PP-12015: Add GHA to check docker sources are manifests #61
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test Nginx Proxy Docker Image | |
| on: | |
| pull_request: | |
| workflow_call: | |
| jobs: | |
| detect-secrets: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
| - name: Detect secrets | |
| uses: alphagov/pay-ci/actions/detect-secrets@master | |
| test: | |
| name: Build & Test Pay Nginx Proxy | |
| runs-on: ubuntu-latest | |
| # Runs locally in about 4.5 minutes - if it takes longer than this, something has gone wrong. | |
| timeout-minutes: 10 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: tests | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
| with: | |
| fetch-depth: '1' | |
| - name: Run Shell Check on go.sh | |
| working-directory: ./ | |
| run: docker run --rm -v "${GITHUB_WORKSPACE}:/mnt" koalaman/shellcheck:stable@sha256:ec26f2ad1492bf4343a7f82227fec67a19e4729b5ad02f6a2fe1a2b44cc037ff -x go.sh | |
| - name: Build Docker Compose Testing Stack | |
| run: docker-compose build | |
| - name: Test Minimal Server | |
| run: | | |
| docker-compose up -d test-minimal | |
| until docker inspect tests_test-minimal_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Testing Minimal Server..." | |
| curl --fail -sk -o /dev/null "https://localhost:10443" | |
| echo "Check the log output" | |
| docker-compose logs test-minimal | grep -E '\{[^:]+:'10443' [0-9a-f]+ - [0-9.]+ - \[[0-9]+/[A-Z][a-z][a-z]/[0-9:]{13} \+[0-9]{4}\] "GET / HTTP/1\.1" [0-9]{3} [0-9]+ [0-9]+\.[0-9]{3} - "-" "[^"]+"\}' | |
| echo "Test limited protcol and SSL cipher... " | |
| docker-compose run --rm --entrypoint bash nginx -c "echo GET / | /usr/bin/openssl s_client -cipher 'AES256+EECDH' -tls1_2 -connect test-minimal:10443" &> /dev/null; | |
| docker-compose stop test-minimal | |
| - name: Test GZip Config | |
| run: | | |
| docker-compose up -d test-gzip | |
| until docker inspect tests_test-gzip_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Test that GZip is configured..." | |
| curl -s -I -X GET -k --compressed https://localhost:10443/gzip | grep -q 'Content-Encoding: gzip' | |
| docker-compose stop test-gzip | |
| - name: Test Multi-Proxy Config | |
| run: | | |
| docker-compose up -d --force-recreate test-multi-proxy | |
| until docker inspect tests_test-multi-proxy_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Test for location 1 @ /..." | |
| curl --fail -sk -o /dev/null https://localhost:10443/ | |
| docker-compose logs mockserver-1 | grep -E '(Matched on All OK)' | |
| echo "Test for location 2 @ /path/to/resource" | |
| curl --fail -sk -o /dev/null https://localhost:10443/path/to/resource | |
| docker-compose logs mockserver-2 | grep -E '(Matched on All OK with path)' | |
| docker-compose stop test-multi-proxy | |
| - name: Test Multi-Location, Single Proxy and NAXSI Config | |
| run: | | |
| docker-compose up -d test-multi-location-naxsi | |
| until docker inspect tests_test-multi-location-naxsi_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Test for all OK..." | |
| curl --fail -sk -o /dev/null -H "Host: selfservice.payments.service.gov.uk" https://localhost:10443/ | |
| docker-compose stop test-multi-location-naxsi | |
| - name: Test Custom Upload Size Config | |
| run: | | |
| docker-compose up -d test-custom-upload | |
| until docker inspect tests_test-custom-upload_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Generate a random test file..." | |
| dd if=/dev/urandom of=/tmp/bigfile.txt bs=1048576 count=10 | |
| echo "Upload the large test file..." | |
| curl -sk -o /tmp/upload_test.txt -F "file=@/tmp/bigfile.txt;filename=nameinpost" https://localhost:10443/uploads/doc | |
| echo "Grepping the response..." | |
| grep "Thanks for the big doc" /tmp/upload_test.txt &> /dev/null | |
| docker-compose stop test-custom-upload | |
| - name: Test Static File Cache Setting | |
| run: | | |
| docker-compose up -d test-static-cache | |
| until docker inspect tests_test-static-cache_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Test for all OK..." | |
| curl -s -I -X GET -k --compressed https://localhost:10443/file.json | grep -q 'Cache-Control: max-age=3600' | |
| docker-compose stop test-static-cache | |
| - name: Test Big Buffers Setting | |
| run: | | |
| docker-compose up -d test-big-buffers | |
| until docker inspect tests_test-big-buffers_1 --format='{{.State.Health.Status}}' | grep -q healthy; do | |
| sleep 2 | |
| done | |
| echo "Test for all OK..." | |
| curl -s -I -X GET -k --compressed https://localhost:10443/gzip | grep -q 'Content-Encoding: gzip' | |
| docker-compose stop test-big-buffers | |
| - name: Shutdown Docker Compose Stack (Local Only) | |
| if: ${{ env.ACT }} | |
| run: docker-compose down | |
| check-docker-base-images-are-manifests: | |
| uses: alphagov/pay-ci/.github/workflows/_validate_docker_image_is_manifest.yml@master |