Quickstart

.github/workflows/quick-start.yml

@@ -0,0 +1,36 @@
+name: quick-start
+
+on: 
+ workflow_dispatch:
+
+jobs:
+  test-quick-start:
+    name: "Run quick start test"
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    permissions:
+      contents: write
+    steps:            
+      - name: Bootstrap e2e
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/bin
+          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
+          make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }}
+          make generate-certs
+      - name: Run e2e with config policy
+        run: |
+          make e2e-deploy-helmfile
+          make e2e-helmfile-deploy-released-ratify
+          make test-quick-start
+      - name: Save logs
+        if: ${{ always() }}
+        run: |
+          kubectl logs -n gatekeeper-system -l app=ratify --tail=-1 > logs-ratify-preinstall-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-config-policy.json
+          kubectl logs -n gatekeeper-system -l app.kubernetes.io/name=ratify --tail=-1 > logs-ratify-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-config-policy.json
+      - name: Upload artifacts
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        if: ${{ always() }}
+        with:
+          name: e2e-logs
+          path: |
+            logs-*.json

Makefile

@@ -24,6 +24,7 @@ HELM_VERSION ?= 3.9.2
 BATS_BASE_TESTS_FILE ?= test/bats/base-test.bats
 BATS_PLUGIN_TESTS_FILE ?= test/bats/plugin-test.bats
 BATS_CLI_TESTS_FILE ?= test/bats/cli-test.bats
+BATS_QUICKSTART_TESTS_FILE ?= test/bats/quickstart-test.bats
 BATS_HA_TESTS_FILE ?= test/bats/high-availability.bats
 BATS_VERSION ?= 1.7.0
 SYFT_VERSION ?= v0.76.0
@@ -143,6 +144,10 @@ test-e2e-cli: e2e-dependencies e2e-create-local-registry e2e-notation-setup e2e-
 	RATIFY_DIR=${INSTALL_DIR} TEST_REGISTRY=${TEST_REGISTRY} ${GITHUB_WORKSPACE}/bin/bats -t ${BATS_CLI_TESTS_FILE}
 	go tool covdata textfmt -i=${GOCOVERDIR} -o test/e2e/coverage.txt
 
+.PHONY: test-quick-start
+test-quick-start:
+	bats -t ${BATS_QUICKSTART_TESTS_FILE}
+
 .PHONY: test-high-availability
 test-high-availability:
 	bats -t ${BATS_HA_TESTS_FILE}
@@ -241,6 +246,12 @@ e2e-helm-install:
 	cd .staging/helm && tar -xvf helmbin.tar.gz
 	./.staging/helm/linux-amd64/helm version --client
 
+e2e-helmfile-install:
+	rm -rf .staging/helm-file
+	mkdir .staging/helm-file
+	curl -LO https://github.com/helmfile/helmfile/releases/download/v0.155.0/helmfile_0.155.0_linux_amd64.tar.gz --output .staging/helm-file/helmfilebin.tar.gz
+	cd .staging/helm-file && tar -xvf helmfile*.tar.gz
+
 e2e-docker-credential-store-setup:
 	rm -rf .staging/pass
 	mkdir -p .staging/pass
@@ -458,6 +469,9 @@ e2e-build-local-ratify-image:
 	-t localbuild:test .
 	kind load docker-image --name kind localbuild:test
 
+e2e-helmfile-deploy-released-ratify:
+	curl -L https://raw.githubusercontent.com/deislabs/ratify/main/helmfile.yaml | ./.staging/helm-file/helmfile sync -f - 
+
 e2e-helm-deploy-ratify:
 	printf "{\n\t\"auths\": {\n\t\t\"registry:5000\": {\n\t\t\t\"auth\": \"`echo "${TEST_REGISTRY_USERNAME}:${TEST_REGISTRY_PASSWORD}" | tr -d '\n' | base64 -i -w 0`\"\n\t\t}\n\t}\n}" > mount_config.json
 

test/bats/quickstart-test.bats

@@ -0,0 +1,20 @@
+#!/usr/bin/env bats
+
+load helpers
+
+BATS_TESTS_DIR=${BATS_TESTS_DIR:-test/bats/tests}
+WAIT_TIME=60
+SLEEP_TIME=1
+
+@test "base test without cert rotator" {
+    teardown() {
+        echo "cleaning up"
+        wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete pod demo --namespace default --force --ignore-not-found=true'
+    }
+    run kubectl run demo --image=ghcr.io/deislabs/ratify/notary-image:signed
+    assert_success
+
+    # validate unsigned fails
+    kubectl run demo1 --image=ghcr.io/deislabs/ratify/notary-image:unsigned
+    assert_failure
+}