75 lines
3.1 KiB
YAML
75 lines
3.1 KiB
YAML
|
---
|
||
|
|
|
||
|
|
on: push
|
||
|
|
|
||
|
|
jobs:
|
||
|
|
|
||
|
|
test:
|
||
|
|
runs-on: docker
|
||
|
|
steps:
|
||
|
|
- uses: https://code.forgejo.org/actions/checkout@v4
|
||
|
|
- name: Run unit tests
|
||
|
|
run: |
|
||
|
|
apt update; apt install -y python3-pip
|
||
|
|
pip3 install --break-system-packages -e .[test]
|
||
|
|
python3 -m coverage run --rcfile=setup.cfg -m unittest discover easywks
|
||
|
|
python3 -m coverage combine
|
||
|
|
python3 -m coverage report --rcfile=setup.cfg
|
||
|
|
|
||
|
|
codestyle:
|
||
|
|
runs-on: docker
|
||
|
|
steps:
|
||
|
|
- uses: https://code.forgejo.org/actions/checkout@v4
|
||
|
|
- name: pycodestyle
|
||
|
|
run: |
|
||
|
|
apt update; apt install -y python3-pip
|
||
|
|
pip3 install --break-system-packages -e .[test]
|
||
|
|
pycodestyle easywks
|
||
|
|
|
||
|
|
easywksserver_gpgwksclient:
|
||
|
|
runs-on: docker
|
||
|
|
steps:
|
||
|
|
- uses: https://code.forgejo.org/actions/checkout@v4
|
||
|
|
- name: Integration Test against gpg-wks-client
|
||
|
|
run: |
|
||
|
|
apt update; apt install --yes gnupg2 socat ca-certificates python3-pip
|
||
|
|
echo "openpgpkey" > /etc/hostname
|
||
|
|
echo "127.0.0.1 openpgpkey.example.org openpgpkey example.org" > /etc/hosts
|
||
|
|
pip3 install --break-system-packages -e .[test]
|
||
|
|
openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/key.pem -out /etc/ssl/cert.pem -sha256 -days 365 -nodes -subj '/CN=openpgpkey.example.org'
|
||
|
|
cp /etc/ssl/cert.pem /usr/local/share/ca-certificates/local.crt
|
||
|
|
update-ca-certificates
|
||
|
|
mkdir -p /tmp/easywks
|
||
|
|
cat > /tmp/easywks.yml <<EOF
|
||
|
|
directory: /tmp/easywks
|
||
|
|
httpd:
|
||
|
|
host: 127.0.0.1
|
||
|
|
port: 8080
|
||
|
|
mailing_method: stdout
|
||
|
|
domains:
|
||
|
|
example.org:
|
||
|
|
submission_address: webkey@example.org
|
||
|
|
policy_flags:
|
||
|
|
me.s3lph.easywks_permit-unsigned-response: true # required for gpg-wks-client compat
|
||
|
|
EOF
|
||
|
|
easywks --config /tmp/easywks.yml init
|
||
|
|
easywks --config /tmp/easywks.yml webserver &
|
||
|
|
socat OPENSSL-LISTEN:443,fork,reuseaddr,verify=0,cert=/etc/ssl/cert.pem,key=/etc/ssl/key.pem TCP:127.0.0.1:8080 &
|
||
|
|
sleep 3
|
||
|
|
install -m 0700 -d /tmp/gpg /tmp/cleangpg
|
||
|
|
export GNUPGHOME=/tmp/gpg
|
||
|
|
test/genkey.sh alice@example.org
|
||
|
|
export FINGERPRINT="$(gpg --with-colons --fingerprint alice@example.org | grep -A1 ^pub | grep ^fpr | cut -d: -f10)"
|
||
|
|
/usr/lib/gnupg/gpg-wks-client --supported alice@example.org
|
||
|
|
/usr/lib/gnupg/gpg-wks-client --check webkey@example.org
|
||
|
|
PUBREQ="$(/usr/lib/gnupg/gpg-wks-client --create "${FINGERPRINT}" alice@example.org)"
|
||
|
|
CONFREQ="$(echo "${PUBREQ}" | easywks --config /tmp/easywks.yml process)"
|
||
|
|
CONFRESP="$(echo "${CONFREQ}" | /usr/lib/gnupg/gpg-wks-client --receive --verbose)"
|
||
|
|
PUBRESP="$(echo "${CONFRESP}" | easywks --config /tmp/easywks.yml process)"
|
||
|
|
echo "${PUBRESP}" | gpg --batch --decrypt
|
||
|
|
/usr/lib/gnupg/gpg-wks-client --check alice@example.org
|
||
|
|
export GNUPGHOME=/tmp/gpg
|
||
|
|
gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
|
||
|
|
kill %2 || true
|
||
|
|
kill %1 || true
|