Bump nginx to 1.29.3 and refactor the building/testing

2025-11-19 22:42:36 +00:00 · 2025-11-05 17:29:37 +01:00
parent 0e36c5ba23
commit 2926640687
9 changed files with 65 additions and 112 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -10,19 +10,19 @@ jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5

      - name: shellcheck
-        uses: azohra/shell-linter@v0.4.0
+        uses: azbagheri/shell-linter@latest

      - name: hadolint
        uses: brpaz/hadolint-action@master

      - name: Build image
-        run: ./build.sh
+        run: make build

      - name: Run tests
-        run: ./tests/test.sh
+        run: make tests

  deploy:
    runs-on: ubuntu-latest
@@ -30,10 +30,10 @@ jobs:
      - tests
    if: github.event_name == 'push'
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5

      - name: Log in to dockerhub
        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin

      - name: Deploy image
-        run: ./build.sh --push --latest
+        run: make push-latest
--- a/5
+++ b/5
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.22

 ARG ARG_NGINX_VERSION

@@ -13,7 +13,8 @@ RUN CONFIG=" \
        --without-http_autoindex_module \
        --without-http_browser_module \
        --without-http_empty_gif_module \
-        --without-http_limit_conn_module \
+        --without-http_geo_module \
+        --without-http_grpc_module \
        --without-http_map_module \
        --without-http_memcached_module \
        --without-http_referer_module \
--- a/16
+++ b/16
@@ -0,0 +1,16 @@
+include conf.env
+
+build:
+	docker build --build-arg=ARG_NGINX_VERSION="$(NGINX_VERSION)" \
+	             -t "$(DOCKER_IMAGE):$(NGINX_VERSION)" .
+
+build-latest: build
+	docker tag "$(DOCKER_IMAGE):$(NGINX_VERSION)" "$(DOCKER_IMAGE):latest"
+
+push-latest: build-latest
+	docker push "$(DOCKER_IMAGE):$(NGINX_VERSION)"
+	docker push "$(DOCKER_IMAGE):latest"
+
+.PHONY: tests
+tests:
+	./tests/test.sh
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Edit [conf.env](conf.env)

 ```bash
 NGINX_VERSION=x.xx.x          # Nginx version to build from
-DOCKER_IMAGE=dcarrillo/nginx  # Docker image
+DOCKER_IMAGE=dcarrillo/nginx  # Docker image target
 ```

 ## Build
@@ -25,19 +25,13 @@ DOCKER_IMAGE=dcarrillo/nginx  # Docker image
 Build locally:

 ```bash
-./build.sh
+make build
 ```

-Build locally and upload the image to a registry (you must be logged in to the registry)
+Push image (it includes latest tag):

 ```bash
-./build.sh --push
-```
-
-Build locally, tag the image as latest and upload it to a registry (you must be logged in to the registry)
-
-```bash
-./build.sh --push --latest
+make push-latest
 ```

 ## Testing
@@ -49,9 +43,5 @@ Prerequisites:
 - curl

 ```bash
-# build local image
-./build.sh
-
-# run tests
-./tests/test.sh
+make tests
 ```
--- a/build.sh
+++ b/build.sh
@@ -1,34 +0,0 @@
-#!/usr/bin/env sh
-
-set -e
-
-# shellcheck disable=SC1090
-. "$(dirname "$0")"/conf.env
-
-while [ $# -gt 0 ]; do
-    case $1 in
-        --push)
-            PUSH=true
-            shift
-            ;;
-        --latest)
-            LATEST=true
-            shift
-            ;;
-        *)
-            shift
-            ;;
-    esac
-done
-
-docker build --build-arg=ARG_NGINX_VERSION="$NGINX_VERSION" \
-             -t "$DOCKER_IMAGE":"$NGINX_VERSION" .
-
-if [ x$PUSH = "xtrue" ]; then
-    docker push "$DOCKER_IMAGE":"$NGINX_VERSION"
-fi
-
-if [ x$LATEST = "xtrue" ]; then
-    docker tag "$DOCKER_IMAGE":"$NGINX_VERSION" "$DOCKER_IMAGE":latest
-    [ x$PUSH = "xtrue" ] && docker push "$DOCKER_IMAGE":latest
-fi
--- a/conf.env
+++ b/conf.env
@@ -1,2 +1,2 @@
-NGINX_VERSION=1.28.0
+NGINX_VERSION=1.29.3
 DOCKER_IMAGE=dcarrillo/nginx
--- a/tests/docker-compose.yml
+++ b/tests/docker-compose.yml
@@ -0,0 +1,14 @@
+services:
+  nginx:
+    build:
+      context: ..
+      args:
+        ARG_NGINX_VERSION: ${NGINX_VERSION}
+    volumes:
+      - ./nginx.conf:/usr/local/nginx/conf/nginx.conf:ro
+      - /tmp/nginx-ssl/cert.pem:/tmp/cert.pem:ro
+      - /tmp/nginx-ssl/cert.key:/tmp/cert.key:ro
+      - /tmp/nginx-ssl/dhparams.pem:/tmp/dhparams.pem:ro
+    ports:
+      - 80:80
+      - 443:443
--- a/tests/nginx.conf
+++ b/tests/nginx.conf
@@ -49,18 +49,13 @@ http {
    #######################################################
    server {
        listen 80 default_server;
-        listen 443 http2 ssl;
+        listen 443 ssl;
+        http2 on;
        server_name     _ "";
        access_log /dev/fd/1;

        location = /nginx_status {
            stub_status on;
        }
-
-        location = /phpfpm_status {
-            include /usr/local/nginx/conf/fastcgi_params;
-            fastcgi_pass   php:9000;
-            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-        }
    }
 }
--- a/tests/test.sh
+++ b/tests/test.sh
@@ -2,45 +2,36 @@

 set -e

-if [ x"$DEBUG" = xtrue ]; then
-    set -x
-fi
-
 # shellcheck disable=SC2039
-trap _catch_err ERR
-trap _cleanup EXIT
+trap catch_err ERR
+trap cleanup EXIT

-ALPINE_VERSION="alpine:3.19"
+TMP_DIR=$(mkdir /tmp/nginx-ssl && echo /tmp/nginx-ssl)
 LOCAL_DIR="$(cd "$(dirname "$0")" ; pwd -P)"
-# shellcheck disable=SC1090
-. "$LOCAL_DIR"/../conf.env

-TMP_DIR=$(mktemp -d)
-
-_catch_err()
+catch_err()
 {
    echo "Test FAILED"
 }

-_cleanup()
+cleanup()
 {
    echo "Cleaning up..."
-    docker rm -f "${NGINX_VERSION}"_test > /dev/null 2>&1
-    docker rm -f "${NGINX_VERSION}"_requester > /dev/null 2>&1
-    docker rm -f php > /dev/null 2>&1
+    docker compose down
    rm -rf "$TMP_DIR"
+    popd > /dev/null
 }

-_setup_crypto_stuff()
+setup_crypto()
 {
    echo "Generating SSL files..."
-    openssl dhparam -out "$TMP_DIR"/dhparams.pem 1024 > /dev/null 2>&1
+    openssl dhparam -out "$TMP_DIR"/dhparams.pem 2048 > /dev/null 2>&1
    openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
        -subj "/C=ES/ST=Madrid/L=Madrid/O=dcarrillo/CN=localhost" \
        -keyout "$TMP_DIR"/cert.key -out "$TMP_DIR"/cert.pem > /dev/null 2>&1
 }

-_check_status_code()
+check_status_code()
 {
    if [ "$1" != 200 ]; then
        printf "Test failed, status code %s is not 200\n" "$STATUS_CODE"
@@ -50,39 +41,19 @@ _check_status_code()
    fi
 }

-_setup_crypto_stuff
+setup_crypto
+pushd "$LOCAL_DIR" > /dev/null
+ln -s ../conf.env .env &>/dev/null || true
+docker compose up --build --detach

-echo "Preparing php"
-docker run --name php --rm -d php:fpm-alpine > /dev/null
-docker exec -i php sh -c "echo 'pm.status_path = /phpfpm_status' \
-                         >> /usr/local/etc/php-fpm.d/www.conf \
-                         && kill -USR2 1"
-
-echo "Running container to be tested..."
-docker run --name "${NGINX_VERSION}"_test --rm --link php \
-           -v "$LOCAL_DIR"/nginx.conf:/usr/local/nginx/conf/nginx.conf:ro \
-           -v "$TMP_DIR"/cert.pem:/tmp/cert.pem:ro \
-           -v "$TMP_DIR"/cert.key:/tmp/cert.key:ro \
-           -v "$TMP_DIR"/dhparams.pem:/tmp/dhparams.pem:ro \
-           -d "${DOCKER_IMAGE}":"${NGINX_VERSION}" > /dev/null
-
-echo "Preparing requester container..."
-docker run --name "${NGINX_VERSION}"_requester --rm --link "${NGINX_VERSION}"_test \
-           -i -d $ALPINE_VERSION sh > /dev/null
-exec_docker="docker exec -i ${NGINX_VERSION}_requester"
-$exec_docker apk add curl > /dev/null
-
-## Test 1-4 http/https/fastcgipass
 requests="
-http://${NGINX_VERSION}_test/nginx_status
-https://${NGINX_VERSION}_test/nginx_status
-http://${NGINX_VERSION}_test/phpfpm_status
-https://${NGINX_VERSION}_test/phpfpm_status
+http://localhost/nginx_status
+https://localhost/nginx_status
 "
 for request in $requests; do
    printf "\nRequesting %s\n" "$request"
-    STATUS_CODE=$($exec_docker curl -s -k -m 5 -o /dev/null -w "%{http_code}" "$request")
-    _check_status_code "$STATUS_CODE"
+    STATUS_CODE=$(curl -s -k -m 5 -o /dev/null -w "%{http_code}" "$request")
+    check_status_code "$STATUS_CODE"
 done

 echo "All tests succeeded !"