mirror of
https://github.com/project-zot/zot.git
synced 2026-06-15 11:37:56 +08:00
Ramkumar Chinchani
9aff5b8d08
* chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix golangci-lint findings from CI Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix golangci-lint gosec warnings Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update code to use slices package and address gosec linting issues Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * build: fix makefile target Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests and add gosec annotations Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: bump zui version Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update test helpers and improve security settings in tests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: add gosec linting directive for test path construction Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
67 lines
2.0 KiB
YAML
67 lines
2.0 KiB
YAML
name: "TLS protocol scan"
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches: [main]
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
tls-check:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
mode: [non-fips, fips]
|
|
include:
|
|
- mode: non-fips
|
|
godebug: ""
|
|
- mode: fips
|
|
godebug: "fips140=only"
|
|
name: TLS check (${{ matrix.mode }})
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
|
with:
|
|
cache: false
|
|
check-latest: true
|
|
go-version: 1.26.x
|
|
- name: Install dependencies
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
mkdir -p test/data
|
|
cd test/data
|
|
../scripts/gen_certs.sh
|
|
- name: Build binary
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
make binary
|
|
- name: Start zot server (${{ matrix.mode }})
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
if [[ -n "${{ matrix.godebug }}" ]]; then
|
|
export GODEBUG="${{ matrix.godebug }}"
|
|
fi
|
|
bin/zot-linux-amd64 serve examples/config-tls.json & echo $! > zot.PID
|
|
if [[ -n "${{ matrix.godebug }}" ]]; then
|
|
unset GODEBUG
|
|
fi
|
|
sleep 5
|
|
# Check if zot server is running
|
|
cat /proc/$(cat zot.PID)/status | grep State || exit 1
|
|
curl -k --connect-timeout 3 --max-time 5 --retry 60 --retry-delay 1 --retry-max-time 180 --retry-connrefused https://localhost:8080/v2/
|
|
- name: Run TLS tests (${{ matrix.mode }})
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
./test/scripts/tls_scan.sh
|
|
./test/scripts/tls_cipher_check.sh ${{ matrix.mode }} localhost:8080
|
|
- name: Cleanup
|
|
if: always()
|
|
run: |
|
|
cd $GITHUB_WORKSPACE
|
|
[[ -f zot.PID ]] && kill $(cat zot.PID) 2>/dev/null || true
|