From eba6be672c1c1a6bd9c6bd4b6eb73322111cc15c Mon Sep 17 00:00:00 2001
From: Lukas Garberg <lukas.garberg@tele2.com>
Date: Wed, 5 Jul 2023 23:19:04 +0000
Subject: [PATCH] ci: Misc changes for Unbuntu 20.04

To get the tests to pass in Unbuntu 20.04 a few work arounds were
needed. Over time the workarounds should be removed, but now I need
progress.

* Change how nipapd is started when running the apt tests. From some
  reason the daemon won't start with systemd, so let's just start it
  manually. Also, it by default tries to drop privileges and then
  cannot read some postgres certificate in /root. Thus, avoid dropping
  privileges.

  And yes, the daemon won't start from systemd without dropping
  privileges either.

* Run the CLI tests over plain-text HTTP. With the newer versions of TLS
  libs in 20.04, a CN is not enough but a subject alternative name (SAN)
  is required as well. It's a bit more tricky to generate a cert with
  SAN, so instead I let the CLI tests run over plain-text HTTP instead.
  The REST tests pass over TLS (with warnings regarding missing SAN).

* As the Python 2 version of NIPAP cannot be installed on Ubuntu 20.04,
  the upgrade tests are disabled until we can upgrade from a Python
  3-based version.

* Enabled an "Accident analysis"-step in the CI pipeline. If the test
  fails it's run and gathers some data for debugging.

More debugging

ci: Removed debugging

ci: Cleanup for starting nipapd manually
---
 .github/workflows/ci.yml | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fd43fc30a..a416ab3f9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: [ master ]
 
+env:
+  ACTIONS_RUNNER_DEBUG: true
+  ACTIONS_STEP_DEBUG: true
+
 jobs:
   test:
 
@@ -13,7 +17,8 @@ jobs:
     strategy:
       matrix:
         install: [ pip, apt ]
-        upgrade: [ true, false ]
+        # Upgrade tests temporary disabled as Python 2 version cannot be installed on Ubuntu 20.04
+        upgrade: [ false ]
         exclude:
           - install: pip
             upgrade: true
@@ -54,7 +59,7 @@ jobs:
         # Drop and re-create cluster to be bound to default port
         for version in `pg_lsclusters | tail -n-2 | awk '{ print $1 }'`; do sudo pg_dropcluster $version main; done
         sudo pg_createcluster --start 12 main
-        sed -e 's/username = guest/username = unittest/' -e 's/password = guest/password = gottatest/' -e 's/port = 1337/port = 1338/' -e "s/#use_ssl = false/use_ssl = true/" nipap-cli/nipaprc > ~/.nipaprc
+        sed -e 's/username = guest/username = unittest/' -e 's/password = guest/password = gottatest/' nipap-cli/nipaprc > ~/.nipaprc
         chmod 0600 ~/.nipaprc
 
         # Set up CA and generate SSL cert
@@ -90,7 +95,7 @@ jobs:
         # install nipap-cli dependencies
         sudo -H pip3 install -r nipap-cli/requirements.txt
         # start nipap backend
-        nipap/nipapd --no-pid-file -c /etc/nipap/nipap.conf
+        nipap/nipapd --no-pid-file -c /etc/nipap/nipap.conf -df 2>&1 > /tmp/nipap.log &
 
     - name: "Install latest release from apt"
       if: ${{ matrix.install == 'apt' && matrix.upgrade == true }}
@@ -132,14 +137,15 @@ jobs:
         if [ `grep -c ssl_port /etc/nipap/nipap.conf` -eq 0 ]; then \
           # No SSL config in file - add from scratch
           sudo sed '/^port *=.*/a ssl_port = 1338\nssl_cert_file = \/tmp\/ca\/test.bundle.crt\nssl_key_file = \/tmp\/ca\/test.key' -i /etc/nipap/nipap.conf; \
-          else \
+        else \
           sudo sed -e "s/#ssl_port.\+$/ssl_port = 1338/" -e "s/#ssl_cert_file.\+$/ssl_cert_file = \/tmp\/ca\/test.bundle.crt/" -e "s/#ssl_key_file.\+$/ssl_key_file = \/tmp\/ca\/test.key/" -i /etc/nipap/nipap.conf; \
-          fi
+        fi
         # create local user for unittests
         sudo nipap/nipap-passwd add -u unittest -p gottatest -f /etc/nipap/local_auth.db -n "User for running unit tests"
         sudo nipap/nipap-passwd add -u readonly -p gottatest -f /etc/nipap/local_auth.db --readonly -n "Read-only user for running unit tests"
-        sudo sed -e "s/db_host *= *[^ ]\+/db_host = localhost/" -i /etc/nipap/nipap.conf
-        sudo /etc/init.d/nipapd restart
+        sudo sed -e "s/^db_host *=.*/db_host = localhost/" -e "s/{{SYSLOG}}/true/" -e "s/^debug.\+/debug = true/" -e "s/^user/#user/" -i /etc/nipap/nipap.conf
+        sudo systemctl stop nipapd.service
+        sudo nipapd --no-pid-file -c /etc/nipap/nipap.conf -df 2>&1 > /tmp/nipap.log &
 
     - name: "Verify pre-upgrade data"
       if: ${{ matrix.upgrade == true }}
@@ -155,3 +161,10 @@ jobs:
         nosetests3 tests/test_nipap_ro.py
         nosetests3 tests/test_rest.py
         make -C jnipap test
+
+    - name: "Accident analysis"
+      if: failure()
+      run: |
+        sudo cat /etc/nipap/nipap.conf
+        sudo cat /var/log/syslog
+        sudo cat /tmp/nipap.log || true