Github actions CI

Mongey · Dec 30, 2019 · 80aa796 · 80aa796
1 parent 0985361
commit 80aa796
Show file tree

Hide file tree

Showing 5 changed files with 193 additions and 19 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,32 @@
+name: release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13.x
+      - uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v1
+        with:
+          version: latest
+          args: release --rm-dist
+          key: ${{ secrets.YOUR_PRIVATE_KEY }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -0,0 +1,31 @@
+name: Build Snapshots
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13.x
+      - uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v1
+        with:
+          version: latest
+          args: release --snapshot --rm-dist
+          key: ${{ secrets.YOUR_PRIVATE_KEY }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,49 @@
+name: test
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13.x
+      - run: make test
+  acctest:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13.x
+      - uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go
+      - name: Bring up kafka + zk
+        run: docker-compose up -d
+      - name: "Run tests"
+        run: |
+          export PATH=$PATH:$(go env GOPATH)/bin # temporary fix. See https://github.com/actions/setup-go/issues/14
+          go install github.com/jstemmer/go-junit-report
+          trap "go-junit-report < go-test.out > go-test-report.xml" EXIT
+          make testacc | tee go-test.out
+      - name: Upload test results
+        uses: actions/upload-artifact@v1
+        with:
+          name: acc-test-results.xml
+          path: go-test-report.xml
+        # Use always() to always run this step to publish test results when there are test failures
+        if: always()
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -12,15 +12,13 @@ services:
       - "moby:127.0.0.1"
 
   kafka:
-    build: .
+    image: mongey/kafka:5.0.1-new-certs
     ports:
       - "9092:9092"
     depends_on:
       - zookeeper
     environment:
       KAFKA_BROKER_ID: 1
       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
-    volumes:
-      - ./secrets:/etc/kafka/secrets
     extra_hosts:
       - "moby:127.0.0.1"
diff --git a/secrets/create-certs.sh b/secrets/create-certs.sh
@@ -5,20 +5,54 @@ set -o nounset \
   -o verbose \
   -o xtrace
 
+PASS=confluent
+
 # Generate CA key
-openssl req -new -x509 -keyout snakeoil-ca-1.key -out snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/S=Ca/C=US' -passin pass:confluent -passout pass:confluent
-# openssl req -new -x509 -keyout snakeoil-ca-2.key -out snakeoil-ca-2.crt -days 365 -subj '/CN=ca2.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/S=Ca/C=US' -passin pass:confluent -passout pass:confluent
+openssl req \
+  -new \
+  -x509 \
+  -keyout snakeoil-ca-1.key \
+  -out snakeoil-ca-1.crt \
+  -days 365 \
+  -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/S=Ca/C=US' \
+  -passin pass:$PASS \
+  -passout pass:$PASS
 
 # Kafkacat
-openssl genrsa -des3 -passout "pass:confluent" -out kafkacat.client.key 1024 # Private KEY
-openssl req -passin "pass:confluent" -passout "pass:confluent" -key kafkacat.client.key -new -out kafkacat.client.req -subj '/CN=kafkacat.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/S=Ca/C=US'
-openssl x509 -req -CA snakeoil-ca-1.crt -CAkey snakeoil-ca-1.key -in kafkacat.client.req -out kafkacat-ca1-signed.pem -days 9999 -CAcreateserial -passin "pass:confluent"
+# Private KEY
+openssl genrsa \
+  -des3 \
+  -passout "pass:$PASS" \
+  -out kafkacat.client.key \
+  1024
+
+# Signing Request
+openssl req \
+  -passin "pass:$PASS" \
+  -passout "pass:$PASS" \
+  -key kafkacat.client.key \
+  -new \
+  -out kafkacat.client.req \
+  -subj '/CN=kafkacat.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/S=Ca/C=US'
+
+# Signed Key
+openssl x509 -req \
+  -CA snakeoil-ca-1.crt \
+  -CAkey snakeoil-ca-1.key \
+  -in kafkacat.client.req \
+  -out kafkacat-ca1-signed.pem \
+  -days 9999 \
+  -CAcreateserial \
+  -passin "pass:$PASS"
 
 
 ## generate for golang
 
 echo "generating a private key without passphrase"
-openssl rsa -in kafkacat.client.key -passin "pass:confluent" -out kafkacat-raw-private-key.pem
+openssl rsa \
+  -in kafkacat.client.key \
+  -passin "pass:$PASS" \
+  -out kafkacat-raw-private-key.pem
 
 for i in broker1
 do
@@ -29,23 +63,53 @@ do
     -dname "CN=localhost, OU=TEST, O=CONFLUENT, L=PaloAlto, S=Ca, C=US" \
     -keystore kafka.$i.keystore.jks \
     -keyalg RSA \
-    -storepass confluent \
     -ext SAN=dns:localhost \
-    -keypass confluent
+    -storepass $PASS \
+    -keypass $PASS
 
   # Create CSR, sign the key and import back into keystore
-  keytool -keystore kafka.$i.keystore.jks -alias $i -certreq -file $i.csr -storepass confluent -keypass confluent
+  keytool  \
+    -keystore kafka.$i.keystore.jks \
+    -alias $i \
+    -certreq \
+    -file $i.csr \
+    -storepass $PASS \
+    -keypass $PASS
 
-  openssl x509 -req -CA snakeoil-ca-1.crt -CAkey snakeoil-ca-1.key -in $i.csr -out $i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent
+  openssl x509 \
+    -req \
+    -CA snakeoil-ca-1.crt  \
+    -CAkey snakeoil-ca-1.key \
+    -in $i.csr \
+    -out $i-ca1-signed.crt \
+    -days 9999 \
+    -CAcreateserial \
+    -passin pass:$PASS
 
-  keytool -keystore kafka.$i.keystore.jks -alias CARoot -import -file snakeoil-ca-1.crt -storepass confluent -keypass confluent
+  keytool \
+    -keystore kafka.$i.keystore.jks \
+    -alias CARoot \
+    -import \
+    -file snakeoil-ca-1.crt \
+    -storepass $PASS \
+    -keypass $PASS
 
-  keytool -keystore kafka.$i.keystore.jks -alias $i -import -file $i-ca1-signed.crt -storepass confluent -keypass confluent
+  keytool -keystore kafka.$i.keystore.jks \
+    -alias $i \
+    -import \
+    -file $i-ca1-signed.crt \
+    -storepass $PASS \
+    -keypass $PASS
 
   # Create truststore and import the CA cert.
-  keytool -keystore kafka.$i.truststore.jks -alias CARoot -import -file snakeoil-ca-1.crt -storepass confluent -keypass confluent
+  keytool -keystore kafka.$i.truststore.jks \
+    -alias CARoot \
+    -import \
+    -file snakeoil-ca-1.crt \
+    -storepass $PASS \
+    -keypass $PASS
 
-  echo "confluent" > ${i}_sslkey_creds
-  echo "confluent" > ${i}_keystore_creds
-  echo "confluent" > ${i}_truststore_creds
+  echo $PASS > ${i}_sslkey_creds
+  echo $PASS > ${i}_keystore_creds
+  echo $PASS > ${i}_truststore_creds
 done