From 9da07590bd189fa29fa817f48cdeb2216cf08f52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andrzej=20G=C3=B3rski?= Date: Tue, 8 Oct 2019 21:24:55 +0200 Subject: [PATCH 1/7] Remove --fast from the test farm tests (#7427) --- AUTHORS.md | 1 + CHANGELOG.md | 2 +- tests/letstest/multitester.py | 7 ++----- tox.ini | 8 ++++---- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/AUTHORS.md b/AUTHORS.md index 182081e94..8468cbc56 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -18,6 +18,7 @@ Authors * [Alex Zorin](https://github.com/alexzorin) * [Amjad Mashaal](https://github.com/TheNavigat) * [Andrew Murray](https://github.com/radarhere) +* [Andrzej Górski](https://github.com/andrzej3393) * [Anselm Levskaya](https://github.com/levskaya) * [Antoine Jacoutot](https://github.com/ajacoutot) * [asaph](https://github.com/asaph) diff --git a/CHANGELOG.md b/CHANGELOG.md index de44cc583..102eaf4bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed -* +* Removed `--fast` flag from the test farm tests ### Fixed diff --git a/tests/letstest/multitester.py b/tests/letstest/multitester.py index d63b7ab5a..cfa53df7e 100644 --- a/tests/letstest/multitester.py +++ b/tests/letstest/multitester.py @@ -84,9 +84,6 @@ parser.add_argument('--killboulder', parser.add_argument('--boulderonly', action='store_true', help="only make a boulder server") -parser.add_argument('--fast', - action='store_true', - help="use larger instance types to run faster (saves about a minute, probably not worth it)") cl_args = parser.parse_args() # Credential Variables @@ -310,10 +307,10 @@ def create_client_instance(ec2_client, target, security_group_id, subnet_id): if 'machine_type' in target: machine_type = target['machine_type'] elif target['virt'] == 'hvm': - machine_type = 't2.medium' if cl_args.fast else 't2.micro' + machine_type = 't2.medium' else: # 32 bit systems - machine_type = 'c1.medium' if cl_args.fast else 't1.micro' + machine_type = 'c1.medium' if 'userdata' in target.keys(): userdata = target['userdata'] else: diff --git a/tox.ini b/tox.ini index 763f786fa..04715cc2f 100644 --- a/tox.ini +++ b/tox.ini @@ -274,7 +274,7 @@ setenv = AWS_DEFAULT_REGION=us-east-1 changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py apache2_targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_apache2.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py apache2_targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_apache2.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} @@ -283,7 +283,7 @@ setenv = {[testenv:travis-test-farm-tests-base]setenv} changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_leauto_upgrades.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_leauto_upgrades.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} @@ -292,7 +292,7 @@ setenv = {[testenv:travis-test-farm-tests-base]setenv} changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_letsencrypt_auto_certonly_standalone.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_letsencrypt_auto_certonly_standalone.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} @@ -301,7 +301,7 @@ setenv = {[testenv:travis-test-farm-tests-base]setenv} changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_sdists.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_sdists.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} From fcc398831b0e88106505a7879cac72afc47d1a93 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Tue, 8 Oct 2019 23:40:17 +0200 Subject: [PATCH 2/7] Create a new CI for Certbot on Windows using Azure Pipelines (#7377) This PR defines pipelines that can be run on Azure Pipelines. Currently there are two: * `.azure-pipelines/main.yml` is the main one, executed on PRs for master, and pushes to master, * `.azure-pipelines/advanced.yml` add installer testing on top of the main pipeline, and is executed for `test-*` branches, release branches, and nightly run for master. These two pipelines covers all existing stuff done by AppVeyor currently, and so AppVeyor can be decommissioned once Azure Pipelines is operational. You can see working pipeline in my fork: * a PR for `master` (so using main pipeline): https://github.com/adferrand/certbot/pull/65 * a PR for `test-something` (so using advanced pipeline): https://github.com/adferrand/certbot/pull/66 * uploaded coverage from Azure Pipelines: https://codecov.io/gh/adferrand/certbot/commit/499aa2cbf25e1e0ab4c93ab64057db92dfec0fba/build Once this PR is merged, we need to enable Azure Pipelines for Certbot. Instructions are written in `azure-pipelines/INSTALL.md`. This document also references all access rights required to Azure Pipelines onto GitHub to make the CI process work. Future work for future PRs: * create a CD pipeline for the releases that will push the installer to GitHub releases * implement a solution to generate notification on IRC or Mattermost when a nightly build fails * Define pipelines * Update locations * Update nightly * Use x86 * Update nightly.yml for Azure Pipelines * Run script * Use script * Update install * Use local installation * Register warnings * Fix pywin32 loading * Clean context * Enable coverage publication * Consume codecov token * Document installation * Update tool to upload coverage * Prepare pipeline artifacts * Update artifact ignore * Protect against codecov failures * Add a comment about codecov * Add a comment on RW access asked by Azure * Add instructions * Rename pipeline file * Update instructions * Update .azure-pipelines/templates/tests-suite.yml Co-Authored-By: Brad Warren * Update .azure-pipelines/INSTALL.md Co-Authored-By: Brad Warren * Modified scheduled pipeline * Add comment * Remove dynamic version-based installer name --- .azure-pipelines/INSTALL.md | 117 ++++++++++++++++++ .azure-pipelines/advanced.yml | 18 +++ .azure-pipelines/main.yml | 11 ++ .../templates/installer-tests.yml | 31 +++++ .azure-pipelines/templates/tests-suite.yml | 36 ++++++ windows-installer/construct.py | 35 +++++- 6 files changed, 244 insertions(+), 4 deletions(-) create mode 100644 .azure-pipelines/INSTALL.md create mode 100644 .azure-pipelines/advanced.yml create mode 100644 .azure-pipelines/main.yml create mode 100644 .azure-pipelines/templates/installer-tests.yml create mode 100644 .azure-pipelines/templates/tests-suite.yml diff --git a/.azure-pipelines/INSTALL.md b/.azure-pipelines/INSTALL.md new file mode 100644 index 000000000..b5f79e525 --- /dev/null +++ b/.azure-pipelines/INSTALL.md @@ -0,0 +1,117 @@ +# Configuring Azure Pipelines with Certbot + +Let's begin. All pipelines are defined in `.azure-pipelines`. Currently there are two: +* `.azure-pipelines/main.yml` is the main one, executed on PRs for master, and pushes to master, +* `.azure-pipelines/advanced.yml` add installer testing on top of the main pipeline, and is executed for `test-*` branches, release branches, and nightly run for master. + +Several templates are defined in `.azure-pipelines/templates`. These YAML files aggregate common jobs configuration that can be reused in several pipelines. + +Unlike Travis, where CodeCov is working without any action required, CodeCov supports Azure Pipelines +using the coverage-bash utility (not python-coverage for now) only if you provide the Codecov repo token +using the `CODECOV_TOKEN` environment variable. So `CODECOV_TOKEN` needs to be set as a secured +environment variable to allow the main pipeline to publish coverage reports to CodeCov. + +This INSTALL.md file explains how to configure Azure Pipelines with Certbot in order to execute the CI/CD logic defined in `.azure-pipelines` folder with it. +During this installation step, warnings describing user access and legal comitments will be displayed like this: +``` +!!! ACCESS REQUIRED !!! +``` + +This document suppose that the Azure DevOps organization is named _certbot_, and the Azure DevOps project is also _certbot_. + +## Useful links + +* https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema +* https://www.azuredevopslabs.com/labs/azuredevops/github-integration/ +* https://docs.microsoft.com/en-us/azure/devops/pipelines/ecosystems/python?view=azure-devops + +## Prerequisites + +### Having a GitHub account + +Use your GitHub user for a normal GitHub account, or a user that has administrative rights to the GitHub organization if relevant. + +### Having an Azure DevOps account +- Go to https://dev.azure.com/, click "Start free with GitHub" +- Login to GitHub + +``` +!!! ACCESS REQUIRED !!! +Personal user data (email + profile info, in read-only) +``` + +- Microsoft will create a Live account using the email referenced for the GitHub account. This account is also linked to GitHub account (meaning you can log it using GitHub authentication) +- Proceed with account registration (birth date, country), add details about name and email contact + +``` +!!! ACCESS REQUIRED !!! +Microsoft proposes to send commercial links to this mail +Azure DevOps terms of service need to be accepted +``` + +_Logged to Azure DevOps, account is ready._ + +### Installing Azure Pipelines to GitHub + +- On GitHub, go to Marketplace +- Select Azure Pipeline, and "Set up a plan" +- Select Free, then "Install it for free" +- Click "Complete order and begin installation" + +``` +!!! ACCESS !!! +Azure Pipeline needs RW on code, RO on metadata, RW on checks, commit statuses, deployments, issues, pull requests. +RW access here is required to allow update of the pipelines YAML files from Azure DevOps interface, and to +update the status of builds and PRs on GitHub side when Azure Pipelines are triggered. +Note however that no admin access is defined here: this means that Azure Pipelines cannot do anything with +protected branches, like master, and cannot modify the security context around this on GitHub. +Access can be defined for all or only selected repositories, which is nice. +``` + +- Redirected to Azure DevOps, select the account created in _Having an Azure DevOps account_ section. +- Select the organization, and click "Create a new project" (let's name it the same than the targetted github repo) +- The Visibility is public, to profit from 10 parallel jobs + +``` +!!! ACCESS !!! +Azure Pipelines needs access to the GitHub account (in term of beeing able to check it is valid), and the Resources shared between the GitHub account and Azure Pipelines. +``` + +_Done. We can move to pipelines configuration._ + +## Import an existing pipelines from `.azure-pipelines` folder + +- On Azure DevOps, go to your organization (eg. _certbot_) then your project (eg. _certbot_) +- Click "Pipelines" tab +- Click "New pipeline" +- Where is your code?: select "__Use the classic editor__" + +__Warning: Do not choose the GitHub option in Where is your code? section. Indeed, this option will trigger an OAuth +grant permissions from Azure Pipelines to GitHub in order to setup a GitHub OAuth Application. The permissions asked +then are way too large (admin level on almost everything), while the classic approach does not add any more +permissions, and works perfectly well.__ + +- Select GitHub in "Select your repository section", choose certbot/certbot in Repository, master in default branch. +- Click on YAML option for "Select a template" +- Choose a name for the pipeline (eg. test-pipeline), and browse to the actual pipeline YAML definition in the + "YAML file path" input (eg. `.azure-pipelines/test-pipeline.yml`) +- Click "Save & queue", choose the master branch to build the first pipeline, and click "Save and run" button. + +_Done. Pipeline is operational. Repeat to add more pipelines from existing YAML files in `.azure-pipelines`._ + +## Add a secret variable to a pipeline (like `CODECOV_TOKEN`) + +__NB: Following steps suppose that you already setup the YAML pipeline file to +consume the secret variable that these steps will create as an environment variable. +For a variable named `CODECOV_TOKEN` consuming the variable `codecov_token`, +in the YAML file this setup would take the form of the following: +``` +steps: + - script: ./do_something_that_consumes_CODECOV_TOKEN # Eg. `codecov -F windows` + env: + CODECOV_TOKEN: $(codecov_token) +``` + +- On Azure DevOps, go to you organization, project, pipeline tab +- Select the pipeline, click "Edit" button, then click "Variables" button +- Set name (eg `codecov_token`), value, tick "Keep this value secret" diff --git a/.azure-pipelines/advanced.yml b/.azure-pipelines/advanced.yml new file mode 100644 index 000000000..69dbc5a30 --- /dev/null +++ b/.azure-pipelines/advanced.yml @@ -0,0 +1,18 @@ +# Advanced pipeline for isolated checks and release purpose +trigger: + - test-* + - '*.x' +pr: + - test-* + - '*.x' +# This pipeline is also nightly run on master +schedules: + - cron: "4 0 * * *" + displayName: Nightly build + branches: + include: + - master + +jobs: + - template: templates/tests-suite.yml + - template: templates/installer-tests.yml \ No newline at end of file diff --git a/.azure-pipelines/main.yml b/.azure-pipelines/main.yml new file mode 100644 index 000000000..899a373be --- /dev/null +++ b/.azure-pipelines/main.yml @@ -0,0 +1,11 @@ +trigger: + # apache-parser-v2 is a temporary branch for doing work related to + # rewriting the parser in the Apache plugin. + - apache-parser-v2 + - master +pr: + - apache-parser-v2 + - master + +jobs: + - template: templates/tests-suite.yml \ No newline at end of file diff --git a/.azure-pipelines/templates/installer-tests.yml b/.azure-pipelines/templates/installer-tests.yml new file mode 100644 index 000000000..853fda6fe --- /dev/null +++ b/.azure-pipelines/templates/installer-tests.yml @@ -0,0 +1,31 @@ +jobs: + - job: installer + pool: + vmImage: vs2017-win2016 + steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: 3.7 + architecture: x86 + addToPath: true + - script: python windows-installer/construct.py + displayName: Build Certbot installer + - task: CopyFiles@2 + inputs: + sourceFolder: $(System.DefaultWorkingDirectory)/windows-installer/build/nsis + contents: '*.exe' + targetFolder: $(Build.ArtifactStagingDirectory) + - task: PublishPipelineArtifact@1 + inputs: + path: $(Build.ArtifactStagingDirectory) + artifact: WindowsInstaller + - script: $(Build.ArtifactStagingDirectory)\certbot-installer-win32.exe /S + displayName: Install Certbot + - script: | + python -m venv venv + venv\Scripts\python tools\pip_install.py -e certbot-ci + displayName: Prepare Certbot-CI + - script: | + set PATH=%ProgramFiles(x86)%\Certbot\bin;%PATH% + venv\Scripts\python -m pytest certbot-ci\certbot_integration_tests\certbot_tests -n 4 + displayName: Run integration tests \ No newline at end of file diff --git a/.azure-pipelines/templates/tests-suite.yml b/.azure-pipelines/templates/tests-suite.yml new file mode 100644 index 000000000..3fe0abf74 --- /dev/null +++ b/.azure-pipelines/templates/tests-suite.yml @@ -0,0 +1,36 @@ +jobs: + - job: test + pool: + vmImage: vs2017-win2016 + strategy: + matrix: + py35: + PYTHON_VERSION: 3.5 + TOXENV: py35 + py37-cover: + PYTHON_VERSION: 3.7 + TOXENV: py37-cover + integration-certbot: + PYTHON_VERSION: 3.7 + TOXENV: integration-certbot + PYTEST_ADDOPTS: --numprocesses 4 + steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: $(PYTHON_VERSION) + addToPath: true + - script: python tools/pip_install.py -U tox coverage + displayName: Install dependencies + - script: python -m tox + displayName: Run tox + # We do not require codecov report upload to succeed. So to avoid to break the pipeline if + # something goes wrong, each command is suffixed with a command that hides any non zero exit + # codes and echoes an informative message instead. + - bash: | + curl -s https://codecov.io/bash -o codecov-bash || echo "Failed to download codecov-bash" + chmod +x codecov-bash || echo "Failed to apply execute permissions on codecov-bash" + ./codecov-bash -F windows || echo "Codecov did not collect coverage reports" + condition: eq(variables['TOXENV'], 'py37-cover') + env: + CODECOV_TOKEN: $(codecov_token) + displayName: Publish coverage diff --git a/windows-installer/construct.py b/windows-installer/construct.py index 2427c0128..8de9da87c 100644 --- a/windows-installer/construct.py +++ b/windows-installer/construct.py @@ -70,13 +70,39 @@ def _copy_assets(build_path, repo_path): def _generate_pynsist_config(repo_path, build_path): print('Generate pynsist configuration') + pywin32_paths_file = os.path.join(build_path, 'pywin32_paths.py') + + # Pywin32 uses non-standard folders to hold its packages. We need to instruct pynsist bootstrap + # explicitly to add them into sys.path. This is done with a custom "pywin32_paths.py" that is + # referred in the pynsist configuration as an "extra_preamble". + # Reference example: https://github.com/takluyver/pynsist/tree/master/examples/pywebview + with open(pywin32_paths_file, 'w') as file_h: + file_h.write('''\ +pkgdir = os.path.join(os.path.dirname(installdir), 'pkgs') + +sys.path.extend([ + os.path.join(pkgdir, 'win32'), + os.path.join(pkgdir, 'win32', 'lib'), +]) + +# Preload pywintypes and pythoncom +pwt = os.path.join(pkgdir, 'pywin32_system32', 'pywintypes{0}{1}.dll') +pcom = os.path.join(pkgdir, 'pywin32_system32', 'pythoncom{0}{1}.dll') +import warnings +with warnings.catch_warnings(): + warnings.simplefilter("ignore") + import imp +imp.load_dynamic('pywintypes', pwt) +imp.load_dynamic('pythoncom', pcom) +'''.format(PYTHON_VERSION[0], PYTHON_VERSION[1])) + installer_cfg_path = os.path.join(build_path, 'installer.cfg') certbot_version = subprocess.check_output([sys.executable, '-c', 'import certbot; print(certbot.__version__)'], universal_newlines=True, cwd=repo_path).strip() - with open(os.path.join(installer_cfg_path), 'w') as file_h: - file_h.write("""\ + with open(installer_cfg_path, 'w') as file_h: + file_h.write('''\ [Application] name=Certbot version={certbot_version} @@ -87,7 +113,7 @@ target=$INSTDIR\\run.bat [Build] directory=nsis nsi_template=template.nsi -installer_name=certbot-{certbot_version}-installer-{installer_suffix}.exe +installer_name=certbot-installer-{installer_suffix}.exe [Python] version={python_version} @@ -101,7 +127,8 @@ files=run.bat [Command certbot] entry_point=certbot.main:main -""".format(certbot_version=certbot_version, +extra_preamble=pywin32_paths.py +'''.format(certbot_version=certbot_version, installer_suffix='win_amd64' if PYTHON_BITNESS == 64 else 'win32', python_bitness=PYTHON_BITNESS, python_version='.'.join([str(item) for item in PYTHON_VERSION]))) From c1f4b86d34c8637dc2a179aea0300f33a17b4602 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 8 Oct 2019 16:12:02 -0700 Subject: [PATCH 3/7] Use shared variable group (#7431) When setting up Azure Pipelines, I didn't like having to define codecov_token for each pipeline. This works around it by using a shared variable group. You can see this working successfully at https://dev.azure.com/certbot/certbot/_build/results?buildId=3. * Use certbot-common. * update instructions --- .azure-pipelines/INSTALL.md | 8 +++++--- .azure-pipelines/templates/tests-suite.yml | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.azure-pipelines/INSTALL.md b/.azure-pipelines/INSTALL.md index b5f79e525..9c1e4bff7 100644 --- a/.azure-pipelines/INSTALL.md +++ b/.azure-pipelines/INSTALL.md @@ -112,6 +112,8 @@ steps: CODECOV_TOKEN: $(codecov_token) ``` -- On Azure DevOps, go to you organization, project, pipeline tab -- Select the pipeline, click "Edit" button, then click "Variables" button -- Set name (eg `codecov_token`), value, tick "Keep this value secret" +To set up a variable that is shared between pipelines, follow the instructions +at +https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups. +When adding variables to a group, don't forget to tick "Keep this value secret" +if it shouldn't be shared publcily. diff --git a/.azure-pipelines/templates/tests-suite.yml b/.azure-pipelines/templates/tests-suite.yml index 3fe0abf74..bb54c8eee 100644 --- a/.azure-pipelines/templates/tests-suite.yml +++ b/.azure-pipelines/templates/tests-suite.yml @@ -14,6 +14,8 @@ jobs: PYTHON_VERSION: 3.7 TOXENV: integration-certbot PYTEST_ADDOPTS: --numprocesses 4 + variables: + - group: certbot-common steps: - task: UsePythonVersion@0 inputs: From f755cfef4885e2175c9c2003c981919bd285c73f Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 8 Oct 2019 16:16:04 -0700 Subject: [PATCH 4/7] Add final newlines to files. (#7432) More conventional and makes it nicer when doing things like running cat to quickly look at the file like I was doing when I noticed this. --- .azure-pipelines/advanced.yml | 2 +- .azure-pipelines/main.yml | 2 +- .azure-pipelines/templates/installer-tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.azure-pipelines/advanced.yml b/.azure-pipelines/advanced.yml index 69dbc5a30..a072a8a85 100644 --- a/.azure-pipelines/advanced.yml +++ b/.azure-pipelines/advanced.yml @@ -15,4 +15,4 @@ schedules: jobs: - template: templates/tests-suite.yml - - template: templates/installer-tests.yml \ No newline at end of file + - template: templates/installer-tests.yml diff --git a/.azure-pipelines/main.yml b/.azure-pipelines/main.yml index 899a373be..be9eaf0b0 100644 --- a/.azure-pipelines/main.yml +++ b/.azure-pipelines/main.yml @@ -8,4 +8,4 @@ pr: - master jobs: - - template: templates/tests-suite.yml \ No newline at end of file + - template: templates/tests-suite.yml diff --git a/.azure-pipelines/templates/installer-tests.yml b/.azure-pipelines/templates/installer-tests.yml index 853fda6fe..f0e151439 100644 --- a/.azure-pipelines/templates/installer-tests.yml +++ b/.azure-pipelines/templates/installer-tests.yml @@ -28,4 +28,4 @@ jobs: - script: | set PATH=%ProgramFiles(x86)%\Certbot\bin;%PATH% venv\Scripts\python -m pytest certbot-ci\certbot_integration_tests\certbot_tests -n 4 - displayName: Run integration tests \ No newline at end of file + displayName: Run integration tests From ec3ec9068c59dcf94ceca3302ad6d08299cf9aba Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Wed, 9 Oct 2019 01:17:08 +0200 Subject: [PATCH 5/7] Upgrade to pywin32>=225 and fix unit tests (#7429) Fixes #7426 --- certbot/compat/filesystem.py | 8 +------- certbot/tests/compat/filesystem_test.py | 10 ++++------ setup.py | 2 +- tools/dev_constraints.txt | 2 +- 4 files changed, 7 insertions(+), 15 deletions(-) diff --git a/certbot/compat/filesystem.py b/certbot/compat/filesystem.py index 6bcc9a693..69a3a63c5 100644 --- a/certbot/compat/filesystem.py +++ b/certbot/compat/filesystem.py @@ -546,13 +546,7 @@ def _generate_windows_flags(rights_desc): if rights_desc['write']: flag = flag | (ntsecuritycon.FILE_ALL_ACCESS ^ ntsecuritycon.FILE_GENERIC_READ - ^ ntsecuritycon.FILE_GENERIC_EXECUTE - # Despite bit `512` being present in ntsecuritycon.FILE_ALL_ACCESS, it is - # not effectively applied to the file or the directory. - # As _generate_windows_flags is also used to compare two dacls, we remove - # it right now to have flags that contain only the bits effectively applied - # by Windows. - ^ 512) + ^ ntsecuritycon.FILE_GENERIC_EXECUTE) if rights_desc['execute']: flag = flag | ntsecuritycon.FILE_GENERIC_EXECUTE diff --git a/certbot/tests/compat/filesystem_test.py b/certbot/tests/compat/filesystem_test.py index ccb93efa8..364993018 100644 --- a/certbot/tests/compat/filesystem_test.py +++ b/certbot/tests/compat/filesystem_test.py @@ -89,8 +89,8 @@ class WindowsChmodTests(TempDirTestCase): self.assertEqual(len(system_aces), 1) self.assertEqual(len(admin_aces), 1) - self.assertEqual(system_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS ^ 512) - self.assertEqual(admin_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS ^ 512) + self.assertEqual(system_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS) + self.assertEqual(admin_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS) def test_read_flag(self): self._test_flag(4, ntsecuritycon.FILE_GENERIC_READ) @@ -101,12 +101,10 @@ class WindowsChmodTests(TempDirTestCase): def test_write_flag(self): self._test_flag(2, (ntsecuritycon.FILE_ALL_ACCESS ^ ntsecuritycon.FILE_GENERIC_READ - ^ ntsecuritycon.FILE_GENERIC_EXECUTE - ^ 512)) + ^ ntsecuritycon.FILE_GENERIC_EXECUTE)) def test_full_flag(self): - self._test_flag(7, (ntsecuritycon.FILE_ALL_ACCESS - ^ 512)) + self._test_flag(7, ntsecuritycon.FILE_ALL_ACCESS) def _test_flag(self, everyone_mode, windows_flag): # Note that flag is tested against `everyone`, not `user`, because practically these unit diff --git a/setup.py b/setup.py index 1f4838c90..d5469bb26 100644 --- a/setup.py +++ b/setup.py @@ -59,7 +59,7 @@ install_requires = [ # However environment markers are supported only with setuptools >= 36.2. # So this dependency is not added for old Linux distributions with old setuptools, # in order to allow these systems to build certbot from sources. -pywin32_req = 'pywin32>=224' +pywin32_req = 'pywin32>=225' if StrictVersion(setuptools_version) >= StrictVersion('36.2'): install_requires.append(pywin32_req + " ; sys_platform == 'win32'") elif 'bdist_wheel' in sys.argv[1:]: diff --git a/tools/dev_constraints.txt b/tools/dev_constraints.txt index c23cf9cce..419b65d6c 100644 --- a/tools/dev_constraints.txt +++ b/tools/dev_constraints.txt @@ -64,7 +64,7 @@ pytest-sugar==0.9.2 pytest-rerunfailures==4.2 python-dateutil==2.6.1 python-digitalocean==1.11 -pywin32==224 +pywin32==225 PyYAML==3.13 repoze.sphinx.autointerface==0.8 requests-file==1.4.2 From 717afebcff44c9abbb1338efc7831b0d3b3246f2 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Wed, 9 Oct 2019 14:39:49 -0700 Subject: [PATCH 6/7] Upload coverage for integration tests (#7433) * Upload coverage for integration tests. * Use in not containsValue. --- .azure-pipelines/templates/tests-suite.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines/templates/tests-suite.yml b/.azure-pipelines/templates/tests-suite.yml index bb54c8eee..119f755a6 100644 --- a/.azure-pipelines/templates/tests-suite.yml +++ b/.azure-pipelines/templates/tests-suite.yml @@ -32,7 +32,7 @@ jobs: curl -s https://codecov.io/bash -o codecov-bash || echo "Failed to download codecov-bash" chmod +x codecov-bash || echo "Failed to apply execute permissions on codecov-bash" ./codecov-bash -F windows || echo "Codecov did not collect coverage reports" - condition: eq(variables['TOXENV'], 'py37-cover') + condition: in(variables['TOXENV'], 'py37-cover', 'integration-certbot') env: CODECOV_TOKEN: $(codecov_token) displayName: Publish coverage From 118cb3c9b1e62599b57082b71ab7313b2cdc1632 Mon Sep 17 00:00:00 2001 From: alexzorin Date: Thu, 10 Oct 2019 09:09:25 +1100 Subject: [PATCH 7/7] cli: allow --dry-run to be combined with --server (#7436) The value of --server will now be respected, except when it is the default value, in which case it will be changed to the staging server, preserving Certbot's existing behavior. --- CHANGELOG.md | 2 ++ certbot/cli.py | 19 +++++++++++++------ certbot/tests/cli_test.py | 24 +++++++++++++++++------- 3 files changed, 32 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 102eaf4bb..fa8ca2379 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed * Removed `--fast` flag from the test farm tests +* `--server` may now be combined with `--dry-run`. Certbot will, as before, use the + staging server instead of the live server when `--dry-run` is used. ### Fixed diff --git a/certbot/cli.py b/certbot/cli.py index d22a9a524..6715dfd9c 100644 --- a/certbot/cli.py +++ b/certbot/cli.py @@ -649,13 +649,20 @@ class HelpfulArgumentParser(object): def set_test_server(self, parsed_args): """We have --staging/--dry-run; perform sanity check and set config.server""" - if parsed_args.server not in (flag_default("server"), constants.STAGING_URI): - conflicts = ["--staging"] if parsed_args.staging else [] - conflicts += ["--dry-run"] if parsed_args.dry_run else [] - raise errors.Error("--server value conflicts with {0}".format( - " and ".join(conflicts))) + # Flag combinations should produce these results: + # | --staging | --dry-run | + # ------------------------------------------------------------ + # | --server acme-v02 | Use staging | Use staging | + # | --server acme-staging-v02 | Use staging | Use staging | + # | --server | Conflict error | Use | - parsed_args.server = constants.STAGING_URI + default_servers = (flag_default("server"), constants.STAGING_URI) + + if parsed_args.staging and parsed_args.server not in default_servers: + raise errors.Error("--server value conflicts with --staging") + + if parsed_args.server in default_servers: + parsed_args.server = constants.STAGING_URI if parsed_args.dry_run: if self.verb not in ["certonly", "renew"]: diff --git a/certbot/tests/cli_test.py b/certbot/tests/cli_test.py index 87b074a81..166559040 100644 --- a/certbot/tests/cli_test.py +++ b/certbot/tests/cli_test.py @@ -333,16 +333,26 @@ class ParseTest(unittest.TestCase): # pylint: disable=too-many-public-methods self._assert_dry_run_flag_worked(self.parse(short_args + ['auth']), True) self._assert_dry_run_flag_worked(self.parse(short_args + ['renew']), True) + self._assert_dry_run_flag_worked(self.parse(short_args + ['certonly']), True) + short_args += ['certonly'] - self._assert_dry_run_flag_worked(self.parse(short_args), True) - short_args += '--server example.com'.split() - conflicts = ['--dry-run'] - self._check_server_conflict_message(short_args, '--dry-run') + # `--dry-run --server example.com` should emit example.com + self.assertEqual(self.parse(short_args + ['--server', 'example.com']).server, + 'example.com') - short_args += ['--staging'] - conflicts += ['--staging'] - self._check_server_conflict_message(short_args, conflicts) + # `--dry-run --server STAGING_URI` should emit STAGING_URI + self.assertEqual(self.parse(short_args + ['--server', constants.STAGING_URI]).server, + constants.STAGING_URI) + + # `--dry-run --server LIVE` should emit STAGING_URI + self.assertEqual(self.parse(short_args + ['--server', cli.flag_default("server")]).server, + constants.STAGING_URI) + + # `--dry-run --server example.com --staging` should emit an error + conflicts = ['--staging'] + self._check_server_conflict_message(short_args + ['--server', 'example.com', '--staging'], + conflicts) def test_option_was_set(self): key_size_option = 'rsa_key_size'