Change BASE_IMAGE to Fedora 39 #285
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PKI Tests | |
| on: [push, pull_request] | |
| jobs: | |
| init: | |
| name: Initialization | |
| uses: ./.github/workflows/init.yml | |
| secrets: inherit | |
| build: | |
| name: Waiting for build | |
| needs: init | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Wait for build | |
| uses: lewagon/[email protected] | |
| with: | |
| ref: ${{ github.ref }} | |
| check-name: 'Building Tomcat JSS' | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| wait-interval: 30 | |
| if: github.event_name == 'push' | |
| - name: Wait for build | |
| uses: lewagon/[email protected] | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| check-name: 'Building Tomcat JSS' | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| wait-interval: 30 | |
| if: github.event_name == 'pull_request' | |
| # https://github.com/dogtagpki/pki/blob/master/docs/installation/server/Installing_Basic_PKI_Server.md | |
| ssl-test: | |
| name: Testing SSL Connector | |
| needs: [init, build] | |
| runs-on: ubuntu-latest | |
| env: | |
| SHARED: /tmp/workdir/tomcatjss | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v3 | |
| - name: Retrieve tomcatjss-runner image | |
| uses: actions/cache@v3 | |
| with: | |
| key: tomcatjss-runner-${{ github.sha }} | |
| path: tomcatjss-runner.tar | |
| - name: Load tomcatjss-runner image | |
| run: docker load --input tomcatjss-runner.tar | |
| - name: Run container | |
| run: | | |
| IMAGE=tomcatjss-runner \ | |
| NAME=pki \ | |
| HOSTNAME=pki.example.com \ | |
| tests/bin/runner-init.sh | |
| - name: Install PKI packages | |
| run: docker exec pki dnf install -y pki-server sslscan | |
| - name: Create PKI server | |
| run: docker exec pki pki-server create | |
| - name: Create NSS database | |
| run: docker exec pki pki-server nss-create --no-password | |
| - name: Create SSL server cert request | |
| run: | | |
| docker exec pki pki \ | |
| -d /var/lib/pki/pki-tomcat/conf/alias \ | |
| nss-cert-request \ | |
| --subject "CN=pki.example.com" \ | |
| --ext /usr/share/pki/server/certs/sslserver.conf \ | |
| --csr sslserver.csr | |
| docker exec pki openssl req -text -noout -in sslserver.csr | |
| - name: Issue self-signed SSL server cert | |
| run: | | |
| docker exec pki pki \ | |
| -d /var/lib/pki/pki-tomcat/conf/alias \ | |
| nss-cert-issue \ | |
| --csr sslserver.csr \ | |
| --ext /usr/share/pki/server/certs/sslserver.conf \ | |
| --cert sslserver.crt | |
| docker exec pki openssl x509 -text -noout -in sslserver.crt | |
| - name: Import SSL server cert | |
| run: | | |
| docker exec pki pki \ | |
| -d /var/lib/pki/pki-tomcat/conf/alias \ | |
| nss-cert-import \ | |
| --cert sslserver.crt \ | |
| sslserver | |
| - name: Enable JSS in PKI server | |
| run: docker exec pki pki-server jss-enable | |
| - name: Create SSL connector | |
| run: | | |
| docker exec pki pki-server http-connector-add \ | |
| --port 8443 \ | |
| --scheme https \ | |
| --secure true \ | |
| --sslEnabled true \ | |
| --sslProtocol SSL \ | |
| --sslImpl org.dogtagpki.tomcat.JSSImplementation \ | |
| Secure | |
| - name: Configure SSL certificate | |
| run: | | |
| docker exec pki pki-server http-connector-cert-add \ | |
| --keyAlias sslserver \ | |
| --keystoreType pkcs11 \ | |
| --keystoreProvider Mozilla-JSS | |
| - name: Create ROOT web application | |
| run: | | |
| docker exec pki mkdir /var/lib/pki/pki-tomcat/webapps/ROOT | |
| docker exec pki touch /var/lib/pki/pki-tomcat/webapps/ROOT/index.html | |
| - name: Start PKI server | |
| run: docker exec pki pki-server start --wait | |
| - name: Verify SSL connection | |
| run: docker exec pki sslscan pki.example.com:8443 | |
| - name: Stop PKI server | |
| run: docker exec pki pki-server stop --wait | |
| - name: Remove PKI server | |
| run: docker exec pki pki-server remove | |
| # https://github.com/dogtagpki/pki/blob/master/docs/installation/ca/Installing_CA.md | |
| ca-test: | |
| name: Testing CA Installation | |
| needs: [init, build] | |
| runs-on: ubuntu-latest | |
| env: | |
| SHARED: /tmp/workdir/tomcatjss | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v3 | |
| - name: Retrieve tomcatjss-runner image | |
| uses: actions/cache@v3 | |
| with: | |
| key: tomcatjss-runner-${{ github.sha }} | |
| path: tomcatjss-runner.tar | |
| - name: Load tomcatjss-runner image | |
| run: docker load --input tomcatjss-runner.tar | |
| - name: Run container | |
| run: | | |
| IMAGE=tomcatjss-runner \ | |
| NAME=pki \ | |
| HOSTNAME=pki.example.com \ | |
| tests/bin/runner-init.sh | |
| - name: Install DS and PKI packages | |
| run: docker exec pki dnf install -y 389-ds-base pki-ca | |
| - name: Install DS | |
| run: docker exec pki ${SHARED}/tests/bin/ds-create.sh | |
| - name: Install CA | |
| run: docker exec pki pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg -s CA -v | |
| - name: Run PKI healthcheck | |
| run: docker exec pki pki-healthcheck --debug | |
| - name: Verify CA admin | |
| run: | | |
| docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt | |
| docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt | |
| docker exec pki pki client-cert-import \ | |
| --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \ | |
| --pkcs12-password Secret.123 | |
| docker exec pki pki -n caadmin ca-user-show caadmin | |
| - name: Gather artifacts | |
| if: always() | |
| run: | | |
| tests/bin/ds-artifacts-save.sh pki | |
| tests/bin/pki-artifacts-save.sh pki | |
| - name: Remove CA | |
| run: docker exec pki pkidestroy -i pki-tomcat -s CA -v | |
| - name: Remove DS | |
| run: docker exec pki ${SHARED}/tests/bin/ds-remove.sh | |
| - name: Upload artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ca | |
| path: | | |
| /tmp/artifacts/pki |