Add initial integration tests

These don't initially provide any pass/fail feedback (other than if the commands themselves crash), but do provide a way to review the output without requiring a local development environment.
cyberark · Jan 20, 2023 · c8177ce · c8177ce
1 parent 8b992cc
commit c8177ce
Show file tree

Hide file tree

Showing 6 changed files with 156 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,7 +14,14 @@ build_ca_certificate
 conjur-preflight
 # Exclude binary entrypoint
 !cmd/conjur-preflight
+
+# Don't include auto-generated version file
 VERSION
+
+# Do include the version golang module
 !pkg/version
 
+# Don't include the integration test results
+ci/integration/results/
+
 .DS_Store
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -92,6 +92,28 @@ pipeline {
       }
     }
 
+    // This produces the conjur-preflight binaries for integration tests and
+    // pushing a release when this is a RELEASE build.
+    stage('Create Release Assets') {
+      steps {
+        sh "bin/build-release"
+      }
+    }
+
+    // Currently the integration tests don't pass or fail the build based on
+    // any conditions. Rather, that provide an easy way to inspect the result
+    // from a few various environments without running the tool manually.
+    stage('Run Integration Tests') {
+      steps {
+        sh 'bin/test-integration'
+      }
+      post {
+        always {
+           archiveArtifacts artifacts: 'ci/integration/results/**', allowEmptyArchive: true, fingerprint: false
+        }
+      }
+    }
+
     stage('Release') {
       when {
         expression {
@@ -100,9 +122,6 @@ pipeline {
       }
 
       steps {
-        // Build release artifacts
-        sh "bin/build-release"
-
         release { billOfMaterialsDirectory, assetDirectory, toolsDirectory ->
           // Publish release artifacts to all the appropriate locations
           // Copy any artifacts to assetDirectory to attach them to the Github release

diff --git a/bin/test-integration b/bin/test-integration
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -eu
+
+main() {
+  pushd "ci/integration" > /dev/null 2>&1
+
+  ./test
+
+  popd > /dev/null 2>&1
+}
+
+main "$@"
diff --git a/ci/integration/Dockerfile.rhel.all-dependencies b/ci/integration/Dockerfile.rhel.all-dependencies
@@ -0,0 +1,3 @@
+FROM redhat/ubi8
+
+RUN yum install -y podman
diff --git a/ci/integration/Dockerfile.ubuntu.all-dependencies b/ci/integration/Dockerfile.ubuntu.all-dependencies
@@ -0,0 +1,24 @@
+FROM ubuntu
+
+RUN apt-get update && \
+    apt-get remove -y \
+        docker \
+        docker.io \
+        containerd \
+        runc && \
+    apt-get install -y \
+        ca-certificates \
+        curl \
+        gnupg \
+        lsb-release && \
+    mkdir -p /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
+        gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+        $(lsb_release -cs) stable" | \
+        tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+    apt-get update && \
+    apt-get install -y \
+        docker-ce \
+        docker-ce-cli \
+        containerd.io
diff --git a/ci/integration/test b/ci/integration/test
@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+
+set -e
+set -o pipefail
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+
+main() {
+  ensure_results_directory
+
+  build_full_dependency_images
+
+  run_tests
+}
+
+ensure_results_directory() {
+  mkdir -p ./results
+  rm -rf ./results/*
+}
+
+build_full_dependency_images() {
+  echo "Building full dependency test images..."
+  echo "...RHEL based..."
+  docker build \
+    --file=Dockerfile.rhel.all-dependencies \
+    --tag="redhat/ubi8:all-dependencies" \
+    .
+
+  echo "...Ubuntu based..."
+  docker build \
+    --file Dockerfile.ubuntu.all-dependencies \
+    --tag="ubuntu:all-dependencies" \
+    .
+
+  echo "...integration test images built."
+}
+
+run_tests() {
+  echo "Running integration tests..."
+
+  echo "Testing Ubuntu with no dependencies installed..."
+  run_integration_test \
+    "ubuntu-bare" \
+    "ubuntu"
+
+  echo "Testing Ubuntu with all dependencies installed..."
+  run_integration_test \
+    "ubuntu-all-dependencies" \
+    "ubuntu:all-dependencies" \
+    --privileged
+
+  echo "Testing RHEL with no dependencies installed..."
+  run_integration_test \
+    "rhel-bare-unprivileged" \
+    "redhat/ubi8"
+
+  echo "Testing rootless RHEL with all dependencies installed..."
+  run_integration_test \
+    "rhel-all-dependencies-unprivileged" \
+    "redhat/ubi8:all-dependencies"
+
+  echo "Testing privileged RHEL with all dependencies installed..."
+  run_integration_test \
+    "rhel-all-dependencies-root" \
+    "redhat/ubi8:all-dependencies" \
+    --privileged \
+    --user="root"
+
+  echo "Integration tests finished. Results can be found in directory: ci/integration/results/"
+}
+
+run_integration_test() {
+  local name="$1"; shift
+  local image="$1"; shift
+
+  docker run \
+    --rm \
+    --name="$name" \
+    --volume="${REPO_ROOT}:/conjur-preflight" \
+    "$@" \
+    "${image}" \
+      /conjur-preflight/dist/conjur-preflight_linux_amd64_v1/conjur-preflight \
+      | tee "./results/${name}.txt"
+}
+
+main "$@"
+