mirror of
https://github.com/netbirdio/netbird.git
synced 2025-02-17 02:31:06 +01:00
bb40325977
This PR showcases the implementation of additional linter rules. I've updated the golangci-lint GitHub Actions to the latest available version. This update makes sure that the tool works the same way locally - assuming being updated regularly - and with the GitHub Actions. I've also taken care of keeping all the GitHub Actions up to date, which helps our code stay current. But there's one part, goreleaser that's a bit tricky to test on our computers. So, it's important to take a close look at that. To make it easier to understand what I've done, I've made separate changes for each thing that the new linters found. This should help the people reviewing the changes see what's going on more clearly. Some of the changes might not be obvious at first glance. Things to consider for the future CI runs on Ubuntu so the static analysis only happens for Linux. Consider running it for the rest: Darwin, Windows
150 lines
7.3 KiB
YAML
150 lines
7.3 KiB
YAML
name: Test Infrastructure files
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
paths:
|
|
- 'infrastructure_files/**'
|
|
- '.github/workflows/test-infrastructure-files.yml'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
test-docker-compose:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install jq
|
|
run: sudo apt-get install -y jq
|
|
|
|
- name: Install curl
|
|
run: sudo apt-get install -y curl
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version: "1.20.x"
|
|
|
|
- name: Cache Go modules
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: cp setup.env
|
|
run: cp infrastructure_files/tests/setup.env infrastructure_files/
|
|
|
|
- name: run configure
|
|
working-directory: infrastructure_files
|
|
run: bash -x configure.sh
|
|
env:
|
|
CI_NETBIRD_DOMAIN: localhost
|
|
CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_AUDIENCE: testing.ci
|
|
CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
|
|
CI_NETBIRD_USE_AUTH0: true
|
|
CI_NETBIRD_MGMT_IDP: "none"
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
|
|
|
|
- name: check values
|
|
working-directory: infrastructure_files
|
|
env:
|
|
CI_NETBIRD_DOMAIN: localhost
|
|
CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
|
|
CI_NETBIRD_AUTH_AUDIENCE: testing.ci
|
|
CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
|
|
CI_NETBIRD_USE_AUTH0: true
|
|
CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
|
|
CI_NETBIRD_AUTH_AUTHORITY: https://example.eu.auth0.com/
|
|
CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
|
|
CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
|
|
CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT: https://example.eu.auth0.com/authorize
|
|
CI_NETBIRD_AUTH_REDIRECT_URI: "/peers"
|
|
CI_NETBIRD_TOKEN_SOURCE: "idToken"
|
|
CI_NETBIRD_AUTH_USER_ID_CLAIM: "email"
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE: "super"
|
|
CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE: "openid email"
|
|
CI_NETBIRD_MGMT_IDP: "none"
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
|
|
CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
|
|
|
|
run: |
|
|
grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
|
|
grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
|
|
grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
|
|
grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
|
|
grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
|
|
grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
|
|
grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "$CI_NETBIRD_DOMAIN:33073"
|
|
grep AUTH_REDIRECT_URI docker-compose.yml | grep $CI_NETBIRD_AUTH_REDIRECT_URI
|
|
grep AUTH_SILENT_REDIRECT_URI docker-compose.yml | egrep 'AUTH_SILENT_REDIRECT_URI=$'
|
|
grep LETSENCRYPT_DOMAIN docker-compose.yml | egrep 'LETSENCRYPT_DOMAIN=$'
|
|
grep NETBIRD_TOKEN_SOURCE docker-compose.yml | grep $CI_NETBIRD_TOKEN_SOURCE
|
|
grep AuthUserIDClaim management.json | grep $CI_NETBIRD_AUTH_USER_ID_CLAIM
|
|
grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
|
|
grep -A 8 DeviceAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE"
|
|
grep UseIDToken management.json | grep false
|
|
grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP
|
|
grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
|
|
grep -A 4 IdpManagerConfig management.json | grep -A 2 ClientConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
|
|
grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
|
|
grep -A 6 IdpManagerConfig management.json | grep -A 4 ClientConfig | grep ClientSecret | grep $CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
|
|
grep -A 7 IdpManagerConfig management.json | grep -A 5 ClientConfig | grep GrantType | grep client_credentials
|
|
grep -A 2 PKCEAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE
|
|
grep -A 3 PKCEAuthorizationFlow management.json | grep -A 2 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID
|
|
grep -A 4 PKCEAuthorizationFlow management.json | grep -A 3 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
|
|
grep -A 5 PKCEAuthorizationFlow management.json | grep -A 4 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
|
|
grep -A 6 PKCEAuthorizationFlow management.json | grep -A 5 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
|
|
grep -A 7 PKCEAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
|
|
|
|
- name: run docker compose up
|
|
working-directory: infrastructure_files
|
|
run: |
|
|
docker-compose up -d
|
|
sleep 5
|
|
docker-compose ps
|
|
docker-compose logs --tail=20
|
|
|
|
- name: test running containers
|
|
run: |
|
|
count=$(docker compose ps --format json | jq '.[] | select(.Project | contains("infrastructure_files")) | .State' | grep -c running)
|
|
test $count -eq 4
|
|
working-directory: infrastructure_files
|
|
|
|
test-getting-started-script:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install jq
|
|
run: sudo apt-get install -y jq
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: run script
|
|
run: NETBIRD_DOMAIN=use-ip bash -x infrastructure_files/getting-started-with-zitadel.sh
|
|
|
|
- name: test Caddy file gen
|
|
run: test -f Caddyfile
|
|
- name: test docker-compose file gen
|
|
run: test -f docker-compose.yml
|
|
- name: test management.json file gen
|
|
run: test -f management.json
|
|
- name: test turnserver.conf file gen
|
|
run: test -f turnserver.conf
|
|
- name: test zitadel.env file gen
|
|
run: test -f zitadel.env
|
|
- name: test dashboard.env file gen
|
|
run: test -f dashboard.env |