forked from testcontainers/Docker.DotNet
-
Notifications
You must be signed in to change notification settings - Fork 0
106 lines (92 loc) · 3.89 KB
/
ci.yml
File metadata and controls
106 lines (92 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: CI
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
services:
# Docker without TLS (plain TCP) !DEPRECATED! with next docker release
docker-no-tls:
image: docker:28.1-dind
env:
DOCKER_TLS_CERTDIR: ""
ports:
- 2375:2375
options: >-
--privileged
# Docker with TLS (secure TCP)
docker-tls:
image: docker:28.1-dind
env:
DOCKER_TLS_CERTDIR: /certs
ports:
- 2376:2376
options: >-
--privileged
volumes:
- ${{ github.workspace }}/certs:/certs
strategy:
matrix:
framework:
- net8.0
- net9.0
steps:
- uses: actions/checkout@v4
with:
path: test
fetch-depth: 0
- name: Setup .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.x
- name: Build
run: dotnet build -c Release --framework ${{ matrix.framework }}
working-directory: test
- name: Generate TLS certs for Docker
run: |
mkdir -p ${{ github.workspace }}/certs
# Generate CA key and cert
openssl genrsa -out ${{ github.workspace }}/certs/ca-key.pem 2048
openssl req -x509 -new -nodes -key ${{ github.workspace }}/certs/ca-key.pem -sha256 -days 365 -out ${{ github.workspace }}/certs/ca.pem -subj "/CN=docker-ca"
# Generate server key and CSR
openssl genrsa -out ${{ github.workspace }}/certs/server-key.pem 2048
openssl req -new -key ${{ github.workspace }}/certs/server-key.pem -out ${{ github.workspace }}/certs/server.csr -subj "/CN=localhost"
# Sign server cert with CA
openssl x509 -req -in ${{ github.workspace }}/certs/server.csr -CA ${{ github.workspace }}/certs/ca.pem -CAkey ${{ github.workspace }}/certs/ca-key.pem -CAcreateserial -out ${{ github.workspace }}/certs/server-cert.pem -days 365 -sha256
# Generate client key and CSR
openssl genrsa -out ${{ github.workspace }}/certs/key.pem 2048
openssl req -new -key ${{ github.workspace }}/certs/key.pem -out ${{ github.workspace }}/certs/client.csr -subj "/CN=client"
# Sign client cert with CA
openssl x509 -req -in ${{ github.workspace }}/certs/client.csr -CA ${{ github.workspace }}/certs/ca.pem -CAkey ${{ github.workspace }}/certs/ca-key.pem -CAcreateserial -out ${{ github.workspace }}/certs/cert.pem -days 365 -sha256
# create pfx
openssl pkcs12 -export -out ${{ github.workspace }}/certs/client.pfx -inkey ${{ github.workspace }}/certs/key.pem -in ${{ github.workspace }}/certs/cert.pem -certfile ${{ github.workspace }}/certs/ca.pem -passout pass:
- name: Wait for Docker (no TLS) to be healthy
run: |
for i in {1..10}; do
if docker --host=tcp://localhost:2375 version; then
echo "Docker (no TLS) is ready!"
exit 0
fi
echo "Waiting for Docker (no TLS) to be ready..."
sleep 3
done
echo "Docker (no TLS) did not become ready in time."
exit 1
- name: Wait for Docker (with TLS) to be healthy
run: |
for i in {1..10}; do
if docker --host=tcp://localhost:2376 --tlsverify \
--tlscacert=${{ github.workspace }}/certs/ca.pem \
--tlscert=${{ github.workspace }}/certs/cert.pem \
--tlskey=${{ github.workspace }}/certs/key.pem version; then
echo "Docker (TLS) is ready!"
exit 0
fi
echo "Waiting for Docker (TLS) to be ready..."
sleep 3
done
echo "Docker (TLS) did not become ready in time."
exit 1
- name: Test
run: dotnet test -c Release --framework ${{ matrix.framework }} --no-build --logger console
working-directory: test