|
| 1 | +name: Zeek Plugin CI for TLS support |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: [ main ] |
| 6 | + pull_request: |
| 7 | + branches: [ main ] |
| 8 | + |
| 9 | +jobs: |
| 10 | + build_and_test: |
| 11 | + runs-on: ubuntu-latest |
| 12 | + steps: |
| 13 | + - uses: actions/checkout@v3 |
| 14 | + |
| 15 | + - name: Install Runtime Dependencies |
| 16 | + run: | |
| 17 | + sudo apt-get update |
| 18 | + sudo apt-get install -y cmake g++ wget curl tcpdump libssl-dev openssl |
| 19 | +
|
| 20 | + - name: Install Zeek |
| 21 | + run: | |
| 22 | + echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_24.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list |
| 23 | + curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_24.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null |
| 24 | + sudo apt-get update |
| 25 | + sudo apt-get install -y zeek zeek-core-dev |
| 26 | + echo "/opt/zeek/bin" >> $GITHUB_PATH |
| 27 | +
|
| 28 | + - name: Install Fluvio Local Cluster |
| 29 | + run: | |
| 30 | + curl -fsS https://raw.githubusercontent.com/fluvio-community/fluvio/master/install.sh | FVM_VERSION=dev bash |
| 31 | + echo "$HOME/.fluvio/bin" >> $GITHUB_PATH |
| 32 | +
|
| 33 | + - name: Generate mTLS Certificates for Testing |
| 34 | + run: | |
| 35 | + mkdir -p /tmp/certs && cd /tmp/certs |
| 36 | + openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ca.key -out ca.crt -days 3650 -subj '/CN=fluvio-ca' -extensions v3_ca -config <(printf "[req]\ndistinguished_name=dn\n[dn]\n[v3_ca]\nbasicConstraints=CA:TRUE\nkeyUsage=keyCertSign,cRLSign") |
| 37 | + openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -subj '/CN=localhost' |
| 38 | + openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -extfile <(printf "subjectAltName=DNS:localhost,DNS:custom-spu-5001.localhost,IP:127.0.0.1\nbasicConstraints=CA:FALSE\nextendedKeyUsage=serverAuth") |
| 39 | + openssl req -new -newkey rsa:2048 -nodes -keyout client.key -out client.csr -subj '/CN=fluvio-client' |
| 40 | + openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1\nbasicConstraints=CA:FALSE\nextendedKeyUsage=clientAuth") |
| 41 | +
|
| 42 | + - name: Start Fluvio Cluster |
| 43 | + run: | |
| 44 | + export PATH="$HOME/.fluvio/bin:$PATH" |
| 45 | + fluvio cluster start --local --tls --server-cert /tmp/certs/server.crt --server-key /tmp/certs/server.key --client-cert /tmp/certs/client.crt --client-key /tmp/certs/client.key --ca-cert /tmp/certs/ca.crt --domain localhost |
| 46 | +
|
| 47 | + - name: Export TLS Environment Variables for Plugin |
| 48 | + run: | |
| 49 | + export FLUVIO_TLS_DOMAIN=localhost |
| 50 | + export FLUVIO_TLS_KEY=/tmp/certs/client.key |
| 51 | + export FLUVIO_TLS_CERT=/tmp/certs/client.crt |
| 52 | + export FLUVIO_TLS_CA=/tmp/certs/ca.crt |
| 53 | +
|
| 54 | + - name: Configure and Compile Plugin |
| 55 | + run: | |
| 56 | + export PATH="/opt/zeek/bin:$PATH" |
| 57 | + ./configure |
| 58 | + make -C build |
| 59 | +
|
| 60 | + - name: Test Component Registry Load |
| 61 | + run: | |
| 62 | + export PATH="/opt/zeek/bin:$PATH" |
| 63 | + export ZEEK_PLUGIN_PATH=${GITHUB_WORKSPACE}/build |
| 64 | + # Verifies the plugin explicitly exists in Zeek runtime |
| 65 | + zeek -N Zeek::Fluvio |
| 66 | +
|
| 67 | + - name: End-to-End Log Serialization Integration Test |
| 68 | + run: | |
| 69 | + # Utilize the uploaded static pre-recorded PCAP capture to avoid dynamic interface generation issues! |
| 70 | + bash ./tests/e2e.sh tests/Traces/ping.pcap |
0 commit comments