From 9cd13fb3b8137e23409750f81afa9c556981897c Mon Sep 17 00:00:00 2001 From: Antonio Aversa Date: Tue, 26 Nov 2024 11:09:00 +0100 Subject: [PATCH] Remove unnecessary CA certificate --- .github/qa-sq-behind-ngix/compose.yml | 1 - .../generate-certificates.sh | 34 ------------------- .github/workflows/qa.yml | 20 ++++++++--- 3 files changed, 15 insertions(+), 40 deletions(-) delete mode 100755 .github/qa-sq-behind-ngix/generate-certificates.sh diff --git a/.github/qa-sq-behind-ngix/compose.yml b/.github/qa-sq-behind-ngix/compose.yml index 5888b38..0c35001 100644 --- a/.github/qa-sq-behind-ngix/compose.yml +++ b/.github/qa-sq-behind-ngix/compose.yml @@ -16,7 +16,6 @@ services: - 4443:4443 volumes: - $GITHUB_WORKSPACE/.github/qa-sq-behind-ngix/nginx.conf:/etc/nginx/nginx.conf:ro - - $GITHUB_WORKSPACE/.github/qa-sq-behind-ngix/ca.crt:/etc/nginx/client_certs/ca.crt:ro - $GITHUB_WORKSPACE/.github/qa-sq-behind-ngix/server.crt:/etc/nginx/server.crt:ro - $GITHUB_WORKSPACE/.github/qa-sq-behind-ngix/server.key:/etc/nginx/server.key:ro healthcheck: diff --git a/.github/qa-sq-behind-ngix/generate-certificates.sh b/.github/qa-sq-behind-ngix/generate-certificates.sh deleted file mode 100755 index de33ae5..0000000 --- a/.github/qa-sq-behind-ngix/generate-certificates.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -set -eux - -echo Generating server certificate... - -openssl req \ - -newkey rsa:4096 \ - -x509 \ - -sha256 \ - -addext "subjectAltName = DNS:localhost" \ - -days 3650 \ - -nodes \ - -out server.crt \ - -subj "/C=CH/ST=Geneva/L=Geneva/O=Server/OU=Dept" \ - -keyout server.key - -echo Generating CA certificate... - -# Generate Certificate Authority key -openssl genrsa \ - -passout pass:test42 \ - -des3 \ - -out ca.key 4096 \ - -# Generate Certificate Authority certificate -openssl req \ - -passin pass:test42 \ - -new \ - -x509 \ - -days 365 \ - -key ca.key \ - -out ca.crt \ - -subj "/C=CH/ST=Geneva/L=Geneva/O=CertificateAuthority/OU=ExpertDepartment" diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 08e5c93..e85a913 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -283,13 +283,23 @@ jobs: - uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - - name: Generate certificates - run: ./generate-certificates.sh + - name: Generate server certificate + run: | + openssl req \ + -newkey rsa:4096 \ + -x509 \ + -sha256 \ + -addext "subjectAltName = DNS:localhost" \ + -days 3650 \ + -nodes \ + -out server.crt \ + -subj "/C=CH/ST=Geneva/L=Geneva/O=Server/OU=Dept" \ + -keyout server.key working-directory: .github/qa-sq-behind-ngix - name: Start nginx and SonarQube via Docker Compose run: docker compose up -d --wait working-directory: .github/qa-sq-behind-ngix - - name: Read correct client certificate from + - name: Read correct server certificate run: | # read server.crt from .github/qa-sq-behind-ngix/ and store into the SONAR_ROOT_CERT_VALID # environment variable, to be able to read it in the next step @@ -306,7 +316,7 @@ jobs: with: args: -Dsonar.login=admin -Dsonar.password=admin projectBaseDir: ./test/example-project - - name: Clear imported certificates + - name: Clear imported SSL certificates run: | rm -f ~/.sonar/ssl/truststore.p12 - name: Run action with an invalid SSL certificate @@ -325,7 +335,7 @@ jobs: - name: Assert failure of previous step if: steps.invalid_ssl_certificate.outcome == 'success' run: exit 1 - - name: Clear imported certificates + - name: Clear imported SSL certificates run: | rm -f ~/.sonar/ssl/truststore.p12 - name: Run action with the wrong SSL certificate