add automated test for quickstart

with tls with acme (with pebble, a small acme server for testing), and with pregenerated keys/certs. the two mox instances are configured on their own domain. we launch a separate test container that connects to the first, submits a message for delivery to the second. we check if the message is delivered with an imap connection and the idle command.
2025-07-12 17:44:35 +03:00 · 2023-06-04 20:38:10 +02:00
parent e53b773d04
commit 05fd5c6947
34 changed files with 595 additions and 6 deletions
--- a/docker-compose-quickstart.yml
+++ b/docker-compose-quickstart.yml
@ -0,0 +1,133 @@
+version: '3.7'
+services:
+  # We run quickstart_test.go from this container, it connects to both mox instances.
+  test:
+    hostname: test.mox1.example
+    image: mox_quickstart_test
+    # We add our cfssl-generated CA (which is in the repo) and acme pebble CA
+    # (generated each time pebble starts) to the list of trusted CA's, so the TLS
+    # dials in quickstart_test.go succeed.
+    command: ["sh", "-c", "set -ex; cat /quickstart/tmp-pebble-ca.pem /quickstart/tls/ca.pem >>/etc/ssl/certs/ca-certificates.crt; go test -tags quickstart"]
+    volumes:
+      - ./.go:/.go
+      - ./testdata/quickstart/resolv.conf:/etc/resolv.conf
+      - ./testdata/quickstart:/quickstart
+      - .:/mox
+    environment:
+      GOCACHE: /.go/.cache/go-build
+    depends_on:
+      dns:
+        condition: service_healthy
+      # moxmail2 depends on moxacmepebble, we connect to both.
+      moxmail2:
+        condition: service_healthy
+    networks:
+      mailnet1:
+        ipv4_address: 172.28.1.50
+
+  # First mox instance that uses ACME with pebble.
+  moxacmepebble:
+    hostname: moxacmepebble.mox1.example
+    domainname: mox1.example
+    image: mox_quickstart_moxmail
+    environment:
+      MOX_UID: "${MOX_UID}"
+    command: ["sh", "-c", "/quickstart/moxacmepebble.sh"]
+    volumes:
+      - ./testdata/quickstart/resolv.conf:/etc/resolv.conf
+      - ./testdata/quickstart:/quickstart
+    healthcheck:
+      test: netstat -nlt | grep ':25 '
+      interval: 1s
+      timeout: 1s
+      retries: 10
+    depends_on:
+      dns:
+        condition: service_healthy
+      acmepebble:
+        condition: service_healthy
+    networks:
+      mailnet1:
+        ipv4_address: 172.28.1.10
+
+  # Second mox instance, with TLS cert/keys from files.
+  moxmail2:
+    hostname: moxmail2.mox2.example
+    domainname: mox2.example
+    image: mox_quickstart_moxmail
+    environment:
+      MOX_UID: "${MOX_UID}"
+    command: ["sh", "-c", "/quickstart/moxmail2.sh"]
+    volumes:
+      - ./testdata/quickstart/resolv.conf:/etc/resolv.conf
+      - ./testdata/quickstart:/quickstart
+    healthcheck:
+      test: netstat -nlt | grep ':25 '
+      interval: 1s
+      timeout: 1s
+      retries: 10
+    depends_on:
+      dns:
+        condition: service_healthy
+      acmepebble:
+        condition: service_healthy
+      # moxacmepebble creates tmp-pebble-ca.pem, needed by moxmail2 to trust the certificates offered by moxacmepebble.
+      moxacmepebble:
+        condition: service_healthy
+    networks:
+      mailnet1:
+        ipv4_address: 172.28.1.20
+
+  dns:
+    hostname: dns.example
+    build:
+      dockerfile: Dockerfile.dns
+      # todo: figure out how to build from dockerfile with empty context without creating empty dirs in file system.
+      context: testdata/quickstart
+    volumes:
+      - ./testdata/quickstart/resolv.conf:/etc/resolv.conf
+      - ./testdata/quickstart:/quickstart
+    # We start with a base example.zone, but moxacmepebble appends its records,
+    # followed by moxmail2. They restart unbound after appending records.
+    command: ["sh", "-c", "set -ex; ls -l /etc/resolv.conf; chmod o+r /etc/resolv.conf; install -m 640 -o unbound /quickstart/unbound.conf /etc/unbound/; chmod 755 /quickstart; chmod 644 /quickstart/*.zone; cp /quickstart/example.zone /quickstart/example-quickstart.zone; ls -ld /quickstart /quickstart/reverse.zone; unbound -d -p -v"]
+    healthcheck:
+      test: netstat -nlu | grep '172.28.1.30:53 '
+      interval: 1s
+      timeout: 1s
+      retries: 10
+    networks:
+      mailnet1:
+        ipv4_address: 172.28.1.30
+
+  # pebble is a small acme server useful for testing. It creates a new CA
+  # certificate each time it starts, so we go through some trouble to configure the
+  # certificate in moxacmepebble and moxmail2.
+  acmepebble:
+    hostname: acmepebble.example
+    image: docker.io/letsencrypt/pebble:v2.3.1@sha256:fc5a537bf8fbc7cc63aa24ec3142283aa9b6ba54529f86eb8ff31fbde7c5b258
+    volumes:
+      - ./testdata/quickstart/resolv.conf:/etc/resolv.conf
+      - ./testdata/quickstart:/quickstart
+    command: ["sh", "-c", "set -ex; mount; ls -l /etc/resolv.conf; chmod o+r /etc/resolv.conf; pebble -config /quickstart/pebble-config.json"]
+    ports:
+      - 14000:14000  # ACME port
+      - 15000:15000  # Management port
+    healthcheck:
+      test: netstat -nlt | grep ':14000 '
+      interval: 1s
+      timeout: 1s
+      retries: 10
+    depends_on:
+      dns:
+        condition: service_healthy
+    networks:
+      mailnet1:
+        ipv4_address: 172.28.1.40
+
+networks:
+  mailnet1:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.28.1.0/24"