Debugging TLS builds on CI is fun, round 8 #684
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| paths: | |
| - ".github/workflows/ci.yaml" | |
| - ".config/nextest.toml" | |
| - "src/**" | |
| - "tests/**" | |
| - "Cargo.toml" | |
| - "Cargo.lock" | |
| pull_request: {} | |
| env: | |
| RUSTFLAGS: -D warnings | |
| CARGO_TERM_COLOR: always | |
| TEST_STATS_DELAY: 5000 | |
| jobs: | |
| lint: | |
| name: Lint | |
| strategy: | |
| matrix: | |
| runner: | |
| - "ubuntu-22.04" | |
| - "ubuntu-24.04" | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Lint (clippy) | |
| run: cargo clippy | |
| - name: Lint (rustfmt) | |
| run: cargo fmt --all --check | |
| build: | |
| name: Non-TLS tests | |
| strategy: | |
| matrix: | |
| rabbitmq-series: | |
| - "4.0" | |
| - "4.1" | |
| - "4.2" | |
| rust-version: | |
| - stable | |
| - beta | |
| runner: | |
| - "ubuntu-22.04" | |
| - "ubuntu-24.04" | |
| # - "ubuntu-24.04-arm" | |
| runs-on: ${{ matrix.runner }} | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:${{ matrix.rabbitmq-series }}-management | |
| ports: | |
| - 15672:15672 | |
| - 5672:5672 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ matrix.rust-version }} | |
| - uses: taiki-e/install-action@nextest | |
| - name: Wait for node to start booting | |
| run: sleep 15 | |
| - name: Configure broker | |
| run: RUST_HTTP_API_CLIENT_RABBITMQCTL=DOCKER:${{job.services.rabbitmq.id}} bin/ci/before_build.sh | |
| - name: Run tests | |
| run: RUST_BACKTRACE=1 NEXTEST_RETRIES=2 cargo nextest run --workspace --no-fail-fast --all-features | |
| tls-tests: | |
| name: TLS tests | |
| strategy: | |
| matrix: | |
| rabbitmq-series: | |
| - "4.0" | |
| - "4.1" | |
| - "4.2" | |
| rust-version: | |
| - stable | |
| runner: | |
| - "ubuntu-22.04" | |
| - "ubuntu-24.04" | |
| - "ubuntu-24.04-arm" | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ matrix.rust-version }} | |
| - uses: taiki-e/install-action@nextest | |
| - name: Clone tls-gen | |
| run: git clone --depth 1 https://github.com/rabbitmq/tls-gen.git target/tls-gen | |
| - name: Generate TLS certificates | |
| run: | | |
| cd target/tls-gen/basic | |
| make CN=localhost | |
| - name: Create certs directory | |
| run: mkdir -p tests/tls/certs | |
| - name: Copy certificates | |
| run: | | |
| cp target/tls-gen/basic/result/ca_certificate.pem tests/tls/certs/ | |
| cp target/tls-gen/basic/result/server_localhost_certificate.pem tests/tls/certs/server_certificate.pem | |
| cp target/tls-gen/basic/result/server_localhost_key.pem tests/tls/certs/server_key.pem | |
| cp target/tls-gen/basic/result/client_localhost_certificate.pem tests/tls/certs/client_certificate.pem | |
| cp target/tls-gen/basic/result/client_localhost_key.pem tests/tls/certs/client_key.pem | |
| chmod o+r tests/tls/certs/* | |
| chmod g+r tests/tls/certs/* | |
| - name: Create RabbitMQ TLS configuration | |
| run: | | |
| cat > tests/tls/certs/rabbitmq.conf << 'EOF' | |
| management.ssl.port = 15671 | |
| management.ssl.cacertfile = /certs/ca_certificate.pem | |
| management.ssl.certfile = /certs/server_certificate.pem | |
| management.ssl.keyfile = /certs/server_key.pem | |
| management.tcp.port = 15672 | |
| loopback_users = none | |
| EOF | |
| sed -i 's/^[[:space:]]*//' tests/tls/certs/rabbitmq.conf | |
| echo "Generated config:" | |
| cat tests/tls/certs/rabbitmq.conf | |
| - name: Start RabbitMQ | |
| run: | | |
| docker run -d --name rabbitmq-tls \ | |
| -p 15671:15671 \ | |
| -p 15672:15672 \ | |
| -p 5672:5672 \ | |
| rabbitmq:${{ matrix.rabbitmq-series }}-management | |
| - name: Wait for RabbitMQ to start | |
| run: | | |
| docker exec rabbitmq-tls rabbitmqctl await_startup --timeout 60 | |
| - name: Configure TLS | |
| run: | | |
| docker exec rabbitmq-tls mkdir -p /certs | |
| docker cp tests/tls/certs/ca_certificate.pem rabbitmq-tls:/certs/ | |
| docker cp tests/tls/certs/server_certificate.pem rabbitmq-tls:/certs/ | |
| docker cp tests/tls/certs/server_key.pem rabbitmq-tls:/certs/ | |
| docker cp tests/tls/certs/rabbitmq.conf rabbitmq-tls:/etc/rabbitmq/conf.d/10-tls.conf | |
| docker exec rabbitmq-tls chown -R rabbitmq:rabbitmq /certs | |
| docker exec rabbitmq-tls chmod 644 /certs/*.pem | |
| docker exec rabbitmq-tls chmod 600 /certs/server_key.pem | |
| - name: Restart RabbitMQ to apply TLS config | |
| run: | | |
| docker exec rabbitmq-tls rabbitmqctl stop_app | |
| docker exec rabbitmq-tls rabbitmqctl start_app | |
| sleep 5 | |
| - name: Verify TLS listener | |
| run: | | |
| docker exec rabbitmq-tls rabbitmq-diagnostics listeners | |
| echo "Checking if TLS port 15671 is listening..." | |
| docker exec rabbitmq-tls rabbitmq-diagnostics listeners | grep -E "15671|ssl" || echo "Note: TLS listener output" | |
| - name: Configure broker | |
| run: | | |
| docker exec rabbitmq-tls rabbitmqctl add_vhost / || true | |
| docker exec rabbitmq-tls rabbitmqctl add_user guest guest || true | |
| docker exec rabbitmq-tls rabbitmqctl set_permissions -p / guest ".*" ".*" ".*" | |
| - name: Run TLS tests | |
| run: | | |
| TLS_CERTS_DIR=${{ github.workspace }}/tests/tls/certs \ | |
| RUST_BACKTRACE=1 \ | |
| cargo nextest run -E 'binary(tls_tests)' --run-ignored=only --no-fail-fast | |
| - name: Stop RabbitMQ container | |
| if: always() | |
| run: docker stop rabbitmq-tls && docker rm rabbitmq-tls || true |