mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-12 18:00:49 +01:00
c61cb00f40
Handles the case when users are running Coturn with peers in the same network, and these peers connect to the relay server via private IP addresses (e.g., Oracle cloud), which causes relay candidates to be allocated using private IP addresses. This causes issues with external peers who can't reach these private addresses. Use the provided IP address with NETBIRD_TURN_EXTERNAL_IP or discover the address via https://jsonip.com API. For quick-start guide with Zitadel, we only use the discover method with the external API
189 lines
8.8 KiB
YAML
189 lines
8.8 KiB
YAML
name: Test Infrastructure files
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
paths:
|
|
- 'infrastructure_files/**'
|
|
- '.github/workflows/test-infrastructure-files.yml'
|
|
- 'management/cmd/**'
|
|
- 'signal/cmd/**'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
test-docker-compose:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install jq
|
|
run: sudo apt-get install -y jq
|
|
|
|
- name: Install curl
|
|
run: sudo apt-get install -y curl
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version: "1.21.x"
|
|
|
|
- name: Cache Go modules
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: cp setup.env
|
|
run: cp infrastructure_files/tests/setup.env infrastructure_files/
|
|
|
|
- name: run configure
|
|
working-directory: infrastructure_files
|
|
run: bash -x configure.sh
|
|
env:
|
|
CI_NETBIRD_DOMAIN: localhost
|
|
CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_AUDIENCE: testing.ci
|
|
CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
|
|
CI_NETBIRD_USE_AUTH0: true
|
|
CI_NETBIRD_MGMT_IDP: "none"
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
|
|
CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
|
|
CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
|
|
|
|
- name: check values
|
|
working-directory: infrastructure_files/artifacts
|
|
env:
|
|
CI_NETBIRD_DOMAIN: localhost
|
|
CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_AUDIENCE: testing.ci
|
|
CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
|
|
CI_NETBIRD_USE_AUTH0: true
|
|
CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
|
|
CI_NETBIRD_AUTH_AUTHORITY: https://example.eu.auth0.com/
|
|
CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
|
|
CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
|
|
CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT: https://example.eu.auth0.com/authorize
|
|
CI_NETBIRD_AUTH_REDIRECT_URI: "/peers"
|
|
CI_NETBIRD_TOKEN_SOURCE: "idToken"
|
|
CI_NETBIRD_AUTH_USER_ID_CLAIM: "email"
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE: "super"
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE: "openid email"
|
|
CI_NETBIRD_MGMT_IDP: "none"
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_SIGNAL_PORT: 12345
|
|
CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
|
|
CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
|
|
CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"
|
|
|
|
run: |
|
|
set -x
|
|
grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
|
|
grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
|
|
grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
|
|
grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
|
|
grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
|
|
grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
|
|
grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "$CI_NETBIRD_DOMAIN:33073"
|
|
grep AUTH_REDIRECT_URI docker-compose.yml | grep $CI_NETBIRD_AUTH_REDIRECT_URI
|
|
grep AUTH_SILENT_REDIRECT_URI docker-compose.yml | egrep 'AUTH_SILENT_REDIRECT_URI=$'
|
|
grep $CI_NETBIRD_SIGNAL_PORT docker-compose.yml | grep ':80'
|
|
grep LETSENCRYPT_DOMAIN docker-compose.yml | egrep 'LETSENCRYPT_DOMAIN=$'
|
|
grep NETBIRD_TOKEN_SOURCE docker-compose.yml | grep $CI_NETBIRD_TOKEN_SOURCE
|
|
grep AuthUserIDClaim management.json | grep $CI_NETBIRD_AUTH_USER_ID_CLAIM
|
|
grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
|
|
grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
|
|
grep Engine management.json | grep "$CI_NETBIRD_STORE_CONFIG_ENGINE"
|
|
grep IdpSignKeyRefreshEnabled management.json | grep "$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH"
|
|
grep UseIDToken management.json | grep false
|
|
grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP
|
|
grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
|
|
grep -A 4 IdpManagerConfig management.json | grep -A 2 ClientConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
|
|
grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
|
|
grep -A 6 IdpManagerConfig management.json | grep -A 4 ClientConfig | grep ClientSecret | grep $CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
|
|
grep -A 7 IdpManagerConfig management.json | grep -A 5 ClientConfig | grep GrantType | grep client_credentials
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
|
|
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
|
|
grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP
|
|
|
|
- name: Install modules
|
|
run: go mod tidy
|
|
|
|
- name: Build management binary
|
|
working-directory: management
|
|
run: CGO_ENABLED=1 go build -o netbird-mgmt main.go
|
|
|
|
- name: Build management docker image
|
|
working-directory: management
|
|
run: |
|
|
docker build -t netbirdio/management:latest .
|
|
|
|
- name: Build signal binary
|
|
working-directory: signal
|
|
run: CGO_ENABLED=0 go build -o netbird-signal main.go
|
|
|
|
- name: Build signal docker image
|
|
working-directory: signal
|
|
run: |
|
|
docker build -t netbirdio/signal:latest .
|
|
|
|
- name: run docker compose up
|
|
working-directory: infrastructure_files/artifacts
|
|
run: |
|
|
docker-compose up -d
|
|
sleep 5
|
|
docker-compose ps
|
|
docker-compose logs --tail=20
|
|
|
|
- name: test running containers
|
|
run: |
|
|
count=$(docker compose ps --format json | jq '. | select(.Name | contains("artifacts")) | .State' | grep -c running)
|
|
test $count -eq 4
|
|
working-directory: infrastructure_files/artifacts
|
|
|
|
test-getting-started-script:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install jq
|
|
run: sudo apt-get install -y jq
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: run script
|
|
run: NETBIRD_DOMAIN=use-ip bash -x infrastructure_files/getting-started-with-zitadel.sh
|
|
|
|
- name: test Caddy file gen
|
|
run: test -f Caddyfile
|
|
- name: test docker-compose file gen
|
|
run: test -f docker-compose.yml
|
|
- name: test management.json file gen
|
|
run: test -f management.json
|
|
- name: test turnserver.conf file gen
|
|
run: |
|
|
set -x
|
|
test -f turnserver.conf
|
|
grep external-ip turnserver.conf
|
|
- name: test zitadel.env file gen
|
|
run: test -f zitadel.env
|
|
- name: test dashboard.env file gen
|
|
run: test -f dashboard.env
|