Update: enhance CI workflow to include Python and Go tests

2026-04-24 23:46:47 +02:00
parent e71b71ac49
commit 0cdf249942
2 changed files with 110 additions and 88 deletions
--- a/.gitea/workflows/test.yaml
+++ b/.gitea/workflows/test.yaml
@@ -2,14 +2,46 @@ on:
  push:
    paths:
      - 'simple-ca.sh'
+      - 'simple-ca.py'
      - 'run-tests.sh'
+      - 'src/simple-ca/**'
+      - '.gitea/workflows/test.yaml'

 jobs:
-  test:
+  test-bash:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v6

-      - name: Run tests
-        run: ./run-tests.sh
+      - name: Run bash tests
+        run: ./run-tests.sh bash
+
+  test-python:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Run python tests
+        run: ./run-tests.sh python
+
+  test-go:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+          cache-dependency-path: src/simple-ca/go.sum
+
+      - name: Run go tests
+        run: ./run-tests.sh go
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -21,115 +21,105 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.

-# This script runs all the test required to verify the functionality of the simple CA implementation.
+# This script runs integration tests against one or more simple-ca implementations.
+# Usage: run-tests.sh [bash|python|go|all]   (default: all)
 set -e

-# Load the certificate functions
-source "$(dirname "$BASH_SOURCE[0]")/simple-ca.sh"
+TEST_TARGET="${1:-all}"

-function clean_up_test_dir() {
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CERT_DIR="$SCRIPT_DIR/tests"
+CA_DIR="$CERT_DIR/ca"
+
+clean_up_test_dir() {
    if [[ -d "$CERT_DIR" ]]; then
        echo "Cleaning up test directory $CERT_DIR..."
        rm -rf "$CERT_DIR"/*
    fi
-
    echo "Creating test directory $CERT_DIR and ca subdirectory..."
-    mkdir -p "$CERT_DIR/ca"
+    mkdir -p "$CA_DIR"
 }

-function display_certificate() {
+display_certificate() {
    local CERT_PATH="$1"

    echo -e "\nDisplaying generated certificate for verification ($CERT_PATH):"
-
-    # Display the certificate details for verification
    openssl x509 -in "$CERT_PATH" -noout -subject -issuer -serial -fingerprint
    echo

    echo -e "\nVerifying certificate against the CA bundle ($CA_DIR/ca_bundle.pem)..."
-
-    # Verify the certificate against the CA bundle
    if openssl verify -CAfile "$CA_DIR/ca_bundle.pem" "$CERT_PATH" 2>/dev/null; then
        echo "Certificate verification successful."
    else
        echo "ERROR: Certificate verification failed." >&2
+        exit 1
    fi
 }

-# Create a temporary directory for the test certificates
-CERT_DIR="$(dirname "$BASH_SOURCE[0]")/tests"
-CA_DIR="$CERT_DIR/ca"
+# run_flow NAME MAKE_CA_CMD MAKE_CERT_CMD MAKE_PFX_CMD
+# Command variables are left unquoted on use, so multi-word prefixes
+# (e.g. "python3 simple-ca.py make-ca") word-split as expected.
+run_flow() {
+    local NAME="$1"
+    local MAKE_CA_CMD="$2"
+    local MAKE_CERT_CMD="$3"
+    local MAKE_PFX_CMD="$4"

-# Clean up any existing files in the temporary directory
-clean_up_test_dir "$CERT_DIR"
+    echo
+    echo "============================================================"
+    echo "Running tests for '$NAME' implementation"
+    echo "============================================================"
+
+    echo
+    echo "--- [$NAME] Standalone CA ---"
+    clean_up_test_dir
+    $MAKE_CA_CMD "$CA_DIR" "Test CA"
+    display_certificate "$CA_DIR/ca_cert.pem"
+    $MAKE_CERT_CMD --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"
+    display_certificate "$CERT_DIR/test_cert.pem"
+
+    echo
+    echo "--- [$NAME] Two-level CA ---"
+    clean_up_test_dir
+    $MAKE_CA_CMD "$CA_DIR" "Test Two Level CA"
+    display_certificate "$CA_DIR/ca_cert.pem"
+    $MAKE_CA_CMD --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA"
+    display_certificate "$CA_DIR/issuing_ca_cert.pem"
+    $MAKE_CERT_CMD --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"
+    display_certificate "$CERT_DIR/test_cert.pem"
+    $MAKE_PFX_CMD --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t"
+
+    echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):"
+    openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t"
+}
+
+# Uses ;;& to fall through to subsequent patterns so 'all' matches every block.
+case "$TEST_TARGET" in
+    bash|all)
+        # shellcheck disable=SC1091
+        source "$SCRIPT_DIR/simple-ca.sh"
+        run_flow "bash" "make_ca" "make_cert" "make_pfx"
+        ;;&
+    python|all)
+        command -v python3 >/dev/null || { echo "ERROR: python3 not found" >&2; exit 1; }
+        PY_PREFIX="python3 $SCRIPT_DIR/simple-ca.py"
+        run_flow "python" "$PY_PREFIX make-ca" "$PY_PREFIX make-cert" "$PY_PREFIX make-pfx"
+        ;;&
+    go|all)
+        command -v go >/dev/null || { echo "ERROR: go not found" >&2; exit 1; }
+        GO_SRC="$SCRIPT_DIR/src/simple-ca"
+        GO_BIN="$GO_SRC/simple-ca"
+        echo "Building Go binary..."
+        (cd "$GO_SRC" && go build -o simple-ca .)
+        run_flow "go" "$GO_BIN make-ca" "$GO_BIN make-cert" "$GO_BIN make-pfx"
+        ;;&
+    bash|python|go|all)
+        ;;
+    *)
+        echo "ERROR: unknown target '$TEST_TARGET' (expected: bash|python|go|all)" >&2
+        exit 1
+        ;;
+esac

 echo
-echo "Running tests for standalone CA..."
-echo "----------------------------------"
-echo
-
-# Create a standalone CA for testing purposes
-if ! make_ca "$CA_DIR" "Test CA"; then
-    echo "ERROR: Failed to create CA." >&2
-    exit 1
-fi
-
-# List the generated certificates and keys for verification
-display_certificate "$CA_DIR/ca_cert.pem"
-
-# Make a server certificate signed by the CA
-if ! make_cert --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then
-    echo "ERROR: Failed to create server certificate." >&2
-    exit 1
-fi
-
-# List the generated server certificate and key for verification
-display_certificate "$CERT_DIR/test_cert.pem"
-
-# Remove all files from the directory
-clean_up_test_dir "$CERT_DIR"
-
-echo
-echo "Running tests for two-level CA..."
-echo "---------------------------------"
-echo
-
-# Create a new CA with pathlen 1
-if ! make_ca "$CA_DIR" "Test Two Level CA"; then
-    echo "ERROR: Failed to create CA." >&2
-    exit 1
-fi
-
-# List the generated certificates and keys for verification
-display_certificate "$CA_DIR/ca_cert.pem"
-
-# Create an issuing CA signed by the first CA
-if ! make_ca --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA"; then
-    echo "ERROR: Failed to create issuing CA." >&2
-    exit 1
-fi
-
-# List the generated certificates and keys for verification
-display_certificate "$CA_DIR/issuing_ca_cert.pem"
-
-# Make a server certificate signed by the CA
-if ! make_cert --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then
-    echo "ERROR: Failed to create server certificate." >&2
-    exit 1
-fi
-
-# List the generated server certificate and key for verification
-display_certificate "$CERT_DIR/test_cert.pem"
-
-# Create a PKCS#12 (PFX) file for the server certificate
-if ! make_pfx --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t"; then
-    echo "ERROR: Failed to create PKCS#12 (PFX) file." >&2
-    exit 1
-fi
-
-# Read the generated PKCS#12 (PFX) file to verify its contents
-echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):"
-if ! openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t"; then
-    echo "ERROR: Failed to read PKCS#12 (PFX) file." >&2
-    exit 1
-fi
+echo "All requested tests passed."