Skip to content

Commit

Permalink
Misc fixes for CI tests
Browse files Browse the repository at this point in the history
  • Loading branch information
timkimber committed Feb 23, 2023
1 parent 1838953 commit 73b21eb
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 40 deletions.
14 changes: 8 additions & 6 deletions getssl
Original file line number Diff line number Diff line change
Expand Up @@ -568,7 +568,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge

# add +noidnout if idn-domain so search for domain in results works
if [[ "${d}" == xn--* || "${d}" == *".xn--"* ]]; then
if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "dig" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then
if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "$HAS_DIG_OR_DRILL" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then
info "Info: idn domain but $DNS_CHECK_FUNC doesn't support +noidnout"
else
debug "adding +noidnout to DNS_CHECK_OPTIONS"
Expand Down Expand Up @@ -1418,6 +1418,8 @@ for d in "${alldomains[@]}"; do
# get the token and uri from the dns-01 component
token=$(json_get "$response" "challenges" "type" "dns-01" "token")
uri=$(json_get "$response" "challenges" "type" "dns-01" "url")
# when using pebble this sometimes appears to have a newline which causes problems in send_signed_request
uri=$(echo "$uri" | tr -d '\r')
debug uri "$uri"
fi

Expand Down Expand Up @@ -2516,7 +2518,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p

code="500"
loop_limit=5
while [[ "$code" -eq 500 ]]; do
while [[ "$code" == 5* ]]; do
if [[ "$outfile" ]] ; then
$CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile"
errcode=$?
Expand Down Expand Up @@ -2562,13 +2564,13 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
fi
fi
debug "response status = $response_status"
if [[ "$code" -eq 500 ]]; then
info "_error on acme server - trying again ...."
if [[ "$code" == 5* ]]; then
info "_error on acme server - waiting 30s then trying again ...."
debug "loop_limit = $loop_limit"
sleep 5
sleep 30
loop_limit=$((loop_limit - 1))
if [[ $loop_limit -lt 1 ]]; then
error_exit "500 error from ACME server: $response"
error_exit "$code error from ACME server: $response"
fi
fi
done
Expand Down
3 changes: 3 additions & 0 deletions test/0-test-usage.bats
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ setup() {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi

# Feb-23 Getting semi-repeatable "can't check for upgrades: ''" errors which are because the limit is being exceeded (re-use of github action ip?)
check_github_quota 7
run ${CODE_DIR}/getssl --upgrade
refute_output
assert_success
Expand Down
33 changes: 0 additions & 33 deletions test/32-test-upgrade.bats
Original file line number Diff line number Diff line change
Expand Up @@ -4,39 +4,6 @@ load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'

LIMIT_API="https://api.github.com/rate_limit"

# Quota generally shouldn't be an issue - except for tests
# Rate limits are per-IP address
check_github_quota() {
local need remaining reset limits now
need="$1"
while true ; do
limits="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g' | sed -ne'/"core":/,/}/p')"
errcode=$?
if [[ $errcode -eq 60 ]]; then
error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
elif [[ $errcode -gt 0 ]]; then
error_exit "curl error checking releases: $errcode"
fi
limits="$(sed -e's/^ *//g' <<<"${limits}")"
remaining="$(sed -e'/^"remaining": *[0-9]/!d;s/^"remaining": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
reset="$(sed -e'/^"reset": *[0-9]/!d;s/^"reset": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi
limit="$(sed -e'/^"limit": *[0-9]/!d;s/^"limit": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
if [[ "$limit" -lt "$need" ]] ; then
error_exit "GitHub API request $need exceeds limit $limit"
fi
now="$(date +%s)"
while [[ "$now" -lt "$reset" ]] ; do
info "sleeping $(( "$reset" - "$now" )) seconds for GitHub quota"
sleep "$(( "$reset" - "$now" ))"
now="$(date +%s)"
done
done
}


setup_file() {
if [ -n "$STAGING" ]; then
echo "Using staging server, skipping internal test" >&3
Expand Down
39 changes: 38 additions & 1 deletion test/test_helper.bash
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
INSTALL_DIR=/root
CODE_DIR=/getssl
LIMIT_API="https://api.github.com/rate_limit"

check_certificates()
{
Expand All @@ -8,6 +9,42 @@ check_certificates()
assert [ -e "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt" ]
}

# Quota generally shouldn't be an issue - except for tests
# Rate limits are per-IP address
check_github_quota() {
local need remaining reset limits now
need="$1"
echo "# Checking github limits"
while true ; do
limits="$(curl ${_NOMETER:---silent} --user-agent "srvrco/getssl/github-actions" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API")"
echo "# limits = $limits"
errcode=$?
if [[ $errcode -eq 60 ]]; then
echo "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
exit 1
elif [[ $errcode -gt 0 ]]; then
echo "curl error checking releases: $errcode"
exit 1
fi
remaining="$(jq -r '.resources.core.remaining' <<<"$limits")"
echo "# Remaining: $remaining"
reset="$(jq -r '.resources.core.reset' <<<"$limits")"
if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi
limit="$(jq -r '.resources.core.limit' <<<"$limits")"
echo "# Limit: $limit"
if [[ "$limit" -lt "$need" ]] ; then
echo "GitHub API request $need exceeds limit $limit"
exit 1
fi
now="$(date +%s)"
while [[ "$now" -lt "$reset" ]] ; do
echo "# sleeping $(( reset - now )) seconds for GitHub quota"
sleep "$(( reset - now ))"
now="$(date +%s)"
done
done
}

# Only nginx > 1.11.0 support dual certificates in a single configuration file
# https://unix.stackexchange.com/questions/285924/how-to-compare-a-programs-version-in-a-shell-script
check_nginx() {
Expand All @@ -24,7 +61,7 @@ check_nginx() {

check_output_for_errors() {
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:nonce]'
refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:badNonce]'
refute_output --regexp '[^_][Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
refute_line --partial 'command not found'
}
Expand Down

0 comments on commit 73b21eb

Please sign in to comment.