Switch from Travis to Github actions #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: easy-ca CI | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| create-root-ca: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v2 | |
| - name: create root ca | |
| run: | | |
| ./create-root-ca -d test-root-ca-dir <<EOF | |
| n | |
| test-root-ca | |
| bogus.com | |
| US | |
| California | |
| San Francisco | |
| Bogus Inc. | |
| Operations | |
| Bogus Inc. Certificate Authority | |
| rootCA_password | |
| rootCA_password | |
| EOF | |
| - name: tar root ca | |
| run: tar -C test-root-ca-dir -cf test-root-ca.tar . | |
| - name: Upload root ca | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: root-ca | |
| path: test-root-ca.tar | |
| retention-days: 5 | |
| test-root-ca: | |
| runs-on: ubuntu-latest | |
| needs: create-root-ca | |
| steps: | |
| - name: Download root ca | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: root-ca | |
| - name: untar root ca | |
| run: | | |
| # Use another directory name to make sure the CA is movable | |
| mkdir test-root-ca | |
| tar -C test-root-ca -xf test-root-ca.tar | |
| - name: Create server cert | |
| working-directory: test-root-ca | |
| run: | | |
| ./bin/create-server -s test-server.bogus.com -a www.test-server.bogus.com << EOF | |
| rootCA_password | |
| California | |
| San Francisco | |
| Jurisdiction of test-server.bogus-com | |
| n | |
| EOF | |
| - name: Create client cert | |
| working-directory: test-root-ca | |
| run: | | |
| ./bin/create-client -c test-client << EOF | |
| rootCA_password | |
| San Francisco | |
| private | |
| test-client@bogus.com | |
| n | |
| EOF | |
| - name: Create code signing certificate | |
| working-directory: test-root-ca | |
| run: | | |
| ./bin/create-codesign -c test-codesign << EOF | |
| rootCA_password | |
| San Francisco | |
| private | |
| test-codesign@bogus.com | |
| n | |
| codesign_p12pass | |
| EOF | |
| - name: Revoke server certificate | |
| working-directory: test-root-ca | |
| run: | | |
| ./bin/revoke-cert -c certs/server/test-server-bogus-com/test-server-bogus-com.crt << EOF | |
| 1 | |
| y | |
| rootCA_password | |
| EOF | |
| - name: Revoke code signing certificate | |
| working-directory: test-root-ca | |
| run: | | |
| ./bin/revoke-cert -c certs/codesign/test-codesign/test-codesign.crt << EOF | |
| 6 | |
| y | |
| rootCA_password | |
| EOF | |
| - name: Create signing CA | |
| working-directory: test-root-ca | |
| run: | | |
| ./bin/create-signing-ca -d test-signing-ca-dir << EOF | |
| rootCA_password | |
| n | |
| test-signing-ca | |
| bogus.com | |
| US | |
| California | |
| San Francisco | |
| Bogus Inc. | |
| Operations | |
| Bogus Inc. Certificate test-signing-ca | |
| signCA_password | |
| signCA_password | |
| EOF | |
| - name: tar signing ca | |
| working-directory: test-root-ca | |
| run: | | |
| tar -C test-signing-ca-dir -cf test-signing-ca.tar . | |
| - name: Upload signing ca | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: signing-ca | |
| path: test-root-ca/test-signing-ca.tar | |
| retention-days: 5 | |
| - name: Show status of CA | |
| working-directory: test-root-ca | |
| run: ./bin/show-status | |
| - name: Generate HTML page | |
| working-directory: test-root-ca | |
| run: ./bin/gen-html | |
| - name: Upload HTML | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: root-ca-html | |
| path: test-root-ca/html | |
| retention-days: 60 | |
| test-signing-ca: | |
| runs-on: ubuntu-latest | |
| needs: test-root-ca | |
| steps: | |
| - name: Download signing ca | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: signing-ca | |
| - name: untar signing ca | |
| run: | | |
| mkdir test-signing-ca | |
| tar -C test-signing-ca -xf test-signing-ca.tar | |
| - name: Create server cert | |
| working-directory: test-signing-ca | |
| run: | | |
| ./bin/create-server -s test-server.bogus.com -a www.test-server.bogus.com << EOF | |
| signCA_password | |
| California | |
| San Francisco | |
| Jurisdiction of test-server.bogus-com | |
| n | |
| EOF | |
| - name: Create client cert | |
| working-directory: test-signing-ca | |
| run: | | |
| ./bin/create-client -c test-client << EOF | |
| signCA_password | |
| San Francisco | |
| private | |
| test-client@bogus.com | |
| n | |
| EOF | |
| - name: Revoke server cert | |
| working-directory: test-signing-ca | |
| run: | | |
| ./bin/revoke-cert -c certs/server/test-server-bogus-com/test-server-bogus-com.crt << EOF | |
| 1 | |
| y | |
| signCA_password | |
| EOF | |
| - name: Revoke client cert | |
| working-directory: test-signing-ca | |
| run: | | |
| ./bin/revoke-cert -c certs/clients/test-client/test-client.crt << EOF | |
| 5 | |
| y | |
| signCA_password | |
| EOF | |
| - name: Show status of CA | |
| working-directory: test-signing-ca | |
| run: ./bin/show-status | |
| - name: Generate HTML page | |
| working-directory: test-signing-ca | |
| run: ./bin/gen-html | |
| - name: Upload HTML | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: signing-ca-html | |
| path: test-signing-ca/html | |
| retention-days: 60 |