ci/cd - add ui tests

.github/workflows/staging-tests-ui.yml

@@ -0,0 +1,30 @@
+name: Perform staging tests for UI (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      MODE:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@v3
+      - name: Login to private repository
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.PRIVATE_REGISTRY }}
+          username: registry
+          password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+      - name: Pull BW image
+        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging local/bunkerweb-tests:latest
+      - name: Pull Scheduler image
+        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging local/scheduler-tests:latest
+      # Do tests
+      - name: Run tests
+        run: ./tests/ui/tests.sh
+        env:
+          MODE: ${{ inputs.MODE }}

.github/workflows/staging.yml

@@ -197,6 +197,11 @@ jobs:
       TYPE: linux
       RUNS_ON: "['self-hosted', 'bw-linux']"
     secrets: inherit
+  tests-ui:
+    needs: [code-security, build-ui]
+    uses: ./.github/workflows/staging-tests-ui.yml
+    with:
+      MODE: STAGING
 
   # Delete infrastructures
   delete-infra-docker:
@@ -242,7 +247,7 @@ jobs:
 
   # Push containers
   push-bunkerweb:
-    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s]
+    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s, tests-ui]
     uses: ./.github/workflows/staging-push-docker.yml
     with:
       PRIVATE_IMAGE: bunkerweb-tests:staging
@@ -253,7 +258,7 @@ jobs:
       PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
       PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
   push-scheduler:
-    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s]
+    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s, tests-ui]
     uses: ./.github/workflows/staging-push-docker.yml
     with:
       PRIVATE_IMAGE: scheduler-tests:staging
@@ -264,7 +269,7 @@ jobs:
       PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
       PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
   push-autoconf:
-    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s]
+    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s, tests-ui]
     uses: ./.github/workflows/staging-push-docker.yml
     with:
       PRIVATE_IMAGE: autoconf-tests:staging
@@ -275,7 +280,7 @@ jobs:
       PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
       PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
   push-ui:
-    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s]
+    needs: [tests-docker, tests-autoconf, tests-swarm, tests-k8s, tests-ui]
     uses: ./.github/workflows/staging-push-docker.yml
     with:
       PRIVATE_IMAGE: ui-tests:staging
@@ -288,7 +293,7 @@ jobs:
 
   # Push Linux packages
   push-ubuntu:
-    needs: [tests-linux]
+    needs: [tests-linux, tests-ui]
     uses: ./.github/workflows/staging-push-packagecloud.yml
     with:
       SEPARATOR: _
@@ -300,7 +305,7 @@ jobs:
     secrets:
       PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
   push-debian:
-    needs: [tests-linux]
+    needs: [tests-linux, tests-ui]
     uses: ./.github/workflows/staging-push-packagecloud.yml
     with:
       SEPARATOR: _
@@ -312,7 +317,7 @@ jobs:
     secrets:
       PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
   push-rhel:
-    needs: [tests-linux]
+    needs: [tests-linux, tests-ui]
     uses: ./.github/workflows/staging-push-packagecloud.yml
     with:
       SEPARATOR: "-"
@@ -324,7 +329,7 @@ jobs:
     secrets:
       PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
   push-fedora:
-    needs: [tests-linux]
+    needs: [tests-linux, tests-ui]
     uses: ./.github/workflows/staging-push-packagecloud.yml
     with:
       SEPARATOR: "-"

src/deps/install.sh

@@ -127,10 +127,10 @@ do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lua-resty-env/src/resty/env.lua /
 echo "ℹ️ Compiling and installing dynamic modules"
 CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
 CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
-CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='/--with-ld-opt='-lpcre /")"
-# if [ "$OS" = "fedora" ] ; then
-# 	CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
-# fi
+CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt=-Wl/--with-ld-opt='-lpcre -Wl'/")"
+if [ "$OS" = "fedora" ] ; then
+	CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
+fi
 echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
 echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
 do_and_check_cmd chmod +x "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"

tests/ui/docker-compose.dev.yml

@@ -0,0 +1,116 @@
+version: "3.5"
+
+services:
+  mybunker:
+    # image: bunkerity/bunkerweb:1.4.3
+    build:
+      context: ../..
+      dockerfile: src/bw/Dockerfile
+    ports:
+      - 80:8080
+      - 443:8443
+    environment:
+      SERVER_NAME: "www.example.com"
+      MULTISITE: "yes"
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      USE_BUNKERNET: "no"
+      USE_BLACKLIST: "no"
+      DISABLE_DEFAULT_SERVER: "yes"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      DATASTORE_MEMORY_SIZE: "384m"
+      www.example.com_USE_UI: "yes"
+      www.example.com_SERVE_FILES: "no"
+      www.example.com_USE_REVERSE_PROXY: "yes"
+      www.example.com_REVERSE_PROXY_URL: "/admin/"
+      www.example.com_REVERSE_PROXY_HOST: "http://bw-ui:7000"
+      www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
+      www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
+      www.example.com_CUSTOM_CONF_MODSEC_CRS_config: 'SecRule REQUEST_FILENAME "@rx /global_config$$" "id:999,ctl:ruleRemoveByTag=platform-pgsql,nolog"'
+      CUSTOM_CONF_SERVER_HTTP_port-redirect: "port_in_redirect on;"
+    labels:
+      - "bunkerweb.INSTANCE"
+    networks:
+      bw-universe:
+      bw-services:
+        ipv4_address: 192.168.0.2
+
+  bw-scheduler:
+    build:
+      context: ../..
+      dockerfile: src/scheduler/Dockerfile
+    depends_on:
+      - mybunker
+    environment:
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  bw-ui:
+    # image: bunkerity/bunkerweb-ui:1.4.3
+    build:
+      context: ../..
+      dockerfile: src/ui/Dockerfile
+    depends_on:
+      - mybunker
+      - docker-proxy
+    environment:
+      ABSOLUTE_URI: "http://www.example.com:8080/admin/"
+      ADMIN_USERNAME: "admin"
+      ADMIN_PASSWORD: "admin"
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - net-docker
+      - bw-universe
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
+
+  app1:
+    image: tutum/hello-world
+    networks:
+      bw-services:
+        ipv4_address: 192.168.0.4
+
+  ui-tests:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      - PYTHONUNBUFFERED=1
+    extra_hosts:
+      - "www.example.com:192.168.0.2"
+      - "app1.example.com:192.168.0.2"
+    networks:
+      bw-services:
+        ipv4_address: 192.168.0.3
+
+volumes:
+  bw-data:
+  mariadb:
+
+networks:
+  bw-universe:
+    name: bw-universe
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+    name: bw-services
+    ipam:
+      driver: default
+      config:
+        - subnet: 192.168.0.0/24
+  net-docker:

tests/ui/docker-compose.tests.yml

@@ -0,0 +1,20 @@
+version: "3.5"
+
+services:
+  ui-tests:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      - PYTHONUNBUFFERED=1
+    extra_hosts:
+      - "www.example.com:192.168.0.2"
+      - "app1.example.com:192.168.0.2"
+    networks:
+      bw-services:
+        ipv4_address: 192.168.0.3
+
+networks:
+  bw-services:
+    external:
+      name: bw-services

tests/ui/docker-compose.yml

@@ -1,11 +1,8 @@
 version: "3.5"
 
 services:
-  mybunker:
-    # image: bunkerity/bunkerweb:1.4.3
-    build:
-      context: ../..
-      dockerfile: src/bw/Dockerfile
+  bw:
+    image: bunkerity/bunkerweb:1.5.0-beta
     ports:
       - 80:8080
       - 443:8443
@@ -26,8 +23,6 @@ services:
       www.example.com_REVERSE_PROXY_HOST: "http://bw-ui:7000"
       www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
       www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
-      www.example.com_CUSTOM_CONF_MODSEC_CRS_config: 'SecRule REQUEST_FILENAME "@rx /global_config$$" "id:999,ctl:ruleRemoveByTag=platform-pgsql,nolog"'
-      CUSTOM_CONF_SERVER_HTTP_port-redirect: "port_in_redirect on;"
     labels:
       - "bunkerweb.INSTANCE"
     networks:
@@ -36,9 +31,7 @@ services:
         ipv4_address: 192.168.0.2
 
   bw-scheduler:
-    build:
-      context: ../..
-      dockerfile: src/scheduler/Dockerfile
+    image: bunkerity/bunkerweb-scheduler:1.5.0-beta
     depends_on:
       - mybunker
     environment:
@@ -50,10 +43,7 @@ services:
       - net-docker
 
   bw-ui:
-    # image: bunkerity/bunkerweb-ui:1.4.3
-    build:
-      context: ../..
-      dockerfile: src/ui/Dockerfile
+    image: bunkerity/bunkerweb-ui:1.5.0-beta
     depends_on:
       - mybunker
       - docker-proxy
@@ -83,19 +73,6 @@ services:
       bw-services:
         ipv4_address: 192.168.0.4
 
-  ui-tests:
-    build:
-      context: .
-      dockerfile: Dockerfile
-    environment:
-      - PYTHONUNBUFFERED=1
-    extra_hosts:
-      - "www.example.com:192.168.0.2"
-      - "app1.example.com:192.168.0.2"
-    networks:
-      bw-services:
-        ipv4_address: 192.168.0.3
-
 volumes:
   bw-data:
   mariadb:

tests/ui/tests.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Go to env
+cd ./tests/ui
+
+# Prepare environment
+sed -i "s@bunkerity/bunkerweb:.*@local/bunkerweb-tests:$MODE@" docker-compose.yml
+sed -i "s@bunkerity/bunkerweb:.*@local/scheduler-tests:$MODE@" docker-compose.yml
+
+# Start stack
+docker-compose up -d
+i=0
+while [ $i -lt 120 ] ; do
+    containers=("ui-bw-1" "ui-bw-scheduler-1" "ui-bw-ui-1" "ui-docker-proxy-1" "ui-app1-1")
+    healthy="true"
+    for container in "${containers[@]}" ; do
+        check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
+        if [ "$check" = "" ] ; then
+            echo "⚠️ Container $container is not healthy yet ..."
+            healthy="false"
+            break
+        fi
+    done
+    if [ "$healthy" = "true" ] ; then
+        break
+    fi
+    sleep 1
+    i=$((i+1))
+done
+if [ $i -ge 120 ] ; then
+    echo "❌ Docker stack is not healthy"
+    exit 1
+fi
+
+# Start tests
+docker-compose -f docker-compose.tests.yml up
+
+exit $?