generated from CDCgov/template
-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into platform/kalish/16148-update-lineage-track…
…ing-in-fhirreceiver
- Loading branch information
Showing
48 changed files
with
577 additions
and
333 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
.env | ||
*.crt | ||
*.key | ||
*.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
<div align="center"><h1>Actions Connect Open VPN</h1></div> | ||
|
||
>*Replaced deprecated [`set-output`](https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/)* | ||
> v2 switches to openvpn CLI for stability | ||
## Example file `.ovpn` to connect vpn | ||
|
||
[Example.ovpn](./example.ovpn) | ||
|
||
## Configuration with With | ||
|
||
The following settings must be passed as environment variables as shown in the | ||
example. | ||
|
||
| Key | Value | Suggested Type | Required | Default | | ||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------- | --------------- | | ||
| `FILE_OVPN` | Location file open vpn and . | `env` | **Yes** | `./config.ovpn` | | ||
| `PING_URL` | URL for check status vpn connect pass or fail | `env` | **Yes** | `127.0.0.1` | | ||
| `SECRET` | Username password for access vpn`(Encode base 64 before set secret.)`[How to encode base 64 ?](https://www.base64encode.org/). | `secret env` | No | `''` | | ||
| `TLS_KEY` | Tls-crypt for access vpn `(Encode base 64 before set secret.)`[How to encode base 64 ?](https://www.base64encode.org/). | `secret env` | No | `''` | | ||
|
||
## Configuration with Env | ||
|
||
The following settings must be passed as environment variables as shown in the | ||
example. | ||
|
||
| Key | Value | Suggested Type | Required | Default | | ||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------- | ------- | | ||
| `CA_CRT` | Certificate for access vpn `(Encode base 64 before set secret.)`[How to encode base 64 ?](https://www.base64encode.org/). | `secret env` | **Yes** | N/A | | ||
| `USER_CRT` | User certificate for access vpn. `(Encode base 64 before set secret.)`[How to encode base 64 ?](https://www.base64encode.org/). | `secret env` | **Yes** | N/A | | ||
| `USER_KEY` | User key for access vpn. `(Encode base 64 before set secret.)`[How to encode base 64 ?](https://www.base64encode.org/). | `secret env` | **Yes** | N/A | | ||
|
||
## Outputs | ||
|
||
### `STATUS` | ||
|
||
**Boolean** Can get status after connect `true` or `false`. | ||
|
||
## Example usage | ||
|
||
```yml | ||
connect-open-vpn: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v1 | ||
- name: Install Open VPN | ||
run: sudo apt-get install openvpn | ||
- name: Connect VPN | ||
uses: golfzaptw/action-connect-ovpn@master | ||
id: connect_vpn | ||
with: | ||
PING_URL: '127.0.0.1' | ||
FILE_OVPN: '.github/vpn/config.ovpn' | ||
SECRET: ${{ secrets.SECRET_USERNAME_PASSWORD }} | ||
TLS_KEY: ${{ secrets.TLS_KEY }} | ||
env: | ||
CA_CRT: ${{ secrets.CA_CRT}} | ||
USER_CRT: ${{ secrets.USER_CRT }} | ||
USER_KEY: ${{ secrets.USER_KEY }} | ||
- name: Check Connect VPN | ||
run: echo ${{ steps.connect_vpn.outputs.STATUS }} | ||
- name: kill vpn | ||
if: always() | ||
run: sudo killall openvpn | ||
``` | ||
## How to prepare file .ovpn | ||
### Step | ||
1. Copy the data inside the tags | ||
`<ca></ca>` | ||
`<cert></cert>` | ||
`<key></key>` | ||
and encode those values to base64. Then save those values (without a new line!) to the secrets in github actions | ||
|
||
2. In the .ovpn file in your repo, remove the tags | ||
`<ca></ca>` | ||
`<cert></cert>` | ||
`<key></key> ` | ||
and replace the values with | ||
``` | ||
ca ca.crt | ||
cert user.crt | ||
key user.key | ||
``` | ||
This will allow the values to be filled in from Github secrets. | ||
3. If your open vpn configuration has a username and password please encode those in base64. After that, save the values in the github actions secrets. | ||
format username password | ||
username-vpn | ||
password-vpn | ||
4. If open vpn have tag `<tls></tls>` please repeat step 1 and 2 for the TLS records. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
name: 'Connect-VPN-action' | ||
description: 'Connect VPN action' | ||
branding: | ||
icon: 'shield' | ||
color: 'orange' | ||
inputs: | ||
SECRET: | ||
description: 'Username and password for access vpn' | ||
required: false | ||
default: '' | ||
TLS_KEY: | ||
description: 'User key for access vpn' | ||
required: false | ||
default: '' | ||
PING_URL: | ||
description: 'For check success or fail' | ||
required: true | ||
default: '127.0.0.1' | ||
FILE_OVPN: | ||
description: 'Location file open vpn' | ||
required: true | ||
default: './config.ovpn' | ||
outputs: | ||
STATUS: | ||
description: 'Status for check connect vpn' | ||
value: ${{ steps.vpn_status.outputs.vpn-status }} | ||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Install OpenVPN | ||
run: | | ||
sudo apt-get update | ||
sudo apt-get install openvpn | ||
sudo apt-get install openvpn-systemd-resolved | ||
shell: bash | ||
|
||
- name: Connect VPN | ||
env: | ||
TLS_KEY: ${{ inputs.TLS_KEY }} | ||
CA_CRT: ${{ env.CA_CRT}} | ||
USER_CRT: ${{ env.USER_CRT }} | ||
USER_KEY: ${{ env.USER_KEY }} | ||
SECRET: ${{ inputs.SECRET }} | ||
shell: bash | ||
run: | | ||
echo "$TLS_KEY" | base64 -d > tls.key | ||
echo "$CA_CRT" | base64 -d > ca.crt | ||
echo "$USER_CRT" | base64 -d > user.crt | ||
echo "$USER_KEY" | base64 -d > user.key | ||
echo "$SECRET" | base64 -d > secret.txt | ||
sudo openvpn --config ${{ inputs.FILE_OVPN }} --daemon | ||
- name: VPN Status | ||
id: vpn_status | ||
env: | ||
PING_URL: ${{ inputs.PING_URL }} | ||
shell: bash | ||
run: | | ||
sleep 5 | ||
if ping -c 2 $PING_URL > /dev/null 2>&1; then | ||
echo "vpn-status=true" >> $GITHUB_OUTPUT | ||
else | ||
echo "vpn-status=false" >> $GITHUB_OUTPUT | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
// FULL FILE OVPN | ||
|
||
client | ||
dev tun | ||
proto udp | ||
resolv-retry infinite | ||
nobind | ||
persist-key | ||
persist-tun | ||
remote-cert-tls server | ||
auth-nocache | ||
verb 3 | ||
<ca> | ||
Certificate: | ||
Data: | ||
Version: 3 (0x2) | ||
Serial Number: | ||
b1:b0:0b:1a:ad:05:54:0f | ||
-----BEGIN CERTIFICATE----- | ||
MIIBtjCCAVygAwIBAgIUbPYCDoO+XmScoS84AhQsbnKvd84wCgYIKoZIzj0EAwIw | ||
u1MjifHr6jMxwQ== | ||
-----END CERTIFICATE----- | ||
</ca> | ||
<cert> | ||
Certificate: | ||
Data: | ||
Version: 3 (0x2) | ||
Serial Number: | ||
b1:b0:0b:1a:ad:05:54:0f | ||
-----BEGIN CERTIFICATE----- | ||
MIIBtjCCAVygAwIBAgIUbPYCDoO+XmScoS | ||
-----END CERTIFICATE----- | ||
</cert> | ||
<key> | ||
-----BEGIN CERTIFICATE----- | ||
MIIBtjCCAVygAwIBAgIUbPYCDoO+XmScoS84AhQsbn | ||
-----END CERTIFICATE----- | ||
</key> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
|
||
client | ||
dev tun | ||
proto tcp | ||
remote 188.94.28.233 443 | ||
verify-x509-name "C=de, L=Hamburg, O=IT works Consulting GmbH, CN=inf-gw-r1-06, emailAddress=technik@itworks-hh.de" | ||
route remote_host 255.255.255.255 net_gateway | ||
resolv-retry infinite | ||
nobind | ||
persist-key | ||
persist-tun | ||
auth-user-pass secret.txt | ||
cipher AES-256-CBC | ||
auth SHA256 | ||
comp-lzo no | ||
route-delay 4 | ||
verb 3 | ||
reneg-sec 0 | ||
ca ca.crt | ||
cert user.crt | ||
key user.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.