fix

apache · Jul 20, 2023 · 2d2d3ed · 2d2d3ed
1 parent 3c4deaf
commit 2d2d3ed
Showing 1 changed file with 17 additions and 15 deletions.
diff --git a/.github/workflows/service_test_redis.yml b/.github/workflows/service_test_redis.yml
@@ -67,25 +67,27 @@ jobs:
 
       - name: Configure Redis with TLS
         run: |
+          mkdir ssl
+
           # Create CA
 
           openssl req \
             -x509 -new -nodes \
-            -keyout ca.key \
+            -keyout ssl/ca.key \
             -sha256 \
             -days 365 \
-            -out ca.crt \
+            -out ssl/ca.crt \
             -subj '/CN=Test Root CA/C=US/ST=Test/L=Test/O=Opendal'
 
           # Create redis certificate
 
           openssl req \
             -new -nodes \
-            -out redis.csr \
-            -keyout redis.key \
+            -out ssl/redis.csr \
+            -keyout ssl/redis.key \
             -subj '/CN=Redis certificate/C=US/ST=Test/L=Test/O=Opendal'
 
-          cat > redis.v3.ext << EOF
+          cat > ssl/redis.v3.ext << EOF
           authorityKeyIdentifier=keyid,issuer
           basicConstraints=CA:FALSE
           keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
@@ -97,34 +99,34 @@ jobs:
 
           openssl x509 \
             -req \
-            -in redis.csr \
-            -CA ca.crt \
-            -CAkey ca.key \
+            -in ssl/redis.csr \
+            -CA ssl/ca.crt \
+            -CAkey ssl/ca.key \
             -CAcreateserial \
-            -out redis.crt \
+            -out ssl/redis.crt \
             -days 300 \
             -sha256 \
-            -extfile redis.v3.ext
+            -extfile ssl/redis.v3.ext
 
-          chmod 777 redis.crt redis.key
+          chmod 777 ssl/redis.crt ssl/redis.key # allow the redis docker to read these files
 
           # Launch redis
 
           docker run -d \
             --rm \
             --name redis \
             --network host \
-            -v .:/etc/redis/ssl \
+            --mount type=bind,source=$PWD/ssl,target=/etc/redis/ssl \
             redis \
               --tls-port 6380 \
               --tls-cert-file /etc/redis/ssl/redis.crt \
               --tls-key-file /etc/redis/ssl/redis.key \
               --tls-auth-clients no
 
           # Install the CA in the system
-          
-          cp ca.crt /usr/local/share/ca-certificates
-          update-ca-certificates
+
+          sudo cp ssl/ca.crt /usr/local/share/ca-certificates
+          sudo update-ca-certificates
 
       - name: Setup Rust toolchain
         uses: ./.github/actions/setup