245 lines
6.9 KiB
Docker
245 lines
6.9 KiB
Docker
# syntax = docker/dockerfile:1.11-labs
|
|
|
|
FROM input AS key-gen-base
|
|
ARG var_cache
|
|
ARG var_lib_apt
|
|
|
|
WORKDIR /
|
|
COPY --link --from=input . .
|
|
|
|
RUN \
|
|
--mount=type=cache,dst=/var/cache,id=${var_cache},sharing=locked \
|
|
--mount=type=cache,dst=/var/lib/apt,id=${var_lib_apt},sharing=locked \
|
|
<<EOF
|
|
set -eux
|
|
apt-get -y -U install --no-install-recommends openssl gawk
|
|
EOF
|
|
|
|
|
|
FROM key-gen-base AS key-gen
|
|
|
|
WORKDIR /complement
|
|
COPY <<EOF v3.ext
|
|
authorityKeyIdentifier=keyid,issuer
|
|
basicConstraints=CA:FALSE
|
|
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
DNS.0 = *.docker.internal
|
|
DNS.1 = hs1
|
|
DNS.2 = hs2
|
|
DNS.3 = hs3
|
|
DNS.4 = hs4
|
|
IP.1 = 127.0.0.1
|
|
EOF
|
|
RUN <<EOF
|
|
set -eux
|
|
mkdir ca
|
|
openssl genrsa \
|
|
-out private_key.pem \
|
|
2048
|
|
|
|
openssl req \
|
|
-new \
|
|
-sha256 \
|
|
-key private_key.pem \
|
|
-subj "/C=US/ST=CA/O=MyOrg, Inc./CN=hs1" \
|
|
-addext "subjectAltName = DNS:*.docker.internal DNS:hs1, DNS:hs2, DNS:hs3, DNS:hs4, IP:127.0.0.1" \
|
|
-out signing_request.csr
|
|
|
|
openssl x509 \
|
|
-req \
|
|
-extfile v3.ext \
|
|
-in signing_request.csr \
|
|
-key private_key.pem \
|
|
-out certificate.crt \
|
|
-days 1 \
|
|
-sha256
|
|
EOF
|
|
RUN [ -f certificate.crt ] && [ -f private_key.pem ]
|
|
|
|
|
|
FROM scratch AS complement-config
|
|
WORKDIR /complement
|
|
COPY --from=key-gen /complement/* .
|
|
COPY --from=source /usr/src/tuwunel/tests/test_results/complement/test_results.jsonl old_results.jsonl
|
|
COPY <<EOF complement.toml
|
|
[global]
|
|
address = "0.0.0.0"
|
|
admin_room_notices = false
|
|
allow_check_for_updates = false
|
|
allow_device_name_federation = true
|
|
allow_guest_registration = true
|
|
allow_invalid_tls_certificates = true
|
|
allow_legacy_media = true
|
|
allow_public_room_directory_over_federation = true
|
|
allow_public_room_directory_without_auth = true
|
|
allow_registration = true
|
|
create_admin_room = false
|
|
database_path = "/database"
|
|
dns_attempts = 20
|
|
dns_timeout = 60
|
|
federation_idle_timeout = 300
|
|
intentionally_unknown_config_option_for_testing = true
|
|
ip_range_denylist = []
|
|
log = "debug,tuwunel=trace,h2=warn,hyper=warn"
|
|
log_colors = false
|
|
log_guest_registrations = false
|
|
log_span_events = "NONE"
|
|
log_thread_ids = true
|
|
media_compat_file_link = false
|
|
media_startup_check = true
|
|
only_query_trusted_key_servers = false
|
|
port = [8008, 8448]
|
|
prune_missing_media = true
|
|
query_trusted_key_servers_first = false
|
|
query_trusted_key_servers_first_on_join = false
|
|
request_conn_timeout = 60
|
|
request_timeout = 120
|
|
rocksdb_log_level = "debug"
|
|
rocksdb_max_log_files = 1
|
|
rocksdb_paranoid_file_checks = true
|
|
rocksdb_recovery_mode = 0
|
|
sender_idle_timeout = 300
|
|
sender_retry_backoff_limit = 300
|
|
sender_timeout = 300
|
|
startup_netburst = true
|
|
startup_netburst_keep = -1
|
|
trusted_servers = []
|
|
url_preview_domain_contains_allowlist = ["*"]
|
|
url_preview_domain_explicit_denylist = ["*"]
|
|
well_known_conn_timeout = 60
|
|
well_known_timeout = 60
|
|
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
|
|
|
|
[global.tls]
|
|
certs = "/complement/certificate.crt"
|
|
dual_protocol = true
|
|
key = "/complement/private_key.pem"
|
|
EOF
|
|
|
|
|
|
FROM input AS complement-testee
|
|
|
|
WORKDIR /
|
|
COPY --link --from=input . .
|
|
|
|
EXPOSE 8008 8448
|
|
RUN mkdir /database
|
|
COPY --from=complement-config * /complement/
|
|
ENV TUWUNEL_CONFIG="/complement/complement.toml"
|
|
ENTRYPOINT tuwunel -Oserver_name=\""$SERVER_NAME\""
|
|
|
|
|
|
FROM input AS complement-testee-valgrind
|
|
|
|
WORKDIR /
|
|
COPY --link --from=input . .
|
|
|
|
EXPOSE 8008 8448
|
|
RUN mkdir /database
|
|
COPY --from=complement-config * /complement/
|
|
ENV TUWUNEL_CONFIG="/complement/complement.toml"
|
|
ENTRYPOINT valgrind \
|
|
--leak-check=no \
|
|
--undef-value-errors=no \
|
|
--exit-on-first-error=yes \
|
|
--error-exitcode=1 \
|
|
tuwunel \
|
|
-Oserver_name=\""$SERVER_NAME\""
|
|
|
|
|
|
FROM input AS complement-base
|
|
ARG var_cache
|
|
ARG var_lib_apt
|
|
ARG complement_tags="conduwuit_blacklist"
|
|
ARG complement_tests="./tests/..."
|
|
ARG complement_run=".*"
|
|
|
|
WORKDIR /
|
|
RUN \
|
|
--mount=type=cache,dst=/var/cache,id=${var_cache},sharing=locked \
|
|
--mount=type=cache,dst=/var/lib/apt,id=${var_lib_apt},sharing=locked \
|
|
--mount=type=cache,dst=/go/pkg/mod/cache,sharing=locked \
|
|
<<EOF
|
|
set -eux
|
|
apt-get -y -U install --no-install-recommends golang-go jq
|
|
EOF
|
|
|
|
WORKDIR /usr/src
|
|
ADD https://github.com/matrix-construct/complement.git#81f3b61e10ec102a36921890c81b79564ebf6f40 complement
|
|
|
|
WORKDIR /usr/src/complement
|
|
ENV COMPLEMENT_BASE_IMAGE="complement-testee"
|
|
RUN \
|
|
--mount=type=cache,dst=/go/pkg/mod/cache,sharing=locked \
|
|
<<EOF
|
|
env
|
|
set -eux
|
|
go test -tags="$complement_tags" -list="$complement_run" $complement_tests
|
|
EOF
|
|
|
|
|
|
FROM input AS complement-tester
|
|
ARG complement_verbose=0
|
|
ARG complement_debug=0
|
|
ARG complement_count=1
|
|
ARG complement_parallel=16
|
|
ARG complement_shuffle=1337
|
|
ARG complement_timeout="1h"
|
|
ARG complement_run=".*"
|
|
ARG complement_skip=""
|
|
ARG complement_tags="conduwuit_blacklist"
|
|
ARG complement_tests="./tests/..."
|
|
ARG complement_base_image
|
|
|
|
WORKDIR /
|
|
COPY --link --from=input . .
|
|
|
|
WORKDIR /usr/src/complement
|
|
ENV COMPLEMENT_DEBUG=$complement_debug
|
|
ENV complement_parallel="$complement_parallel"
|
|
ENV complement_shuffle="$complement_shuffle"
|
|
ENV complement_tags="$complement_tags"
|
|
ENV complement_timeout="$complement_timeout"
|
|
ENV complement_count="$complement_count"
|
|
ENV complement_tests="$complement_tests"
|
|
ENV complement_skip="$complement_skip"
|
|
ENV complement_run="$complement_run"
|
|
ENV complement_tests="$complement_tests"
|
|
ENV COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS="$complement_verbose"
|
|
ENV COMPLEMENT_HOSTNAME_RUNNING_COMPLEMENT="host.docker.internal"
|
|
ENV COMPLEMENT_HOST_MOUNTS="/var/run/docker.sock:/var/run/docker.sock"
|
|
ENV jq_res='{Action: .Action, Test: .Test}'
|
|
ENV jq_sel='select((.Action == \"pass\" or .Action == \"fail\" or .Action == \"skip\") and .Test != null)'
|
|
ENV jq_tab='[.Action, .Test] | @tsv'
|
|
ENV jq_out='select(.Test != null) | {Test: .Test, Output: .Output}'
|
|
COPY --from=complement-config /complement/old_results.jsonl .
|
|
COPY <<EOF uwu.sh
|
|
env;
|
|
set -eux;
|
|
|
|
COMPLEMENT_BASE_IMAGE="\${1:-$complement_base_image}"
|
|
go test
|
|
-json
|
|
"-shuffle=\$complement_shuffle"
|
|
"-parallel=\$complement_parallel"
|
|
"-timeout=\$complement_timeout"
|
|
"-count=\$complement_count"
|
|
"-tags=\$complement_tags"
|
|
"-skip=\$complement_skip"
|
|
"-run=\$complement_run"
|
|
"\$complement_tests"
|
|
| jq --unbuffered -c "."
|
|
| tee output.jsonl
|
|
| jq --unbuffered -c "$jq_sel | $jq_res"
|
|
| tee results.jsonl
|
|
| jq --unbuffered -r "$jq_tab"
|
|
;
|
|
|
|
jq -s -c "sort_by(.Test)[]" < results.jsonl | uniq > new_results.jsonl;
|
|
jq -s -c "sort_by(.Test, .Timestamp)[] | $jq_out" < output.jsonl > full_output.jsonl;
|
|
EOF
|
|
RUN echo $(tr -d '\n' < uwu.sh) > uwu.sh && chmod a+x uwu.sh
|
|
ENTRYPOINT ["/bin/bash", "/usr/src/complement/uwu.sh"]
|