From d4ad9a92a8e22c24d6bd2339ef1c1945e48fb9bf Mon Sep 17 00:00:00 2001 From: l-1squared <30831153+l-1squared@users.noreply.github.com> Date: Fri, 12 Jan 2024 09:24:35 +0100 Subject: [PATCH] Communicate with server via HTTPS Signed-off-by: l-1squared <30831153+l-1squared@users.noreply.github.com> --- .github/workflows/mock_release.yaml | 28 +++++++++++++++++++++++++--- build.gradle | 2 -- gradle.properties | 1 - 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/.github/workflows/mock_release.yaml b/.github/workflows/mock_release.yaml index 738be30b9dd..7a1bae2050b 100644 --- a/.github/workflows/mock_release.yaml +++ b/.github/workflows/mock_release.yaml @@ -6,18 +6,26 @@ jobs: name: Mock-release JGiven runs-on: ubuntu-latest env: + KEYSTORE_PASSWORD: 'clearlyNotARealPassword' + KEYSTORE_NAME: 'server.p12' SONATYPE_PASSWORD: 'notARealPassword' SONATYPE_USERNAME: 'notARealUsername' GPG_PASSWORD: 'espalhando' GPG_KEY_ID: 'notARealKeyId@example.com' VERSION: '0.0.1-TEST' steps: - - uses: actions/checkout@v4.1.1 - name: Set up JDK 11 uses: actions/setup-java@v3.13.0 with: java-version: '11' distribution: 'adopt' + - name: Set up a server certificate + run: | + openssl genrsa -out server.key 2048 + openssl req -new -key server.key -out server.csr -subj '/C=DE/ST=Berlin/L=Berlin/O=JGiven/OU=JGiven/CN=localhost' + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + openssl pkcs12 -export -in server.crt -inkey server.key -out ${KEYSTORE_NAME} -name "localhost" -password "pass:${KEYSTORE_PASSWORD}" + keytool -import -cacerts -storepass changeit -noprompt -alias "localhost" -file server.crt - name: Set up openpgp signing keys run: | gpg --quick-gen-key --batch --passphrase "${GPG_PASSWORD}" "${GPG_KEY_ID}" @@ -26,21 +34,32 @@ jobs: run: | wget https://repo1.maven.org/maven2/org/wiremock/wiremock-standalone/3.3.1/wiremock-standalone-3.3.1.jar wiremock=$(find ./ -name "wiremock-standalone-*.jar") - java -jar ${wiremock} --port 7000 --verbose & + java -jar "${wiremock}" --port 7000 --https-port 8443 --verbose --https-keystore "${KEYSTORE_NAME}" \ + --keystore-password "${KEYSTORE_PASSWORD}" --keystore-type PKCS12 --key-manager-password "${KEYSTORE_PASSWORD}" & + counter=0 while ! nc -z localhost 7000; do sleep 0.1 # wait for 1/10 of the second before check again + counter=$((counter + 1)) + if [ $counter -gt 100 ]; then + echo "Server failed to start" + exit 1 + fi done - name: Add mock server mappings run: | curl -X POST --data '{"request": {"urlPattern": "/com/tngtech/jgiven/[^/]+/[^/]+/[^/]+", "method": "PUT"}, "response": {"status": 200, "body": "OK"}}' http://localhost:7000/__admin/mappings curl -X POST --data '{"request": {"urlPattern": "/com/tngtech/jgiven/.*?/maven-metadata.xml(?:[.]sha(?:1|512|256)|[.]md5)?", "method": "PUT"}, "response": {"status": 200, "body": "OK"}}' http://localhost:7000/__admin/mappings + - uses: actions/checkout@v4.1.1 - name: set an alternate version run: "source scripts/source_files/helper_functions.sh && updateAllVersionInformation ${VERSION}" - name: Attempt mock release run: > ./gradlew test publishMavenPublicationToMavenLocal publishMavenPublicationToMavenRepository -PsigningKey="$(gpg --batch --pinentry-mode=loopback --yes --passphrase "${GPG_PASSWORD}" --armor --export-secret-key "${GPG_KEY_ID}")" - -PsigningPassword="${GPG_PASSWORD}" -Ppublishing.releaseUrl=http://localhost:7000 -Ppublishing.allowInsecureProtocol=true + -PsigningPassword="${GPG_PASSWORD}" -Ppublishing.releaseUrl=https://localhost:8443 -Ppublishing.allowInsecureProtocol=false + --info --stacktrace + env: + RELEASE: TRUE - name: Upload test results html files continue-on-error: true if: ${{failure()}} @@ -49,4 +68,7 @@ jobs: name: test-report.zip path: /home/runner/work/JGiven/JGiven/*/build/reports/tests if-no-files-found: ignore + - name: shut down server + continue-on-error: true + run: curl -X POST http://localhost:7000/__admin/shutdown diff --git a/build.gradle b/build.gradle index 268b5ee7849..9859388a219 100644 --- a/build.gradle +++ b/build.gradle @@ -122,7 +122,6 @@ subprojects { String releaseUrl = project["mavenRepo.releaseUrl"] String snapshotUrl = project["mavenRepo.releaseUrl"] url = System.env.RELEASE == "true" ? releaseUrl : snapshotUrl - allowInsecureProtocol = project["mavenRepo.allowInsecureProtocol"] && url.getHost() == "localhost" credentials { username = sonatypeUsername password = sonatypePassword @@ -301,7 +300,6 @@ configure(subprojects) { } def signingKey = findProperty("signingKey") def signingPassword = findProperty("signingPassword") - println signingKey useInMemoryPgpKeys(signingKey, signingPassword) sign publishing.publications } diff --git a/gradle.properties b/gradle.properties index e6674e89d40..f89d0f4981f 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,4 +5,3 @@ android.useAndroidX=true android.enableJetifier=true mavenRepo.releaseUrl='https://oss.sonatype.org/service/local/staging/deploy/maven2/' mavenRepo.snapshotUrl='https://oss.sonatype.org/content/repositories/snapshots/' -mavenRepo.allowInsecureProtocol=false