From 516aa4b60592bba0ee91f40caa99081744b353db Mon Sep 17 00:00:00 2001 From: Arjan H Date: Sat, 17 Sep 2022 12:21:48 +0200 Subject: [PATCH] Add workflow to regularly test if the patches can still be applied to latest boulder --- .github/workflows/try-bump.yml | 40 ++++++++++++++++++++++++++++++++++ README.md | 2 +- install | 18 +-------------- patch-cfg.sh | 31 ++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/try-bump.yml create mode 100755 patch-cfg.sh diff --git a/.github/workflows/try-bump.yml b/.github/workflows/try-bump.yml new file mode 100644 index 0000000..3ae1d8c --- /dev/null +++ b/.github/workflows/try-bump.yml @@ -0,0 +1,40 @@ +name: Try Boulder Bump + +on: + schedule: + - cron: '30 5 * * 5' + workflow_dispatch: + +jobs: + try-bump: + runs-on: ubuntu-latest + strategy: + fail-fast: false + + steps: + - name: Checkout Self + uses: actions/checkout@v3 + + - uses: oprypin/find-latest-tag@v1 + with: + repository: letsencrypt/boulder + id: boulder + + - run: echo "Boulder is at version ${{ steps.boulder.outputs.tag }}" + + - uses: actions/checkout@v3 + with: + repository: letsencrypt/boulder + ref: ${{ steps.boulder.outputs.tag }} + path: boulder + + - name: Apply our code patches + run: | + cd boulder + ../patch.sh + + - name: Apply our config patches + run: | + cd boulder + ../patch-cfg.sh + diff --git a/README.md b/README.md index d432a06..8a2194b 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ ## NEW: standalone version for step-ca [![status-experimental](https://img.shields.io/badge/status-experimental-orange.svg)](README_standalone.md) -See [README_stepca](README_standalone.md) +See [README_standalone](README_standalone.md) ## Table of Contents diff --git a/install b/install index c4c4962..fd20649 100755 --- a/install +++ b/install @@ -594,23 +594,7 @@ config_boulder() { cp sa/_db/migrations/20210223140000_CombinedSchema.sql "$boulderLabCADir/.backup/" cp Makefile "$boulderLabCADir/.backup/" - sudo -u labca -H patch -p1 -o "$boulderLabCADir/entrypoint.sh" < $cloneDir/patches/entrypoint.patch &>>$installLog - cp test/startservers.py "$boulderLabCADir/startservers.py" &>>$installLog - - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/ca-a.json" < $cloneDir/patches/test_config_ca_a.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/ca-b.json" < $cloneDir/patches/test_config_ca_b.patch &>>$installLog - - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/expiration-mailer.json" < $cloneDir/patches/config_expiration-mailer.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/notify-mailer.json" < $cloneDir/patches/config_notify-mailer.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/bad-key-revoker.json" < $cloneDir/patches/config_bad-key-revoker.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/ocsp-responder.json" < $cloneDir/patches/config_ocsp-responder.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/publisher.json" < $cloneDir/patches/config_publisher.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/wfe2.json" < $cloneDir/patches/config_wfe2.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/orphan-finder.json" < $cloneDir/patches/config_orphan-finder.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/crl-storer.json" < $cloneDir/patches/config_crl-storer.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/crl-updater.json" < $cloneDir/patches/config_crl-updater.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/ra.json" < $cloneDir/patches/config_ra.patch &>>$installLog - sudo -u labca -H patch -p1 -o "$boulderLabCADir/config/va.json" < $cloneDir/patches/config_va.patch &>>$installLog + $cloneDir/patch-cfg.sh "sudo -u labca -H" "$boulderLabCADir" &>>$installLog mkdir -p $baseDir/backup [ -z "$(docker ps | grep boulder-bmysql-1)" ] || docker exec -i boulder-bmysql-1 mysqldump boulder_sa_integration >$baseDir/backup/dbdata-${runId}.sql diff --git a/patch-cfg.sh b/patch-cfg.sh new file mode 100755 index 0000000..e32e402 --- /dev/null +++ b/patch-cfg.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +set -e + +cloneDir=$(dirname $0) + +# For legacy mode, when called from the install script... +SUDO="$1" +boulderLabCADir="${2:-labca}" + +[ -d "$boulderLabCADir/config" ] || mkdir -p "$boulderLabCADir/config" + + +$SUDO patch -p1 -o "$boulderLabCADir/entrypoint.sh" < $cloneDir/patches/entrypoint.patch +cp test/startservers.py "$boulderLabCADir/startservers.py" + +$SUDO patch -p1 -o "$boulderLabCADir/config/ca-a.json" < $cloneDir/patches/test_config_ca_a.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/ca-b.json" < $cloneDir/patches/test_config_ca_b.patch + +$SUDO patch -p1 -o "$boulderLabCADir/config/expiration-mailer.json" < $cloneDir/patches/config_expiration-mailer.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/notify-mailer.json" < $cloneDir/patches/config_notify-mailer.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/bad-key-revoker.json" < $cloneDir/patches/config_bad-key-revoker.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/ocsp-responder.json" < $cloneDir/patches/config_ocsp-responder.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/publisher.json" < $cloneDir/patches/config_publisher.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/wfe2.json" < $cloneDir/patches/config_wfe2.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/orphan-finder.json" < $cloneDir/patches/config_orphan-finder.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/crl-storer.json" < $cloneDir/patches/config_crl-storer.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/crl-updater.json" < $cloneDir/patches/config_crl-updater.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/ra.json" < $cloneDir/patches/config_ra.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/va.json" < $cloneDir/patches/config_va.patch +