akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix(integration): migrate wget-style curl syntax for Debian compatibility

Browse Source 
After migrating base image from Alpine to Debian Trixie (PR #550),
integration test scripts were using wget-style options with curl
that don't work correctly on Debian.

Changed curl -q -O- (wget syntax) to curl -sf (proper curl):

waf_integration.sh
cerberus_integration.sh
rate_limit_integration.sh
crowdsec_startup_test.sh
install-go-1.25.5.sh
Also added future phase to plan for Playwright security test helpers
to prevent ACL deadlock issues during E2E testing.

Refs: #550
This commit is contained in:
GitHub Actions
2026-01-25 09:17:50 +00:00
parent aa74d37a3a
commit a41cfaae10
12 changed files with 866 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
.github/workflows/rate-limit-integration.yml vendored Normal file
View File

@@ -0,0 +1,125 @@
name: Rate Limit Integration Tests
on:
push:
branches: [ main, development, 'feature/**' ]
paths:
- 'backend/internal/caddy/**'
- 'backend/internal/security/**'
- 'backend/internal/handlers/security*.go'
- 'backend/internal/models/security*.go'
- 'scripts/rate_limit_integration.sh'
- 'Dockerfile'
- '.github/workflows/rate-limit-integration.yml'
pull_request:
branches: [ main, development ]
paths:
- 'backend/internal/caddy/**'
- 'backend/internal/security/**'
- 'backend/internal/handlers/security*.go'
- 'backend/internal/models/security*.go'
- 'scripts/rate_limit_integration.sh'
- 'Dockerfile'
- '.github/workflows/rate-limit-integration.yml'
# Allow manual trigger
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
rate-limit-integration:
name: Rate Limiting Integration
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
- name: Build Docker image
run: |
docker build \
--no-cache \
--build-arg VCS_REF=${{ github.sha }} \
-t charon:local .
- name: Run rate limit integration tests
id: ratelimit-test
run: |
chmod +x scripts/rate_limit_integration.sh
scripts/rate_limit_integration.sh 2>&1 | tee ratelimit-test-output.txt
exit ${PIPESTATUS[0]}
- name: Dump Debug Info on Failure
if: failure()
run: |
echo "## 🔍 Debug Information" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Container Status" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
docker ps -a --filter "name=charon" --filter "name=ratelimit" --filter "name=backend" >> $GITHUB_STEP_SUMMARY 2>&1 || true
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Security Config API" >> $GITHUB_STEP_SUMMARY
echo '```json' >> $GITHUB_STEP_SUMMARY
curl -s http://localhost:8280/api/v1/security/config 2>/dev/null | head -100 >> $GITHUB_STEP_SUMMARY || echo "Could not retrieve security config" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Security Status API" >> $GITHUB_STEP_SUMMARY
echo '```json' >> $GITHUB_STEP_SUMMARY
curl -s http://localhost:8280/api/v1/security/status 2>/dev/null | head -100 >> $GITHUB_STEP_SUMMARY || echo "Could not retrieve security status" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Caddy Admin Config (rate_limit handlers)" >> $GITHUB_STEP_SUMMARY
echo '```json' >> $GITHUB_STEP_SUMMARY
curl -s http://localhost:2119/config 2>/dev/null | grep -A 20 '"handler":"rate_limit"' | head -30 >> $GITHUB_STEP_SUMMARY || echo "Could not retrieve Caddy config" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Charon Container Logs (last 100 lines)" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
docker logs charon-ratelimit-test 2>&1 | tail -100 >> $GITHUB_STEP_SUMMARY || echo "No container logs available" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Rate Limit Integration Summary
if: always()
run: |
echo "## ⏱️ Rate Limit Integration Test Results" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.ratelimit-test.outcome }}" == "success" ]; then
echo "✅ **All rate limit tests passed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Test Results:" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
grep -E "✓|=== ALL|HTTP 429|HTTP 200" ratelimit-test-output.txt | head -30 || echo "See logs for details"
grep -E "✓|=== ALL|HTTP 429|HTTP 200" ratelimit-test-output.txt | head -30 >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Verified Behaviors:" >> $GITHUB_STEP_SUMMARY
echo "- Requests within limit return HTTP 200" >> $GITHUB_STEP_SUMMARY
echo "- Requests exceeding limit return HTTP 429" >> $GITHUB_STEP_SUMMARY
echo "- Retry-After header present on blocked responses" >> $GITHUB_STEP_SUMMARY
echo "- Rate limit window resets correctly" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Rate limit tests failed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Failure Details:" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
grep -E "✗|FAIL|Error|failed|expected" ratelimit-test-output.txt | head -30 >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
fi
- name: Cleanup
if: always()
run: |
docker rm -f charon-ratelimit-test || true
docker rm -f ratelimit-backend || true
docker volume rm charon_ratelimit_data caddy_ratelimit_data caddy_ratelimit_config 2>/dev/null || true
docker network rm containers_default || true