-
Notifications
You must be signed in to change notification settings - Fork 39
152 lines (129 loc) · 6.3 KB
/
winacme-application-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Application Tests - win-acme
on:
push:
pull_request:
branches: [ devel ]
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 2 * * 6'
jobs:
win_acme:
name: "win_acme"
runs-on: windows-latest
steps:
- name: "checkout GIT"
uses: actions/checkout@v4
- name: "[ PREPARE ] get RunnerIP"
run: |
Get-NetIPAddress -AddressFamily IPv4
# $runner_ip=(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'Ethernet').IPAddress
$runner_ip=(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'vEthernet (nat)').IPAddress
echo RUNNER_IP=$runner_ip >> $env:GITHUB_ENV
- name: "[ PREPARE ] echo RunnerIP"
run: echo $env:RUNNER_IP
- name: "[ PREPARE ] Create DNS entries "
run: |
Invoke-RestMethod -ContentType "application/json" -Method PUT -Uri ${{ secrets.CF_DYNAMOP_URL }} -Headers @{Authorization="Bearer ${{ secrets.CF_TOKEN }}"} -UseBasicParsing -Body '{"type":"A","name":"${{ secrets.CF_WINACME1_NAME }}","content":"${{ env.RUNNER_IP }}","ttl":120,"proxied":false}'
- name: "[ PREPARE ] Build local acme2certifier environment"
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install django==3.2
pip install django-sslserver
pip install pyyaml
cp examples/db_handler/django_handler.py acme_srv/db_handler.py
cp examples/django/* .\ -Recurse -Force
(Get-Content .github/django_settings.py) -replace '/var/www/acme2certifier/volume/db.sqlite3', 'volume/db.sqlite3' | Set-Content acme2certifier/settings.py
(Get-Content acme2certifier/settings.py) -replace 'django.contrib.staticfiles', 'sslserver' | Set-Content acme2certifier/settings.py
cat acme2certifier/settings.py
cp examples/ca_handler/openssl_ca_handler.py acme2certifier/ca_handler.py
cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg acme_srv/acme_srv.cfg
cp .github/acme2certifier_cert.pem acme2certifier/acme2certifier_cert.pem
cp .github/acme2certifier_key.pem acme2certifier/acme2certifier_key.pem
mkdir .\volume/acme_ca/certs
cp test/ca/*.pem volume/acme_ca/
certutil -addstore -enterprise -f -v root volume\acme_ca\root-ca-cert.pem
certutil -addstore -enterprise -f -v root volume\acme_ca\sub-ca-cert.pem
- name: "[ PREPARE ] configure server"
run: |
python manage.py makemigrations
python manage.py migrate
python manage.py loaddata acme_srv/fixture/status.yaml
- name: "[ PREPARE ] try to get up the server"
run: |
Start-Process powershell {python .\manage.py runserver 0.0.0.0:8080 3>&1 2>&1 > volume\redirection.log}
- name: "[ PREPARE ] Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "[ TEST ] Test if directory ressource is accessible"
run: |
get-Process python
Invoke-RestMethod -Uri http://127.0.0.1:8080/directory -NoProxy -TimeoutSec 5
[System.Net.Dns]::GetHostByName('localhost').HostName
([System.Net.Dns]::GetHostByName(($env:computerName))).Hostname
- name: "[ PREPARE ] Download win-acme"
run: |
Invoke-RestMethod -Uri https://github.com/win-acme/win-acme/releases/download/v2.2.8.1635/win-acme.v2.2.8.1635.x64.trimmed.zip -OutFile win-acme.zip
Expand-Archive .\win-acme.zip
mkdir win-acme\certs
dir win-acme\*
- name: "[ ENROLL ] Enroll certificate via win-acme"
run: |
.\win-acme\wacs.exe --baseuri http://127.0.0.1:8080 [email protected] --pemfilespath win-acme\certs --source manual --host ${{ secrets.CF_WINACME1_NAME }},${{ secrets.CF_WINACME2_NAME }} --store pemfiles --force
- name: "[ PREPARE ] try to get up the sslserver"
run: |
Start-Process powershell {python .\manage.py runsslserver 0.0.0.0:443 --certificate acme2certifier/acme2certifier_cert.pem --key acme2certifier/acme2certifier_key.pem 3>&1 2>&1 > volume\redirection_ssl.log}
- name: "[ PREPARE ] Sleep for 5s"
uses: juliangruber/[email protected]
with:
time: 5s
- name: "[ TEST ] Test if directory ressource is accessible"
run: |
get-Process python
Invoke-RestMethod -SkipCertificateCheck -Uri https://localhost -NoProxy -TimeoutSec 5
[System.Net.Dns]::GetHostByName('localhost').HostName
([System.Net.Dns]::GetHostByName(($env:computerName))).Hostname
- name: "[ PREPARE ] Install and configure Posh-ACME"
run: |
Install-Module -Name Posh-ACME -Scope CurrentUser -Force
- name: "Create account via Posh-ACME"
run: |
set-PAServer -DirectoryUrl https://localhost/directory -SkipCertificateCheck
$DebugPreference = 'Continue'
New-PAAccount -Contact '[email protected]'
$ACC_1 = (Get-PAAccount | Out-String -Stream | Select-String -Pattern "valid")
echo ACC1=$ACC_1 >> $env:GITHUB_ENV
Export-PAAccountKEy -OutputFile foo.key
echo $env:ACC_1
- name: "Recreate account via Posh-ACME"
run: |
$DebugPreference = 'Continue'
Get-PAAccount | Remove-PAAccount -Force
Get-PAAccount
New-PAAccount -Contact '[email protected]' -AcceptTOS -OnlyReturnExisting -KeyFile foo.key
Get-PAAccount -Refresh
$ACC_2 = (Get-PAAccount | Out-String -Stream | Select-String -Pattern "valid")
echo ACC2=$ACC_2 >> $env:GITHUB_ENV
echo $env:ACC_2
- name: "Rollover account key"
run: |
$DebugPreference = 'Continue'
Set-PAAccount -KeyRollover
- name: "[ ENROLL ] Enroll Certificate via Posh-ACME"
# if: $env:ACC_1 == env.ACC_2
run: |
$DebugPreference = 'Continue'
New-PACertificate ${{ secrets.CF_WINACME1_NAME }} -Plugin WebSelfHost -PluginArgs @{} -Force
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
run: |
mkdir ${{ github.workspace }}\artifact\upload
cp volume ${{ github.workspace }}\artifact\upload/ -Recurse -Force
cp acme_srv\acme_srv.cfg ${{ github.workspace }}\artifact\upload
- name: "[ * ] uploading artificates"
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: win-acme.tar.gz
path: ${{ github.workspace }}/artifact/upload/