Skip to content

Bump cryptography (#2070) #852

Bump cryptography (#2070)

Bump cryptography (#2070) #852

name: Test installing the debian packages
on:
push:
tags:
- v*
branches:
- "release**"
- "main"
pull_request:
branches:
- "release**"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
build-packages:
strategy:
matrix:
dist: [ ubuntu ]
package: [ bytes, boefjes, rocky, keiko, octopoes, mula ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get version from release tag or generate one
run: |
if [ ${GITHUB_REF_TYPE} = "tag" ]; then
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
else
pip install setuptools-scm==7.1.0
echo "RELEASE_VERSION=$(python -m setuptools_scm)" >> $GITHUB_ENV
fi
- name: Run debian package build
uses: addnab/docker-run-action@v3
with:
run: packaging/scripts/build-debian-package.sh
registry: ghcr.io
image: ghcr.io/minvws/nl-kat-${{ matrix.dist }}-build-image:latest
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
options: -v ${{ github.workspace }}/${{ matrix.package }}:/app
-v ${{ github.workspace }}/octopoes:/octopoes
-e REPOSITORY=${{ github.repository }}
-e RELEASE_VERSION=${{ env.RELEASE_VERSION }}
-e RELEASE_TAG=${{ env.RELEASE_TAG }}
-e PKG_NAME=kat-${{ matrix.package }}
--workdir /app
- name: Upload .deb to artifacts
uses: actions/upload-artifact@v3
with:
name: kat-${{ matrix.package }}_${{ env.RELEASE_VERSION }}_${{ matrix.dist }}.deb
path: ${{ matrix.package }}/build/kat-${{ matrix.package }}_${{ env.RELEASE_VERSION }}_amd64.deb
test-deb-install:
needs: build-packages
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-22.04 ]
env:
PGPASSWORD: postgres # No password prompt
steps:
- uses: actions/checkout@v4
- name: Get version from release tag or generate one
run: |
if [ ${GITHUB_REF_TYPE} = "tag" ]; then
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
else
pip install setuptools-scm==7.1.0
echo "RELEASE_VERSION=$(python -m setuptools_scm)" >> $GITHUB_ENV
fi
- name: Install dependencies Docker and rabbitmq
run: sudo apt-get update && sudo apt-get install -y docker.io containerd runc rabbitmq-server postgresql
- name: Start postgresql
run: |
sudo systemctl start postgresql.service
- name: Prepare rabbitmq configurations
run: |
echo "export ERL_EPMD_ADDRESS=127.0.0.1" | sudo tee -a /etc/rabbitmq/rabbitmq-env.conf
echo "export NODENAME=rabbit@localhost" | sudo tee -a /etc/rabbitmq/rabbitmq-env.conf
sudo systemctl stop rabbitmq-server
sudo epmd -kill
echo "listeners.tcp.local = 127.0.0.1:5672" | sudo tee -a /etc/rabbitmq/rabbitmq.conf
echo "[{kernel,[ {inet_dist_use_interface,{127,0,0,1}}]}]." | sudo tee -a /etc/rabbitmq/advanced.config
- name: Start rabbitmq
run: |
sudo systemctl start rabbitmq-server
- name: Wait until postgresql is healthy
run: |
for i in {1..10}; do pg_isready -h localhost && break || sleep 1 ; done
- name: Prepare postgres service Rocky
run: |
sudo -u postgres createdb rocky_db
sudo -u postgres createuser rocky
sudo -u postgres psql -c "GRANT ALL ON DATABASE rocky_db TO rocky;"
sudo -u postgres psql -c "ALTER USER rocky WITH PASSWORD 'postgres';"
- name: Prepare postgres service Katalogus
run: |
sudo -u postgres createdb katalogus_db
sudo -u postgres createuser katalogus
sudo -u postgres psql -c "GRANT ALL ON DATABASE katalogus_db TO katalogus;"
sudo -u postgres psql -c "ALTER USER katalogus WITH PASSWORD 'postgres';"
- name: Prepare postgres service Bytes
run: |
sudo -u postgres createdb bytes_db
sudo -u postgres createuser bytes
sudo -u postgres psql -c "GRANT ALL ON DATABASE bytes_db TO bytes;"
sudo -u postgres psql -c "ALTER USER bytes WITH PASSWORD 'postgres';"
- name: Prepare postgres service Mula
run: |
sudo -u postgres createdb mula_db
sudo -u postgres createuser mula
sudo -u postgres psql -c "GRANT ALL ON DATABASE mula_db TO mula;"
sudo -u postgres psql -c "ALTER USER mula WITH PASSWORD 'postgres';"
- name: Wait until rabbitmq is healthy
run: |
for i in {1..10}; do sudo rabbitmq-diagnostics -q ping && break || sleep 1 ; done
- name: Create kat vhost in rabbitmq
run: |
sudo rabbitmqctl add_user kat rabbit
sudo rabbitmqctl add_vhost kat
sudo rabbitmqctl set_permissions -p "kat" "kat" ".*" ".*" ".*"
- name: Download Bytes artifact
uses: actions/download-artifact@v3
with:
name: kat-bytes_${{ env.RELEASE_VERSION }}_ubuntu.deb
- name: Download Boefjes artifact
uses: actions/download-artifact@v3
with:
name: kat-boefjes_${{ env.RELEASE_VERSION }}_ubuntu.deb
- name: Download Rocky artifact
uses: actions/download-artifact@v3
with:
name: kat-rocky_${{ env.RELEASE_VERSION }}_ubuntu.deb
- name: Download Mula artifact
uses: actions/download-artifact@v3
with:
name: kat-mula_${{ env.RELEASE_VERSION }}_ubuntu.deb
- name: Download Keiko artifact
uses: actions/download-artifact@v3
with:
name: kat-keiko_${{ env.RELEASE_VERSION }}_ubuntu.deb
- name: Download Octopoes artifact
uses: actions/download-artifact@v3
with:
name: kat-octopoes_${{ env.RELEASE_VERSION }}_ubuntu.deb
- name: Get the OpenKAT artifacts
run: |
curl -Ls https://github.com/dekkers/xtdb-http-multinode/releases/download/v1.0.6/xtdb-http-multinode_1.0.6_all.deb --output xtdb-http-multinode_1.0.6_all.deb;
- name: Install the artifacts
run: |
sudo apt install ./kat-*.deb ./xtdb-http-multinode_*_all.deb
- name: Update configs for rabbitmq
run: |
sudo sed -i "s/QUEUE_URI=/QUEUE_URI=amqp:\/\/kat:rabbit@localhost:5672\/kat/g" /etc/kat/mula.conf
sudo sed -i "s/QUEUE_URI=/QUEUE_URI=amqp:\/\/kat:rabbit@localhost:5672\/kat/g" /etc/kat/bytes.conf
sudo sed -i "s/QUEUE_URI=/QUEUE_URI=amqp:\/\/kat:rabbit@localhost:5672\/kat/g" /etc/kat/boefjes.conf
sudo sed -i "s/QUEUE_URI=/QUEUE_URI=amqp:\/\/kat:rabbit@localhost:5672\/kat/g" /etc/kat/octopoes.conf
- name: Migrations for Rocky
run: |
sudo sed -i "s/ROCKY_DB_PASSWORD=/ROCKY_DB_PASSWORD=postgres/g" /etc/kat/rocky.conf
sudo -u kat rocky-cli migrate
sudo -u kat rocky-cli loaddata /usr/share/kat-rocky/OOI_database_seed.json
- name: Migrations for Katalogus
run: |
sudo sed -i "s/KATALOGUS_DB_URI=/KATALOGUS_DB_URI=postgresql:\/\/katalogus:postgres@localhost\/katalogus_db/g" /etc/kat/boefjes.conf
sudo -u kat update-katalogus-db
- name: Migrations for Bytes
run: |
sudo sed -i "s/BYTES_DB_URI=/BYTES_DB_URI=postgresql:\/\/bytes:postgres@localhost\/bytes_db/g" /etc/kat/bytes.conf
sudo -u kat update-bytes-db
- name: Migrations for Mula
run: |
sudo sed -i "s/SCHEDULER_DB_URI=/SCHEDULER_DB_URI=postgresql:\/\/mula:postgres@localhost\/mula_db/g" /etc/kat/mula.conf
sudo -u kat update-mula-db
- name: Setup Bytes credentials
run: |
sudo sed -i "s/BYTES_PASSWORD=\$/BYTES_PASSWORD=$(sudo grep BYTES_PASSWORD /etc/kat/bytes.conf | awk -F'=' '{ print $2 }')/" /etc/kat/rocky.conf
sudo sed -i "s/BYTES_PASSWORD=\$/BYTES_PASSWORD=$(sudo grep BYTES_PASSWORD /etc/kat/bytes.conf | awk -F'=' '{ print $2 }')/" /etc/kat/boefjes.conf
sudo sed -i "s/BYTES_PASSWORD=\$/BYTES_PASSWORD=$(sudo grep BYTES_PASSWORD /etc/kat/bytes.conf | awk -F'=' '{ print $2 }')/" /etc/kat/mula.conf
- name: Restart KAT
run: sudo systemctl restart kat-rocky kat-mula kat-bytes kat-boefjes kat-normalizers kat-katalogus kat-keiko kat-octopoes kat-octopoes-worker
- name: Setup accounts in Rocky
run: |
DJANGO_SUPERUSER_PASSWORD=robotpassword sudo -E -u kat rocky-cli createsuperuser --noinput --email robot@localhost --full_name "Mr. Robot"
sudo -u kat rocky-cli setup_dev_account
- name: Check Keiko API health or print response and logs
run: |
for i in {1..15}; do curl -s http://localhost:8005/health | jq .healthy | grep true -q && s=0 && break || s=$? && sleep 1 ; done
if [ $s != 0 ]; then echo $(curl -v http://localhost:8005/health) || true && journalctl --no-pager -u kat-keiko.service && exit $s ; fi
- name: Check Bytes API health or print response and logs
run: |
for i in {1..15}; do curl -s http://localhost:8002/health | jq .healthy | grep true -q && s=0 && break || s=$? && sleep 1 ; done
if [ $s != 0 ]; then echo $(curl -v http://localhost:8002/health) || true && journalctl --no-pager -u kat-bytes.service && exit $s ; fi
- name: Check Katalogus API health or print response and logs
run: |
for i in {1..15}; do curl -s http://localhost:8003/health | jq .healthy | grep true -q && s=0 && break || s=$? && sleep 1 ; done
if [ $s != 0 ]; then echo $(curl -v http://localhost:8003/health) || true && journalctl --no-pager -u kat-katalogus.service && exit $s ; fi
- name: Check Scheduler API health or print response and logs
run: |
for i in {1..15}; do curl -s http://localhost:8004/health | jq .healthy | grep true -q && s=0 && break || s=$? && sleep 1 ; done
if [ $s != 0 ]; then echo $(curl -v http://localhost:8004/health) || true && journalctl --no-pager -u kat-mula.service && exit $s ; fi
- name: Check XTDB health or print response and logs
run: |
for i in {1..30}; do curl -s -H "Accept: application/edn" http://localhost:3000/_dev/_xtdb/test/status && s=0 && break || s=$? && sleep 1 ; done
if [ $s != 0 ]; then echo $(curl -s -H "Accept: application/edn" http://localhost:3000/_dev/_xtdb/test/status) || true && journalctl --no-pager -u xtdb-http-multinode.service && exit $s ; fi
- name: Create _dev node in Octopoes
run: curl -s -X POST http://localhost:8001/_dev/node
- name: Check Octopoes API health or print response and logs
run: |
for i in {1..15}; do curl -s http://localhost:8001/_dev/health | jq .healthy | grep true -q && s=0 && break || s=$? && sleep 1 ; done
if [ $s != 0 ]; then echo $(curl -v http://localhost:8001/_dev/health) || true && journalctl --no-pager -u kat-octopoes.service && exit $s ; fi
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: '3.8'
cache: pip
- name: Install Robot Framework
run: pip3 install robotframework robotframework-browser robotframework-debuglibrary robotframework-otp robotframework-postgresqldb pyotp
- name: Initialize rfbrowser
run: rfbrowser init
- name: Run Robot Full Onboarding Flow
run: robot -d rocky/tests/robot/results-ci -v headless:true rocky/tests/robot/ci
- name: Upload Robot Framework reports
uses: actions/upload-artifact@v3
if: always()
with:
name: rf-results-ci
path: /home/runner/work/nl-kat-coordination/nl-kat-coordination/rocky/tests/robot/results*