[andy/dehydrated.git] / .travis.yml

sudo: false
language: shell

cache:
  directories:
    - ngrok

before_script:
  # install ngrok
  - if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi

  # run ngrok and grab url from logfile
  - ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
  - sleep 5
  - cat tmp.log
  - export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
  - if [[ -z "${TMP_URL}" ]]; then exit 1; fi

  # start python http server in challenges directory
  - (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &

  # generate config
  - echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
  - echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
  - echo "${TMP_URL}" > domains.txt

script:
  # check if help command is worling
  - ./letsencrypt.sh --help

  # move config out of the way and try signing certificate by using temporary config location
  - mv config.sh tmp_config.sh
  - ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh
  - mv tmp_config.sh config.sh

  # run in cron mode (should find a non-expiring certificate) + check running without given mode (should default to cron mode)
  - ./letsencrypt.sh --cron
  - ./letsencrypt.sh

  # check if certificate is valid in various ways
  - openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text
  - openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null
  - "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" | grep -v ': OK$' || true)\""
  - if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi

  # delete account key
  - rm private_key.pem

  # revoke certificate using certificate key
  - ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem"
Commit	Line	Data
9ebbce04	1	sudo: false
81882a64	2	language: shell
9ebbce04 LS	3
	4	cache:
	5	directories:
	6	- ngrok
	7
	8	before_script:
79ef6af2	9	# install ngrok
9ebbce04	10	- if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi
79ef6af2 LS	11
79ef6af2 LS	12	# run ngrok and grab url from logfile
9ebbce04 LS	13	- ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
	14	- sleep 5
	15	- cat tmp.log
	16	- export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log \| head -1 \| cut -d':' -f2)"
9ebbce04	17	- if [[ -z "${TMP_URL}" ]]; then exit 1; fi
79ef6af2 LS	18
	19	# start python http server in challenges directory
	20	- (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &
	21
	22	# generate config
9ebbce04 LS	23	- echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
	24	- echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
	25	- echo "${TMP_URL}" > domains.txt
	26
	27	script:
79ef6af2	28	# check if help command is worling
81882a64	29	- ./letsencrypt.sh --help
79ef6af2 LS	30
79ef6af2 LS	31	# move config out of the way and try signing certificate by using temporary config location
81882a64	32	- mv config.sh tmp_config.sh
8f6c2328	33	- ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh
81882a64	34	- mv tmp_config.sh config.sh
79ef6af2 LS	35
79ef6af2 LS	36	# run in cron mode (should find a non-expiring certificate) + check running without given mode (should default to cron mode)
81882a64	37	- ./letsencrypt.sh --cron
9ebbce04	38	- ./letsencrypt.sh
79ef6af2 LS	39
79ef6af2 LS	40	# check if certificate is valid in various ways
9ebbce04	41	- openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text
79ef6af2 LS	42	- openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null
79ef6af2 LS	43	- "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" \| grep -v ': OK$' \|\| true)\""
2f3b13fb	44	- if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi
79ef6af2 LS	45
79ef6af2 LS	46	# delete account key
81882a64	47	- rm private_key.pem
79ef6af2 LS	48
79ef6af2 LS	49	# revoke certificate using certificate key
81882a64	50	- ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem"