Skip to content

Change BASE_IMAGE to Fedora 39 #285

Change BASE_IMAGE to Fedora 39

Change BASE_IMAGE to Fedora 39 #285

Workflow file for this run

name: PKI Tests
on: [push, pull_request]
jobs:
init:
name: Initialization
uses: ./.github/workflows/init.yml
secrets: inherit
build:
name: Waiting for build
needs: init
runs-on: ubuntu-latest
steps:
- name: Wait for build
uses: lewagon/[email protected]
with:
ref: ${{ github.ref }}
check-name: 'Building Tomcat JSS'
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 30
if: github.event_name == 'push'
- name: Wait for build
uses: lewagon/[email protected]
with:
ref: ${{ github.event.pull_request.head.sha }}
check-name: 'Building Tomcat JSS'
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 30
if: github.event_name == 'pull_request'
# https://github.com/dogtagpki/pki/blob/master/docs/installation/server/Installing_Basic_PKI_Server.md
ssl-test:
name: Testing SSL Connector
needs: [init, build]
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/tomcatjss
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Retrieve tomcatjss-runner image
uses: actions/cache@v3
with:
key: tomcatjss-runner-${{ github.sha }}
path: tomcatjss-runner.tar
- name: Load tomcatjss-runner image
run: docker load --input tomcatjss-runner.tar
- name: Run container
run: |
IMAGE=tomcatjss-runner \
NAME=pki \
HOSTNAME=pki.example.com \
tests/bin/runner-init.sh
- name: Install PKI packages
run: docker exec pki dnf install -y pki-server sslscan
- name: Create PKI server
run: docker exec pki pki-server create
- name: Create NSS database
run: docker exec pki pki-server nss-create --no-password
- name: Create SSL server cert request
run: |
docker exec pki pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
nss-cert-request \
--subject "CN=pki.example.com" \
--ext /usr/share/pki/server/certs/sslserver.conf \
--csr sslserver.csr
docker exec pki openssl req -text -noout -in sslserver.csr
- name: Issue self-signed SSL server cert
run: |
docker exec pki pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
nss-cert-issue \
--csr sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert sslserver.crt
docker exec pki openssl x509 -text -noout -in sslserver.crt
- name: Import SSL server cert
run: |
docker exec pki pki \
-d /var/lib/pki/pki-tomcat/conf/alias \
nss-cert-import \
--cert sslserver.crt \
sslserver
- name: Enable JSS in PKI server
run: docker exec pki pki-server jss-enable
- name: Create SSL connector
run: |
docker exec pki pki-server http-connector-add \
--port 8443 \
--scheme https \
--secure true \
--sslEnabled true \
--sslProtocol SSL \
--sslImpl org.dogtagpki.tomcat.JSSImplementation \
Secure
- name: Configure SSL certificate
run: |
docker exec pki pki-server http-connector-cert-add \
--keyAlias sslserver \
--keystoreType pkcs11 \
--keystoreProvider Mozilla-JSS
- name: Create ROOT web application
run: |
docker exec pki mkdir /var/lib/pki/pki-tomcat/webapps/ROOT
docker exec pki touch /var/lib/pki/pki-tomcat/webapps/ROOT/index.html
- name: Start PKI server
run: docker exec pki pki-server start --wait
- name: Verify SSL connection
run: docker exec pki sslscan pki.example.com:8443
- name: Stop PKI server
run: docker exec pki pki-server stop --wait
- name: Remove PKI server
run: docker exec pki pki-server remove
# https://github.com/dogtagpki/pki/blob/master/docs/installation/ca/Installing_CA.md
ca-test:
name: Testing CA Installation
needs: [init, build]
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/tomcatjss
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Retrieve tomcatjss-runner image
uses: actions/cache@v3
with:
key: tomcatjss-runner-${{ github.sha }}
path: tomcatjss-runner.tar
- name: Load tomcatjss-runner image
run: docker load --input tomcatjss-runner.tar
- name: Run container
run: |
IMAGE=tomcatjss-runner \
NAME=pki \
HOSTNAME=pki.example.com \
tests/bin/runner-init.sh
- name: Install DS and PKI packages
run: docker exec pki dnf install -y 389-ds-base pki-ca
- name: Install DS
run: docker exec pki ${SHARED}/tests/bin/ds-create.sh
- name: Install CA
run: docker exec pki pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg -s CA -v
- name: Run PKI healthcheck
run: docker exec pki pki-healthcheck --debug
- name: Verify CA admin
run: |
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki client-cert-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
docker exec pki pki -n caadmin ca-user-show caadmin
- name: Gather artifacts
if: always()
run: |
tests/bin/ds-artifacts-save.sh pki
tests/bin/pki-artifacts-save.sh pki
- name: Remove CA
run: docker exec pki pkidestroy -i pki-tomcat -s CA -v
- name: Remove DS
run: docker exec pki ${SHARED}/tests/bin/ds-remove.sh
- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v3
with:
name: ca
path: |
/tmp/artifacts/pki