Update .gitea/workflows/ci-test.yaml

2025-10-27 15:53:06 +00:00 · 2025-08-24 17:02:15 +00:00
parent 1768c89c72
commit b0b81e74de
1 changed files with 33 additions and 10 deletions
--- a/.gitea/workflows/ci-test.yaml
+++ b/.gitea/workflows/ci-test.yaml
@ -34,16 +34,31 @@ jobs:
          path: infra/secrets


-      - name: Install cloudflare prerequisites
-        run: |
-          apt-get install -y curl ca-certificates jq openssh-client net-tools iproute2

      - name: Install cloudflared
        run: |
-          # pacote .deb oficial - funcionará numa runner Ubuntu x86_64
-          curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
-          dpkg -i cloudflared.deb
-          cloudflared --version
+          apt-get install -y cloudflared dante-server
+
+
+      - name: Configure dante-server
+        run: |
+          cat <<EOF | sudo tee /etc/danted.conf
+          logoutput: stderr
+          internal: 127.0.0.1 port = 1080
+          external: lo
+          method: none
+          clientmethod: none
+          client pass {
+              from: 0.0.0.0/0 to: 0.0.0.0/0
+              log: connect disconnect
+          }
+          # encaminhar tudo para o listener TCP do cloudflared
+          socks pass {
+              from: 0.0.0.0/0 to: 0.0.0.0/0
+              command: connect udpassociate bind
+              log: connect disconnect
+          }
+          EOF

      - name: Start cloudflared Access TCP -> SOCKS5 (background)
        env:
@ -55,18 +70,18 @@ jobs:
          # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
          nohup cloudflared access tcp \
            --hostname "$HOSTNAME" \
-            --listener "socks5://127.0.0.1:1080" \
+            --listener "tcp://127.0.0.1:1081" \
            --service-token-id "$CF_SVC_ID" \
            --service-token-secret "$CF_SVC_SECRET" \
            > cloudflared.log 2>&1 &

          # espera a porta do listener estar pronta (timeout 30s)
          for i in $(seq 1 30); do
-            ss -tnl | grep -q ":1080" && break
+            ss -tnl | grep -q ":1081" && break
            sleep 1
          done

-          if ! ss -tnl | grep -q ":1080"; then
+          if ! ss -tnl | grep -q ":1081"; then
            echo "SOCKS listener not ready after 30s, printing cloudflared.log"
            tail -n +1 cloudflared.log
            cat cloudflared.log
@ -77,6 +92,14 @@ jobs:
          sleep 1
          # opcional: ver primeiros logs
          tail -n 50 cloudflared.log || true
+      
+      - name: Start dante-server
+        run: |
+          sudo pkill danted || true
+          sudo danted -f /etc/danted.conf -D > dante.log 2>&1 &
+          sleep 3
+          cat dante.log
+          
      - name: vaultwarden login
        working-directory: infra/iac
        run: |