Misc fixes for CI tests

Author: timkimber

getssl

@@ -568,7 +568,7 @@ check_challenge_completion_dns() { # perform validation via DNS challenge
 
     # add +noidnout if idn-domain so search for domain in results works
     if [[ "${d}" == xn--* || "${d}" == *".xn--"* ]]; then
-      if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "dig" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then
+      if [[ "$DNS_CHECK_FUNC" == "nslookup" || "$DNS_CHECK_FUNC" == "host" || ("$DNS_CHECK_FUNC" == "$HAS_DIG_OR_DRILL" && "$DIG_SUPPORTS_NOIDNOUT" == "false") ]]; then
         info "Info: idn domain but $DNS_CHECK_FUNC doesn't support +noidnout"
       else
         debug "adding +noidnout to DNS_CHECK_OPTIONS"
@@ -1418,6 +1418,8 @@ for d in "${alldomains[@]}"; do
         # get the token and uri from the dns-01 component
         token=$(json_get "$response" "challenges" "type" "dns-01" "token")
         uri=$(json_get "$response" "challenges" "type" "dns-01" "url")
+        # when using pebble this sometimes appears to have a newline which causes problems in send_signed_request
+        uri=$(echo "$uri" | tr -d '\r')
         debug uri "$uri"
       fi
 
@@ -2516,7 +2518,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
 
     code="500"
     loop_limit=5
-    while [[ "$code" -eq 500 ]]; do
+    while [[ "$code" == 5* ]]; do
       if [[ "$outfile" ]] ; then
         $CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile"
         errcode=$?
@@ -2562,13 +2564,13 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
         fi
       fi
       debug "response status = $response_status"
-      if [[ "$code" -eq 500 ]]; then
-        info "_error on acme server - trying again ...."
+      if [[ "$code" == 5* ]]; then
+        info "_error on acme server - waiting 30s then trying again ...."
         debug "loop_limit = $loop_limit"
-        sleep 5
+        sleep 30
         loop_limit=$((loop_limit - 1))
         if [[ $loop_limit -lt 1 ]]; then
-          error_exit "500 error from ACME server:  $response"
+          error_exit "$code error from ACME server: $response"
         fi
       fi
     done

test/0-test-usage.bats

@@ -40,6 +40,9 @@ setup() {
     if [ -n "$STAGING" ]; then
         skip "Using staging server, skipping internal test"
     fi
+
+    # Feb-23 Getting semi-repeatable "can't check for upgrades: ''" errors which are because the limit is being exceeded (re-use of github action ip?)
+    check_github_quota 7
     run ${CODE_DIR}/getssl --upgrade
     refute_output
     assert_success

test/32-test-upgrade.bats

@@ -4,39 +4,6 @@ load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 
-LIMIT_API="https://api.github.com/rate_limit"
-
-# Quota generally shouldn't be an issue - except for tests
-# Rate limits are per-IP address
-check_github_quota() {
-  local need remaining reset limits now
-  need="$1"
-  while true ; do
-    limits="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g' | sed -ne'/"core":/,/}/p')"
-    errcode=$?
-    if [[ $errcode -eq 60 ]]; then
-      error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
-    elif [[ $errcode -gt 0 ]]; then
-      error_exit "curl error checking releases: $errcode"
-    fi
-    limits="$(sed -e's/^ *//g' <<<"${limits}")"
-    remaining="$(sed -e'/^"remaining": *[0-9]/!d;s/^"remaining": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
-    reset="$(sed -e'/^"reset": *[0-9]/!d;s/^"reset": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
-    if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi
-    limit="$(sed -e'/^"limit": *[0-9]/!d;s/^"limit": *\([0-9][0-9]*\).*$/\1/' <<<"${limits}")"
-    if [[ "$limit" -lt "$need" ]] ; then
-      error_exit "GitHub API request $need exceeds limit $limit"
-    fi
-    now="$(date +%s)"
-    while [[ "$now" -lt "$reset" ]] ; do
-      info "sleeping $(( "$reset" - "$now" )) seconds for GitHub quota"
-      sleep "$(( "$reset" - "$now" ))"
-      now="$(date +%s)"
-   done
-  done
-}
-
-
 setup_file() {
     if [ -n "$STAGING" ]; then
         echo "Using staging server, skipping internal test" >&3

test/test_helper.bash

@@ -1,5 +1,6 @@
 INSTALL_DIR=/root
 CODE_DIR=/getssl
+LIMIT_API="https://api.github.com/rate_limit"
 
 check_certificates()
 {
@@ -8,6 +9,42 @@ check_certificates()
   assert [ -e "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt" ]
 }
 
+# Quota generally shouldn't be an issue - except for tests
+# Rate limits are per-IP address
+check_github_quota() {
+  local need remaining reset limits now
+  need="$1"
+  echo "# Checking github limits"
+  while true ; do
+    limits="$(curl ${_NOMETER:---silent} --user-agent "srvrco/getssl/github-actions" -H 'Accept: application/vnd.github.v3+json' "$LIMIT_API")"
+    echo "# limits = $limits"
+    errcode=$?
+    if [[ $errcode -eq 60 ]]; then
+      echo "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
+      exit 1
+    elif [[ $errcode -gt 0 ]]; then
+      echo "curl error checking releases: $errcode"
+      exit 1
+    fi
+    remaining="$(jq -r '.resources.core.remaining' <<<"$limits")"
+    echo "# Remaining: $remaining"
+    reset="$(jq -r '.resources.core.reset' <<<"$limits")"
+    if [[ "$remaining" -ge "$need" ]] ; then return 0 ; fi
+    limit="$(jq -r '.resources.core.limit' <<<"$limits")"
+    echo "# Limit: $limit"
+    if [[ "$limit" -lt "$need" ]] ; then
+      echo "GitHub API request $need exceeds limit $limit"
+      exit 1
+    fi
+    now="$(date +%s)"
+    while [[ "$now" -lt "$reset" ]] ; do
+      echo "# sleeping $(( reset - now )) seconds for GitHub quota"
+      sleep "$(( reset - now ))"
+      now="$(date +%s)"
+   done
+  done
+}
+
 # Only nginx > 1.11.0 support dual certificates in a single configuration file
 # https://unix.stackexchange.com/questions/285924/how-to-compare-a-programs-version-in-a-shell-script
 check_nginx() {
@@ -24,7 +61,7 @@ check_nginx() {
 
 check_output_for_errors() {
   refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-  refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:nonce]'
+  refute_output --regexp '[^_][Ee][Rr][Rr][Oo][Rr][^:badNonce]'
   refute_output --regexp '[^_][Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
   refute_line --partial 'command not found'
 }