Set curl timeout in CI (#38 )

Co-authored-by: Jordan Potter <me@jordanpotter.com>
Improve test performance in CI (#37 )
2023-10-11 09:13:38 -07:00 · 2023-10-04 10:13:51 -07:00 · 2023-10-04 09:49:03 -07:00 · 2023-10-03 09:32:07 -07:00 · 2023-10-03 09:00:03 -07:00 · 2023-10-03 08:59:04 -07:00
4 changed files with 157 additions and 45 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -0,0 +1,149 @@
 name: Continuous Integration
 on:
  push:
  schedule:
    - cron: "0 0 * * TUE"
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 env:
  platforms: "linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7"
 jobs:
  ci:
    name: Continuous Integration
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    timeout-minutes: 10
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Load necessary kernel modules
        run: sudo modprobe ip6_tables
      - name: Install WireGuard
        run: sudo apt-get install wireguard
      - name: Create WireGuard config
        run: echo '${{ secrets.WIREGUARD_CONF }}' > wireguard.conf
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build local Docker image for testing
        uses: docker/build-push-action@v5
        with:
          pull: true
          load: true
          tags: wireguard
      - name: Copy Docker image to Podman
        run: |
          sudo podman pull docker-daemon:docker.io/library/wireguard:latest
          sudo podman save -o ${{ runner.temp }}/wireguard.tar docker.io/library/wireguard:latest
          podman load -i ${{ runner.temp }}/wireguard.tar
      - name: Test tunnel
        run: |
          for cmd in "docker" "podman" "sudo podman"; do
            $cmd run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf wireguard
            normal_ip=$($cmd run --rm curlimages/curl --max-time 3 --retry 3 --retry-delay 1 --retry-all-errors ifconfig.io)
            wireguard_ip=$($cmd run --rm --net=container:wireguard curlimages/curl --max-time 3 --retry 3 --retry-delay 1 --retry-all-errors ifconfig.io)
            if [ "$normal_ip" = "$wireguard_ip" ]; then echo "normal ip and wireguard ip are the same" && exit 1; fi
            $cmd stop wireguard
          done
      - name: Test kill switch
        run: |
          for cmd in "docker" "podman" "sudo podman"; do
            $cmd run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf wireguard
            $cmd run --rm --net=container:wireguard curlimages/curl --max-time 3 --retry 3 --retry-delay 1 --retry-all-errors ifconfig.io
            $cmd exec wireguard wg-quick down wg0
            ! $cmd run --rm --net=container:wireguard curlimages/curl --max-time 3 --retry 3 --retry-delay 1 --retry-all-errors ifconfig.io
            $cmd stop wireguard
          done
      - name: Test local subnets
        run: |
          for cmd in "docker" "podman" "sudo podman"; do
            ip_address=$(ip route get 1.2.3.4 | awk '{print $7}')
            $cmd run --rm -d --name nginx -p 8080:80 nginx
            $cmd run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf -e LOCAL_SUBNETS=$ip_address/32 wireguard
            $cmd run --rm --net=container:wireguard curlimages/curl --max-time 3 --retry 3 --retry-delay 1 --retry-all-errors $ip_address:8080
            $cmd stop wireguard nginx
          done
      - name: Test exposed ports
        run: |
          for cmd in "docker" "podman" "sudo podman"; do
            $cmd run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf -p 8080:80 wireguard
            $cmd run --rm -d --name nginx --net=container:wireguard nginx
            curl --max-time 3 --retry 3 --retry-delay 1 --retry-all-errors localhost:8080
            $cmd stop wireguard nginx
          done
      - name: Log into Docker Hub
        uses: docker/login-action@v3
        with:
          username: jordanpotter
          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
      - name: Log into GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Get date
        id: date
        uses: josStorer/get-current-time@v2
        with:
          format: YYYY-MM-DD
      - name: Get metadata for image
        id: metadata
        uses: docker/metadata-action@v5
        with:
          images: |
            jordanpotter/wireguard
            ghcr.io/${{ github.repository }}
          tags: |
            type=raw,value=${{ steps.date.outputs.formattedTime }},enable=${{ github.event_name == 'schedule' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build images
        if: ${{ github.ref != 'refs/heads/main' }}
        uses: docker/build-push-action@v5
        with:
          pull: true
          push: false
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          platforms: ${{ env.platforms }}
      - name: Build and push images
        if: ${{ github.ref == 'refs/heads/main' }}
        uses: docker/build-push-action@v5
        with:
          pull: true
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          platforms: ${{ env.platforms }}
      - name: Update Docker Hub description
        if: ${{ github.ref == 'refs/heads/main' }}
        uses: peter-evans/dockerhub-description@v3
        with:
          repository: jordanpotter/wireguard
          username: jordanpotter
          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
          short-description: ${{ github.event.repository.description }}
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -1,42 +0,0 @@
 name: Publish
 on:
  push:
    tags:
      - "[0-9]+.[0-9]+.[0-9]+"
 jobs:
  publish:
    name: Publish
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v1
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1
    - name: Get metadata for Docker image
      id: docker-metadata
      uses: docker/metadata-action@v3
      with:
        images: jordanpotter/wireguard
        tags: |
          type=semver,pattern={{version}}
    - name: Log into Docker Hub
      uses: docker/login-action@v1 
      with:
        username: jordanpotter
        password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
    - name: Build and push Docker image
      uses: docker/build-push-action@v2
      with:
        tags: ${{ steps.docker-metadata.outputs.tags }}
        labels: ${{ steps.docker-metadata.outputs.labels }}
        platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
        push: true
--- a/5
+++ b/5
@ -1,8 +1,7 @@
-FROM alpine:3.15.4
+FROM alpine:3
 RUN apk add --no-cache \
-      openresolv iptables ip6tables iproute2 wireguard-tools \
+	findutils openresolv iptables ip6tables iproute2 wireguard-tools
      findutils # Needed for find's -printf flag
 COPY entrypoint.sh /entrypoint.sh
--- a/README.md
+++ b/README.md
@ -103,3 +103,9 @@ $ docker run --rm                                                  \
  --net=container:wireguard                                        \
  nginx
 ```
 ## Versioning
 This container image is rebuilt weekly with the latest security updates. Each build runs tests to verify all features continue to work as expected, including the kill switch and local network routing.
 Images are tagged with the date of the build in `YYYY-MM-DD` format. The available image tags are listed [here](https://hub.docker.com/r/jordanpotter/wireguard/tags).
Author	SHA1	Message	Date
Jordan Potter	5c07117e1d	Set curl timeout in CI (#38 ) Co-authored-by: Jordan Potter <me@jordanpotter.com>	2023-10-11 09:13:38 -07:00
Jordan Potter	b3044bdd6e	Improve test performance in CI (#37 ) Co-authored-by: Jordan Potter <me@jordanpotter.com>	2023-10-04 10:13:51 -07:00
Jordan Potter	bac385db3e	Test with Podman in CI (#34 ) * Test with Podman in CI * Correct logic to copy Docker image to Podman * Load necessary kernel modules in CI --------- Co-authored-by: Jordan Potter <me@jordanpotter.com>	2023-10-04 09:49:03 -07:00
Jordan Potter	eefe2e4c9a	Enable CI in PRs (#36 ) Co-authored-by: Jordan Potter <me@jordanpotter.com>	2023-10-03 09:32:07 -07:00
Jordan Potter	151215a763	Merge pull request #35 from jordanpotter/ci-ip-check Verify WireGuard IP address is different in CI	2023-10-03 09:00:03 -07:00
Jordan Potter	fe96abc12f	Verify WireGuard IP address is different in CI	2023-10-03 08:59:04 -07:00
Jordan Potter	8cd200bedc	Update Docker Hub description in CI	2023-09-29 16:51:15 -07:00
Jordan Potter	c92ecdb79c	Add versioning details to README	2023-09-29 16:50:48 -07:00
Jordan Potter	9477a7048a	Improve GitHub workflow to include tests	2023-09-29 16:50:21 -07:00
Jordan Potter	b505973565	Build with the latest Alpine v3	2023-09-29 16:49:53 -07:00