[installer]: create tests to verify render result #11288
Conversation
mrsimonemms
force-pushed
the
sje/render-testing
branch
2 times, most recently
from
28a8e24 to
922feff
Compare
mrsimonemms
changed the title
mrsimonemms
force-pushed
the
sje/render-testing
branch
from
922feff to
24a214d
Compare
|
| GitGuardian id | Secret | Commit | Filename | |
|---|---|---|---|---|
| 4097242 | Generic High Entropy Secret | 962222a | install/installer/cmd/testdata/render/minimal/output.golden | View secret |
| 4097242 | Generic High Entropy Secret | 962222a | install/installer/cmd/testdata/render/minimal/output.golden | View secret |
| 4097243 | Generic High Entropy Secret | 962222a | install/installer/cmd/testdata/render/minimal/output.golden | View secret |
| 4097242 | Generic High Entropy Secret | 962222a | install/installer/cmd/testdata/render/minimal/output.golden | View secret |
| 4097244 | Generic High Entropy Secret | 962222a | install/installer/cmd/testdata/render/minimal/output.golden | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
mrsimonemms
force-pushed
the
sje/render-testing
branch
2 times, most recently
from
650a899 to
c491890
Compare
mrsimonemms
force-pushed
the
sje/render-testing
branch
from
c491890 to
315738a
Compare
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
mrsimonemms
force-pushed
the
sje/render-testing
branch
from
315738a to
3598be1
Compare
This allows for the values to be consistent when testing
This is useful for testing so we can generate the same rendering each time and then compare the outputs against a known value. It also allows users to make their randomisation deterministic
mrsimonemms
force-pushed
the
sje/render-testing
branch
2 times, most recently
from
f22f217 to
15daf85
Compare
mrsimonemms
force-pushed
the
sje/render-testing
branch
from
15daf85 to
962222a
Compare
|
@mrsimonemms Looks like this PR is block our add new components, because installer render is not stable, i.e. some random value, some random order Also, I try this command, and it failed by a weird error, but I can manually download this file
|
|
Hi @iQQBot, to get through this you'll need to run I'll create a PR to auto-download these as part of the workspace creation |
|
OK, thanks, but I'm a little curious, the order of render looks random, how does it ensure that the order is consistent each time it is rendered? |
|
It is random how it's generated, but we sort the generated YAML - see https://github.com/gitpod-io/gitpod/blob/main/install/installer/cmd/render.go#L219 We also have an option to set the random values to a deterministic state - in the tests, we just set that to |
|
Fix created #11829 |
Description
This is a proposed change to allow for testing of the rendered YAML in the Installer.
The data is stored in
cmd/testdata/render, with the test names being stored incmd/testdata/render/<name>/<config|output>.golden. Files ending.goldenare excluded from the hooks to make them testable. The intention is that there will be a suite of these tests and they verify that the known output is matched. When a change is made (even outside of this directory), the files will require changing and @gitpod-io/engineering-self-hosted is notified about potentially breaking changes to the rendered YAML - we can then approve (or not) the changes.How to generate the files is documented.
Randomisation is controlled by specifying the
Seedformath/randand by giving thecrypto/randa known string. A warning is printed to stderr if this is enabled during the YAML rendering process, which is designed to act as a deterrent to anyone using this in production.Risks Introduced
It's not impossible for a PR to pass its tests in a branch and then fail when it's merged. This can be mitigated by getting into the habit of doing a final
git rebase mainbefore this is merged.In the event of a failure in the
mainbranch, the engineer who authored the original PR is responsible for ensuring that this is fixed in a timely fashion.Related Issue(s)
Fixes #11147
How to test
Run tests in Werft. See also the docs
Release Notes
Documentation
Werft options: