-
Notifications
You must be signed in to change notification settings - Fork 132
179 lines (161 loc) · 7.72 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
name: CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
env:
ACTIONS_RUNNER_DEBUG: true
ACTIONS_STEP_DEBUG: true
jobs:
test:
runs-on: ubuntu-22.04
strategy:
matrix:
install: [ pip, apt ]
upgrade: [ true, false ]
exclude:
- install: pip
upgrade: true
fail-fast: false
steps:
- name: "Check out NIPAP repository"
uses: actions/checkout@v2
- name: "Hadolint nipapd"
uses: hadolint/hadolint-action@v3.1.0
with:
Dockerfile: Dockerfile.nipapd
override-info: "DL3008, DL4000"
- name: "Hadolint WWW"
uses: hadolint/hadolint-action@v3.1.0
with:
Dockerfile: Dockerfile.www
override-info: "DL3008, DL4000"
- name: "Install dependencies and prepare NIPAP"
run: |
# Set up NIPAP repo
echo "deb http://spritelink.github.io/NIPAP/repos/apt testing main extra" | sudo tee /etc/apt/sources.list.d/nipap.list
wget -O - https://spritelink.github.io/NIPAP/nipap.gpg.key | sudo apt-key add -
sudo apt update -qq
# Install dependencies for build and test
sudo apt install -y \
devscripts \
fakeroot \
debhelper \
dh-python \
junit4 \
libldap-dev \
libsasl2-dev \
python3-docutils \
python3-nose \
python3-requests \
python3-setuptools \
python3-wheel \
python3-all \
default-jdk \
gradle \
rename \
postgresql-14-ip4r
sudo service postgresql start
pg_isready
sed -e 's/username = guest/username = unittest/' -e 's/password = guest/password = gottatest/' nipap-cli/nipaprc > ~/.nipaprc
chmod 0600 ~/.nipaprc
# Set up CA and generate SSL cert
mkdir /tmp/ca
openssl genrsa -out /tmp/ca/ca.key 2048
openssl req -new -x509 -key /tmp/ca/ca.key -out /tmp/ca/ca.crt -subj '/C=SE/O=NIPAP Test CA'
sudo cp /tmp/ca/ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
openssl genrsa -out /tmp/ca/test.key 2048
openssl req -new -key /tmp/ca/test.key -out /tmp/ca/test.csr -subj "/CN=127.0.0.1"
openssl x509 -req -in /tmp/ca/test.csr -CA /tmp/ca/ca.crt -CAkey /tmp/ca/ca.key -CAcreateserial -out /tmp/ca/test.crt
cat /tmp/ca/test.crt /tmp/ca/test.crt > /tmp/ca/test.bundle.crt
sudo chmod -R a+r /tmp/ca
- name: "Install using pip"
if: ${{ matrix.install == 'pip' }}
run: |
# install nipap dependencies
sudo -H pip3 install -r nipap/requirements.txt
# SQL
sudo su -c "cd nipap/sql; PGPASSWORD=papin make install" postgres
# move configuration file into place
sudo mkdir /etc/nipap
sudo cp nipap/nipap.conf.dist /etc/nipap/nipap.conf
sudo sed -e "s/{{LISTEN_ADDRESS}}/127.0.0.1/" -e "s/{{LISTEN_PORT}}/1337/" -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -e "s/{{DB_USERNAME}}/nipap/" -e "s/{{DB_NAME}}/nipap/" -e "s/{{DB_PASSWORD}}/papin/" -e "s/{{DB_SSLMODE}}/require/" -e "s/{{DB_PORT}}/5432/" -e "s/{{DB_HOST}}/localhost/" -e "s/{{SYSLOG}}/true/" -i /etc/nipap/nipap.conf
# create local user for unittest
sudo nipap/nipap-passwd create-database
sudo nipap/nipap-passwd add -u unittest -p gottatest -n unittest
sudo nipap/nipap-passwd add -u readonly -p gottatest --readonly -n "Read-only user for running unit tests"
# install pynipap
cd pynipap; sudo python3 setup.py install; cd ..
# install nipap-cli dependencies
sudo -H pip3 install -r nipap-cli/requirements.txt
# start nipap backend
nipap/nipapd --no-pid-file -c /etc/nipap/nipap.conf -df 2>&1 > /tmp/nipap.log &
- name: "Install latest release from apt"
if: ${{ matrix.install == 'apt' && matrix.upgrade == true }}
run: |
# Install NIPAP packages from official repo
sudo apt install -qq nipapd nipap-www nipap-cli
# populate answers to nipapd package install questions and reconfigure
echo 'set nipapd/database_host localhost' | sudo debconf-communicate
echo 'set nipapd/local_db_autoconf true' | sudo debconf-communicate
echo 'set nipapd/startup true' | sudo debconf-communicate
echo 'set nipapd/local_db_upgrade true' | sudo debconf-communicate
sudo dpkg-reconfigure nipapd
# Enable SSL
sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf
# create local user for unittest and restart
sudo nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n unittest
sudo systemctl restart nipapd.service
# add some data to the database that we can verify later
nosetests3 tests/upgrade-before.py
# bump version so that we know we are upgrading beyond what is installed
(echo -e 'Version 9999.9.9\n------------------\n * Test version for automatic upgrade test'; cat NEWS) > NEWS2
mv NEWS2 NEWS
make bumpversion
- name: "Build and install Debian packages"
if: ${{ matrix.install == 'apt' }}
run: |
# build new NIPAP packages
make builddeb
# install the newly built nipap packages
sudo apt install -o Dpkg::Options::="--force-confnew" ./nipap*.deb ./python*-pynipap*.deb
# populate answers to nipapd package install questions and reconfigure
echo 'set nipapd/database_host localhost' | sudo debconf-communicate
echo 'set nipapd/local_db_autoconf true' | sudo debconf-communicate
echo 'set nipapd/startup true' | sudo debconf-communicate
echo 'set nipapd/local_db_upgrade true' | sudo debconf-communicate
sudo dpkg-reconfigure nipapd
# Enable SSL
if [ `grep -c ssl_port /etc/nipap/nipap.conf` -eq 0 ]; then \
# No SSL config in file - add from scratch
sudo sed '/^port *=.*/a ssl_port = 1338\nssl_cert_file = \/tmp\/ca\/test.bundle.crt\nssl_key_file = \/tmp\/ca\/test.key' -i /etc/nipap/nipap.conf; \
else \
sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf; \
fi
# create local user for unittests
sudo nipap/nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n "User for running unit tests"
sudo nipap/nipap-passwd add -u readonly -p gottatest -f /etc/nipap/local_auth.db --readonly -n "Read-only user for running unit tests"
sudo sed -e "s/^db_host *=.*/db_host = localhost/" -e "s/{{SYSLOG}}/true/" -e "s/^debug.\+/debug = true/" -e "s/^user/#user/" -i /etc/nipap/nipap.conf
sudo systemctl restart nipapd.service
- name: "Verify pre-upgrade data"
if: ${{ matrix.upgrade == true }}
run: nosetests3 tests/upgrade-after.py
- name: "Run test suite"
env:
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
run: |
nosetests3 tests/test_xmlrpc.py
nosetests3 tests/nipaptest.py
nosetests3 tests/test_cli.py
nosetests3 tests/test_nipap_ro.py
nosetests3 tests/test_rest.py
make -C jnipap test
- name: "Accident analysis"
if: failure()
run: |
sudo cat /etc/nipap/nipap.conf || true
sudo cat /var/log/syslog || true
sudo cat /var/log/postgresql/postgresql-*-main.log || true
sudo cat /tmp/nipap.log || true