Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Code Issues Activity

fix: ci 'TLS check' job is broken (#1970)

Browse source 
Signed-off-by: Alexei Dodon <adodon@cisco.com>
This commit is contained in:
Alexei Dodon 2023-10-27 20:39:04 +03:00 committed by GitHub
parent d2fbd273ba
commit f3bb68ae15
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/tls.yaml vendored
View file

@ -22,22 +22,17 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: | run: |
cd $GITHUB_WORKSPACE cd $GITHUB_WORKSPACE
sudo apt-get update
sudo apt-get install -y apache2-utils openssl
mkdir -p test/data mkdir -p test/data
cd test/data cd test/data
../scripts/gen_certs.sh ../scripts/gen_certs.sh
htpasswd -bBn test test123 > htpasswd
- name: Check for TLS settings - name: Check for TLS settings
continue-on-error: true
run: | run: |
cd $GITHUB_WORKSPACE cd $GITHUB_WORKSPACE
make binary make binary
bin/zot-linux-amd64 serve examples/config-tls.json & bin/zot-linux-amd64 serve examples/config-tls.json & echo $! > zot.PID
sleep 5 sleep 5
curl -kv --tls-max 1.0 -0 https://localhost:8080/v2/ # Check if zot server is running
if [[ "$?" -eq 0 ]]; then echo "TLSv1.0 detected"; exit 1; fi cat /proc/$(cat zot.PID)/status | grep State || exit 1
curl -kv --tls-max 1.1 -0 https://localhost:8080/v2/
if [[ "$?" -eq 0 ]]; then echo "TLSv1.1 detected"; exit 1; fi # zot server is running: proceed to testing
curl -kv --tls-max 1.2 -0 https://localhost:8080/v2/ ./test/scripts/tls_scan.sh
if [[ "$?" -ne 0 ]]; then echo "TLSv1.2 missing"; exit 1; fi

4
examples/config-tls.json
View file

@ -8,8 +8,8 @@
"port": "8080", "port": "8080",
"realm": "zot", "realm": "zot",
"tls": { "tls": {
"cert": "../../test/data/server.cert", "cert": "test/data/server.cert",
"key": "../../test/data/server.key" "key": "test/data/server.key"
} }
}, },
"log": { "log": {

17
test/scripts/tls_scan.sh Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env bash
set -x
curl -kv --tls-max 1.0 https://localhost:8080/v2/
if [[ "$?" -eq 0 ]]; then echo "TLSv1.0 detected"; exit 1; fi
curl -kv --tls-max 1.1 https://localhost:8080/v2/
if [[ "$?" -eq 0 ]]; then echo "TLSv1.1 detected"; exit 1; fi
curl -kv --tls-max 1.2 https://localhost:8080/v2/
if [[ "$?" -ne 0 ]]; then echo "TLSv1.2 missing"; exit 1; fi
curl -kv --tls-max 1.3 https://localhost:8080/v2/
if [[ "$?" -ne 0 ]]; then echo "TLSv1.3 missing"; exit 1; fi
exit 0