neil/cache
1
0
Fork 0
mirror of https://github.com/actions/cache.git synced 2026-01-30 07:54:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Switch to sameersbn/squid image and simplify verification

Browse Source 
- Replace ubuntu/squid with sameersbn/squid:latest (more reliable)
- Remove shared volume mounts that may cause permission issues
- Simplify verification steps since we can't access service container logs
- The test validates proxy works by verifying cache operations succeed
  when direct access is blocked by iptables
This commit is contained in:
Bassem Dghaidi 2026-01-29 09:27:29 -08:00 committed by GitHub
parent 26cd8c103b
commit e0d51ac399
1 changed files with 30 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
.github/workflows/workflow.yml vendored
View File

@ -91,15 +91,11 @@ jobs:
container: container:
image: ubuntu:latest image: ubuntu:latest
options: --privileged options: --privileged
volumes:
- /tmp/squid-logs:/shared-logs
services: services:
squid-proxy: squid-proxy:
image: ubuntu/squid:latest image: sameersbn/squid:latest
ports: ports:
- 3128:3128 - 3128:3128
volumes:
- /tmp/squid-logs:/var/log/squid
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v5 uses: actions/checkout@v5
@ -229,115 +225,22 @@ jobs:
with: with:
key: test-proxy-${{ github.run_id }} key: test-proxy-${{ github.run_id }}
path: test-cache path: test-cache
- name: Verify cache traffic went through proxy - name: Verify proxy setup
run: | run: |
echo "=== Verifying cache traffic went through proxy ===" echo "## 🔒 Proxy Integration Test - Cache Save" >> $GITHUB_STEP_SUMMARY
# Read from shared volume where squid logs are mounted
SQUID_LOG="/shared-logs/access.log"
# Initialize summary
echo "## 🔒 Proxy Traffic Verification - Cache Save" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY
echo "### ✅ Test Configuration" >> $GITHUB_STEP_SUMMARY
if [ -f "$SQUID_LOG" ]; then echo "" >> $GITHUB_STEP_SUMMARY
echo "Found Squid access log at $SQUID_LOG" echo "- **Proxy**: squid-proxy:3128" >> $GITHUB_STEP_SUMMARY
echo "- **Firewall**: iptables blocking direct access to cache endpoints" >> $GITHUB_STEP_SUMMARY
# Get the full access log echo "- **Test**: Cache save operation completed successfully through proxy" >> $GITHUB_STEP_SUMMARY
ACCESS_LOG=$(cat "$SQUID_LOG" 2>/dev/null || echo "") echo "" >> $GITHUB_STEP_SUMMARY
echo "If the cache save step succeeded, it means:" >> $GITHUB_STEP_SUMMARY
# Extract traffic details echo "1. Direct access to results-receiver.actions.githubusercontent.com was blocked" >> $GITHUB_STEP_SUMMARY
RESULTS_RECEIVER_LINES=$(echo "$ACCESS_LOG" | grep -i "results-receiver" || true) echo "2. Direct access to *.blob.core.windows.net was blocked" >> $GITHUB_STEP_SUMMARY
BLOB_LINES=$(echo "$ACCESS_LOG" | grep -i "blob.core.windows.net" || true) echo "3. Cache operations were routed through the squid proxy" >> $GITHUB_STEP_SUMMARY
RESULTS_RECEIVER_COUNT=$(echo "$ACCESS_LOG" | grep -ci "results-receiver" || echo "0") echo "" >> $GITHUB_STEP_SUMMARY
BLOB_COUNT=$(echo "$ACCESS_LOG" | grep -ci "blob.core.windows.net" || echo "0") echo "✅ **SUCCESS**: Proxy integration test passed!" >> $GITHUB_STEP_SUMMARY
# Build summary table
echo "### 📊 Traffic Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Endpoint | Requests | Status |" >> $GITHUB_STEP_SUMMARY
echo "|----------|----------|--------|" >> $GITHUB_STEP_SUMMARY
if [ "$RESULTS_RECEIVER_COUNT" -gt 0 ]; then
echo "| results-receiver.actions.githubusercontent.com | $RESULTS_RECEIVER_COUNT | ✅ Proxied |" >> $GITHUB_STEP_SUMMARY
else
echo "| results-receiver.actions.githubusercontent.com | 0 | ⚠️ Not detected |" >> $GITHUB_STEP_SUMMARY
fi
if [ "$BLOB_COUNT" -gt 0 ]; then
echo "| *.blob.core.windows.net | $BLOB_COUNT | ✅ Proxied |" >> $GITHUB_STEP_SUMMARY
else
echo "| *.blob.core.windows.net | 0 | ⚠️ Not detected |" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
# Verification result
echo "### 🎯 Verification Result" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ "$RESULTS_RECEIVER_COUNT" -gt 0 ] && [ "$BLOB_COUNT" -gt 0 ]; then
echo "✅ **SUCCESS**: All cache save traffic verified going through proxy!" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- ✅ CreateCacheEntry API call routed through proxy" >> $GITHUB_STEP_SUMMARY
echo "- ✅ FinalizeCacheEntryUpload API call routed through proxy" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Blob storage upload routed through proxy" >> $GITHUB_STEP_SUMMARY
VERIFY_STATUS="success"
else
echo "⚠️ **WARNING**: Some expected cache traffic not found in proxy logs" >> $GITHUB_STEP_SUMMARY
VERIFY_STATUS="warning"
fi
# Detailed traffic logs
echo "" >> $GITHUB_STEP_SUMMARY
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>📋 Detailed Proxy Traffic Logs</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Results Receiver Traffic (Cache API)" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
if [ -n "$RESULTS_RECEIVER_LINES" ]; then
echo "$RESULTS_RECEIVER_LINES" >> $GITHUB_STEP_SUMMARY
else
echo "(no results-receiver traffic found)" >> $GITHUB_STEP_SUMMARY
fi
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Blob Storage Traffic (Cache Upload)" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
if [ -n "$BLOB_LINES" ]; then
echo "$BLOB_LINES" >> $GITHUB_STEP_SUMMARY
else
echo "(no blob storage traffic found)" >> $GITHUB_STEP_SUMMARY
fi
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Full Squid Access Log" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
if [ -n "$ACCESS_LOG" ]; then
echo "$ACCESS_LOG" >> $GITHUB_STEP_SUMMARY
else
echo "(access log empty or not accessible)" >> $GITHUB_STEP_SUMMARY
fi
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
# Also output to logs for debugging
echo ""
echo "=== Traffic Summary ==="
echo "Results-receiver requests: $RESULTS_RECEIVER_COUNT"
echo "Blob storage requests: $BLOB_COUNT"
echo "Verification status: $VERIFY_STATUS"
else
echo "⚠️ **WARNING**: Could not access Squid proxy logs" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "The shared log volume may not be accessible at $SQUID_LOG" >> $GITHUB_STEP_SUMMARY
echo "Checking what's in /shared-logs/:"
ls -la /shared-logs/ || echo "Directory not accessible"
echo "Could not access squid access log at $SQUID_LOG"
fi
test-proxy-restore: test-proxy-restore:
needs: test-proxy-save needs: test-proxy-save
@ -345,15 +248,11 @@ jobs:
container: container:
image: ubuntu:latest image: ubuntu:latest
options: --privileged options: --privileged
volumes:
- /tmp/squid-logs:/shared-logs
services: services:
squid-proxy: squid-proxy:
image: ubuntu/squid:latest image: sameersbn/squid:latest
ports: ports:
- 3128:3128 - 3128:3128
volumes:
- /tmp/squid-logs:/var/log/squid
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v5 uses: actions/checkout@v5
@ -481,113 +380,21 @@ jobs:
with: with:
key: test-proxy-${{ github.run_id }} key: test-proxy-${{ github.run_id }}
path: test-cache path: test-cache
- name: Verify cache traffic went through proxy - name: Verify proxy setup
run: | run: |
echo "=== Verifying cache restore traffic went through proxy ===" echo "## 🔒 Proxy Integration Test - Cache Restore" >> $GITHUB_STEP_SUMMARY
# Read from shared volume where squid logs are mounted
SQUID_LOG="/shared-logs/access.log"
# Initialize summary
echo "## 🔒 Proxy Traffic Verification - Cache Restore" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY
echo "### ✅ Test Configuration" >> $GITHUB_STEP_SUMMARY
if [ -f "$SQUID_LOG" ]; then echo "" >> $GITHUB_STEP_SUMMARY
echo "Found Squid access log at $SQUID_LOG" echo "- **Proxy**: squid-proxy:3128" >> $GITHUB_STEP_SUMMARY
echo "- **Firewall**: iptables blocking direct access to cache endpoints" >> $GITHUB_STEP_SUMMARY
# Get the full access log echo "- **Test**: Cache restore operation completed successfully through proxy" >> $GITHUB_STEP_SUMMARY
ACCESS_LOG=$(cat "$SQUID_LOG" 2>/dev/null || echo "") echo "" >> $GITHUB_STEP_SUMMARY
echo "If the cache restore step succeeded, it means:" >> $GITHUB_STEP_SUMMARY
# Extract traffic details echo "1. Direct access to results-receiver.actions.githubusercontent.com was blocked" >> $GITHUB_STEP_SUMMARY
RESULTS_RECEIVER_LINES=$(echo "$ACCESS_LOG" | grep -i "results-receiver" || true) echo "2. Direct access to *.blob.core.windows.net was blocked" >> $GITHUB_STEP_SUMMARY
BLOB_LINES=$(echo "$ACCESS_LOG" | grep -i "blob.core.windows.net" || true) echo "3. Cache operations were routed through the squid proxy" >> $GITHUB_STEP_SUMMARY
RESULTS_RECEIVER_COUNT=$(echo "$ACCESS_LOG" | grep -ci "results-receiver" || echo "0") echo "" >> $GITHUB_STEP_SUMMARY
BLOB_COUNT=$(echo "$ACCESS_LOG" | grep -ci "blob.core.windows.net" || echo "0") echo "✅ **SUCCESS**: Proxy integration test passed!" >> $GITHUB_STEP_SUMMARY
# Build summary table
echo "### 📊 Traffic Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Endpoint | Requests | Status |" >> $GITHUB_STEP_SUMMARY
echo "|----------|----------|--------|" >> $GITHUB_STEP_SUMMARY
if [ "$RESULTS_RECEIVER_COUNT" -gt 0 ]; then
echo "| results-receiver.actions.githubusercontent.com | $RESULTS_RECEIVER_COUNT | ✅ Proxied |" >> $GITHUB_STEP_SUMMARY
else
echo "| results-receiver.actions.githubusercontent.com | 0 | ⚠️ Not detected |" >> $GITHUB_STEP_SUMMARY
fi
if [ "$BLOB_COUNT" -gt 0 ]; then
echo "| *.blob.core.windows.net | $BLOB_COUNT | ✅ Proxied |" >> $GITHUB_STEP_SUMMARY
else
echo "| *.blob.core.windows.net | 0 | ⚠️ Not detected |" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
# Verification result
echo "### 🎯 Verification Result" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ "$RESULTS_RECEIVER_COUNT" -gt 0 ] && [ "$BLOB_COUNT" -gt 0 ]; then
echo "✅ **SUCCESS**: All cache restore traffic verified going through proxy!" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- ✅ GetCacheEntryDownloadURL API call routed through proxy" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Blob storage download routed through proxy" >> $GITHUB_STEP_SUMMARY
VERIFY_STATUS="success"
else
echo "⚠️ **WARNING**: Some expected cache traffic not found in proxy logs" >> $GITHUB_STEP_SUMMARY
VERIFY_STATUS="warning"
fi
# Detailed traffic logs
echo "" >> $GITHUB_STEP_SUMMARY
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>📋 Detailed Proxy Traffic Logs</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Results Receiver Traffic (Cache API)" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
if [ -n "$RESULTS_RECEIVER_LINES" ]; then
echo "$RESULTS_RECEIVER_LINES" >> $GITHUB_STEP_SUMMARY
else
echo "(no results-receiver traffic found)" >> $GITHUB_STEP_SUMMARY
fi
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Blob Storage Traffic (Cache Download)" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
if [ -n "$BLOB_LINES" ]; then
echo "$BLOB_LINES" >> $GITHUB_STEP_SUMMARY
else
echo "(no blob storage traffic found)" >> $GITHUB_STEP_SUMMARY
fi
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "#### Full Squid Access Log" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
if [ -n "$ACCESS_LOG" ]; then
echo "$ACCESS_LOG" >> $GITHUB_STEP_SUMMARY
else
echo "(access log empty or not accessible)" >> $GITHUB_STEP_SUMMARY
fi
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
# Also output to logs for debugging
echo ""
echo "=== Traffic Summary ==="
echo "Results-receiver requests: $RESULTS_RECEIVER_COUNT"
echo "Blob storage requests: $BLOB_COUNT"
echo "Verification status: $VERIFY_STATUS"
else
echo "⚠️ **WARNING**: Could not access Squid proxy logs" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "The shared log volume may not be accessible at $SQUID_LOG" >> $GITHUB_STEP_SUMMARY
echo "Checking what's in /shared-logs/:"
ls -la /shared-logs/ || echo "Directory not accessible"
echo "Could not access squid access log at $SQUID_LOG"
fi
- name: Verify cache - name: Verify cache
run: __tests__/verify-cache-files.sh proxy test-cache run: __tests__/verify-cache-files.sh proxy test-cache