ca == 'pebble' }} run: test/setup/setup-pebble.sh + - name: Setup Boulder + if: ${{ matrix.acme-ca == 'boulder' }} + run: test/setup/setup-boulder.sh - name: Download nginx-proxy Patched Image uses: actions/download-artifact@v2 with: @@ -149,6 +160,7 @@ jobs: - name: Setup NGINX Proxy env: SETUP: ${{ matrix.setup }} + ACME_CA: ${{ matrix.acme-ca }} run: test/setup/setup-nginx-proxy.sh # ADD BUILDED IMAGE - name: Download Builded Image @@ -161,6 +173,10 @@ jobs: - name: Integration Testing env: SETUP: ${{ matrix.setup }} + ACME_CA: ${{ matrix.acme-ca }} run: test/run.sh -t ${{ matrix.test-name }} "$IMAGE" - if: ${{ failure() }} + env: + SETUP: ${{ matrix.setup }} + ACME_CA: ${{ matrix.acme-ca }} run: test/github_actions/containers-logs.sh diff --git a/test/github_actions/containers-logs.sh b/test/github_actions/containers-logs.sh index 75b4327..852f015 100755 --- a/test/github_actions/containers-logs.sh +++ b/test/github_actions/containers-logs.sh @@ -10,7 +10,8 @@ fi containers+=("$NGINX_CONTAINER_NAME") [[ $SETUP = "3containers" ]] && containers+=("$DOCKER_GEN_CONTAINER_NAME") -containers+=(pebble challtestserv) +[[ $ACME_CA = "boulder" ]] && containers+=(boulder) +[[ $ACME_CA = "pebble" ]] && containers+=(pebble challtestserv) for container in "${containers[@]}"; do bold_echo "Docker container output for $container" diff --git a/test/setup/setup-nginx-proxy.sh b/test/setup/setup-nginx-proxy.sh index 61e7d42..070f140 100755 --- a/test/setup/setup-nginx-proxy.sh +++ b/test/setup/setup-nginx-proxy.sh @@ -2,6 +2,22 @@ set -e +case $ACME_CA in + + pebble) + test_net='acme_net' + ;; + + boulder) + test_net='boulder_bluenet' + ;; + + *) + echo "$0 $ACME_CA: invalid option." + exit 1 + +esac + case $SETUP in 2containers) @@ -13,7 +29,7 @@ case $SETUP in -v /usr/share/nginx/html \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \ - --network acme_net \ + --network "$test_net" \ jwilder/nginx-proxy ;; @@ -27,7 +43,7 @@ case $SETUP in -v /etc/nginx/vhost.d \ -v /usr/share/nginx/html \ --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \ - --network acme_net \ + --network "$test_net" \ nginx:alpine docker run -d \ @@ -36,7 +52,7 @@ case $SETUP in -v "${GITHUB_WORKSPACE}/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro" \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \ - --network acme_net \ + --network "$test_net" \ jwilder/docker-gen \ -notify-sighup "$NGINX_CONTAINER_NAME" -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf ;; diff --git a/test/tests/acme_accounts/run.sh b/test/tests/acme_accounts/run.sh index ac9ddc0..ad0ec34 100755 --- a/test/tests/acme_accounts/run.sh +++ b/test/tests/acme_accounts/run.sh @@ -2,6 +2,18 @@ ## Test for ACME accounts handling. +case $ACME_CA in + pebble) + test_net='acme_net' + ;; + boulder) + test_net='boulder_bluenet' + ;; + *) + echo "$0 $ACME_CA: invalid option." + exit 1 +esac + if [[ -z $GITHUB_ACTIONS ]]; then le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")" else @@ -32,7 +44,7 @@ run_nginx_container "${domains[0]}" wait_for_symlink "${domains[0]}" "$le_container_name" # Test if the expected folder / file / content are there. -json_file="/etc/acme.sh/default/ca/pebble/account.json" +json_file="/etc/acme.sh/default/ca/$ACME_CA/account.json" if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/default" ]]; then echo "The /etc/acme.sh/default folder does not exist." elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then @@ -59,7 +71,7 @@ run_nginx_container "${domains[1]}" wait_for_symlink "${domains[1]}" "$le_container_name" # Test if the expected folder / file / content are there. -json_file="/etc/acme.sh/${default_email}/ca/pebble/account.json" +json_file="/etc/acme.sh/${default_email}/ca/$ACME_CA/account.json" if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$default_email" ]]; then echo "The /etc/acme.sh/$default_email folder does not exist." elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then @@ -76,7 +88,7 @@ if ! docker run --rm -d \ -e "VIRTUAL_HOST=${domains[2]}" \ -e "LETSENCRYPT_HOST=${domains[2]}" \ -e "LETSENCRYPT_EMAIL=${container_email}" \ - --network acme_net \ + --network "$test_net" \ nginx:alpine > /dev/null ; \ then echo "Failed to start test web server for ${domains[2]}" @@ -88,7 +100,7 @@ fi wait_for_symlink "${domains[2]}" "$le_container_name" # Test if the expected folder / file / content are there. -json_file="/etc/acme.sh/${container_email}/ca/pebble/account.json" +json_file="/etc/acme.sh/${container_email}/ca/$ACME_CA/account.json" if docker exec "$le_container_name" [[ ! -d "/etc/acme.sh/$container_email" ]]; then echo "The /etc/acme.sh/$container_email folder does not exist." elif docker exec "$le_container_name" [[ ! -f "$json_file" ]]; then diff --git a/test/tests/certs_single_domain/run.sh b/test/tests/certs_single_domain/run.sh index 940fc6f..9e726a2 100755 --- a/test/tests/certs_single_domain/run.sh +++ b/test/tests/certs_single_domain/run.sh @@ -2,6 +2,18 @@ ## Test for spliting SAN certificates into single domain certificates by NGINX container env variables +case $ACME_CA in + pebble) + test_net='acme_net' + ;; + boulder) + test_net='boulder_bluenet' + ;; + *) + echo "$0 $ACME_CA: invalid option." + exit 1 +esac + if [[ -z $GITHUB_ACTIONS ]]; then le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")" else @@ -47,7 +59,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do -e "VIRTUAL_HOST=${TEST_DOMAINS}" \ -e "LETSENCRYPT_HOST=${hosts}" \ -e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \ - --network acme_net \ + --network "$test_net" \ nginx:alpine > /dev/null; then echo "Could not start test web server for $hosts" diff --git a/test/tests/certs_standalone/run.sh b/test/tests/certs_standalone/run.sh index 6127605..20e5855 100755 --- a/test/tests/certs_standalone/run.sh +++ b/test/tests/certs_standalone/run.sh @@ -2,6 +2,18 @@ ## Test for standalone certificates. +case $ACME_CA in + pebble) + test_net='acme_net' + ;; + boulder) + test_net='boulder_bluenet' + ;; + *) + echo "$0 $ACME_CA: invalid option." + exit 1 +esac + if [[ -z $GITHUB_ACTIONS ]]; then le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")" else @@ -34,7 +46,7 @@ EOF if ! docker run --rm -d \ --name "$subdomain" \ -e "VIRTUAL_HOST=$subdomain" \ - --network acme_net \ + --network "$test_net" \ nginx:alpine > /dev/null; then echo "Could not start test web server for $subdomain" diff --git a/test/tests/container_restart/run.sh b/test/tests/container_restart/run.sh index 9e24dcd..da77771 100755 --- a/test/tests/container_restart/run.sh +++ b/test/tests/container_restart/run.sh @@ -2,6 +2,18 @@ ## Test for LETSENCRYPT_RESTART_CONTAINER variable. +case $ACME_CA in + pebble) + test_net='acme_net' + ;; + boulder) + test_net='boulder_bluenet' + ;; + *) + echo "$0 $ACME_CA: invalid option." + exit 1 +esac + if [[ -z $GITHUB_ACTIONS ]]; then le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")" else @@ -42,7 +54,7 @@ for domain in "${domains[@]}"; do -e "VIRTUAL_HOST=${domain}" \ -e "LETSENCRYPT_HOST=${domain}" \ -e "LETSENCRYPT_RESTART_CONTAINER=true" \ - --network acme_net \ + --network "$test_net" \ nginx:alpine > /dev/null; \ then [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain" diff --git a/test/tests/ocsp_must_staple/run.sh b/test/tests/ocsp_must_staple/run.sh index 1db0487..aef3e1e 100755 --- a/test/tests/ocsp_must_staple/run.sh +++ b/test/tests/ocsp_must_staple/run.sh @@ -2,6 +2,18 @@ ## Test for OCSP Must-Staple extension. +case $ACME_CA in + pebble) + test_net='acme_net' + ;; + boulder) + test_net='boulder_bluenet' + ;; + *) + echo "$0 $ACME_CA: invalid option." + exit 1 +esac + if [[ -z $GITHUB_ACTIONS ]]; then le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")" else @@ -31,7 +43,7 @@ if docker run --rm -d \ -e "VIRTUAL_HOST=${domains[0]}" \ -e "LETSENCRYPT_HOST=${domains[0]}" \ -e "ACME_OCSP=true" \ - --network acme_net \ + --network "$test_net" \ nginx:alpine > /dev/null; \ then [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for ${domains[0]} (ACME_OCSP=true)" diff --git a/test/tests/private_keys/run.sh b/test/tests/private_keys/run.sh index b0088b1..cba871f 100755 --- a/test/tests/private_keys/run.sh +++ b/test/tests/private_keys/run.sh @@ -2,6 +2,18 @@ ## Test for private keys types +case $ACME_CA in + pebble) + test_net='acme_net' + ;; + boulder) + test_net='boulder_bluenet' + ;; + *) + echo "$0 $ACME_CA: invalid option." + exit 1 +esac + if [[ -z $GITHUB_ACTIONS ]]; then le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")" else @@ -42,7 +54,7 @@ for key in "${!key_types[@]}"; do -e "VIRTUAL_HOST=${domains[0]}" \ -e "LETSENCRYPT_HOST=${domains[0]}" \ -e "LETSENCRYPT_KEYSIZE=${key}" \ - --network acme_net \ + --network "$test_net" \ nginx:alpine > /dev/null; then echo "Could not start test web server for ${key}" diff --git a/test/tests/test-functions.sh b/test/tests/test-functions.sh index cf8ca85..cb45038 100755 --- a/test/tests/test-functions.sh +++ b/test/tests/test-functions.sh @@ -22,7 +22,18 @@ function run_le_container { if [[ "$SETUP" == '3containers' ]]; then cli_args_arr+=(--env "NGINX_DOCKER_GEN_CONTAINER=$DOCKER_GEN_CONTAINER_NAME") fi - + + if [[ "$ACME_CA" == 'boulder' ]]; then + cli_args_arr+=(--env "ACME_CA_URI=http://boulder:4001/directory") + cli_args_arr+=(--network boulder_bluenet) + elif [[ "$ACME_CA" == 'pebble' ]]; then + cli_args_arr+=(--env "ACME_CA_URI=https://pebble:14000/dir") + cli_args_arr+=(--env "CA_BUNDLE=/pebble.minica.pem") + cli_args_arr+=(--network acme_net) + else + return 1 + fi + if docker run -d \ --name "$name" \ --volumes-from "$NGINX_CONTAINER_NAME" \ @@ -33,10 +44,7 @@ function run_le_container { --env "TEST_MODE=true" \ --env "DHPARAM_BITS=256" \ --env "DEBUG=1" \ - --env "ACME_CA_URI=https://pebble:14000/dir" \ - --env "CA_BUNDLE=/pebble.minica.pem" \ --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \ - --network acme_net \ "$image" > /dev/null; \ then [[ "${DRY_RUN:-}" == 1 ]] && echo "Started letsencrypt container for test ${name%%_2*}" @@ -53,12 +61,22 @@ function run_nginx_container { local le_host="${1:?}" local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}" local container_name="${2:-$virtual_host}" + + local -a cli_args_arr + if [[ "$ACME_CA" == 'boulder' ]]; then + cli_args_arr+=(--network boulder_bluenet) + elif [[ "$ACME_CA" == 'pebble' ]]; then + cli_args_arr+=(--network acme_net) + else + return 1 + fi + [[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host" if docker run --rm -d \ --name "$container_name" \ -e "VIRTUAL_HOST=$virtual_host" \ -e "LETSENCRYPT_HOST=$le_host" \ - --network acme_net \ + "${cli_args_arr[@]}" \ nginx:alpine > /dev/null ; \ then [[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."