[ACS-5005] Improve keystore/truststore generation for GHA (#1873)

2025-07-24 17:32:48 +00:00 · 2023-04-14 16:12:33 +02:00
parent 32c3a5ad90
commit 7e9e0e1ad4
3 changed files with 13 additions and 32 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,6 +23,7 @@ env:
  MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
  QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
  QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+  CI_WORKSPACE: ${{ github.workspace }}
  TAS_ENVIRONMENT: ./packaging/tests/environment
  TAS_SCRIPTS: ../alfresco-community-repo/packaging/tests/scripts

@@ -316,7 +317,8 @@ jobs:
          - testSuite: MTLSTestSuite
            compose-profile: with-mtls-transform-core-aio
            mtls: true
-            mvn-options: '-Dencryption.ssl.keystore.location=${GITHUB_WORKSPACE}/keystores/alfresco/alfresco.keystore -Dencryption.ssl.truststore.location=${GITHUB_WORKSPACE}/keystores/alfresco/alfresco.truststore'
+            disabledHostnameVerification: false
+            mvn-options: '-Dencryption.ssl.keystore.location=${CI_WORKSPACE}/keystores/alfresco/alfresco.keystore -Dencryption.ssl.truststore.location=${CI_WORKSPACE}/keystores/alfresco/alfresco.truststore'
    steps:
      - uses: actions/checkout@v3
      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.33.0
@@ -328,8 +330,14 @@ jobs:
      - name: "Generate Keystores and Truststores for Mutual TLS configuration"
        if: ${{ matrix.mtls }}
        run: |
-         git clone -b "master" --depth=1 "https://${{ secrets.BOT_GITHUB_USERNAME }}:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/Alfresco/alfresco-ssl-generator.git"
-         bash ./scripts/ci/generate_keystores.sh
+          git clone -b "master" --depth=1 "https://${{ secrets.BOT_GITHUB_USERNAME }}:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/Alfresco/alfresco-ssl-generator.git"
+          if ${{ matrix.disabledHostnameVerification }} ; then
+            bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/generate_keystores_wrong_hostnames.sh
+            echo "HOSTNAME_VERIFICATION_DISABLED=true" >> "$GITHUB_ENV"
+          else
+            bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/generate_keystores.sh
+            echo "HOSTNAME_VERIFICATION_DISABLED=false" >> "$GITHUB_ENV"
+          fi
      - name: "Set up the environment"
        run: |
          if [ -e ./scripts/ci/tests/${{ matrix.testSuite }}-setup.sh ]; then
--- a/scripts/ci/docker-compose/docker-compose.yaml
+++ b/scripts/ci/docker-compose/docker-compose.yaml
@@ -31,8 +31,8 @@ services:
    ports:
      - 8090:8090
    volumes:
-      - ${GITHUB_WORKSPACE}/keystores/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore
-      - ${GITHUB_WORKSPACE}/keystores/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore
+      - ${CI_WORKSPACE}/keystores/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore
+      - ${CI_WORKSPACE}/keystores/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore
    environment:
      ACTIVEMQ_URL: "nio://activemq:61616"
      ACTIVEMQ_USER: "admin"
--- a/scripts/ci/generate_keystores.sh
+++ b/scripts/ci/generate_keystores.sh
@@ -1,27 +0,0 @@
-#! /bin/bash
-#! /bin/bash
-
-# SETTINGS
-# Alfresco Format: "classic" / "current" is supported only from 7.0
-ALFRESCO_FORMAT=current
-
-#Contains directory settings
-source ${GITHUB_WORKSPACE}/alfresco-ssl-generator/ssl-tool/utils.sh
-
-# Cleanup previous output of script
-rm -rd $CA_DIR
-rm -rd $KEYSTORES_DIR
-rm -rd $CERTIFICATES_DIR
-
-# SETTINGS
-# Alfresco Format: "classic" / "current" is supported only from 7.0
-ALFRESCO_FORMAT=current
-
-#CA
-${GITHUB_WORKSPACE}/alfresco-ssl-generator/ssl-tool/run_ca.sh -keysize 2048 -keystorepass password -certdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco CA" -servername localhost -validityduration 1
-#Alfresco
-${GITHUB_WORKSPACE}/alfresco-ssl-generator/ssl-tool/run_additional.sh -servicename alfresco -rootcapass password -keysize 2048 -keystoretype JCEKS -keystorepass password -truststoretype JCEKS -truststorepass password -certdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco Repository" -servername localhost -alfrescoformat $ALFRESCO_FORMAT
-#Alfresco Metadata encryption
-${GITHUB_WORKSPACE}/alfresco-ssl-generator/ssl-tool/run_encryption.sh -subfoldername alfresco -servicename encryption -encstorepass mp6yc0UD9e -encmetadatapass oKIWzVdEdA -alfrescoformat $ALFRESCO_FORMAT
-#T-Engine AIO
-${GITHUB_WORKSPACE}/alfresco-ssl-generator/ssl-tool/run_additional.sh -servicename tengineAIO -rootcapass password -keysize 2048 -keystoretype JCEKS -keystorepass password -truststoretype JCEKS -truststorepass password -certdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=T-Engine AIO" -servername localhost -alfrescoformat $ALFRESCO_FORMAT