CA handler tests - CMPv2 #1047
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CA handler tests - CMPv2 | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '0 2 * * 6' | |
jobs: | |
cmp_handler_tests: | |
name: "cmp_handler_tests" | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 2 | |
fail-fast: false | |
matrix: | |
websrv: ['apache2', 'nginx'] | |
dbhandler: ['wsgi', 'django'] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Get runner ip" | |
run: | | |
echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
- run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
- name: "Build container" | |
uses: ./.github/actions/container_prep | |
with: | |
DB_HANDLER: ${{ matrix.dbhandler }} | |
WEB_SRV: ${{ matrix.websrv }} | |
- name: "Create ssh environment on ramdisk" | |
run: | | |
sudo mkdir -p /tmp/rd | |
sudo mount -t tmpfs -o size=5M none /tmp/rd | |
sudo echo "$SSH_KEY" > /tmp/rd/ak.tmp | |
sudo chmod 600 /tmp/rd/ak.tmp | |
sudo echo "$KNOWN_HOSTS" > /tmp/rd/known_hosts | |
env: | |
SSH_KEY: ${{ secrets.WCCE_SSH_ACCESS_KEY }} | |
KNOWN_HOSTS: ${{ secrets.WCCE_SSH_KNOWN_HOSTS }} | |
- name: "Setup ssh forwarder" | |
run: | | |
docker run -d --rm --network acme --name=ssh-forwarder.acme -e "MAPPINGS=8086:$CMP_HOST:8086" -e "SSH_HOST=$SSH_HOST" -e "SSH_PORT=$SSH_PORT" -e "SSH_USER=$SSH_USER" -p 443:443 -p 445:445 -p 88:88 -v "/tmp/rd/ak.tmp:/ssh_key:ro" davidlor/ssh-port-forward-client:dev | |
env: | |
SSH_USER: ${{ secrets.CMP_SSH_USER }} | |
SSH_HOST: ${{ secrets.CMP_SSH_HOST }} | |
SSH_PORT: ${{ secrets.CMP_SSH_PORT }} | |
CMP_HOST: ${{ secrets.CMP_HOST }} | |
- name: "Setup a2c with cmp_ca_handler with key-cert authentication" | |
run: | | |
sudo touch examples/Docker/data/ca_bundle.pem | |
sudo touch examples/Docker/data/ra_cert.pem | |
sudo touch examples/Docker/data/ra_key.pem | |
sudo chmod 777 examples/Docker/data/*.pem | |
sudo echo "$CMP_TRUSTED" > examples/Docker/data/ca_bundle.pem | |
sudo echo "$CMP_RA_CERT" > examples/Docker/data/ra_cert.pem | |
sudo echo "$CMP_RA_KEY" > examples/Docker/data/ra_key.pem | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/cmp_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_path: pkix/" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_ignore_keyusage: True" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_msg_timeout: 3" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_total_timeout: 5" >> examples/Docker/data/acme_srv.cfg | |
# sudo echo "cmp_server: $RUNNER_IP:8086" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_server: ssh-forwarder.acme:8086" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_cert: volume/ra_cert.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_key: volume/ra_key.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_trusted: volume/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
env: | |
RUNNER_IP: ${{ env.RUNNER_IP }} | |
CMP_RECIPIENT: ${{ secrets.CMP_RECIPIENT }} | |
CMP_RA_KEY: ${{ secrets.CMP_RA_KEY }} | |
CMP_RA_CERT: ${{ secrets.CMP_RA_CERT }} | |
CMP_TRUSTED: ${{ secrets.CMP_TRUSTED }} | |
- name: "Sleep for 10s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 10s | |
- name: "Test http://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
- name: "Test if https://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
- name: "Enroll acme.sh" | |
run: | | |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force | |
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer | |
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
sudo rm -rf acme-sh/* | |
- name: "Setup a2c with cmp_ca_handler with PSK refnum authentication" | |
run: | | |
sudo touch examples/Docker/data/ca_bundle.pem | |
sudo touch examples/Docker/data/ra_cert.pem | |
sudo chmod 777 examples/Docker/data/*.pem | |
sudo echo "$CMP_TRUSTED" > examples/Docker/data/ca_bundle.pem | |
sudo echo "$CMP_RA_CERT" > examples/Docker/data/ra_cert.pem | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/cmp_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_path: pkix/" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_ignore_keyusage: True" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_msg_timeout: 3" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_total_timeout: 5" >> examples/Docker/data/acme_srv.cfg | |
# sudo echo "cmp_server: $RUNNER_IP:8086" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_server: ssh-forwarder.acme:8086" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_cert: volume/ra_cert.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_trusted: volume/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_ref: $CMP_REF" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "cmp_secret: $CMP_SECRET" >> examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
env: | |
RUNNER_IP: ${{ env.RUNNER_IP }} | |
CMP_RECIPIENT: ${{ secrets.CMP_RECIPIENT }} | |
CMP_RA_CERT: ${{ secrets.CMP_RA_CERT }} | |
CMP_TRUSTED: ${{ secrets.CMP_TRUSTED }} | |
CMP_REF: ${{ secrets.CMP_REF }} | |
CMP_SECRET: ${{ secrets.CMP_SECRET }} | |
- name: "Sleep for 10s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 10s | |
- name: "Sleep for 10s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 10s | |
- name: "Test http://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
- name: "Test if https://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
- name: "Enroll acme.sh" | |
run: | | |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force | |
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer | |
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
- name: "Check container configuration" | |
uses: ./.github/actions/container_check | |
with: | |
DB_HANDLER: ${{ matrix.dbhandler }} | |
WEB_SRV: ${{ matrix.websrv }} | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
cd examples/Docker | |
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data acme-sh certbot lego | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: cmp_handler_tests-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |
rpm_cmp_handler_tests_keycert: | |
name: "rpm_cmp_handler_tests_keycert" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Prepare Alma environment" | |
uses: ./.github/actions/rpm_prep | |
with: | |
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
RH_VERSION: 9 | |
- name: "Get runner ip" | |
run: | | |
echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
- run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
- name: "Create ssh environment on ramdisk" | |
run: | | |
sudo mkdir -p /tmp/rd | |
sudo mount -t tmpfs -o size=5M none /tmp/rd | |
sudo echo "$SSH_KEY" > /tmp/rd/ak.tmp | |
sudo chmod 600 /tmp/rd/ak.tmp | |
sudo echo "$KNOWN_HOSTS" > /tmp/rd/known_hosts | |
env: | |
SSH_KEY: ${{ secrets.WCCE_SSH_ACCESS_KEY }} | |
KNOWN_HOSTS: ${{ secrets.WCCE_SSH_KNOWN_HOSTS }} | |
- name: "Setup ssh forwarder" | |
run: | | |
docker run -d --rm --network acme --name=ssh-forwarder.acme -e "MAPPINGS=8086:$CMP_HOST:8086" -e "SSH_HOST=$SSH_HOST" -e "SSH_PORT=$SSH_PORT" -e "SSH_USER=$SSH_USER" -p 443:443 -p 445:445 -p 88:88 -v "/tmp/rd/ak.tmp:/ssh_key:ro" davidlor/ssh-port-forward-client:dev | |
env: | |
SSH_USER: ${{ secrets.CMP_SSH_USER }} | |
SSH_HOST: ${{ secrets.CMP_SSH_HOST }} | |
SSH_PORT: ${{ secrets.CMP_SSH_PORT }} | |
CMP_HOST: ${{ secrets.CMP_HOST }} | |
- name: "Sleep for 5s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 5s | |
- name: "Setup a2c with cmp_ca_handler" | |
run: | | |
sudo mkdir data/acme_ca | |
sudo cp test/ca/root-ca-cert.pem data/acme_ca | |
sudo cp test/ca/sub-ca-cert.pem data/acme_ca | |
sudo touch data/acme_ca/ca_bundle.pem | |
sudo touch data/acme_ca/ra_cert.pem | |
sudo touch data/acme_ca/ra_key.pem | |
sudo chmod 777 data/acme_ca/*.pem | |
sudo echo "$CMP_TRUSTED" > data/acme_ca/ca_bundle.pem | |
sudo echo "$CMP_RA_CERT" > data/acme_ca/ra_cert.pem | |
sudo echo "$CMP_RA_KEY" > data/acme_ca/ra_key.pem | |
sudo touch data/acme_srv.cfg | |
sudo chmod 777 data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/cmp_ca_handler.py" >> data/acme_srv.cfg | |
sudo echo "cmp_path: pkix/" >> data/acme_srv.cfg | |
sudo echo "cmp_ignore_keyusage: True" >> data/acme_srv.cfg | |
sudo echo "cmp_msg_timeout: 3" >> data/acme_srv.cfg | |
sudo echo "cmp_total_timeout: 5" >> data/acme_srv.cfg | |
sudo echo "cmp_server: ssh-forwarder.acme:8086" >> data/acme_srv.cfg | |
sudo echo "cmp_cert: /opt/acme2certifier/volume/acme_ca/ra_cert.pem" >> data/acme_srv.cfg | |
sudo echo "cmp_key: /opt/acme2certifier/volume/acme_ca/ra_key.pem" >> data/acme_srv.cfg | |
sudo echo "cmp_trusted: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg | |
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> data/acme_srv.cfg | |
env: | |
RUNNER_IP: ${{ env.RUNNER_IP }} | |
CMP_RECIPIENT: ${{ secrets.CMP_RECIPIENT }} | |
CMP_RA_KEY: ${{ secrets.CMP_RA_KEY }} | |
CMP_RA_CERT: ${{ secrets.CMP_RA_CERT }} | |
CMP_TRUSTED: ${{ secrets.CMP_TRUSTED }} | |
- name: "Execute install scipt" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
- name: "Sleep for 10s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 10s | |
- name: "Test http://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
- name: "Test if https://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
- name: "Enroll acme.sh" | |
run: | | |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force | |
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer | |
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: rpm_cmp_handler_tests_keycert.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |
rpm_cmp_handler_tests_refpsk: | |
name: "rpm_cmp_handler_tests_refpsk" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Prepare Alma environment" | |
uses: ./.github/actions/rpm_prep | |
with: | |
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
RH_VERSION: 9 | |
- name: "Get runner ip" | |
run: | | |
echo RUNNER_IP=$(ip addr show eth0 | grep -i "inet " | cut -d ' ' -f 6 | cut -d '/' -f 1) >> $GITHUB_ENV | |
echo RUNNER_PATH=$(pwd | sed 's_/_\\/_g') >> $GITHUB_ENV | |
- run: echo "runner IP is ${{ env.RUNNER_IP }}" | |
- name: "Create ssh environment on ramdisk" | |
run: | | |
sudo mkdir -p /tmp/rd | |
sudo mount -t tmpfs -o size=5M none /tmp/rd | |
sudo echo "$SSH_KEY" > /tmp/rd/ak.tmp | |
sudo chmod 600 /tmp/rd/ak.tmp | |
sudo echo "$KNOWN_HOSTS" > /tmp/rd/known_hosts | |
env: | |
SSH_KEY: ${{ secrets.WCCE_SSH_ACCESS_KEY }} | |
KNOWN_HOSTS: ${{ secrets.WCCE_SSH_KNOWN_HOSTS }} | |
- name: "Setup ssh forwarder" | |
run: | | |
docker run -d --rm --network acme --name=ssh-forwarder.acme -e "MAPPINGS=8086:$CMP_HOST:8086" -e "SSH_HOST=$SSH_HOST" -e "SSH_PORT=$SSH_PORT" -e "SSH_USER=$SSH_USER" -p 443:443 -p 445:445 -p 88:88 -v "/tmp/rd/ak.tmp:/ssh_key:ro" davidlor/ssh-port-forward-client:dev | |
env: | |
SSH_USER: ${{ secrets.CMP_SSH_USER }} | |
SSH_HOST: ${{ secrets.CMP_SSH_HOST }} | |
SSH_PORT: ${{ secrets.CMP_SSH_PORT }} | |
CMP_HOST: ${{ secrets.CMP_HOST }} | |
- name: "[ PREPARE ] Sleep for 5s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 5s | |
- name: "Setup a2c with cmp_ca_handler" | |
run: | | |
sudo mkdir data/acme_ca | |
sudo cp test/ca/root-ca-cert.pem data/acme_ca | |
sudo cp test/ca/sub-ca-cert.pem data/acme_ca | |
sudo touch data/acme_ca/ca_bundle.pem | |
sudo touch data/acme_ca/ra_cert.pem | |
sudo chmod 777 data/acme_ca/*.pem | |
sudo echo "$CMP_TRUSTED" > data/acme_ca/ca_bundle.pem | |
sudo echo "$CMP_RA_CERT" > data/acme_ca/ra_cert.pem | |
sudo touch data/acme_srv.cfg | |
sudo chmod 777 data/acme_srv.cfg | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/cmp_ca_handler.py" >> data/acme_srv.cfg | |
sudo echo "cmp_path: pkix/" >> data/acme_srv.cfg | |
sudo echo "cmp_ignore_keyusage: True" >> data/acme_srv.cfg | |
sudo echo "cmp_msg_timeout: 3" >> data/acme_srv.cfg | |
sudo echo "cmp_total_timeout: 5" >> data/acme_srv.cfg | |
sudo echo "cmp_server: ssh-forwarder.acme:8086" >> data/acme_srv.cfg | |
sudo echo "cmp_cert: /opt/acme2certifier/volume/acme_ca/ra_cert.pem" >> data/acme_srv.cfg | |
sudo echo "cmp_trusted: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg | |
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> data/acme_srv.cfg | |
sudo echo "cmp_ref: $CMP_REF" >> data/acme_srv.cfg | |
sudo echo "cmp_secret: $CMP_SECRET" >> data/acme_srv.cfg | |
env: | |
RUNNER_IP: ${{ env.RUNNER_IP }} | |
CMP_RECIPIENT: ${{ secrets.CMP_RECIPIENT }} | |
CMP_RA_CERT: ${{ secrets.CMP_RA_CERT }} | |
CMP_TRUSTED: ${{ secrets.CMP_TRUSTED }} | |
CMP_REF: ${{ secrets.CMP_REF }} | |
CMP_SECRET: ${{ secrets.CMP_SECRET }} | |
- name: "Execute install scipt" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
- name: "Sleep for 10s" | |
uses: juliangruber/[email protected] | |
with: | |
time: 10s | |
- name: "Test http://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
- name: "Test if https://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory | |
- name: "Enroll acme.sh" | |
run: | | |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail '[email protected]' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force | |
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer | |
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: rpm_cmp_handler_tests_refpsk.tar_rpm.gz | |
path: ${{ github.workspace }}/artifact/upload/ |