Try CI based nix

.github/workflows/test-pebble.yml

@@ -13,6 +13,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Build the Docker image
-      run: make compose
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Run pebble based agnos tester
+        run: nix-shell --pure --run agnos-test-script

.gitignore

@@ -1 +1,2 @@
 /target
+/target_nix_test

shell.nix

@@ -0,0 +1,53 @@
+{ pkgs ? import <nixpkgs> {}}:
+
+let 
+  inherit (pkgs) lib;
+  pebble_cert = ./test-docker/pebble/cert.pem;
+  pebble_priv_key = ./test-docker/pebble/key.pem;
+  pebble_config = pkgs.writeTextFile {
+    name = "pebble-config.json";
+    text = builtins.toJSON
+            { pebble = {
+                certificate = pebble_cert;
+                privateKey = pebble_priv_key;
+                listenAddress =  "0.0.0.0:14000";
+                httpPort= 5002;
+                tlsPort= 5001;
+              };
+            };
+  };
+  wait_for_it = pkgs.fetchurl {
+    url = "https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh";
+    hash = "sha256-t6BPON4eUedFXs9jFRyMfkBb0tRaLU4W9kGdtzehJdY=";
+  };
+  agnos_config = ./test-docker/agnos/config_test.toml;
+  test-script = pkgs.writeShellScriptBin "agnos-test-script" 
+  ''
+    set -xve
+    ${pkgs.pebble}/bin/pebble -config ${pebble_config} -strict -dnsserver 127.0.0.1:8053 &
+    export CARGO_TARGET_DIR=target_nix_test
+    ${pkgs.cargo}/bin/cargo build --release
+    OLDWORKDIR=$(pwd)
+    WORKDIR=$(mktemp -p target_nix_test -d)
+    cd $WORKDIR
+    $OLDWORKDIR/$CARGO_TARGET_DIR/release/agnos-generate-accounts-keys --key-size 2048 --no-confirm ${agnos_config}
+    bash ${wait_for_it} -t 0 127.0.0.1:14000
+    $OLDWORKDIR/$CARGO_TARGET_DIR/release/agnos --debug --acme-url https://127.0.0.1:14000/dir --acme-serv-ca ${pebble_cert} ${agnos_config}
+    cd $OLDWORKDIR
+    rm -rf $WORKDIR
+    killall pebble
+  '';
+in
+pkgs.mkShell {
+  nativeBuildInputs = with pkgs; [ killall rustc cargo gcc rustfmt clippy pebble pkg-config openssl mktemp];
+
+  # Certain Rust tools won't work without this
+  # This can also be fixed by using oxalica/rust-overlay and specifying the rust-src extension
+  # See https://discourse.nixos.org/t/rust-src-not-found-and-other-misadventures-of-developing-rust-on-nixos/11570/3?u=samuela. for more details.
+  RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";
+
+   shellHook = ''
+      export PATH=${test-script}/bin:$PATH
+  '';
+
+}

test-docker/agnos/config_test.toml

@@ -1,6 +1,5 @@
 # Address for the DNS server to listen on.
-# The port should probably be 53.
-dns_listen_addr = "0.0.0.0:53"
+dns_listen_addr = "0.0.0.0:8053"
 
 # A first account
 # accounts are identified by

test-docker/pebble/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgSgAwIBAgIUHfOjSE6Azub1nsBON4jlIvxVW5MwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJMTI3LjAuMC4xMCAXDTI0MTAyODE3MjQwM1oYDzIxMjQx
+MDA0MTcyNDAzWjAUMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCktTY6y+LXtChHhjyLyHxtzziI1VBMgNPLqLaO7Tqh
+5WQ8Ts2Q3tKEG0WQdolOIOkEvkn40CzN+oSYSxyD9ancwbMlGxaiud2X57gUd5Kr
+8yV3J+o+X7DtfuFQ91jUSk+e//TXDp/YB9UpbUOdI4svqN/gLr2eev7ERdjrIMMu
+ZstGn2/HBMGNI6EhSWwxfy4TkTjsNo6UKw7OMwYUW63LKoa9k2peL0cpho6e0K3d
+MX3lCdWiaIZDjXwUboARtXSe5IuJjY19OrosVaf+qsDtaPoWxDDP0JXyx/YAbeuQ
+9Xr4/VJzCRbZkitW9roPdmFRru1B8ppJ20piJDFlx0P5AgMBAAGjZDBiMB0GA1Ud
+DgQWBBT2ZCDvsXPuG+miLDV6XplcUC3PQjAfBgNVHSMEGDAWgBT2ZCDvsXPuG+mi
+LDV6XplcUC3PQjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdEQQIMAaHBH8AAAEwDQYJ
+KoZIhvcNAQELBQADggEBAKP5e5i4Ggx+vRJUmCQeRHBLSAG+DgE8vE8veAxeNjlB
+FLQ6EAfdtjomSeuvxn4IMccIegNZVQVlOQB0r488dLHMkLzCd1iwLzw7mZ7aThCy
+2xYK0GoLK8vednAQEY5xA6Og88onoEKTT483EfRFXs8dV14j7b77MsaC5afJ20VA
+bJfMSXquMxCmu42t7m4IbyZXZ+Z9Qv8P8oE+Ur9SKjMxukblPaZzxcwGEC+B0zEe
+L1uCpidZwuYpS6k06KfMCVzM+76WUVfpHtSMZgXRb8vMa0O/EX4anSE7KmfKyCcs
+R4IwvS90+FX9i7GGAv6Y//38xLq9T1M1z8dQJbdq97o=
+-----END CERTIFICATE-----

test-docker/pebble/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCktTY6y+LXtChH
+hjyLyHxtzziI1VBMgNPLqLaO7Tqh5WQ8Ts2Q3tKEG0WQdolOIOkEvkn40CzN+oSY
+SxyD9ancwbMlGxaiud2X57gUd5Kr8yV3J+o+X7DtfuFQ91jUSk+e//TXDp/YB9Up
+bUOdI4svqN/gLr2eev7ERdjrIMMuZstGn2/HBMGNI6EhSWwxfy4TkTjsNo6UKw7O
+MwYUW63LKoa9k2peL0cpho6e0K3dMX3lCdWiaIZDjXwUboARtXSe5IuJjY19Oros
+Vaf+qsDtaPoWxDDP0JXyx/YAbeuQ9Xr4/VJzCRbZkitW9roPdmFRru1B8ppJ20pi
+JDFlx0P5AgMBAAECggEAF2BmxXqJhA7cRqZ9MmOukVE/V2BbKLiCFt4npupxj2fE
+zbBriZuuajSKr4G7ZBzUpakyS3+UVFmxdwH2Fp6H0L6nI+WP1WGm2zf2juUXqpL0
+ZtCB9P9U16hR51FryJmRamIuiFVZh2o5LUuGNKfGSengeGt52yPew9GcA2cffJa9
+CjGVO7jX5r2ZVMMwf6oYr+TzAq/uJ4OeXfavfAoEvlDDN+oHsQ/iEm52i5Bg9uo6
+BNUqaqw5Ab8pLEkwc7hWZcfNFInPAKUldxUthIcZy4bcyifNKj3bdjAENxyDcGrL
+GUkdyOG0vqE4iAodbSxrM6aftasFLw8nj0gvl6YKZwKBgQDOMC78K+hKMr6wVk09
+otqh8nCeye2N7mGEktthpaIxfra6ld1dT37jviNla4Agfiavdx6jSfSdDqpL1kPZ
+XgC/F0ZrFHJNtO5ycYtjkJQfd9lSJYR1eKEnngyBPSx8uJ087wljlf1CySfBJ4ha
++pMnobaaZnTVC7pyoToAVvnEuwKBgQDMf6d4kLgoQ9p5JJV1/ud4571DL9BnTs8P
+vaxmK6qBbCFoekyVBAWiq9EA7zLeVY4zSKJvKSpWqgg429w4LKGskWV9S4lvItQ1
+44h8ZCnOEdDD8isfV5j1zxj+aaZlzk5uHlBE1/f0JWOEFyqECUqIxW218aP5x+V1
+uGrZR5Bo2wKBgQCB1BEhs7v2THGJsy27q7mi03daZKdyATHiOl5s49B2/eStJARY
+5t9tI6JCECiDTSuqvITMKJsf8cYFLotWaTxrFoq+jgdTKqQh56DvNnAuSFbMxNbc
+6PIAciJJlm1WsyA+5/yvehgYX3TqyKuxLapPACJsoiraoyHpX9+XqyxmVQKBgFd2
+qawZSYp/KuvxR7OF6H5/ryUTSDFHNaxn1VqFhpGAK/HBjQuXAsoGbofVxo3tTbqF
+cGPW2XLjmkynTFMCU8u5DA1Ax3EvFlBOFswNEww99mo4I1VuY8+OWgRGL5MPX+Ad
+OvuW20gizaNrPRXn22cP+dJ9nUJxyqRE0f5Ia21NAoGAOtYZjG72usz8oQWsDlBX
+VFusjfk/GQZowSzwPSTrYg4UVgVrYZVdwrhPAYMI+CvEoGjSBTjb1x6NZRGG3MOM
+ClFxlgfycHykMT2HwFvazwB1GayEBUYBCwSHI1mIjk67+x34xOzCpK2RVg26+QLs
+JLl0MDIbeM4wUzr7ApAYe/4=
+-----END PRIVATE KEY-----