From c8177ce0fbab68a7db1a4003011544c60aeb0bc6 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Wed, 18 Jan 2023 12:08:22 -0500 Subject: [PATCH] Add initial integration tests These don't initially provide any pass/fail feedback (other than if the commands themselves crash), but do provide a way to review the output without requiring a local development environment. --- .gitignore | 7 ++ Jenkinsfile | 25 +++++- bin/test-integration | 13 +++ .../Dockerfile.rhel.all-dependencies | 3 + .../Dockerfile.ubuntu.all-dependencies | 24 +++++ ci/integration/test | 87 +++++++++++++++++++ 6 files changed, 156 insertions(+), 3 deletions(-) create mode 100755 bin/test-integration create mode 100644 ci/integration/Dockerfile.rhel.all-dependencies create mode 100644 ci/integration/Dockerfile.ubuntu.all-dependencies create mode 100755 ci/integration/test diff --git a/.gitignore b/.gitignore index a52883f..11aff1b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,14 @@ build_ca_certificate conjur-preflight # Exclude binary entrypoint !cmd/conjur-preflight + +# Don't include auto-generated version file VERSION + +# Do include the version golang module !pkg/version +# Don't include the integration test results +ci/integration/results/ + .DS_Store diff --git a/Jenkinsfile b/Jenkinsfile index c6800bb..3289d94 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -92,6 +92,28 @@ pipeline { } } + // This produces the conjur-preflight binaries for integration tests and + // pushing a release when this is a RELEASE build. + stage('Create Release Assets') { + steps { + sh "bin/build-release" + } + } + + // Currently the integration tests don't pass or fail the build based on + // any conditions. Rather, that provide an easy way to inspect the result + // from a few various environments without running the tool manually. + stage('Run Integration Tests') { + steps { + sh 'bin/test-integration' + } + post { + always { + archiveArtifacts artifacts: 'ci/integration/results/**', allowEmptyArchive: true, fingerprint: false + } + } + } + stage('Release') { when { expression { @@ -100,9 +122,6 @@ pipeline { } steps { - // Build release artifacts - sh "bin/build-release" - release { billOfMaterialsDirectory, assetDirectory, toolsDirectory -> // Publish release artifacts to all the appropriate locations // Copy any artifacts to assetDirectory to attach them to the Github release diff --git a/bin/test-integration b/bin/test-integration new file mode 100755 index 0000000..568ad8b --- /dev/null +++ b/bin/test-integration @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +set -eu + +main() { + pushd "ci/integration" > /dev/null 2>&1 + + ./test + + popd > /dev/null 2>&1 +} + +main "$@" diff --git a/ci/integration/Dockerfile.rhel.all-dependencies b/ci/integration/Dockerfile.rhel.all-dependencies new file mode 100644 index 0000000..e62c874 --- /dev/null +++ b/ci/integration/Dockerfile.rhel.all-dependencies @@ -0,0 +1,3 @@ +FROM redhat/ubi8 + +RUN yum install -y podman diff --git a/ci/integration/Dockerfile.ubuntu.all-dependencies b/ci/integration/Dockerfile.ubuntu.all-dependencies new file mode 100644 index 0000000..64c354f --- /dev/null +++ b/ci/integration/Dockerfile.ubuntu.all-dependencies @@ -0,0 +1,24 @@ +FROM ubuntu + +RUN apt-get update && \ + apt-get remove -y \ + docker \ + docker.io \ + containerd \ + runc && \ + apt-get install -y \ + ca-certificates \ + curl \ + gnupg \ + lsb-release && \ + mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \ + gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + apt-get update && \ + apt-get install -y \ + docker-ce \ + docker-ce-cli \ + containerd.io diff --git a/ci/integration/test b/ci/integration/test new file mode 100755 index 0000000..603b672 --- /dev/null +++ b/ci/integration/test @@ -0,0 +1,87 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +REPO_ROOT="$(git rev-parse --show-toplevel)" + +main() { + ensure_results_directory + + build_full_dependency_images + + run_tests +} + +ensure_results_directory() { + mkdir -p ./results + rm -rf ./results/* +} + +build_full_dependency_images() { + echo "Building full dependency test images..." + echo "...RHEL based..." + docker build \ + --file=Dockerfile.rhel.all-dependencies \ + --tag="redhat/ubi8:all-dependencies" \ + . + + echo "...Ubuntu based..." + docker build \ + --file Dockerfile.ubuntu.all-dependencies \ + --tag="ubuntu:all-dependencies" \ + . + + echo "...integration test images built." +} + +run_tests() { + echo "Running integration tests..." + + echo "Testing Ubuntu with no dependencies installed..." + run_integration_test \ + "ubuntu-bare" \ + "ubuntu" + + echo "Testing Ubuntu with all dependencies installed..." + run_integration_test \ + "ubuntu-all-dependencies" \ + "ubuntu:all-dependencies" \ + --privileged + + echo "Testing RHEL with no dependencies installed..." + run_integration_test \ + "rhel-bare-unprivileged" \ + "redhat/ubi8" + + echo "Testing rootless RHEL with all dependencies installed..." + run_integration_test \ + "rhel-all-dependencies-unprivileged" \ + "redhat/ubi8:all-dependencies" + + echo "Testing privileged RHEL with all dependencies installed..." + run_integration_test \ + "rhel-all-dependencies-root" \ + "redhat/ubi8:all-dependencies" \ + --privileged \ + --user="root" + + echo "Integration tests finished. Results can be found in directory: ci/integration/results/" +} + +run_integration_test() { + local name="$1"; shift + local image="$1"; shift + + docker run \ + --rm \ + --name="$name" \ + --volume="${REPO_ROOT}:/conjur-preflight" \ + "$@" \ + "${image}" \ + /conjur-preflight/dist/conjur-preflight_linux_amd64_v1/conjur-preflight \ + | tee "./results/${name}.txt" +} + +main "$@" +