functional test built package

2026-01-28 02:18:50 +00:00 · 2020-11-08 17:46:49 -06:00
parent 0ca07b2073
commit 17d24599fb
5 changed files with 48 additions and 20 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -42,20 +42,10 @@ jobs:
      - name: Run Tests and Upload Coverage Report
        run: mix coveralls.github --umbrella

-  functional-test:
+  build:
    needs: unit-integration-test
    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-      - name: Functional Test
-        run: |
-          # Dummy for now
-          echo 'Tests completed!'
-
-  build:
-    needs: functional-test
-    runs-on: ubuntu-18.04
-    if: github.ref == 'ref/head/master' || contains(github.ref, 'refs/tags/')
+    if: github.ref == 'refs/head/master' || contains(github.ref, 'refs/tags/')
    steps:
      - uses: actions/checkout@v2
      - name: Build packages
@@ -77,12 +67,28 @@ jobs:
      - name: Rename Built Artifacts
        run: |
          version="${{ steps.version.outputs.version }}"
-
          cid=$(docker create fireguard:latest)
          filename="fireguard_${version}-1_amd64.deb"
          echo "Extracting built debian package from container ${cid} to filename ${filename}"
-
          docker cp ${cid}:/build/pkg/debian.deb ./${filename}
+      - uses: actions/upload-artifact@v2
+        with:
+          name: fireguard-deb
+          path: "fireguard*.deb"
+
+  functional-test:
+    needs: build
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/download-artifact@v2
+        with:
+          name: fireguard-deb
+      - name: Test Install package
+        run: |
+          apt update
+          apt install -y postgresql wireguard iptables net-tools
+          dpkg -i fireguard*.deb
+
  publish:
    needs: build
    runs-on: ubuntu-18.04
--- a/config/dev.exs
+++ b/config/dev.exs
@@ -72,7 +72,6 @@ config :fg_http, FgHttpWeb.Endpoint,
  ]

 config :fg_vpn,
-  privkey: "mFZhBZIQATDzM+Mr671uiryJfSzKQhEA2RYg6JaWiGc=",
  pubkey: "JId8GN8iPmdQXOLSdcsSkaW4i60e1/rpHB/03rsaKBk="

 # Do not include metadata nor timestamps in development logs
--- a/config/releases.exs
+++ b/config/releases.exs
@@ -35,6 +35,9 @@ listen_port =

 listen_host = json_config["listen_host"] || System.get_env("LISTEN_HOST") || "localhost"

+config :fg_vpn,
+  pubkey: json_config["pubkey"]
+
 config :fg_http, FgHttp.Repo,
  # ssl: true,
  url: database_url,
--- a/pkg/debian/DEBIAN/control
+++ b/pkg/debian/DEBIAN/control
@@ -2,7 +2,7 @@ Package: fireguard
 Version: 0.1.7-1
 Architecture: amd64
 Maintainer: CloudFire, LLC <dpkg@cloudfire.network>
-Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2)
+Depends: net-tools (>= 1.60+git20180626.aebd88e-1ubuntu1), systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2)
 Section: net
 Priority: optional
 Homepage: https://cloudfire.network
--- a/pkg/debian/DEBIAN/postinst
+++ b/pkg/debian/DEBIAN/postinst
@@ -15,28 +15,48 @@ else
  useradd --system fireguard
 fi

-touch /opt/fireguard/config.yml
-chown -R fireguard:root /opt/fireguard
-chmod 0600 /opt/fireguard/config.yml
-
+# Generate app secrets
 live_view_signing_salt="$(openssl rand -base64 24)"
 secret_key_base="$(openssl rand -base64 48)"
 db_user=fireguard
 db_password="$(openssl rand -base64 8)"

+# Setup DB
 sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true
 sudo -i -u postgres psql -c "CREATE DATABASE fireguard;" || true
 sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to ${db_user};" || true

+# Generate WireGuard priv/pubkeys
+privkey=$(wg genkey)
+pubkey=$(echo ${privkey} | wg pubkey)
+
+# Write FireGuard config file
+touch /opt/fireguard/config.yml
+chown -R fireguard:root /opt/fireguard
+chmod 0600 /opt/fireguard/config.yml
 cat <<EOT >> /opt/fireguard/config.json
 {
  "live_view_signing_salt": "${live_view_signing_salt}",
  "secret_key_base": "${secret_key_base}",
  "database_url": "ecto://${db_user}:${db_password}@localhost/fireguard",
+  "pubkey": "${pubkey}",
  "listen_port": 4000,
  "listen_host": "localhost"
 }
 EOT

+# Grab default route interface
+default_int=$(route | grep '^default' | grep -o '[^ ]*$')
+
+# Write WireGuard config file
+cat <<EOT >> /etc/wireguard/wg-fireguard.conf
+[Interface]
+ListenPort = 51820
+PrivateKey = ${privkey}
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ${default_int} -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ${default_int} -j MASQUERADE
+
+EOT
+
 systemctl enable fireguard
 systemctl start fireguard