CI/CD: Refactor the run_nginx_container() function

2024-09-28 07:30:21 +02:00 · 2020-12-28 11:26:52 +01:00 · 2020-12-28 11:26:52 +01:00 · dc4255d8fa
commit dc4255d8fa
parent 2222adc954
12 changed files with 53 additions and 141 deletions
--- a/test/tests/acme_accounts/run.sh
+++ b/test/tests/acme_accounts/run.sh
@ -2,18 +2,6 @@

 ## Test for ACME accounts handling.

-case $ACME_CA in
-  pebble)
-    test_net='acme_net'
-  ;;
-  boulder)
-    test_net='boulder_bluenet'
-  ;;
-  *)
-    echo "$0 $ACME_CA: invalid option."
-    exit 1
-esac
-
 if [[ -z $GITHUB_ACTIONS ]]; then
  le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@ -38,7 +26,7 @@ function cleanup {
 trap cleanup EXIT

 # Run an nginx container for ${domains[0]}.
-run_nginx_container "${domains[0]}"
+run_nginx_container --hosts "${domains[0]}"

 # Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
 wait_for_symlink "${domains[0]}" "$le_container_name"
@ -65,7 +53,7 @@ le_container_name="${le_container_name}_default"
 run_le_container "${1:?}" "$le_container_name" "--env DEFAULT_EMAIL=${default_email}"

 # Run an nginx container for ${domains[1]} without LETSENCRYPT_EMAIL set.
-run_nginx_container "${domains[1]}"
+run_nginx_container --hosts "${domains[1]}"

 # Wait for a symlink at /etc/nginx/certs/${domains[1]}.crt
 wait_for_symlink "${domains[1]}" "$le_container_name"
@ -83,18 +71,7 @@ fi

 # Run an nginx container for ${domains[2]} with LETSENCRYPT_EMAIL set.
 container_email="contact@${domains[2]}"
-if ! docker run --rm -d \
-  --name "${domains[2]}" \
-  -e "VIRTUAL_HOST=${domains[2]}" \
-  -e "LETSENCRYPT_HOST=${domains[2]}" \
-  -e "LETSENCRYPT_EMAIL=${container_email}" \
-  --network "$test_net" \
-  nginx:alpine > /dev/null ; \
-then
-  echo "Failed to start test web server for ${domains[2]}"
-elif [[ "${DRY_RUN:-}" == 1 ]]; then
-  echo "Started test web server for ${domains[2]}"
-fi
+run_nginx_container --hosts "${domains[2]}" --cli-args "--env LETSENCRYPT_EMAIL=${container_email}"

 # Wait for a symlink at /etc/nginx/certs/${domains[2]}.crt
 wait_for_symlink "${domains[2]}" "$le_container_name"
--- a/test/tests/certs_san/run.sh
+++ b/test/tests/certs_san/run.sh
@ -46,7 +46,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
  container="test$i"

  # Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
-  run_nginx_container "$hosts" "$container"
+  run_nginx_container --hosts "$hosts" --name "$container"

  # Wait for a symlink at /etc/nginx/certs/$base_domain.crt
  if wait_for_symlink "$base_domain" "$le_container_name" "./${base_domain}/fullchain.pem"; then
--- a/test/tests/certs_single/run.sh
+++ b/test/tests/certs_single/run.sh
@ -28,7 +28,7 @@ trap cleanup EXIT
 # Run a separate nginx container for each domain in the $domains array.
 # Start all the containers in a row so that docker-gen debounce timers fire only once.
 for domain in "${domains[@]}"; do
-  run_nginx_container "$domain"
+  run_nginx_container --hosts "$domain"
 done

 for domain in "${domains[@]}"; do
--- a/test/tests/certs_single_domain/run.sh
+++ b/test/tests/certs_single_domain/run.sh
@ -2,18 +2,6 @@

 ## Test for spliting SAN certificates into single domain certificates by NGINX container env variables

-case $ACME_CA in
-  pebble)
-    test_net='acme_net'
-  ;;
-  boulder)
-    test_net='boulder_bluenet'
-  ;;
-  *)
-    echo "$0 $ACME_CA: invalid option."
-    exit 1
-esac
-
 if [[ -z $GITHUB_ACTIONS ]]; then
  le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@ -54,18 +42,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
  container="test$i"

  # Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
-  if ! docker run --rm -d \
-    --name "$container" \
-    -e "VIRTUAL_HOST=${TEST_DOMAINS}" \
-    -e "LETSENCRYPT_HOST=${hosts}" \
-    -e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
-    --network "$test_net" \
-    nginx:alpine > /dev/null;
-  then
-    echo "Could not start test web server for $hosts"
-  elif [[ "${DRY_RUN:-}" == 1 ]]; then
-    echo "Started test web server for $hosts"
-  fi
+  run_nginx_container --hosts "${hosts}" --name "$container" --cli-args "--env LETSENCRYPT_SINGLE_DOMAIN_CERTS=true"

  for domain in "${domains[@]}"; do
      ## For all the domains in the $domains array ...
--- a/test/tests/container_restart/run.sh
+++ b/test/tests/container_restart/run.sh
@ -2,18 +2,6 @@

 ## Test for LETSENCRYPT_RESTART_CONTAINER variable.

-case $ACME_CA in
-  pebble)
-    test_net='acme_net'
-  ;;
-  boulder)
-    test_net='boulder_bluenet'
-  ;;
-  *)
-    echo "$0 $ACME_CA: invalid option."
-    exit 1
-esac
-
 if [[ -z $GITHUB_ACTIONS ]]; then
  le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@ -49,18 +37,7 @@ trap cleanup EXIT

 # Run a separate nginx container for each domain in the $domains array.
 for domain in "${domains[@]}"; do
-  if docker run --rm -d \
-    --name "$domain" \
-    -e "VIRTUAL_HOST=${domain}" \
-    -e "LETSENCRYPT_HOST=${domain}" \
-    -e "LETSENCRYPT_RESTART_CONTAINER=true" \
-    --network "$test_net" \
-    nginx:alpine > /dev/null; \
-  then
-    [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"
-  else
-    echo "Could not start test web server for $domain"
-  fi
+  run_nginx_container --hosts "$domain" --cli-args "--env LETSENCRYPT_RESTART_CONTAINER=true"

  # Check if container restarted
  timeout="$(date +%s)"
--- a/test/tests/force_renew/run.sh
+++ b/test/tests/force_renew/run.sh
@ -24,7 +24,7 @@ function cleanup {
 trap cleanup EXIT

 # Run a nginx container for ${domains[0]}.
-run_nginx_container "${domains[0]}"
+run_nginx_container --hosts "${domains[0]}"

 # Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
 # Grab the expiration time of the certificate
--- a/test/tests/ocsp_must_staple/run.sh
+++ b/test/tests/ocsp_must_staple/run.sh
@ -2,18 +2,6 @@

 ## Test for OCSP Must-Staple extension.

-case $ACME_CA in
-  pebble)
-    test_net='acme_net'
-  ;;
-  boulder)
-    test_net='boulder_bluenet'
-  ;;
-  *)
-    echo "$0 $ACME_CA: invalid option."
-    exit 1
-esac
-
 if [[ -z $GITHUB_ACTIONS ]]; then
  le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@ -38,21 +26,10 @@ function cleanup {
 trap cleanup EXIT

 # Run an nginx container with ACME_OCSP=true
-if docker run --rm -d \
-  --name "${domains[0]}" \
-  -e "VIRTUAL_HOST=${domains[0]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]}" \
-  -e "ACME_OCSP=true" \
-  --network "$test_net" \
-  nginx:alpine > /dev/null; \
-then
-  [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for ${domains[0]} (ACME_OCSP=true)"
-else
-  echo "Could not start test web server for ${domains[0]} (ACME_OCSP=true)"
-fi
+run_nginx_container --hosts "${domains[0]}" --cli-args "--env ACME_OCSP=true"

 # Run an second nginx container without ACME_OCSP=true
-run_nginx_container "${domains[1]}"
+run_nginx_container --hosts "${domains[1]}"

 # Wait for the symlink to the ${domains[0]} certificate
 wait_for_symlink "${domains[0]}" "$le_container_name"
--- a/test/tests/permissions_custom/run.sh
+++ b/test/tests/permissions_custom/run.sh
@ -30,7 +30,7 @@ function cleanup {
 trap cleanup EXIT

 # Run an nginx container for ${domains[0]}.
-run_nginx_container "${domains[0]}"
+run_nginx_container --hosts "${domains[0]}"

 # Wait for the cert symlink.
 wait_for_symlink "${domains[0]}" "$le_container_name"
--- a/test/tests/permissions_default/run.sh
+++ b/test/tests/permissions_default/run.sh
@ -24,7 +24,7 @@ function cleanup {
 trap cleanup EXIT

 # Run an nginx container for ${domains[0]}.
-run_nginx_container "${domains[0]}"
+run_nginx_container --hosts "${domains[0]}"

 # Wait for the cert symlink.
 wait_for_symlink "${domains[0]}" "$le_container_name"
--- a/test/tests/private_keys/run.sh
+++ b/test/tests/private_keys/run.sh
@ -2,18 +2,6 @@

 ## Test for private keys types

-case $ACME_CA in
-  pebble)
-    test_net='acme_net'
-  ;;
-  boulder)
-    test_net='boulder_bluenet'
-  ;;
-  *)
-    echo "$0 $ACME_CA: invalid option."
-    exit 1
-esac
-
 if [[ -z $GITHUB_ACTIONS ]]; then
  le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
 else
@ -49,18 +37,7 @@ key_types=( \
 for key in "${!key_types[@]}"; do

  # Run an Nginx container with the wanted key type.
-  if ! docker run --rm -d \
-    --name "${key}" \
-    -e "VIRTUAL_HOST=${domains[0]}" \
-    -e "LETSENCRYPT_HOST=${domains[0]}" \
-    -e "LETSENCRYPT_KEYSIZE=${key}" \
-    --network "$test_net" \
-    nginx:alpine > /dev/null;
-  then
-    echo "Could not start test web server for ${key}"
-  elif [[ "${DRY_RUN:-}" == 1 ]]; then
-    echo "Started test web server for ${key}"
-  fi
+  run_nginx_container --hosts "${domains[0]}" --name "${key}" --cli-args "--env LETSENCRYPT_KEYSIZE=${key}"

  # Grep the expected string from the public key in text form.
  if wait_for_symlink "${domains[0]}" "$le_container_name"; then
--- a/test/tests/symlinks/run.sh
+++ b/test/tests/symlinks/run.sh
@ -30,10 +30,10 @@ function cleanup {
 trap cleanup EXIT

 # Run a nginx container for the firs two domain in the $domains array ...
-run_nginx_container "${domains[0]},${domains[1]}" "symlink-le1-le2"
+run_nginx_container --hosts "${domains[0]},${domains[1]}" --name "symlink-le1-le2"

 # ... plus another nginx container for the third domain.
-run_nginx_container "${domains[2]}" "symlink-le3"
+run_nginx_container --hosts "${domains[2]}" --name "symlink-le3"

 # Wait for a file at /etc/nginx/certs/$domain/cert.pem
 wait_for_symlink "${domains[0]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
@ -65,7 +65,7 @@ wait_for_symlink_rm "${domains[2]}" "$le_container_name"

 # Start the nginx containers for ${domains[2]} again,
 # and check if the corresponding symlink is re-created.
-run_nginx_container "${domains[2]}" "symlink-le3"
+run_nginx_container --hosts "${domains[2]}" --name "symlink-le3"
 wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[2]}/fullchain.pem"

 # Stop the nginx containers for ${domains[2]} silently and wait for symlink removal.
@ -73,7 +73,7 @@ docker stop "symlink-le3" > /dev/null
 wait_for_symlink_rm "${domains[2]}" "$le_container_name"

 # Move ${domains[2]} to a san certificate with ${domains[0]} and ${domains[1]}
-run_nginx_container "${domains[0]},${domains[1]},${domains[2]}" "symlink-le1-le2-le3"
+run_nginx_container --hosts "${domains[0]},${domains[1]},${domains[2]}" --name "symlink-le1-le2-le3"

 # Check where the symlink points (should be ./le1.wtf/fullchain.pem)
 wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
@ -87,7 +87,7 @@ for domain in "${domains[@]}"; do
 done

 # Move ${domains[1]} to a new single domain certificate
-run_nginx_container "${domains[1]}" "symlink-le2"
+run_nginx_container --hosts "${domains[1]}" --name "symlink-le2"

 # Check where the symlink points (should be ./le2.wtf/fullchain.pem)
 wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[1]}/fullchain.pem"
@ -95,7 +95,7 @@ wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[1]}/fullchain
 # Stop the nginx container silently and try to put ${domains[1]} on a
 # san certificate whose authorization will fail.
 docker stop "symlink-le2" > /dev/null
-run_nginx_container "lim.it,${domains[1]}" "symlink-lim-le2"
+run_nginx_container --hosts "lim.it,${domains[1]}" --name "symlink-lim-le2"

 # The symlink creation for lim.it should time out, and the ${domains[1]}
 # symlink should still point to ./le2.wtf/fullchain.pem
--- a/test/tests/test-functions.sh
+++ b/test/tests/test-functions.sh
@ -58,11 +58,37 @@ export -f run_le_container

 # Run an nginx container
 function run_nginx_container {
-  local le_host="${1:?}"
-  local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
-  local container_name="${2:-$virtual_host}"
-  
  local -a cli_args_arr
+
+  while [[ $# -gt 0 ]]; do
+  local flag="$1"
+
+    case $flag in
+      -h|--hosts)
+      local le_host="${2:?}"
+      local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
+      shift 2
+      ;;
+
+      -n|--name)
+      local container_name="${2:?}"
+      shift 2
+      ;;
+
+      -c|--cli-args)
+      local cli_args_str="${2:?}"
+      for arg in $cli_args_str; do
+        cli_args_arr+=("$arg")
+      done
+      shift 2
+      ;;
+
+      *) #Unknown option
+      shift
+      ;;
+    esac
+  done
+
  if [[ "$ACME_CA" == 'boulder' ]]; then
    cli_args_arr+=(--network boulder_bluenet)
  elif [[ "$ACME_CA" == 'pebble' ]]; then
@ -71,9 +97,10 @@ function run_nginx_container {
    return 1
  fi

-  [[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
+  [[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with VIRTUAL_HOST=$virtual_host, LETSENCRYPT_HOST=$le_host and the following cli arguments : ${cli_args_arr[*]}."
+  
  if docker run --rm -d \
-    --name "$container_name" \
+    --name "${container_name:-$virtual_host}" \
    -e "VIRTUAL_HOST=$virtual_host" \
    -e "LETSENCRYPT_HOST=$le_host" \
    "${cli_args_arr[@]}" \
@ -81,7 +108,7 @@ function run_nginx_container {
  then
    [[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."
  else
-    echo "Failed to start test web server for $le_host"
+    echo "Failed to start $container_name nginx container, with VIRTUAL_HOST=$virtual_host, LETSENCRYPT_HOST=$le_host and the following cli arguments : ${cli_args_arr[*]}."
    return 1
  fi
  return 0