feat(lab-03): FreePBX Advanced Features -- resource limits, AMI :5038… #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop, 'feature/**', 'bugfix/**'] | |
| pull_request: | |
| branches: [main, develop] | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| validate: | |
| name: Validate Configuration | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Validate Docker Compose files | |
| run: | | |
| for f in docker/docker-compose.*.yml; do | |
| echo "Validating: $f" | |
| docker compose -f "$f" config --no-interpolate -q | |
| done | |
| - name: ShellCheck — lab test scripts | |
| run: | | |
| sudo apt-get install -y shellcheck -qq | |
| shellcheck tests/labs/*.sh | |
| - name: Validate module manifest | |
| run: | | |
| python3 -c " | |
| import sys, re | |
| with open('it-stack-freepbx.yml') as f: | |
| content = f.read() | |
| required = ['module:', 'version:', 'phase:', 'category:', 'ports:'] | |
| missing = [k for k in required if k not in content] | |
| if missing: | |
| print('Missing fields:', missing); sys.exit(1) | |
| print('Manifest valid') | |
| " | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Trivy — scan Dockerfile | |
| uses: aquasecurity/trivy-action@0.28.0 | |
| with: | |
| scan-type: config | |
| scan-ref: . | |
| exit-code: '0' | |
| severity: CRITICAL,HIGH | |
| - name: Trivy — SARIF output | |
| uses: aquasecurity/trivy-action@0.28.0 | |
| with: | |
| scan-type: config | |
| scan-ref: . | |
| format: sarif | |
| output: trivy-results.sarif | |
| - name: Upload SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: trivy-results.sarif | |
| lab-01-smoke: | |
| name: Lab 01 -- FreePBX Standalone (MariaDB + Asterisk) | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install tools | |
| run: sudo apt-get install -y curl | |
| - name: Validate standalone compose | |
| run: docker compose -f docker/docker-compose.standalone.yml config -q && echo "Standalone compose valid" | |
| - name: Start standalone stack | |
| run: docker compose -f docker/docker-compose.standalone.yml up -d | |
| - name: Wait for MariaDB | |
| run: timeout 120 bash -c 'until docker exec freepbx-s01-db mysqladmin ping -h localhost -u root -pRootLab01! > /dev/null 2>&1; do sleep 5; done' | |
| - name: Wait for FreePBX web | |
| run: timeout 300 bash -c 'until curl -sf http://localhost:8301/admin/config.php; do sleep 10; done' | |
| - name: Run Lab 10-01 test script | |
| run: bash tests/labs/test-lab-10-01.sh --no-cleanup | |
| - name: Collect logs on failure | |
| if: failure() | |
| run: docker compose -f docker/docker-compose.standalone.yml logs | |
| - name: Cleanup | |
| if: always() | |
| run: docker compose -f docker/docker-compose.standalone.yml down -v | |
| lab-02-smoke: | |
| name: Lab 02 -- FreePBX External Dependencies (MariaDB + Mailhog) | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install tools | |
| run: sudo apt-get install -y curl default-mysql-client | |
| - name: Validate LAN compose | |
| run: docker compose -f docker/docker-compose.lan.yml config -q && echo "LAN compose valid" | |
| - name: Start LAN stack | |
| run: docker compose -f docker/docker-compose.lan.yml up -d | |
| - name: Wait for MariaDB | |
| run: timeout 120 bash -c 'until docker exec freepbx-l02-db mysqladmin ping -uroot -pRootLab02! --silent; do sleep 5; done' | |
| - name: Wait for Mailhog | |
| run: timeout 60 bash -c 'until curl -sf http://localhost:8610/api/v2/messages; do sleep 5; done' | |
| - name: Wait for FreePBX web | |
| run: timeout 300 bash -c 'until curl -sf http://localhost:8310/admin/config.php; do sleep 10; done' | |
| - name: Run Lab 10-02 test script | |
| run: bash tests/labs/test-lab-10-02.sh --no-cleanup | |
| - name: Collect logs on failure | |
| if: failure() | |
| run: docker compose -f docker/docker-compose.lan.yml logs | |
| - name: Cleanup | |
| if: always() | |
| run: docker compose -f docker/docker-compose.lan.yml down -v | |
| lab-03-smoke: | |
| name: Lab 03 -- FreePBX Advanced Features (AMI + recordings + MOH volumes) | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install tools | |
| run: sudo apt-get install -y curl default-mysql-client netcat-openbsd | |
| - name: Validate advanced compose | |
| run: docker compose -f docker/docker-compose.advanced.yml config -q && echo "Advanced compose valid" | |
| - name: Start advanced stack | |
| run: docker compose -f docker/docker-compose.advanced.yml up -d | |
| - name: Wait for MariaDB | |
| run: timeout 120 bash -c 'until docker exec freepbx-a03-db mysqladmin ping -uroot -pRootLab03! --silent; do sleep 5; done' | |
| - name: Wait for Mailhog | |
| run: timeout 60 bash -c 'until curl -sf http://localhost:8620/api/v2/messages; do sleep 5; done' | |
| - name: Wait for FreePBX web | |
| run: timeout 300 bash -c 'until curl -sf http://localhost:8320/admin/config.php; do sleep 10; done' | |
| - name: Run Lab 10-03 test script | |
| run: bash tests/labs/test-lab-10-03.sh --no-cleanup | |
| - name: Collect logs on failure | |
| if: failure() | |
| run: docker compose -f docker/docker-compose.advanced.yml logs | |
| - name: Cleanup | |
| if: always() | |
| run: docker compose -f docker/docker-compose.advanced.yml down -v |