Skip to content

[stable29] (fix): Encrypt sensitive values(haproxy_password) in the DB #1806

[stable29] (fix): Encrypt sensitive values(haproxy_password) in the DB

[stable29] (fix): Encrypt sensitive values(haproxy_password) in the DB #1806

Workflow file for this run

name: Tests - Deploy
on:
pull_request:
branches: [stable29]
push:
branches: [stable29]
permissions:
contents: read
concurrency:
group: tests-deploy-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
nc-host-app-docker:
runs-on: ubuntu-22.04
name: NC In Host • 🐘8.2
services:
postgres:
image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest
ports:
- 4444:5432/tcp
env:
POSTGRES_USER: root
POSTGRES_PASSWORD: rootpassword
POSTGRES_DB: nextcloud
options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
steps:
- name: Set app env
run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
submodules: true
repository: nextcloud/server
ref: 'stable29'
- name: Checkout AppAPI
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
path: apps/${{ env.APP_NAME }}
- name: Set up php
uses: shivammathur/setup-php@4bd44f22a98a19e0950cbad5f31095157cc9621b # v2
with:
php-version: 8.2
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql
coverage: none
ini-file: development
ini-values:
apc.enabled=on, apc.enable_cli=on, disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2
with:
files: apps/${{ env.APP_NAME }}/composer.json
- name: Set up dependencies
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
run: composer i
- name: Set up Nextcloud
env:
DB_PORT: 4444
run: |
mkdir data
./occ maintenance:install --verbose --database=pgsql --database-name=nextcloud --database-host=127.0.0.1 \
--database-port=$DB_PORT --database-user=root --database-pass=rootpassword \
--admin-user admin --admin-pass admin
./occ config:system:set loglevel --value=0 --type=integer
./occ config:system:set debug --value=true --type=boolean
./occ app:enable --force ${{ env.APP_NAME }}
- name: Test deploy
run: |
PHP_CLI_SERVER_WORKERS=2 php -S 127.0.0.1:8080 &
./occ app_api:daemon:register docker_local_sock Docker docker-install http /var/run/docker.sock http://127.0.0.1:8080/index.php
./occ app_api:app:register app-skeleton-python docker_local_sock \
--info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
./occ app_api:app:enable app-skeleton-python
./occ app_api:app:disable app-skeleton-python
- name: Check logs
run: |
grep -q 'Hello from app-skeleton-python :)' data/nextcloud.log || error
grep -q 'Bye bye from app-skeleton-python :(' data/nextcloud.log || error
- name: Save container info & logs
if: always()
run: |
docker inspect nc_app_app-skeleton-python | json_pp > container.json
docker logs nc_app_app-skeleton-python > container.log 2>&1
- name: Unregister Skeleton & Daemon
run: |
./occ app_api:app:unregister app-skeleton-python
./occ app_api:daemon:unregister docker_local_sock
- name: Test OCC commands(docker)
run: python3 apps/${{ env.APP_NAME }}/tests/test_occ_commands_docker.py
- name: Upload Container info
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_app_docker_container.json
path: container.json
if-no-files-found: warn
- name: Upload Container logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_app_docker_container.log
path: container.log
if-no-files-found: warn
- name: Upload NC logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_app_docker_nextcloud.log
path: data/nextcloud.log
if-no-files-found: warn
nc-docker-app-docker:
runs-on: ubuntu-22.04
name: NC In Julius Docker • 🐘8.1
env:
docker-image: ghcr.io/juliusknorr/nextcloud-dev-php81:20231202-1
steps:
- name: Set app env
run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Create container
run: |
docker network create master_bridge
docker run --net master_bridge --name nextcloud --rm -e SERVER_BRANCH=stable29 -d -v /var/run/docker.sock:/var/run/docker.sock ${{ env.docker-image }}
sudo chmod 766 /var/run/docker.sock
sleep 120s
- name: Install AppAPI
run: |
docker exec -w /var/www/html/apps nextcloud git clone --branch stable29 https://github.com/nextcloud/${{ env.APP_NAME }}.git
docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF
docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD
docker exec nextcloud sudo -u www-data php occ app:enable app_api
docker exec nextcloud sudo -u www-data php occ app_api:daemon:register \
docker_local_sock Docker docker-install http /var/run/docker.sock http://nextcloud/index.php \
--net=master_bridge
docker exec nextcloud sudo -u www-data php occ app_api:daemon:list
docker exec nextcloud sudo -u www-data php occ app_api:app:register app-skeleton-python docker_local_sock \
--info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
docker exec nextcloud sudo -u www-data php occ app_api:app:enable app-skeleton-python
docker exec nextcloud sudo -u www-data php occ app_api:app:disable app-skeleton-python
- name: Copy NC log to host
if: always()
run: docker cp nextcloud:/var/www/html/data/nextcloud.log nextcloud.log
- name: Check logs
run: |
grep -q 'Hello from app-skeleton-python :)' nextcloud.log || error
grep -q 'Bye bye from app-skeleton-python :(' nextcloud.log || error
- name: Save container info & logs
if: always()
run: |
docker inspect nc_app_app-skeleton-python | json_pp > container.json
docker logs nc_app_app-skeleton-python > container.log 2>&1
- name: Unregister Skeleton & Daemon
run: |
docker exec nextcloud sudo -u www-data php occ app_api:app:unregister app-skeleton-python
docker exec nextcloud sudo -u www-data php occ app_api:daemon:unregister docker_local_sock
- name: Upload Container info
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_docker_app_docker_container.json
path: container.json
if-no-files-found: warn
- name: Upload Container logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_docker_app_docker_container.log
path: container.log
if-no-files-found: warn
- name: Upload NC logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_docker_app_docker_nextcloud.log
path: nextcloud.log
if-no-files-found: warn
nc-docker-dsp-http:
runs-on: ubuntu-22.04
name: NC In Julius Docker(DSP-HTTP) • 🐘8.1
env:
docker-image: ghcr.io/juliusknorr/nextcloud-dev-php81:20231202-1
steps:
- name: Set app env
run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Create containers
run: |
docker network create master_bridge
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-e NC_HAPROXY_PASSWORD="some_secure_password" \
--net master_bridge --name nextcloud-appapi-dsp -h nextcloud-appapi-dsp \
--privileged -d ghcr.io/nextcloud/nextcloud-appapi-dsp:latest
docker run --net master_bridge --name nextcloud --rm -e SERVER_BRANCH=stable29 -d ${{ env.docker-image }}
sleep 60s
- name: Install AppAPI
run: |
docker exec -w /var/www/html/apps nextcloud git clone --branch stable29 https://github.com/nextcloud/${{ env.APP_NAME }}.git
docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF
docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD
docker exec nextcloud sudo -u www-data php occ app:enable app_api
docker exec nextcloud sudo -u www-data php occ app_api:daemon:register \
docker_by_port Docker docker-install http nextcloud-appapi-dsp:2375 http://nextcloud/index.php \
--net=master_bridge --haproxy_password=some_secure_password
docker exec nextcloud sudo -u www-data php occ app_api:daemon:list
docker exec nextcloud sudo -u www-data php occ app_api:app:register app-skeleton-python docker_by_port \
--info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
docker exec nextcloud sudo -u www-data php occ app_api:app:enable app-skeleton-python
docker exec nextcloud sudo -u www-data php occ app_api:app:disable app-skeleton-python
- name: Copy NC log to host
if: always()
run: docker cp nextcloud:/var/www/html/data/nextcloud.log nextcloud.log
- name: Check logs
run: |
grep -q 'Hello from app-skeleton-python :)' nextcloud.log || error
grep -q 'Bye bye from app-skeleton-python :(' nextcloud.log || error
- name: Save container info & logs
if: always()
run: |
docker inspect nc_app_app-skeleton-python | json_pp > container.json
docker logs nc_app_app-skeleton-python > container.log 2>&1
- name: Unregister Skeleton & Daemon
run: |
docker exec nextcloud sudo -u www-data php occ app_api:app:unregister app-skeleton-python
docker exec nextcloud sudo -u www-data php occ app_api:daemon:unregister docker_by_port
- name: Upload Container info
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_http_container.json
path: container.json
if-no-files-found: warn
- name: Upload Container logs
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_http_container.log
path: container.log
if-no-files-found: warn
- name: Upload NC logs
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_http_nextcloud.log
path: nextcloud.log
if-no-files-found: warn
nc-docker-dsp-https:
runs-on: ubuntu-22.04
name: NC In Julius Docker(DSP-HTTPS) • 🐘8.1
env:
docker-image: ghcr.io/juliusknorr/nextcloud-dev-php81:20231202-1
steps:
- name: Set app env
run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Create certificates
run: |
mkdir certs
openssl req -nodes -new -x509 -subj '/CN=host.docker.internal' -sha256 -keyout certs/privkey.pem -out certs/fullchain.pem -days 365000 > /dev/null 2>&1
cat certs/fullchain.pem certs/privkey.pem | tee certs/cert.pem > /dev/null 2>&1
- name: Create containers
run: |
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-v `pwd`/certs/cert.pem:/certs/cert.pem \
-e NC_HAPROXY_PASSWORD="some_secure_password" \
-e BIND_ADDRESS="172.17.0.1" \
-e EX_APPS_NET="ipv4@localhost" \
--net host --name nextcloud-appapi-dsp -h nextcloud-appapi-dsp \
--privileged -d ghcr.io/nextcloud/nextcloud-appapi-dsp:latest
docker run --net=bridge --name=nextcloud -p 8080:80 -e SERVER_BRANCH=stable29 --rm -d ${{ env.docker-image }}
sleep 60s
hostname -I
docker exec nextcloud-appapi-dsp ip addr show | grep inet | awk '{print $2}' | cut -d/ -f1
- name: Install AppAPI
run: |
docker exec -w /var/www/html/apps nextcloud git clone --branch stable29 https://github.com/nextcloud/${{ env.APP_NAME }}.git
docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF
docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD
docker exec nextcloud sudo -u www-data php occ app:enable app_api
docker cp ./certs/cert.pem nextcloud:/
docker exec nextcloud sudo -u www-data php occ security:certificates:import /cert.pem
docker exec nextcloud sudo -u www-data php occ app_api:daemon:register \
docker_by_port Docker docker-install https host.docker.internal:2375 http://localhost:8080/index.php \
--net=host --haproxy_password=some_secure_password
docker exec nextcloud sudo -u www-data php occ app_api:daemon:list
docker exec nextcloud sudo -u www-data php occ app_api:app:register app-skeleton-python docker_by_port \
--info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
docker exec nextcloud sudo -u www-data php occ app_api:app:enable app-skeleton-python
docker exec nextcloud sudo -u www-data php occ app_api:app:disable app-skeleton-python
- name: Copy NC log to host
if: always()
run: docker cp nextcloud:/var/www/html/data/nextcloud.log nextcloud.log
- name: Check logs
run: |
grep -q 'Hello from app-skeleton-python :)' nextcloud.log || error
grep -q 'Bye bye from app-skeleton-python :(' nextcloud.log || error
- name: Save HaProxy logs
if: always()
run: docker logs nextcloud-appapi-dsp > haproxy.log 2>&1
- name: Save container info & logs
if: always()
run: |
docker inspect nc_app_app-skeleton-python | json_pp > container.json
docker logs nc_app_app-skeleton-python > container.log 2>&1
- name: Unregister Skeleton & Daemon
run: |
docker exec nextcloud sudo -u www-data php occ app_api:app:unregister app-skeleton-python
docker exec nextcloud sudo -u www-data php occ app_api:daemon:unregister docker_by_port
- name: Upload HaProxy logs
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_https_haproxy.log
path: haproxy.log
if-no-files-found: warn
- name: Upload Container info
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_https_container.json
path: container.json
if-no-files-found: warn
- name: Upload Container logs
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_https_container.log
path: container.log
if-no-files-found: warn
- name: Upload NC logs
if: always()
uses: actions/upload-artifact@v4
with:
name: dsp_https_nextcloud.log
path: nextcloud.log
if-no-files-found: warn
nc-host-app-docker-redis:
runs-on: ubuntu-22.04
name: NC In Host(Redis) • 🐘8.1
services:
postgres:
image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest
ports:
- 4444:5432/tcp
env:
POSTGRES_USER: root
POSTGRES_PASSWORD: rootpassword
POSTGRES_DB: nextcloud
options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
redis:
image: redis
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
--name redis
ports:
- 6379:6379
steps:
- name: Set app env
run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
submodules: true
repository: nextcloud/server
ref: stable29
- name: Checkout AppAPI
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
path: apps/${{ env.APP_NAME }}
- name: Set up php
uses: shivammathur/setup-php@4bd44f22a98a19e0950cbad5f31095157cc9621b # v2
with:
php-version: 8.1
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql, redis
coverage: none
ini-file: development
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2
with:
files: apps/${{ env.APP_NAME }}/composer.json
- name: Set up dependencies
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
run: composer i
- name: Set up Nextcloud
env:
DB_PORT: 4444
REDIS_HOST: localhost
REDIS_PORT: 6379
run: |
mkdir data
./occ maintenance:install --verbose --database=pgsql --database-name=nextcloud --database-host=127.0.0.1 \
--database-port=$DB_PORT --database-user=root --database-pass=rootpassword \
--admin-user admin --admin-pass admin
./occ config:system:set loglevel --value=0 --type=integer
./occ config:system:set debug --value=true --type=boolean
./occ config:system:set memcache.local --value "\\OC\\Memcache\\Redis"
./occ config:system:set memcache.distributed --value "\\OC\\Memcache\\Redis"
./occ config:system:set memcache.locking --value "\\OC\\Memcache\\Redis"
./occ config:system:set redis host --value ${{ env.REDIS_HOST }}
./occ config:system:set redis port --value ${{ env.REDIS_PORT }}
./occ app:enable --force ${{ env.APP_NAME }}
- name: Test deploy
run: |
PHP_CLI_SERVER_WORKERS=2 php -S 127.0.0.1:8080 &
./occ app_api:daemon:register docker_local_sock Docker docker-install http /var/run/docker.sock http://127.0.0.1:8080/index.php
./occ app_api:daemon:list
./occ app_api:app:register app-skeleton-python docker_local_sock \
--info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
./occ app_api:app:enable app-skeleton-python
./occ app_api:app:disable app-skeleton-python
- name: Check logs
run: |
grep -q 'Hello from app-skeleton-python :)' data/nextcloud.log || error
grep -q 'Bye bye from app-skeleton-python :(' data/nextcloud.log || error
- name: Save container info & logs
if: always()
run: |
docker inspect nc_app_app-skeleton-python | json_pp > container.json
docker logs nc_app_app-skeleton-python > container.log 2>&1
- name: Unregister Skeleton & Daemon
run: |
./occ app_api:app:unregister app-skeleton-python
./occ app_api:daemon:unregister docker_local_sock
- name: Test OCC commands(docker)
run: python3 apps/${{ env.APP_NAME }}/tests/test_occ_commands_docker.py
- name: Check redis keys
run: |
docker exec redis redis-cli keys '*app_api*' || error
- name: Upload Container info
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_app_docker_redis_container.json
path: container.json
if-no-files-found: warn
- name: Upload Container logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_app_docker_redis_container.log
path: container.log
if-no-files-found: warn
- name: Upload NC logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_app_docker_redis_nextcloud.log
path: data/nextcloud.log
if-no-files-found: warn
nc-host-network-host:
runs-on: ubuntu-22.04
name: NC In Host(network=host) • 🐘8.2
services:
postgres:
image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest
ports:
- 4444:5432/tcp
env:
POSTGRES_USER: root
POSTGRES_PASSWORD: rootpassword
POSTGRES_DB: nextcloud
options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
steps:
- name: Set app env
run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
submodules: true
repository: nextcloud/server
ref: 'stable29'
- name: Checkout AppAPI
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
path: apps/${{ env.APP_NAME }}
- name: Set up php
uses: shivammathur/setup-php@4bd44f22a98a19e0950cbad5f31095157cc9621b # v2
with:
php-version: 8.2
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql, redis
coverage: none
ini-file: development
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2
with:
files: apps/${{ env.APP_NAME }}/composer.json
- name: Set up dependencies
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
run: composer i
- name: Set up Nextcloud
env:
DB_PORT: 4444
run: |
mkdir data
./occ maintenance:install --verbose --database=pgsql --database-name=nextcloud --database-host=127.0.0.1 \
--database-port=$DB_PORT --database-user=root --database-pass=rootpassword \
--admin-user admin --admin-pass admin
./occ config:system:set loglevel --value=0 --type=integer
./occ config:system:set debug --value=true --type=boolean
./occ config:system:set overwrite.cli.url --value http://127.0.0.1:8080 --type=string
./occ app:enable --force ${{ env.APP_NAME }}
- name: Test deploy
run: |
PHP_CLI_SERVER_WORKERS=2 php -S 127.0.0.1:8080 &
./occ app_api:daemon:register \
docker_socket_local Docker docker-install http /var/run/docker.sock http://127.0.0.1:8080/index.php \
--net=host --set-default
./occ app_api:daemon:list
./occ app_api:app:register app-skeleton-python \
--info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
./occ app_api:app:enable app-skeleton-python
./occ app_api:app:disable app-skeleton-python
- name: Check logs
run: |
grep -q 'Hello from app-skeleton-python :)' data/nextcloud.log || error
grep -q 'Bye bye from app-skeleton-python :(' data/nextcloud.log || error
- name: Save container info & logs
if: always()
run: |
docker inspect nc_app_app-skeleton-python | json_pp > container.json
docker logs nc_app_app-skeleton-python > container.log 2>&1
- name: Unregister Skeleton & Daemon
run: |
./occ app_api:app:unregister app-skeleton-python
./occ app_api:daemon:unregister docker_socket_local
- name: Test OCC commands(docker)
run: python3 apps/${{ env.APP_NAME }}/tests/test_occ_commands_docker.py
- name: Upload Container info
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_network_host_container.json
path: container.json
if-no-files-found: warn
- name: Upload Container logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_network_host_container.log
path: container.log
if-no-files-found: warn
- name: Upload NC logs
if: always()
uses: actions/upload-artifact@v4
with:
name: nc_host_network_host_nextcloud.log
path: data/nextcloud.log
if-no-files-found: warn
tests-deploy-success:
permissions:
contents: none
runs-on: ubuntu-22.04
needs: [nc-host-app-docker, nc-docker-app-docker, nc-docker-dsp-http,
nc-docker-dsp-https, nc-host-app-docker-redis, nc-host-network-host]
name: Tests-Deploy-OK
steps:
- run: echo "Tests-Deploy passed successfully"