add nextcloud cron quadlet #460
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: push | |
jobs: | |
test-commit: | |
name: Test commit | |
runs-on: ubuntu-24.04 | |
steps: | |
# setup | |
- name: Install deps | |
run: |- | |
set -euo pipefail | |
sudo apt-get update -qy | |
sudo apt-get install -y podman>=4.4 | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Podman socket | |
run: systemctl --user start podman.socket | |
- name: Patch pods for testing | |
run: |- | |
set -euxo pipefail | |
sed -i \ | |
-e '/^[[:blank:]]*env:/ {' \ | |
-e 'a\ - { name: NEXTCLOUD_ADMIN_USER, value: admin }' \ | |
-e 'a\ - { name: NEXTCLOUD_ADMIN_PASSWORD, value: admin }' \ | |
-e '}' \ | |
kube/nextcloud.yaml | |
sed -i \ | |
-e 's|hostPort:[[:blank:]]*80$|hostPort: 2080|' \ | |
-e 's|hostPort:[[:blank:]]*443$|hostPort: 2443|' \ | |
-e "s|/run/user/1000/|${XDG_RUNTIME_DIR:-/run/user/1000}/|" \ | |
kube/*.yaml | |
# startup | |
- name: Create pods | |
run: |- | |
set -euo pipefail | |
find init/ -name 'secrets.*.yaml' -print -exec podman kube play {} \; | |
find kube/ -name '*.yaml' -print -exec podman kube play --quiet --start=false {} \; | |
- name: Start databases | |
run: |- | |
set -euo pipefail | |
podman pod start mariadb | |
podman wait --condition healthy mariadb-app | |
- name: Start pods | |
run: podman pod start -a | |
- name: Wait for healthy state | |
run: |- | |
set -euo pipefail | |
yq -ot '. as $parent | ( | |
.spec.containers[] | select(.livenessProbe) | $parent.metadata.name + "-" + .name, | |
.spec.template.spec.containers[] | select(.livenessProbe) | $parent.metadata.name + "-pod-" + .name | |
)' kube/*.yaml | | |
xargs -t podman wait --condition healthy | |
timeout-minutes: 2 | |
# testing | |
- name: Test Claper | |
run: |- | |
set -euxo pipefail | |
DOMAIN=$(podman secret inspect caddy --showsecret --format "{{.SecretData}}" | yq -ot .data.CLAPER_DOMAIN | base64 -d | sed 's/ *,.*//') | |
curl -ikLsS \ | |
--connect-to "$DOMAIN:80:127.0.0.1:8080" \ | |
--connect-to "$DOMAIN:443:127.0.0.1:8443" \ | |
"http://$DOMAIN/" | | |
tee /dev/stderr | | |
grep -q "^HTTP/[1-9\.]* 200" | |
- name: Test Dozzle | |
run: |- | |
set -euxo pipefail | |
DOMAIN=$(podman secret inspect caddy --showsecret --format "{{.SecretData}}" | yq -ot .data.NEXTCLOUD_DOMAIN | base64 -d | sed 's/ *,.*//') | |
USER_=$(podman secret inspect caddy --showsecret --format "{{.SecretData}}" | yq -ot .data.DOZZLE_USER | base64 -d) | |
curl -ikLsS --location-trusted --user "$USER_:$USER_" \ | |
--connect-to "$DOMAIN:80:127.0.0.1:8080" \ | |
--connect-to "$DOMAIN:443:127.0.0.1:8443" \ | |
"http://$DOMAIN/dozzle/" | | |
tee /dev/stderr | | |
grep -q "^HTTP/[1-9\.]* 200" | |
- name: Test Nextcloud | |
run: |- | |
set -euxo pipefail | |
podman secret inspect caddy --showsecret --format "{{.SecretData}}" | | |
yq -ot .data.NEXTCLOUD_DOMAIN | | |
base64 -d | | |
tr -d ' ' | | |
tr ',' '\n' | | |
while read -r DOMAIN; do | |
curl -ikLsS \ | |
--connect-to "$DOMAIN:80:127.0.0.1:8080" \ | |
--connect-to "$DOMAIN:443:127.0.0.1:8443" \ | |
"http://$DOMAIN/status.php" | | |
tee /dev/stderr | | |
grep -q '"installed":true' | |
done | |
- name: Test Redirection | |
run: |- | |
set -euxo pipefail | |
DOMAIN=$(podman secret inspect caddy --showsecret --format "{{.SecretData}}" | yq -ot .data.REDIR_DOMAIN | base64 -d) | |
TARGET=$(podman secret inspect caddy --showsecret --format "{{.SecretData}}" | yq -ot .data.REDIR_TARGET | base64 -d) | |
{ | |
curl -ikLsS --max-redirs 1 \ | |
--connect-to "$DOMAIN:80:127.0.0.1:8080" \ | |
--connect-to "$DOMAIN:443:127.0.0.1:8443" \ | |
"http://$DOMAIN/test.php" || [ $? = 47 ] | |
} | | |
tee /dev/stderr | | |
grep -iq "location: $TARGET" | |
- name: Test Wordpress | |
run: |- | |
set -euxo pipefail | |
DOMAIN=$(podman secret inspect caddy --showsecret --format "{{.SecretData}}" | yq -ot .data.WORDPRESS1_DOMAIN | base64 -d) | |
curl -ikLsS \ | |
--connect-to "$DOMAIN:80:127.0.0.1:8080" \ | |
--connect-to "$DOMAIN:443:127.0.0.1:8443" \ | |
"http://$DOMAIN/wp-admin/install.php" | | |
tee /dev/stderr | | |
grep -q "^HTTP/[1-9\.]* 200" | |
# debug info | |
- name: State pods | |
if: ${{ always() }} | |
run: podman pod ls | |
- name: State containers | |
if: ${{ always() }} | |
run: podman ps -a | |
- name: Container logs | |
if: ${{ always() }} | |
run: |- | |
set -euo pipefail | |
podman ps -aq | | |
xargs -tn1 podman logs -n |