Fix auto-persist across restarts #138
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| pull_request: | |
| jobs: | |
| test-mosquitto: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| # Generate a random password for GOCRYPT_PASSWORD and store it in an environment variable | |
| - name: Generate random password | |
| id: generate_password | |
| run: echo "GOCRYPT_PASSWORD=$(openssl rand -base64 32)" >> $GITHUB_ENV | |
| # Ensure that the encrypted volume configuration files are not present | |
| # in the project directory before starting the containers. This check | |
| # ensures that the initialization and mounting process will be performed | |
| # correctly during the container setup. | |
| - name: Ensure encrypted configuration files are not present in project directory | |
| run: | | |
| if [ -f ./data/gocryptfs.conf ] || [ -f ./data/gocryptfs.diriv ]; then | |
| echo "Encrypted volume configuration files should not be present in project directory" | |
| exit 1 | |
| else | |
| echo "No encrypted volume configuration files found in project directory" | |
| fi | |
| - name: Set up Docker and Docker Compose | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y docker-compose | |
| - name: Start Mosquitto service using Docker Compose | |
| run: docker-compose up -d mosquitto_with_healthcheck | |
| - name: Wait for Mosquitto to be healthy | |
| run: | | |
| for i in {1..20}; do | |
| STATUS=$(docker inspect --format='{{.State.Health.Status}}' mosquitto_with_healthcheck) | |
| echo "Current Mosquitto health status: $STATUS" | |
| if [ "$STATUS" = "healthy" ]; then | |
| echo "Mosquitto is healthy" | |
| exit 0 | |
| else | |
| echo "Waiting for Mosquitto to be healthy..." | |
| sleep 10 | |
| fi | |
| done | |
| echo "Mosquitto did not become healthy in time" | |
| docker logs mosquitto_with_healthcheck | |
| exit 1 | |
| - name: Publish test message to be retained (as current user) | |
| # Note: This is a non-standard implementation based on the ACL rule that the current username must be the first level in a topic | |
| run: docker exec mosquitto_with_healthcheck mosquitto_pub -u my_username -t my_username/topic -m "Test message" -r | |
| - name: Publish test message to be retained (as another user) | |
| run: docker exec mosquitto_with_healthcheck mosquitto_pub -u my_username -t other_username/topic -m "Another test message" -r | |
| - name: Stop Mosquitto service and capture logs | |
| run: | | |
| docker-compose logs mosquitto_with_healthcheck | |
| docker-compose down | |
| - name: Check encrypted data in container | |
| run: | | |
| docker run --rm -v $(pwd)/data:/encrypted alpine:latest /bin/sh -c ' | |
| if [ -f /encrypted/gocryptfs.conf ] && [ -f /encrypted/gocryptfs.diriv ]; then | |
| echo "Encrypted volume configuration files found"; | |
| else | |
| echo "Encrypted volume configuration files not found"; | |
| exit 1; | |
| fi | |
| ' | |
| - name: Check encrypted data in project directory as root | |
| run: | | |
| sudo -s -- <<EOF | |
| if [ -f ./data/gocryptfs.conf ] && [ -f ./data/gocryptfs.diriv ]; then | |
| echo "Encrypted volume configuration files found in project directory"; | |
| else | |
| echo "Encrypted volume configuration files not found in project directory"; | |
| exit 1; | |
| fi | |
| EOF | |
| - name: Restart Mosquitto service and verify retained message | |
| run: | | |
| # Restart the Mosquitto service | |
| docker-compose up -d mosquitto_with_healthcheck | |
| # Wait for Mosquitto to be healthy again | |
| for i in {1..20}; do | |
| STATUS=$(docker inspect --format='{{.State.Health.Status}}' mosquitto_with_healthcheck) | |
| echo "Current Mosquitto health status: $STATUS" | |
| if [ "$STATUS" = "healthy" ]; then | |
| echo "Mosquitto is healthy" | |
| break | |
| else | |
| echo "Waiting for Mosquitto to be healthy..." | |
| sleep 10 | |
| fi | |
| done | |
| - name: Verify retained message for my_username | |
| run: | | |
| echo "Proceeding to verify retained message for my_username..." | |
| # Subscribe to the topic and verify the retained message using a consistent username | |
| RETAINED_MSG=$(docker exec mosquitto_with_healthcheck mosquitto_sub -u my_username -t my_username/topic -C 1) | |
| echo "Retained message received: $RETAINED_MSG" | |
| if [ "$RETAINED_MSG" = "Test message" ]; then | |
| echo "Retained message verified successfully" | |
| exit 0 | |
| else | |
| echo "Failed to verify retained message" | |
| docker logs mosquitto_with_healthcheck | |
| exit 1 | |
| fi | |
| - name: Verify no access to other user's messages | |
| # Note: EXPECTs a timeout here | |
| run: | | |
| echo "Proceeding to verify no access to other user's messages..." | |
| RETAINED_MSG=$(timeout 10s docker exec mosquitto_with_healthcheck mosquitto_sub -u username -t other_username/topic -C 1 || true) | |
| if [ -z "$RETAINED_MSG" ]; then | |
| echo "No access to other user's messages verified successfully" | |
| exit 0 | |
| else | |
| echo "Failed: Should not have access to other user's messages" | |
| docker logs mosquitto_with_healthcheck | |
| exit 1 | |
| fi |