-
Notifications
You must be signed in to change notification settings - Fork 2.5k
136 lines (121 loc) · 5.21 KB
/
fips.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: CI FIPS
on:
push:
branches: [master]
paths-ignore:
- 'docs/**'
- '**/*.md'
pull_request:
branches: [master]
paths-ignore:
- 'docs/**'
- '**/*.md'
permissions:
contents: read
jobs:
build:
strategy:
fail-fast: false
matrix:
platform:
- ubuntu-20.04
os_name:
- linux_openresty
test_dir:
# all plugins only use three parts of openssl API: RSA via ffi, SHA via ffi and SSL API wrapped by nginx.
# The latter one is already covered by the core tests, so no need to repeat it in plugin tests.
# The RSA and SHA tests are fully covered by jwt-auth and hmac-auth plugin tests, while other plugins only repeat such tests.
- t/plugin/jwt-auth2.t t/plugin/jwt-auth.t t/plugin/hmac-auth.t
# all SSL related core tests are covered by below two lists.
- t/admin/ssl* t/admin/schema.t t/admin/upstream.t t/config-center-yaml/ssl.t t/core/etcd-mtls.t t/core/config_etcd.t t/misc/patch.t
- t/node/grpc-proxy-unary.t t/node/upstream-keepalive-pool.t t/node/upstream-websocket.t t/node/client-mtls.t t/node/upstream-mtls.t t/pubsub/kafka.t t/router/radixtree-sni2.t t/router/multi-ssl-certs.t t/router/radixtree-sni.t t/stream-node/mtls.t t/stream-node/tls.t t/stream-node/upstream-tls.t t/stream-node/sni.t
- t/fips
runs-on: ${{ matrix.platform }}
timeout-minutes: 90
env:
SERVER_NAME: ${{ matrix.os_name }}
OPENRESTY_VERSION: default
ENABLE_FIPS: true
steps:
- name: Check out code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Cache deps
uses: actions/cache@v4
env:
cache-name: cache-deps
with:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }}-${{ hashFiles('apisix-master-0.rockspec') }}
- name: Extract test type
shell: bash
id: test_env
run: |
test_dir="${{ matrix.test_dir }}"
if [[ $test_dir =~ 't/plugin' ]]; then
echo "type=plugin" >>$GITHUB_OUTPUT
fi
if [[ $test_dir =~ 't/fips' ]]; then
echo "type=plugin" >>$GITHUB_OUTPUT
fi
if [[ $test_dir =~ 't/admin' ]]; then
echo "type=first" >>$GITHUB_OUTPUT
fi
if [[ $test_dir =~ 't/node' ]]; then
echo "type=last" >>$GITHUB_OUTPUT
fi
- name: Free disk space
run: |
bash ./ci/free_disk_space.sh
- name: Linux launch common services
run: |
make ci-env-up project_compose_ci=ci/pod/docker-compose.common.yml
sudo ./ci/init-common-test-service.sh
- name: Cache images
id: cache-images
uses: actions/cache@v4
env:
cache-name: cache-apisix-docker-images
with:
path: docker-images-backup
key: ${{ runner.os }}-${{ env.cache-name }}-${{ steps.test_env.outputs.type }}-${{ hashFiles(format('./ci/pod/docker-compose.{0}.yml', steps.test_env.outputs.type )) }}
- if: ${{ steps.cache-images.outputs.cache-hit == 'true' }}
name: Load saved docker images
run: |
if [[ -f docker-images-backup/apisix-images.tar ]]; then
[[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before
docker load --input docker-images-backup/apisix-images.tar
rm docker-images-backup/apisix-images.tar
make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml
echo "loaded docker images"
if [[ ${{ steps.test_env.outputs.type }} != first ]]; then
sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after
fi
fi
- if: ${{ steps.cache-images.outputs.cache-hit != 'true' }}
name: Linux launch services
run: |
[[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before
[[ ${{ steps.test_env.outputs.type }} == plugin ]] && ./ci/pod/openfunction/build-function-image.sh
make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml
echo "make ci-env-up, done"
[[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after
echo "Linux launch services, done"
- name: Linux Before install
run: sudo ./ci/${{ matrix.os_name }}_runner.sh before_install
- name: Linux Install
run: |
sudo --preserve-env=ENABLE_FIPS \
./ci/${{ matrix.os_name }}_runner.sh do_install
- name: Linux Script
env:
OPENSSL_FIPS: yes
TEST_FILE_SUB_DIR: ${{ matrix.test_dir }}
run: sudo -E ./ci/${{ matrix.os_name }}_runner.sh script
- if: ${{ steps.cache-images.outputs.cache-hit != 'true' }}
name: Save docker images
run: |
echo "start backing up, $(date)"
bash ./ci/backup-docker-images.sh ${{ steps.test_env.outputs.type }}
echo "backup done, $(date)"