fix: ci 'TLS check' job is broken (#1970)

Signed-off-by: Alexei Dodon <adodon@cisco.com>
2024-12-16 21:56:37 -05:00 · 2023-10-27 20:39:04 +03:00 · 2023-10-27 20:39:04 +03:00 · f3bb68ae15
commit f3bb68ae15
parent d2fbd273ba
3 changed files with 25 additions and 13 deletions
--- a/.github/workflows/tls.yaml
+++ b/.github/workflows/tls.yaml
@ -22,22 +22,17 @@ jobs:
      - name: Install dependencies
        run: |
          cd $GITHUB_WORKSPACE
-          sudo apt-get update
-          sudo apt-get install -y apache2-utils openssl
          mkdir -p test/data
          cd test/data
          ../scripts/gen_certs.sh
-          htpasswd -bBn test test123 > htpasswd
      - name: Check for TLS settings
-        continue-on-error: true
        run: |
          cd $GITHUB_WORKSPACE
          make binary
-          bin/zot-linux-amd64 serve examples/config-tls.json &
+          bin/zot-linux-amd64 serve examples/config-tls.json & echo $! > zot.PID
          sleep 5
-          curl -kv --tls-max 1.0 -0  https://localhost:8080/v2/
-          if [[ "$?" -eq 0 ]]; then echo "TLSv1.0 detected"; exit 1; fi
-          curl -kv --tls-max 1.1 -0  https://localhost:8080/v2/
-          if [[ "$?" -eq 0 ]]; then echo "TLSv1.1 detected"; exit 1; fi
-          curl -kv --tls-max 1.2 -0  https://localhost:8080/v2/
-          if [[ "$?" -ne 0 ]]; then echo "TLSv1.2 missing"; exit 1; fi
+          # Check if zot server is running
+          cat /proc/$(cat zot.PID)/status | grep State || exit 1
+
+          # zot server is running: proceed to testing
+          ./test/scripts/tls_scan.sh
--- a/examples/config-tls.json
+++ b/examples/config-tls.json
@ -8,8 +8,8 @@
    "port": "8080",
    "realm": "zot",
    "tls": {
-      "cert": "../../test/data/server.cert",
-      "key": "../../test/data/server.key"
+      "cert": "test/data/server.cert",
+      "key": "test/data/server.key"
    }
  },
  "log": {
--- a/test/scripts/tls_scan.sh
+++ b/test/scripts/tls_scan.sh
@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -x
+
+curl -kv --tls-max 1.0 https://localhost:8080/v2/
+if [[ "$?" -eq 0 ]]; then echo "TLSv1.0 detected"; exit 1; fi
+
+curl -kv --tls-max 1.1 https://localhost:8080/v2/
+if [[ "$?" -eq 0 ]]; then echo "TLSv1.1 detected"; exit 1; fi
+
+curl -kv --tls-max 1.2 https://localhost:8080/v2/
+if [[ "$?" -ne 0 ]]; then echo "TLSv1.2 missing"; exit 1; fi
+
+curl -kv --tls-max 1.3 https://localhost:8080/v2/
+if [[ "$?" -ne 0 ]]; then echo "TLSv1.3 missing"; exit 1; fi
+
+exit 0