Skip to content

Build test image openshift/openldap (Fedora 34) from source #701

Build test image openshift/openldap (Fedora 34) from source

Build test image openshift/openldap (Fedora 34) from source #701

Workflow file for this run

name: testing
on:
pull_request:
branches:
- "*"
push:
branches: master
permissions: read-all
jobs:
test_matrix:
name: ${{ matrix.command }} (${{ matrix.python-version}})
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
python-version: [3.9]
command: [flake8, pylint, docker-image]
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install Python dependencies
run: |
sudo apt-get update
sudo apt-get install libkrb5-dev libxml2-dev libxmlsec1-dev libxmlsec1-openssl
pip install -U pip setuptools wheel
pip install -r devel.txt
- name: Login to Quay.io
if: matrix.command == 'docker-image'
run: |
echo "${{ secrets.QUAY_PUSH_TOKEN }}" | docker login -u="${{ secrets.QUAY_PUSH_USERNAME }}" --password-stdin quay.io
- name: make ${{ matrix.command }}
run: |
make ${{ matrix.command }}
- name: Logout of Quay.io
if: matrix.command == 'docker-image'
run: |
docker logout quay.io
- name: Setup - start and configure Keycloak server
if: matrix.command == 'docker-image'
run: |
./testing/start_keycloak.sh
echo "**** DEBUG, /tmp/kc.env ****"
cat /tmp/kc.env
echo "**** END DEBUG ****"
- name: Setup - build OpenLDAP container from source
if: matrix.command == 'docker-image'
run: |
git clone https://github.com/kiwitcms/openldap.git
pushd openldap/ && docker build -t kiwitcms/openldap-fedora34 -f images/Dockerfile . && popd
- name: Sanity test - boot the docker image
if: matrix.command == 'docker-image'
run: |
docker-compose -f docker-compose.testing up -d
sleep 5
IP_ADDRESS=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web`
echo "--- testing.example.bg: $IP_ADDRESS --"
sudo sh -c "echo '$IP_ADDRESS testing.example.bg empty.testing.example.bg' >> /etc/hosts"
KC_ADDRESS=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' keycloak_server`
echo "--- kc.example.bg: $KC_ADDRESS --"
# Kiwi TCMS container needs to know how to resolve the Keycloak server address
docker exec -u 0 -i web /bin/bash -c "echo '$KC_ADDRESS kc.example.bg' >> /etc/hosts"
- name: Sanity test - initial configuration
if: matrix.command == 'docker-image'
run: |
# need to monkey-patch createsuperuser.py b/c it rejects input when not using a TTY
docker exec -i web sed -i "s/raise NotRunningInTTYException/pass/" /venv/lib64/python3.9/site-packages/django/contrib/auth/management/commands/createsuperuser.py
docker exec -i web sed -i "s/getpass.getpass/input/" /venv/lib64/python3.9/site-packages/django/contrib/auth/management/commands/createsuperuser.py
echo -e "super-root\nroot@example.com\nsecret-2a9a34cd-e51d-4039-b709-b45f629a5595\nsecret-2a9a34cd-e51d-4039-b709-b45f629a5595\ntesting.example.bg\n" | docker exec -i web /Kiwi/manage.py initial_setup
- name: Sanity test - missing migrations
if: matrix.command == 'docker-image'
run: |
docker exec -i web /Kiwi/manage.py makemigrations --check
- name: Sanity test - download login page
if: matrix.command == 'docker-image'
run: |
curl -k -L -o page.html https://testing.example.bg:8443/
- name: Archive page.html
if: matrix.command == 'docker-image'
uses: actions/upload-artifact@v3
with:
name: page.html
path: page.html
- name: Sanity test - check page.html
if: matrix.command == 'docker-image'
run: |
set -x
# version is Enterprise
cat page.html | grep "Version.*-Enterprise"
# plugins are listed
cat page.html | grep 'href="/kiwitcms_tenants/'
cat page.html | grep 'href="/kiwitcms_github_app/'
# template override for social icons
cat page.html | grep "or Continue With"
# social backends are listed
for ICON in static.d/images/social_auth/backends/*.png; do
BACKEND=`basename $ICON | sed 's/.png//'`
cat page.html | grep "/login/$BACKEND/"
cat page.html | grep "<img src='/static/images/social_auth/backends/$BACKEND.*.png'"
done
# social icons are present
for URL in `cat page.html | grep "/static/images/social_auth/backends/" | cut -d= -f2 | cut -d"'" -f2`; do
echo "Verify image $URL is present"
curl -k -f -o /dev/null https://testing.example.bg:8443/$URL
done
# social icons point to correct backend login URL, even with port
for BACKEND in `cat page.html | grep "/static/images/social_auth/backends/" | cut -d= -f2 | cut -d"'" -f2 | cut -f6 -d/ | cut -f1 -d.`; do
echo "Verify $BACKEND login is present"
cat page.html | grep "https://testing.example.bg/login/$BACKEND/?next=/"
done
- name: Sanity test - LDAP login and sync
if: matrix.command == 'docker-image'
run: |
LDAP_ADDRESS=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' openldap_server`
# import users from the local config file and query the LDAP server
sudo apt-get install ldap-utils
ldapadd -x -H ldap://$LDAP_ADDRESS:389 -D cn=Manager,dc=example,dc=com -w admin -f testing/ldap.ldif
ldapsearch -x -LLL -H ldap://$LDAP_ADDRESS:389 -b dc=example,dc=com objectClass=person
# Now install RobotFramework so we can drive the browser automatically
if [ -z `which firefox` ]; then
sudo apt-get install firefox
fi
if [ -z `which geckodriver` ]; then
sudo apt-get install firefox-geckodriver
fi
robot testing/ldap.robot
docker exec -i web /Kiwi/manage.py ldap_sync_users
cat testing/ldap.py | docker exec -i web /Kiwi/manage.py shell
- name: Sanity test - ADMIN -> Users and Groups menu
if: matrix.command == 'docker-image'
run: |
cat testing/configure_tenant_users.py | docker exec -i web /Kiwi/manage.py shell
robot testing/admin_users_groups_menu.robot
- name: Sanity test - Keycloak login
if: matrix.command == 'docker-image'
run: |
robot testing/keycloak.robot
- name: Archive Keycloak JSON files
if: matrix.command == 'docker-image'
uses: actions/upload-artifact@v3
with:
name: kc-json-files
path: ./*.json
- name: Collect docker logs
if: always() && matrix.command == 'docker-image'
run: |
docker logs keycloak_server > keyclock_server.log
docker logs openldap_server > openldap_server.log
docker logs web > kiwitcms.log
docker logs db > database.log
- name: Upload logs
if: always() && matrix.command == 'docker-image'
uses: actions/upload-artifact@v3
with:
name: docker-logs
path: ./*.log
- name: Sanity test - shut down the docker image
if: always() && matrix.command == 'docker-image'
run: |
docker kill keycloak_server
docker-compose -f docker-compose.testing down