Skip to content
CI

ci: standardize shellcheck --severity=error across all lab scripts #14

Sign in to view logs

ci: standardize shellcheck --severity=error across all lab scripts

ci: standardize shellcheck --severity=error across all lab scripts #14

Workflow file for this run

.github/workflows/ci.yml at 9887e4c
name: CI
on:
push:
branches: [main, develop, 'feature/**', 'bugfix/**']
pull_request:
branches: [main, develop]
permissions:
contents: read
security-events: write
jobs:
validate:
name: Validate Configuration
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate Docker Compose files
run: |
for f in docker/docker-compose.*.yml; do
echo "Validating: $f"
docker compose -f "$f" config --no-interpolate -q
done
- name: ShellCheck — lab test scripts
run: |
sudo apt-get install -y shellcheck -qq
shellcheck --severity=error tests/labs/*.sh
- name: Validate module manifest
run: |
python3 -c "
import sys, re
with open('it-stack-zammad.yml') as f:
content = f.read()
required = ['module:', 'version:', 'phase:', 'category:', 'ports:']
missing = [k for k in required if k not in content]
if missing:
print('Missing fields:', missing); sys.exit(1)
print('Manifest valid')
"
security-scan:
name: Security Scan
runs-on: ubuntu-latest
needs: validate
steps:
- uses: actions/checkout@v4
- name: Trivy — scan Dockerfile
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: config
scan-ref: .
exit-code: '0'
severity: CRITICAL,HIGH
- name: Trivy — SARIF output
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: config
scan-ref: .
format: sarif
output: trivy-results.sarif
- name: Upload SARIF to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif
lab-01-smoke:
name: Lab 01 — Zammad standalone (PG, ES, web, API, tickets)
runs-on: ubuntu-latest
needs: validate
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y curl
- name: Validate standalone compose
run: |
docker compose -f docker/docker-compose.standalone.yml config -q
echo "Standalone compose valid"
- name: Start standalone stack
run: docker compose -f docker/docker-compose.standalone.yml up -d
- name: Wait for PostgreSQL
run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.standalone.yml exec -T postgresql pg_isready -U zammad; do sleep 3; done'
- name: Wait for Elasticsearch
run: timeout 120 bash -c 'until curl -sf http://localhost:9200/_cluster/health | grep -qE "\"status\":\"(green|yellow)\""; do sleep 5; done'
- name: Wait for Zammad web
run: timeout 300 bash -c 'until curl -sf http://localhost:3000/ | grep -qi zammad; do sleep 10; done'
- name: Run Lab 11-01 test script
run: bash tests/labs/test-lab-11-01.sh
- name: Collect logs on failure
if: failure()
run: docker compose -f docker/docker-compose.standalone.yml logs
- name: Cleanup
if: always()
run: docker compose -f docker/docker-compose.standalone.yml down -v
lab-02-smoke:
name: Lab 02 — Zammad LAN (PG, ES, Redis, mailhog SMTP)
runs-on: ubuntu-latest
needs: validate
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y curl
- name: Validate LAN compose
run: docker compose -f docker/docker-compose.lan.yml config -q && echo "LAN compose valid"
- name: Start LAN stack
run: docker compose -f docker/docker-compose.lan.yml up -d
- name: Wait for PostgreSQL
run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.lan.yml exec -T postgresql pg_isready -U zammad -d zammad_production; do sleep 3; done'
- name: Wait for Elasticsearch
run: timeout 120 bash -c 'until curl -sf http://localhost:9200/_cluster/health | grep -qE "\"status\":\"(green|yellow)\""; do sleep 5; done'
- name: Wait for Redis
run: timeout 30 bash -c 'until docker compose -f docker/docker-compose.lan.yml exec -T redis redis-cli ping | grep -q PONG; do sleep 2; done'
- name: Wait for Zammad web
run: timeout 360 bash -c 'until curl -sf http://localhost:3000/ | grep -qi zammad; do sleep 10; done'
- name: Run Lab 11-02 test script
run: bash tests/labs/test-lab-11-02.sh
- name: Collect logs on failure
if: failure()
run: docker compose -f docker/docker-compose.lan.yml logs
- name: Cleanup
if: always()
run: docker compose -f docker/docker-compose.lan.yml down -v
lab-03-smoke:
name: Lab 03 - Zammad Advanced (ES indices, resource limits, RAILS_MAX_THREADS)
runs-on: ubuntu-latest
needs: validate
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y curl
- name: Validate advanced compose
run: docker compose -f docker/docker-compose.advanced.yml config -q && echo "Advanced compose valid"
- name: Start advanced stack
run: docker compose -f docker/docker-compose.advanced.yml up -d
- name: Wait for PostgreSQL
run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.advanced.yml exec -T postgresql pg_isready -U zammad -d zammad_production; do sleep 3; done'
- name: Wait for Elasticsearch
run: timeout 120 bash -c 'until curl -sf http://localhost:9200/_cluster/health | grep -qE "\"status\":\"(green|yellow)\""; do sleep 5; done'
- name: Wait for Zammad web
run: timeout 360 bash -c 'until curl -sf http://localhost:3000/ | grep -qi zammad; do sleep 10; done'
- name: Run Lab 11-03 test script
run: bash tests/labs/test-lab-11-03.sh
- name: Collect logs on failure
if: failure()
run: docker compose -f docker/docker-compose.advanced.yml logs
- name: Cleanup
if: always()
run: docker compose -f docker/docker-compose.advanced.yml down -v
lab-04-smoke:
name: Lab 04 — Zammad SSO Integration (Keycloak OIDC)
runs-on: ubuntu-latest
needs: validate
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y curl
- name: Validate SSO compose
run: docker compose -f docker/docker-compose.sso.yml config -q && echo "SSO compose valid"
- name: Start SSO stack
run: docker compose -f docker/docker-compose.sso.yml up -d
- name: Wait for Keycloak
run: timeout 120 bash -c 'until curl -sf http://localhost:8088/health/ready | grep -q UP; do sleep 5; done'
- name: Wait for PostgreSQL
run: timeout 60 bash -c 'until docker compose -f docker/docker-compose.sso.yml exec -T postgresql pg_isready -U zammad -d zammad_production; do sleep 3; done'
- name: Wait for Elasticsearch
run: timeout 120 bash -c 'until curl -sf http://localhost:9200/_cluster/health | grep -qE "\"status\":\"(green|yellow)\""; do sleep 5; done'
- name: Wait for Zammad web
run: timeout 360 bash -c 'until curl -sf http://localhost:3000/ | grep -qi zammad; do sleep 10; done'
- name: Run Lab 11-04 test script
run: bash tests/labs/test-lab-11-04.sh
- name: Collect logs on failure
if: failure()
run: docker compose -f docker/docker-compose.sso.yml logs
- name: Cleanup
if: always()
run: docker compose -f docker/docker-compose.sso.yml down -v
lab-05-smoke:
name: Lab 05 -- Zammad Advanced Integration (INT-06 Zammad<->Keycloak OIDC + INT-10 Zammad<->FreePBX CTI)
runs-on: ubuntu-latest
needs: validate
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y curl ldap-utils python3
- name: Validate integration compose
run: docker compose -f docker/docker-compose.integration.yml config -q && echo "Integration compose valid"
- name: Start integration stack
run: docker compose -f docker/docker-compose.integration.yml up -d
- name: Wait for OpenLDAP
run: timeout 120 bash -c 'until docker exec zammad-int-ldap ldapsearch -x -H ldap://localhost -b dc=lab,dc=local -D cn=admin,dc=lab,dc=local -w LdapAdmin05! > /dev/null 2>&1; do sleep 5; done'
- name: Wait for LDAP seed to complete
run: timeout 120 bash -c 'until docker inspect zammad-int-ldap-seed --format "{{.State.Status}}" 2>/dev/null | grep -q exited; do sleep 5; done'
- name: Wait for WireMock
run: timeout 60 bash -c 'until curl -sf http://localhost:8027/__admin/health; do sleep 5; done'
- name: Wait for Keycloak
run: timeout 240 bash -c 'until curl -sf http://localhost:8110/health/ready | grep -q UP; do sleep 5; done'
- name: Wait for Elasticsearch
run: timeout 180 bash -c 'until curl -sf http://localhost:9200/_cluster/health | grep -qE "\"status\":\"(green|yellow)\""; do sleep 10; done'
- name: Wait for Zammad
run: timeout 360 bash -c 'until curl -sf http://localhost:3001/ > /dev/null 2>&1; do sleep 15; done'
- name: Run Lab 11-05 test script
run: bash tests/labs/test-lab-11-05.sh --no-cleanup
- name: Collect logs on failure
if: failure()
run: docker compose -f docker/docker-compose.integration.yml logs
- name: Cleanup
if: always()
run: docker compose -f docker/docker-compose.integration.yml down -v
lab-06-smoke:
name: Lab 06 -- Zammad Production Deployment (resource limits + Elasticsearch + metrics)
runs-on: ubuntu-latest
needs: validate
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y curl ldap-utils
- name: Validate production compose
run: docker compose -f docker/docker-compose.production.yml config -q && echo "Production compose valid"
- name: Start production stack
run: docker compose -f docker/docker-compose.production.yml up -d
- name: Wait for Keycloak
run: timeout 240 bash -c 'until curl -sf http://localhost:8210/health/ready | grep -q UP; do sleep 5; done'
- name: Wait for OpenLDAP
run: timeout 120 bash -c 'until docker exec zammad-prod-ldap ldapsearch -x -H ldap://localhost -b dc=lab,dc=local -D cn=admin,dc=lab,dc=local -w LdapProd06! > /dev/null 2>&1; do sleep 5; done'
- name: Wait for Elasticsearch
run: timeout 240 bash -c 'until docker exec zammad-prod-elasticsearch curl -sf http://localhost:9200/_cluster/health | grep -qE "green|yellow"; do sleep 10; done'
- name: Wait for Zammad
run: timeout 360 bash -c 'until docker inspect zammad-prod-railsserver --format "{{.State.Health.Status}}" | grep -q healthy; do sleep 10; done'
- name: Run Lab 11-06 test script
run: bash tests/labs/test-lab-11-06.sh --no-cleanup
- name: Collect logs on failure
if: failure()
run: docker compose -f docker/docker-compose.production.yml logs
- name: Cleanup
if: always()
run: docker compose -f docker/docker-compose.production.yml down -v