Merge pull request #1391 from SpriteLink/dependabot/pip/nipap/certifi… #344
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
env: | |
ACTIONS_RUNNER_DEBUG: true | |
ACTIONS_STEP_DEBUG: true | |
NIPAPD_IMAGE: nipap/nipapd | |
WWW_IMAGE: nipap/nipap-www | |
jobs: | |
test: | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
install: [ pip, apt ] | |
upgrade: [ true, false ] | |
exclude: | |
- install: pip | |
upgrade: true | |
fail-fast: false | |
steps: | |
- name: "Check out NIPAP repository" | |
uses: actions/checkout@v2 | |
- name: "Install dependencies and prepare NIPAP" | |
run: | | |
# Set up NIPAP repo | |
echo "deb http://spritelink.github.io/NIPAP/repos/apt testing main extra" | sudo tee /etc/apt/sources.list.d/nipap.list | |
wget -O - https://spritelink.github.io/NIPAP/nipap.gpg.key | sudo apt-key add - | |
sudo apt update -qq | |
# Install dependencies for build and test | |
sudo apt install -y \ | |
devscripts \ | |
fakeroot \ | |
debhelper \ | |
dh-python \ | |
junit4 \ | |
libldap-dev \ | |
libsasl2-dev \ | |
python3-docutils \ | |
python3-nose \ | |
python3-requests \ | |
python3-setuptools \ | |
python3-wheel \ | |
python3-all \ | |
default-jdk \ | |
gradle \ | |
rename \ | |
postgresql-14-ip4r | |
sudo service postgresql start | |
pg_isready | |
sed -e 's/username = guest/username = unittest/' -e 's/password = guest/password = gottatest/' nipap-cli/nipaprc > ~/.nipaprc | |
chmod 0600 ~/.nipaprc | |
# Set up CA and generate SSL cert | |
mkdir /tmp/ca | |
openssl genrsa -out /tmp/ca/ca.key 2048 | |
openssl req -new -x509 -key /tmp/ca/ca.key -out /tmp/ca/ca.crt -subj '/C=SE/O=NIPAP Test CA' | |
sudo cp /tmp/ca/ca.crt /usr/local/share/ca-certificates/ | |
sudo update-ca-certificates | |
openssl genrsa -out /tmp/ca/test.key 2048 | |
openssl req -new -key /tmp/ca/test.key -out /tmp/ca/test.csr -subj "/CN=127.0.0.1" | |
openssl x509 -req -in /tmp/ca/test.csr -CA /tmp/ca/ca.crt -CAkey /tmp/ca/ca.key -CAcreateserial -out /tmp/ca/test.crt | |
cat /tmp/ca/test.crt /tmp/ca/test.crt > /tmp/ca/test.bundle.crt | |
sudo chmod -R a+r /tmp/ca | |
- name: "Install using pip" | |
if: ${{ matrix.install == 'pip' }} | |
run: | | |
# install nipap dependencies | |
sudo -H pip3 install -r nipap/requirements.txt | |
# SQL | |
sudo su -c "cd nipap/sql; PGPASSWORD=papin make install" postgres | |
# move configuration file into place | |
sudo mkdir /etc/nipap | |
sudo cp nipap/nipap.conf.dist /etc/nipap/nipap.conf | |
sudo sed -e "s/{{LISTEN_ADDRESS}}/127.0.0.1/" -e "s/{{LISTEN_PORT}}/1337/" -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -e "s/{{DB_USERNAME}}/nipap/" -e "s/{{DB_NAME}}/nipap/" -e "s/{{DB_PASSWORD}}/papin/" -e "s/{{DB_SSLMODE}}/require/" -e "s/{{DB_PORT}}/5432/" -e "s/{{DB_HOST}}/localhost/" -e "s/{{SYSLOG}}/true/" -i /etc/nipap/nipap.conf | |
# create local user for unittest | |
sudo nipap/nipap-passwd create-database | |
sudo nipap/nipap-passwd add -u unittest -p gottatest -n unittest | |
sudo nipap/nipap-passwd add -u readonly -p gottatest --readonly -n "Read-only user for running unit tests" | |
# install pynipap | |
cd pynipap; sudo python3 setup.py install; cd .. | |
# install nipap-cli dependencies | |
sudo -H pip3 install -r nipap-cli/requirements.txt | |
# start nipap backend | |
nipap/nipapd --no-pid-file -c /etc/nipap/nipap.conf -df 2>&1 > /tmp/nipap.log & | |
- name: "Install latest release from apt" | |
if: ${{ matrix.install == 'apt' && matrix.upgrade == true }} | |
run: | | |
# Install NIPAP packages from official repo | |
sudo apt install -qq nipapd nipap-www nipap-cli | |
# populate answers to nipapd package install questions and reconfigure | |
echo 'set nipapd/database_host localhost' | sudo debconf-communicate | |
echo 'set nipapd/local_db_autoconf true' | sudo debconf-communicate | |
echo 'set nipapd/startup true' | sudo debconf-communicate | |
echo 'set nipapd/local_db_upgrade true' | sudo debconf-communicate | |
sudo dpkg-reconfigure nipapd | |
# Enable SSL | |
sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf | |
# create local user for unittest and restart | |
sudo nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n unittest | |
sudo systemctl restart nipapd.service | |
# add some data to the database that we can verify later | |
nosetests3 tests/upgrade-before.py | |
# bump version so that we know we are upgrading beyond what is installed | |
(echo -e 'Version 9999.9.9\n------------------\n * Test version for automatic upgrade test'; cat NEWS) > NEWS2 | |
mv NEWS2 NEWS | |
make bumpversion | |
- name: "Build and install Debian packages" | |
if: ${{ matrix.install == 'apt' }} | |
run: | | |
# build new NIPAP packages | |
make builddeb | |
# install the newly built nipap packages | |
sudo apt install -o Dpkg::Options::="--force-confnew" ./nipap*.deb ./python*-pynipap*.deb | |
# populate answers to nipapd package install questions and reconfigure | |
echo 'set nipapd/database_host localhost' | sudo debconf-communicate | |
echo 'set nipapd/local_db_autoconf true' | sudo debconf-communicate | |
echo 'set nipapd/startup true' | sudo debconf-communicate | |
echo 'set nipapd/local_db_upgrade true' | sudo debconf-communicate | |
sudo dpkg-reconfigure nipapd | |
# Enable SSL | |
if [ `grep -c ssl_port /etc/nipap/nipap.conf` -eq 0 ]; then \ | |
# No SSL config in file - add from scratch | |
sudo sed '/^port *=.*/a ssl_port = 1338\nssl_cert_file = \/tmp\/ca\/test.bundle.crt\nssl_key_file = \/tmp\/ca\/test.key' -i /etc/nipap/nipap.conf; \ | |
else \ | |
sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf; \ | |
fi | |
# create local user for unittests | |
sudo nipap/nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n "User for running unit tests" | |
sudo nipap/nipap-passwd add -u readonly -p gottatest -f /etc/nipap/local_auth.db --readonly -n "Read-only user for running unit tests" | |
sudo sed -e "s/^db_host *=.*/db_host = localhost/" -e "s/{{SYSLOG}}/true/" -e "s/^debug.\+/debug = true/" -e "s/^user/#user/" -i /etc/nipap/nipap.conf | |
sudo systemctl restart nipapd.service | |
- name: "Verify pre-upgrade data" | |
if: ${{ matrix.upgrade == true }} | |
run: nosetests3 tests/upgrade-after.py | |
- name: "Run test suite" | |
env: | |
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt | |
run: | | |
nosetests3 tests/test_xmlrpc.py | |
nosetests3 tests/nipaptest.py | |
nosetests3 tests/test_cli.py | |
nosetests3 tests/test_nipap_ro.py | |
nosetests3 tests/test_rest.py | |
make -C jnipap test | |
- name: "Accident analysis" | |
if: failure() | |
run: | | |
sudo cat /etc/nipap/nipap.conf || true | |
sudo cat /var/log/syslog || true | |
sudo cat /var/log/postgresql/postgresql-*-main.log || true | |
sudo cat /tmp/nipap.log || true | |
docker: | |
name: docker | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Set up QEMU" | |
uses: docker/setup-qemu-action@v3 | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Check out NIPAP repository" | |
uses: actions/checkout@v2 | |
- name: "Hadolint nipapd" | |
uses: hadolint/[email protected] | |
with: | |
Dockerfile: Dockerfile.nipapd | |
- name: "Hadolint WWW" | |
uses: hadolint/[email protected] | |
with: | |
Dockerfile: Dockerfile.www | |
- name: "nipapd metadata" | |
id: nipapd_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.NIPAPD_IMAGE }} | |
tags: | | |
type=sha,prefix= | |
- name: "Build nipapd Docker image" | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile.nipapd | |
load: true | |
tags: | | |
${{ env.NIPAPD_IMAGE }}:ci | |
${{ steps.nipapd_meta.outputs.tags }} | |
push: false | |
- name: "www metadata" | |
id: www_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.WWW_IMAGE }} | |
tags: | | |
type=sha,prefix= | |
- name: "Build www Docker image" | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile.www | |
load: true | |
tags: | | |
${{ env.WWW_IMAGE }}:ci | |
${{ steps.www_meta.outputs.tags }} | |
push: false | |
- name: "Setup Docker test" | |
run: | | |
# Install dependencies | |
sudo apt install -y \ | |
libldap-dev \ | |
libsasl2-dev \ | |
python3-wheel \ | |
python3-nose \ | |
python3-requests \ | |
postgresql-14-ip4r | |
sudo -H pip3 install -r nipap/requirements.txt # needed to run test suite | |
# Set up PostgreSQL | |
sudo service postgresql start | |
pg_isready | |
sudo su -c "cd nipap/sql; PGPASSWORD=papin make install" postgres | |
# Start nipapd container | |
docker run --rm --network=host -d --name=nipapd_ci -e DB_HOST=127.0.0.1 -e DB_USERNAME=nipap -e DB_PASSWORD=papin ${{ env.NIPAPD_IMAGE }}:ci | |
sleep 10 | |
docker logs nipapd_ci | |
# Set up for test | |
sudo mkdir -p /etc/nipap | |
sudo docker cp nipapd_ci:/etc/nipap/nipap.conf /etc/nipap/ | |
sudo docker cp nipapd_ci:/etc/nipap/local_auth.db /etc/nipap/ | |
docker exec -t nipapd_ci nipap-passwd add -u unittest -p gottatest -n unittest | |
docker exec -t nipapd_ci nipap-passwd add -u readonly -p gottatest --readonly -n "Read-only user for running unit tests" | |
- name: "Run docker tests" | |
run: | | |
# Run tests | |
nosetests3 tests/test_xmlrpc.py | |
nosetests3 tests/nipaptest.py | |
nosetests3 tests/test_nipap_ro.py | |
nosetests3 tests/test_rest.py | |
- name: "Login to Docker Hub" | |
if: ${{ github.ref_name == 'master' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: "Build and push nipapd Docker image" | |
if: ${{ github.ref_name == 'master' }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile.nipapd | |
load: true | |
tags: ${{ steps.nipapd_meta.outputs.tags }} | |
push: true | |
- name: "Build and push www Docker image" | |
if: ${{ github.ref_name == 'master' }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile.www | |
load: true | |
tags: ${{ steps.www_meta.outputs.tags }} | |
push: true |