test

feat(): adding knot-based ns_lord implementation #1201

Workflow file for this run

	name: test

	on:
	push:
	# run on push to main branch
	branches: [ main ]
	paths-ignore:
	- 'docs/**'
	pull_request:
	# run for pull requests against main
	branches: [ main ]
	paths-ignore:
	- 'docs/**'

	env:
	DESECSTACK_DOMAIN: your.hostname.example.com
	DESECSTACK_NS: ns1.example.com ns2.example.com
	DESECSTACK_API_ADMIN: john.doe@example.com
	DESECSTACK_API_AUTHACTION_VALIDITY: 24
	DESECSTACK_API_SEPA_CREDITOR_ID: TESTCREDITORID
	DESECSTACK_API_SEPA_CREDITOR_NAME: TESTCREDITORNAME
	DESECSTACK_API_EMAIL_HOST: mail.your.hostname.example.com
	DESECSTACK_API_EMAIL_HOST_USER: user
	DESECSTACK_API_EMAIL_HOST_PASSWORD: password
	DESECSTACK_API_EMAIL_PORT: 25
	DESECSTACK_API_SECRETKEY: 9Fn33T5yGuds
	DESECSTACK_API_PCH_API: http://pch
	DESECSTACK_API_PCH_API_TOKEN: insecure
	DESECSTACK_API_PSL_RESOLVER: 9.9.9.9
	DESECSTACK_DBAPI_PASSWORD_desec: 9Fn33T5yGueeee
	DESECSTACK_NSLORD_APIKEY: 9Fn33T5yGukjekwjew
	DESECSTACK_NSLORD_DEFAULT_TTL: 1234
	DESECSTACK_DBMASTER_PASSWORD_pdns: 9Fn33T5yGukjwelt
	DESECSTACK_NSMASTER_ALSO_NOTIFY:
	DESECSTACK_NSMASTER_APIKEY: LLq1orOQuXCINUz4TV
	DESECSTACK_NSMASTER_TSIGKEY: +++undefined/undefined/undefined/undefined/undefined/undefined/undefined/undefined+++A==
	DESECSTACK_NSLORD_KNOT_UPDATE_KEY_SECRET: insecure
	DESECSTACK_IPV4_REAR_PREFIX16: 172.16
	DESECSTACK_IPV6_SUBNET: bade:affe:dead:beef:b011::/80
	DESECSTACK_IPV6_ADDRESS: bade:affe:dead:beef:b011:0642:ac10:0080
	DESECSTACK_PORT_XFR: 12353
	DESECSTACK_WWW_CERTS: ./certs
	DESECSTACK_MINIMUM_TTL_DEFAULT: 3600
	DESECSTACK_PROMETHEUS_PASSWORD: Je9NNkqbULsg

	jobs:
	test-format:
	# tests if correct formatting is used
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- name: Install Ruff
	run: python3 -m pip install ruff
	- name: Test desecapi formatting
	run: ruff format --check api/

	test-watcher:
	# runs Knot watcher unit tests
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-python@v5
	with:
	python-version: "3.12"
	- name: Install pytest
	run: python3 -m pip install pytest
	- name: Run watcher tests
	run: python3 -m pytest nslord_knot/tests/test_zone_watch.py

	test-missing-migrations:
	# test if Django migrations are missing
	runs-on: ubuntu-latest
	steps:
	- name: Check out code
	uses: actions/checkout@v6
	- name: Build images
	uses: ./.github/workflows/build
	with:
	images: api dbapi nslord nsmaster dblord dbmaster
	- name: Check for missing migrations
	run: docker compose run -T api sh -c "./wait-dbapi && python manage.py makemigrations --check"

	test-e2e2:
	# runs e2e2 tests
	runs-on: ubuntu-latest
	needs: [test-psl-resolver]
	steps:
	- name: Check out code
	uses: actions/checkout@v6
	- name: Build images
	uses: ./.github/workflows/build
	- name: Run e2e2 Tests
	run: docker compose -f docker-compose.yml -f docker-compose.test-e2e2.yml run -T test-e2e2 sh -c "./apiwait 300 && python3 -m pytest -vv --skip-performance-tests ."
	- name: e2e2 Tests Logs and Cleanup
	if: always()
	run: \|
	docker compose -f docker-compose.yml -f docker-compose.test-e2e2.yml ps
	grep 'desec/' /var/log/syslog
	docker compose -f docker-compose.yml -f docker-compose.test-e2e2.yml down -v

	test-psl-resolver:
	# sanity-check PSL DNS lookups before e2e2
	runs-on: ubuntu-latest
	strategy:
	fail-fast: true
	matrix:
	resolver: ["9.9.9.9", "8.8.8.8"]
	steps:
	- name: Check out code
	uses: actions/checkout@v6
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: "3.12"
	- name: Install psl_dns
	run: python3 -m pip install psl-dns
	- name: Run PSL DNS queries (extensive logging)
	env:
	PSL_RESOLVER: ${{ matrix.resolver }}
	run: \|
	python3 - <<'PY'
	import os
	import random
	import string
	import time
	import psl_dns
	import dns.rdatatype
	import dns.exception

	resolver_ip = os.environ["PSL_RESOLVER"]
	psl = psl_dns.PSL(resolver=resolver_ip, timeout=0.5)
	print(f"Resolver: {resolver_ip}")
	print(f"Nameservers: {psl.resolver.nameservers}")

	def random_domain():
	return "".join(random.choice(string.ascii_lowercase) for _ in range(16)) + ".test"

	failures = 0
	for i in range(5):
	domain = random_domain()
	print(f"[{i}] Domain: {domain}")
	start = time.time()
	try:
	suffix = psl.get_public_suffix(domain)
	elapsed = (time.time() - start) * 1000.0
	print(f"[{i}] PSL suffix: {suffix} ({elapsed:.1f} ms)")
	if suffix != "test":
	print(f"[{i}] ERROR: unexpected suffix {suffix!r}")
	failures += 1
	except Exception as exc:
	elapsed = (time.time() - start) * 1000.0
	print(f"[{i}] ERROR: psl_dns failed after {elapsed:.1f} ms: {type(exc).__name__}: {exc}")
	failures += 1

	try:
	q_start = time.time()
	psl.resolver.query(domain, dns.rdatatype.PTR, lifetime=2.0)
	q_elapsed = (time.time() - q_start) * 1000.0
	print(f"[{i}] PTR query: success ({q_elapsed:.1f} ms)")
	except dns.exception.DNSException as exc:
	q_elapsed = (time.time() - q_start) * 1000.0
	print(f"[{i}] PTR query: {type(exc).__name__} after {q_elapsed:.1f} ms: {exc}")

	if failures:
	raise SystemExit(f"PSL resolver check failed: {failures} error(s)")
	PY

	test-api:
	# runs API tests
	runs-on: ubuntu-latest
	steps:
	- name: Check out code
	uses: actions/checkout@v6
	- name: Build images
	uses: ./.github/workflows/build
	with:
	images: api dbapi nslord nsmaster dblord dbmaster
	- name: Run API Tests
	run: docker compose -f docker-compose.yml -f docker-compose.test-api.yml run -T api bash -c "./entrypoint-tests.sh"
	- name: API Tests Logs and Cleanup
	if: always()
	run: \|
	docker compose -f docker-compose.yml -f docker-compose.test-api.yml ps
	grep 'desec/' /var/log/syslog
	docker compose -f docker-compose.yml -f docker-compose.test-api.yml down -v

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(): adding knot-based ns_lord implementation #1201

Workflow file

feat(): adding knot-based ns_lord implementation #1201

Uh oh!

Workflow file for this run