Adds e2e for vroxy_install_deb.sh

.github/workflows/ci.yml

@@ -24,6 +24,20 @@ jobs:
       - name: run e2e tests
         run: |
           make test-e2e
+
+  e2e_install_script:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        e2e_os: ["debian:bullseye", "ubuntu:22.04"]
+    env:
+      E2E_OS: ${{ matrix.e2e_os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: run install
+        run: |
+          ./tests_e2e/test_deb_setup.sh
+
   lint:
     runs-on: ubuntu-latest
     env:
@@ -43,4 +57,4 @@ jobs:
               -name="flake8" \
               -reporter="github-check" \
               -filter-mode="nofilter" \
-              -level="warning"
+              -level="warning"

docker-compose.yml

@@ -40,6 +40,35 @@ services:
       - VROXY_AUTH_TOKENS=abc,123
     profiles:
       - donotstart
+  vroxy-install-e2e.test:
+    image: ${E2E_OS:-debian:bullseye}
+    command: tail -F /dev/null
+    environment:
+      - CI=true
+      - DEBIAN_FRONTEND=noninteractive
+      - domain=vroxy-install-e2e.test
+      - acme_server=https://pebble:14000/dir
+    working_dir: /vroxy
+    volumes:
+      - .:/vroxy
+    profiles:
+      - donotstart
+  pebble:
+    image: letsencrypt/pebble:latest
+    command: pebble -config /test/config/pebble-config.json -strict -dnsserver 10.30.50.3:8053
+    # ports:
+    #   - 14000:14000  # HTTPS ACME API
+    #   - 15000:15000  # HTTPS Management API
+    environment:
+      - PEBBLE_VA_ALWAYS_VALID=1
+    profiles:
+      - vroxy_install
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "--no-check-certificate", "https://localhost:14000/dir"]
+      interval: 5s
+      timeout: 10s
+      retries: 3
+      start_period: 5s
   dev:
     build:
       context: .

tests_e2e/test_deb_bootstrap.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env sh
+
+set -e
+
+if [ "$CI" != "true" ]; then
+    echo "Cowardly refusing to run bootstrap on what looks like a non-CI environment."
+    echo "This bootstrap is only intended for ephemeral CI machines."
+    echo "Running this on a real machine will make it insecure."
+    exit 1
+fi
+
+set -x
+
+apt-get update
+
+apt-get install -y --no-install-recommends \
+    ca-certificates \
+    cron \
+    curl \
+    git \
+    procps
+
+curl -o /usr/local/share/ca-certificates/pebble.minica.crt https://raw.githubusercontent.com/letsencrypt/pebble/main/test/certs/pebble.minica.pem
+
+update-ca-certificates

tests_e2e/test_deb_setup.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env sh
+
+set -ex
+
+cleanup() {
+  docker compose rm -fsv pebble vroxy-install-e2e.test
+}
+
+cleanup
+
+trap cleanup EXIT
+
+docker compose up -d --wait pebble
+docker compose up -d vroxy-install-e2e.test
+
+DRUN="docker compose exec vroxy-install-e2e.test"
+
+$DRUN ./tests_e2e/test_deb_bootstrap.sh
+$DRUN ./vroxy_install_deb.sh
+sleep 15
+echo "## Testing tmux session"
+$DRUN curl -f http://localhost:8420/healthz
+echo
+echo "## Testing nginx"
+$DRUN curl -f -H 'Host: vroxy-install-e2e.test' -k https://localhost/healthz
+echo

vroxy_install_deb.sh

@@ -1,18 +1,28 @@
 #!/bin/bash
 
+set -e
+
 echo This script will automatically setup all dependencies and an NGINX server with a LetsEncrypt SSL cert.
 
 if [[ `whoami` != root ]]; then
     echo Permission escalation required. Please run this script as root or using sudo.
     exit
 fi
 
-echo '
+is_interactive="1"
+if [[ -n "$DEBIAN_FRONTEND" && "$DEBIAN_FRONTEND" == "noninteractive" ]]; then
+    echo "Running in noninteractive mode"
+    is_interactive="0"
+fi
 
->>> Some information is needed from you <<<
+if [[ $is_interactive == "1" ]]; then
+    echo '
 
-'
-read -p "Please select the folder for Vroxy to install into or update in (leave empty for /var/vroxy): " dir
+    >>> Some information is needed from you <<<
+
+    '
+    read -p "Please select the folder for Vroxy to install into or update in (leave empty for /var/vroxy): " dir
+fi
 
 if [ ! $dir ]; then dir='/var/vroxy'; fi
 if [[ -f "$dir/settings.ini" ]]; then
@@ -25,8 +35,10 @@ domainmsg='required'
 if [ $defaultdomain ]; then domainmsg="leave empty for $defaultdomain"; fi
 
 
-read -p "Please enter the domain name you wish to setup with the NGINX configuration ($domainmsg): " domain
-read -p "Please specify what port to run the Vroxy service on (leave empty for $defaultport): " port
+if [[ $is_interactive == "1" ]]; then
+    read -p "Please enter the domain name you wish to setup with the NGINX configuration ($domainmsg): " domain
+    read -p "Please specify what port to run the Vroxy service on (leave empty for $defaultport): " port
+fi
 
 if [ ! $port ]; then port=$defaultport; fi
 if [ ! $domain ]; then
@@ -65,41 +77,57 @@ server {
 }
 EOF
 echo NGINX Configuration stored in /etc/nginx/conf.d/$domain.conf
-nginx -t && nginx -s reload
+
+nginx -t
+if [[ -s /run/nginx.pid ]]; then
+    nginx -s reload
+fi
 
 echo ---
 echo Setting up LetsEncrypt
 echo ---
 
-certbot -n --nginx --redirect --no-eff-email --agree-tos --register-unsafely-without-email -d $domain
-croninfo=$(crontab -l)
-if echo $croninfo | grep -Fxq '0 12 * * * /usr/bin/certbot renew --quiet'; then
+extra_cb_args=""
+
+if [[ -n "$acme_server" ]]; then
+    extra_cb_args="$extra_cb_args --server $acme_server"
+fi
+
+certbot \
+    -n \
+    --nginx \
+    --redirect \
+    --no-eff-email \
+    --agree-tos \
+    --register-unsafely-without-email \
+    $extra_cb_args \
+    -d $domain
+
+if [[ -f /etc/cron.d/certbot ]]; then
     echo LetsEncrypt Autorenew cron found. Skipping.
 else
-    croninfo="$croninfo
-    # Lets Encrypt SSL Autorenew
-    0 12 * * * /usr/bin/certbot renew --quiet
-    "
-    echo $croninfo | crontab -
+    cat << 'EOF' > /etc/cron.d/certbot
+# Lets Encrypt SSL Autorenew
+0 12 * * * root /usr/bin/certbot renew --quiet
+EOF
     echo LetsEncrypt Autorenew cron added.
 fi
-if echo $croninfo | grep -xq "vroxy_reload.sh"; then
-    # replace any old directory service cron with the new directory service cron
-    croninfo=$(echo $croninfo | sed -r "s|bash .+/vroxy_reload\.sh|bash $dir/vroxy_reload.sh|g")
-    echo $croninfo | crontab -
-    echo Vroxy service auto-reload cron updated.
+
+if [[ -f /etc/cron.d/vroxy ]]; then
+    echo Vroxy service auto-reload cron found. Skipping.
 else
-    echo "$croninfo
-    # Vroxy service auto-reload
-    0 3 * * * bash $dir/vroxy_reload.sh
-    " | crontab -
+    cat << 'EOF' > /etc/cron.d/vroxy
+# Vroxy service auto-reload
+0 3 * * * root bash $dir/vroxy_reload.sh
+EOF
     echo Vroxy service auto-reload cron added.
 fi
+
 echo ---
 echo "Setting up Vroxy in $dir"
 echo ---
 mkdir $dir
-if [ ! $(git config --global --get-all safe.directory | grep "$dir")]; then
+if [ ! $(git config --global --get-all safe.directory | grep "$dir") ]; then
     # ensure that git knows that this new directory is safe
     git config --global --add safe.directory $dir
 fi
@@ -108,17 +136,22 @@ if [ $SUDO_USER ]; then
     chown -R $SUDO_USER $dir
 fi
 cd $dir
-if [[ ! -d "$dir/.git" ]]; then
-    git clone https://github.com/techanon/vroxy.git $dir
-    git config pull.ff only
+if [[ "$CI" == "true" ]]; then
+    # in a CI environment we want to test the files we have on disk, not remote
+    cp -a /vroxy/. .
 else
-    # if it already exists, just grab the latest instead
-    git pull
+    if [[ ! -d "$dir/.git" ]]; then
+        git clone https://github.com/techanon/vroxy.git $dir
+        git config pull.ff only
+    else
+        # if it already exists, just grab the latest instead
+        git pull
+    fi
 fi
 cat << EOF > settings.ini
 [server]
 domain=$domain
-host=localhost
+host=0.0.0.0
 port=$port
 EOF
 python3 -m pip install -U yt-dlp aiohttp tldextract

vroxy_reload.sh

@@ -1,10 +1,17 @@
 #!/bin/bash
+
+set -e
+
 cd "$(dirname "${BASH_SOURCE[0]}")"
 SCRIPT_DIR=$(pwd)
-echo "Stopping Vroxy service"
-tmux kill-session -t vroxy
-echo "Checking for latest Vroxy updates"
-git pull
+if pgrep tmux; then
+    echo "Stopping Vroxy service"
+    tmux kill-session -t vroxy
+fi
+if [[ "$CI" != "true" ]]; then
+    echo "Checking for latest Vroxy updates"
+    git pull --ff-only
+fi
 echo "Starting Vroxy service from $SCRIPT_DIR"
 tmux new-session -d -s vroxy \; send-keys "python3 $SCRIPT_DIR/vroxy.py" Enter
 echo "Vroxy service successfully started in a tmux session"