Nodarx/action-stalwart-install
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

Compare commits

base: Nodarx:main
Branches Tags
Nodarx:main
..
compare: Nodarx:5256d461f1aede34b685b934832f31828320918a
Branches Tags
Nodarx:main

1 Commits
main ... 5256d461f1

Author SHA1 Message Date
Sebastian Krupinski
5256d461f1 feat: initial version
Some checks failed
Test Stalwart Installation Action / Error Handling Tests (pull_request) Successful in 18s
Details
Test Stalwart Installation Action / Basic Installation (No Config) (pull_request) Successful in 44s
Details
Test Stalwart Installation Action / Full Configuration (Domains + Users) (pull_request) Failing after 44s
Details
Test Stalwart Installation Action / Test Summary (pull_request) Failing after 3s
Details 
Signed-off-by: Sebastian Krupinski <krupinski01@gmail.com>
 2026-02-15 01:28:40 -05:00
3 changed files with 35 additions and 141 deletions
Expand all files Collapse all files

138
.github/workflows/test.yml vendored
View File

@@ -93,7 +93,6 @@ jobs:
sudo apt-get install -y jq curl sudo apt-get install -y jq curl
- name: Install with full configuration - name: Install with full configuration
id: install
uses: ./ uses: ./
with: with:
domains: | domains: |
@@ -163,137 +162,26 @@ jobs:
echo "::error::API not accessible after 60 seconds" echo "::error::API not accessible after 60 seconds"
exit 1 exit 1
- name: Verify domains and users were created
run: |
echo "=== Reading Admin Password ==="
if [ -f /tmp/stalwart_admin_password ]; then
ADMIN_PASSWORD=$(cat /tmp/stalwart_admin_password)
echo "✓ Admin password retrieved"
else
echo "::error::Admin password file not found"
exit 1
fi
echo ""
echo "=== Verifying Domains ==="
DOMAINS_RESPONSE=$(curl -s -u "admin:$ADMIN_PASSWORD" \
"http://localhost:8080/api/principal?types=domain&limit=100")
DOMAIN_COUNT=$(echo "$DOMAINS_RESPONSE" | jq '.data.total // 0')
echo "Total domains found: $DOMAIN_COUNT"
# List domains
echo "$DOMAINS_RESPONSE" | jq -r '.data.items[] | " - \(.name): \(.description // "No description")"'
# Verify specific domains exist
if echo "$DOMAINS_RESPONSE" | jq -e '.data.items[] | select(.name == "test1.local")' >/dev/null; then
echo "✓ Domain test1.local exists"
else
echo "::error::Domain test1.local not found"
exit 1
fi
if echo "$DOMAINS_RESPONSE" | jq -e '.data.items[] | select(.name == "test2.local")' >/dev/null; then
echo "✓ Domain test2.local exists"
else
echo "::error::Domain test2.local not found"
exit 1
fi
echo ""
echo "=== Verifying Users ==="
USERS_RESPONSE=$(curl -s -u "admin:$ADMIN_PASSWORD" \
"http://localhost:8080/api/principal?types=individual&limit=100")
USER_COUNT=$(echo "$USERS_RESPONSE" | jq '.data.total // 0')
echo "Total users found: $USER_COUNT"
# List users
echo "$USERS_RESPONSE" | jq -r '.data.items[] | " - \(.name) (\(.emails[0])): roles=\(.roles)"'
# Verify we have at least the 3 users we created
if [ "$USER_COUNT" -lt 3 ]; then
echo "::error::Expected at least 3 users, found $USER_COUNT"
exit 1
fi
# Verify specific users exist and have correct roles
for user_email in "user1@test1.local" "user2@test1.local" "admin@test2.local"; do
USER_DATA=$(echo "$USERS_RESPONSE" | jq --arg email "$user_email" '.data.items[] | select(.emails[] == $email)')
if [ -z "$USER_DATA" ]; then
echo "::error::User $user_email not found"
exit 1
fi
# Check if user has "user" role
HAS_USER_ROLE=$(echo "$USER_DATA" | jq '.roles | contains(["user"])')
if [ "$HAS_USER_ROLE" = "true" ]; then
echo "✓ User $user_email exists with 'user' role"
else
echo "::error::User $user_email exists but missing 'user' role"
exit 1
fi
done
echo ""
echo "✓ All domains and users verified successfully"
- name: Verify unauthenticated JMAP access
run: |
echo "Testing unauthenticated JMAP endpoint..."
# Call without authentication (follow redirects with -L)
HTTP_CODE=$(curl -s -L \
-o /tmp/jmap_response_no_auth.json \
-w "%{http_code}" \
"http://localhost:8080/.well-known/jmap")
echo "HTTP Status Code: $HTTP_CODE"
echo "JMAP Response:"
cat /tmp/jmap_response_no_auth.json
echo ""
# Check if request succeeded
if [ "$HTTP_CODE" != "200" ]; then
echo "::error::JMAP endpoint returned HTTP $HTTP_CODE for unauthenticated request"
cat /tmp/jmap_response_no_auth.json || true
exit 1
fi
# Verify username is empty (no authentication)
USERNAME=$(cat /tmp/jmap_response_no_auth.json | jq -r '.username // empty')
if [ -z "$USERNAME" ]; then
echo "✓ Unauthenticated access returns empty username"
else
echo "::warning::Expected empty username for unauthenticated request, got '$USERNAME'"
fi
- name: Verify created user can authenticate - name: Verify created user can authenticate
run: | run: |
echo "Testing user authentication via JMAP endpoint..." echo "Testing user authentication via JMAP endpoint..."
# Test user1@test1.local authentication (follow redirects with -L) # Test user1@test1.local authentication (show HTTP code for debugging)
HTTP_CODE=$(curl -s -L \ HTTP_CODE=$(curl -s -o /tmp/jmap_response.json -w "%{http_code}" \
-o /tmp/jmap_response_auth.json \
-w "%{http_code}" \
-u "user1@test1.local:UserPass123!" \ -u "user1@test1.local:UserPass123!" \
"http://localhost:8080/.well-known/jmap") "http://localhost:8080/.well-known/jmap")
echo "HTTP Status Code: $HTTP_CODE" echo "HTTP Status Code: $HTTP_CODE"
echo "JMAP Response:" echo "JMAP Response:"
cat /tmp/jmap_response_auth.json cat /tmp/jmap_response.json | jq '.' || cat /tmp/jmap_response.json
echo ""
# Check if request succeeded
if [ "$HTTP_CODE" != "200" ]; then if [ "$HTTP_CODE" != "200" ]; then
echo "::error::JMAP endpoint returned HTTP $HTTP_CODE" echo "::error::JMAP endpoint returned HTTP $HTTP_CODE"
exit 1 exit 1
fi fi
# Verify username field contains our test user # Verify username field contains our test user
USERNAME=$(cat /tmp/jmap_response_auth.json | jq -r '.username // empty') USERNAME=$(cat /tmp/jmap_response.json | jq -r '.username // empty')
if [ "$USERNAME" = "user1@test1.local" ]; then if [ "$USERNAME" = "user1@test1.local" ]; then
echo "✓ User authentication successful: $USERNAME" echo "✓ User authentication successful: $USERNAME"
@@ -303,7 +191,7 @@ jobs:
fi fi
# Verify accounts object is not empty (means user is authenticated) # Verify accounts object is not empty (means user is authenticated)
ACCOUNTS=$(cat /tmp/jmap_response_auth.json | jq '.accounts // {}') ACCOUNTS=$(cat /tmp/jmap_response.json | jq '.accounts // {}')
if [ "$ACCOUNTS" != "{}" ]; then if [ "$ACCOUNTS" != "{}" ]; then
echo "✓ User has active accounts" echo "✓ User has active accounts"
else else
@@ -311,6 +199,22 @@ jobs:
exit 1 exit 1
fi fi
- name: Verify unauthenticated JMAP access
run: |
echo "Testing unauthenticated JMAP endpoint..."
# Call without authentication
JMAP_RESPONSE=$(curl -sf "http://localhost:8080/.well-known/jmap")
# Verify username is empty (no authentication)
USERNAME=$(echo "$JMAP_RESPONSE" | jq -r '.username // empty')
if [ -z "$USERNAME" ]; then
echo "✓ Unauthenticated access returns empty username"
else
echo "::warning::Expected empty username for unauthenticated request, got '$USERNAME'"
fi
- name: Show logs on failure - name: Show logs on failure
if: failure() if: failure()
run: | run: |

5
action.yml
View File

@@ -81,3 +81,8 @@ runs:
HOSTNAME=$(hostname -f 2>/dev/null || echo "localhost") HOSTNAME=$(hostname -f 2>/dev/null || echo "localhost")
echo "::notice::🎉 Stalwart Mail Server installation complete!" echo "::notice::🎉 Stalwart Mail Server installation complete!"
echo "::notice::Web admin: http://$HOSTNAME:8080/login" echo "::notice::Web admin: http://$HOSTNAME:8080/login"
if [ -n "${{ inputs.admin_password }}" ]; then
echo "::notice::Admin credentials configured via inputs"
else
echo "::notice::Default admin password: changeme (change this immediately!)"
fi

29
scripts/configure.sh
View File

@@ -56,10 +56,6 @@ main() {
log_info "📝 Generated admin password: ${current_password}" log_info "📝 Generated admin password: ${current_password}"
log_warning "⚠️ Save this password securely - it won't be shown again!" log_warning "⚠️ Save this password securely - it won't be shown again!"
# Save admin password to temp file for testing/debugging (remove in production)
echo "$current_password" > /tmp/stalwart_admin_password
chmod 600 /tmp/stalwart_admin_password
# Create domains if provided # Create domains if provided
if [ -n "$DOMAINS_JSON" ]; then if [ -n "$DOMAINS_JSON" ]; then
log_info "Creating domains..." log_info "Creating domains..."
@@ -257,25 +253,14 @@ create_users() {
continue continue
fi fi
# Hash the password with SHA-512 (API requires hashed passwords in secrets array) # Get password (use plain password - API handles hashing)
local hashed_password="" local password
local raw_password password=$(echo "$user" | jq -r '.password // empty' 2>/dev/null)
raw_password=$(echo "$user" | jq -r '.password // empty' 2>/dev/null)
if [ -n "$raw_password" ]; then
if command -v mkpasswd >/dev/null 2>&1; then
hashed_password=$(mkpasswd -m sha-512 "$raw_password")
elif command -v openssl >/dev/null 2>&1; then
hashed_password=$(openssl passwd -6 "$raw_password")
else
log_warning "Cannot hash password for $email - no mkpasswd or openssl found"
fi
fi
# Build API payload with required structure # Build API payload with required structure
local payload local payload
if [ -n "$hashed_password" ]; then if [ -n "$password" ]; then
payload=$(echo "$user" | jq --arg email "$email" --arg pwd "$hashed_password" '{ payload=$(echo "$user" | jq --arg email "$email" --arg pwd "$password" '{
type: "individual", type: "individual",
quota: (.quota // 0), quota: (.quota // 0),
name: $email, name: $email,
@@ -284,7 +269,7 @@ create_users() {
emails: [$email], emails: [$email],
urls: [], urls: [],
memberOf: [], memberOf: [],
roles: ["user"], roles: [],
lists: [], lists: [],
members: [], members: [],
enabledPermissions: [], enabledPermissions: [],
@@ -301,7 +286,7 @@ create_users() {
emails: [$email], emails: [$email],
urls: [], urls: [],
memberOf: [], memberOf: [],
roles: ["user"], roles: [],
lists: [], lists: [],
members: [], members: [],
enabledPermissions: [], enabledPermissions: [],