Skip to content

Commit

Permalink
Update test cases
Browse files Browse the repository at this point in the history 
Signed-off-by: Peter Zhu <[email protected]>
  • Loading branch information
@peterzhuamazon
peterzhuamazon committed Feb 16, 2023
1 parent 2cfaec1 commit e4ba68a
Show file tree
Hide file tree
Showing 5 changed files with 223 additions and 129 deletions.
60 changes: 37 additions & 23 deletions tests/jenkins/TestPromoteRepos.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,40 +9,54 @@

package jenkins.tests

import org.junit.*
import java.util.*
import java.nio.file.*
import org.junit.Before
import org.junit.Test
import static com.lesfurets.jenkins.unit.MethodCall.callArgsToString
import static org.hamcrest.CoreMatchers.hasItem
import static org.hamcrest.CoreMatchers.hasItems
import static org.hamcrest.MatcherAssert.assertThat

class TestPromoteRepos extends BuildPipelineTest {

@Override
@Before
void setUp() {
this.registerLibTester(new PromoteReposLibTester('opensearch', '123', 'yum'))
this.registerLibTester(new PromoteReposLibTester('opensearch', '123', 'apt'))
super.setUp()

binding.setVariable('PUBLIC_ARTIFACT_URL', 'https://ci.opensearch.org/dbc')
binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name')
def configs = ["role": "dummy_role",
"external_id": "dummy_ID",
"unsigned_bucket": "dummy_unsigned_bucket",
"signed_bucket": "dummy_signed_bucket"]
binding.setVariable('configs', configs)
helper.addFileExistsMock('/tmp/workspace/sign.sh', true)
helper.registerAllowedMethod("readJSON", [Map.class], {c -> configs})
helper.registerAllowedMethod("git", [Map])
helper.registerAllowedMethod("withCredentials", [Map, Closure], { args, closure ->
closure.delegate = delegate
return helper.callClosure(closure)
})
helper.registerAllowedMethod("withAWS", [Map, Closure], { args, closure ->
closure.delegate = delegate
return helper.callClosure(closure)
})

}

@Test
public void testDefault() {
public void test() {
super.testPipeline("tests/jenkins/jobs/PromoteRepos_Jenkinsfile")
}

@Test
void 'yum verification'() {
runScript("tests/jenkins/jobs/PromoteRepos_Jenkinsfile")
assertThat(getShellCommands('sh', 'curl'), hasItems('\n set -e\n set +x\n\n echo \"Pulling 1.3.0 rpm\"\n cd /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/x64/rpm/dist/opensearch/opensearch-1.3.0-linux-x64.rpm\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/arm64/rpm/dist/opensearch/opensearch-1.3.0-linux-arm64.rpm\n\n ls -l\n '))
assertThat(getShellCommands('sh', 'aws'), hasItems('aws s3 sync s3://ARTIFACT_PRODUCTION_BUCKET_NAME/releases/bundle/opensearch/1.x/yum/ /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/ --no-progress'))
assertThat(getShellCommands('signArtifacts', ''), hasItems('{artifactPath=/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom, sigtype=.asc, platform=linux}'))
assertThat(getShellCommands('sh', 'repomd.pom.asc'), hasItems('\n set -e\n set +x\n \n cd /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/\n \n ls -l\n \n mv -v repomd.pom repomd.xml\n mv -v repomd.pom.asc repomd.xml.asc\n \n ls -l\n \n cd -\n '))
}

@Test
void 'apt verification'() {
runScript("tests/jenkins/jobs/PromoteRepos_Jenkinsfile")
assertThat(getShellCommands('sh', 'curl'), hasItems('\n set -e\n set +x\n\n echo \"Pulling 1.3.0 deb\"\n cd /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/x64/deb/dist/opensearch/opensearch-1.3.0-linux-x64.deb\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/arm64/deb/dist/opensearch/opensearch-1.3.0-linux-arm64.deb\n\n ls -l\n '))
assertThat(getShellCommands('sh', 'aws'), hasItems('aws s3 sync s3://ARTIFACT_PRODUCTION_BUCKET_NAME/releases/bundle/opensearch/1.x/apt/ /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt/ --no-progress'))
assertThat(getShellCommands('sh', 'aptly'), hasItems('#!/bin/bash\n\n echo \"Start Signing Apt\"\n rm -rf ~/.aptly\n mkdir $ARTIFACT_PATH/base\n find $ARTIFACT_PATH -type f -name \"*.deb\" | xargs -I {} mv -v {} $ARTIFACT_PATH/base\n aptly repo create -distribution=stable -component=main opensearch\n aptly repo add opensearch $ARTIFACT_PATH/base\n aptly repo show -with-packages opensearch\n aptly snapshot create opensearch-1.x from repo opensearch\n aptly publish snapshot -batch=true -passphrase-file=passphrase opensearch-1.x\n echo \"------------------------------------------------------------------------\"\n echo \"Clean up gpg\"\n gpg --batch --yes --delete-secret-keys RPM_SIGNING_KEY_ID\n gpg --batch --yes --delete-keys RPM_SIGNING_KEY_ID\n rm -v passphrase\n echo \"------------------------------------------------------------------------\"\n rm -rf $ARTIFACT_PATH/*\n cp -rvp ~/.aptly/public/* $ARTIFACT_PATH/\n ls $ARTIFACT_PATH\n\n '))
}

def getShellCommands(methodName, searchString) {
def shCommands = helper.callStack.findAll { call ->
call.methodName == methodName
}.collect { call ->
callArgsToString(call)
}.findAll { command ->
command.contains(searchString)
}
return shCommands
}
}
8 changes: 4 additions & 4 deletions tests/jenkins/jobs/PromoteRepos_Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ pipeline {
steps {
script {
promoteRepos(
distributionRepoType: "yum",
buildNumber: "123",
jobName: "opensearch",
buildNumber: "123",
distributionRepoType: "yum",
manifest: "tests/data/opensearch-1.3.0.yml"
)
}
Expand All @@ -26,9 +26,9 @@ pipeline {
steps {
script {
promoteRepos(
distributionRepoType: "apt",
buildNumber: "123",
jobName: "opensearch",
buildNumber: "123",
distributionRepoType: "apt",
manifest: "tests/data/opensearch-1.3.0.yml"
)
}
Expand Down
111 changes: 58 additions & 53 deletions tests/jenkins/jobs/PromoteRepos_Jenkinsfile.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
PromoteRepos_Jenkinsfile.echo(Executing on agent [label:none])
PromoteRepos_Jenkinsfile.stage(promote yum repo, groovy.lang.Closure)
PromoteRepos_Jenkinsfile.script(groovy.lang.Closure)
PromoteRepos_Jenkinsfile.promoteRepos({distributionRepoType=yum, buildNumber=123, jobName=opensearch, manifest=tests/data/opensearch-1.3.0.yml})
PromoteRepos_Jenkinsfile.promoteRepos({jobName=opensearch, buildNumber=123, distributionRepoType=yum, manifest=tests/data/opensearch-1.3.0.yml})
promoteRepos.legacySCM(groovy.lang.Closure)
promoteRepos.library({identifier=jenkins@main, retriever=null})
promoteRepos.readYaml({file=tests/data/opensearch-1.3.0.yml})
Expand Down Expand Up @@ -46,7 +46,7 @@
echo "Complete metadata update, awaiting signing repomd.xml"
cd -
)
promoteRepos.signArtifacts({artifactPath=/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom, sigtype=.sig, platform=linux})
promoteRepos.signArtifacts({artifactPath=/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom, sigtype=.asc, platform=linux})
signArtifacts.echo(PGP or Windows Signature Signing)
signArtifacts.fileExists(/tmp/workspace/sign.sh)
signArtifacts.sh(curl -sSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -)
Expand All @@ -64,7 +64,7 @@
export UNSIGNED_BUCKET=SIGNER_CLIENT_UNSIGNED_BUCKET
export SIGNED_BUCKET=SIGNER_CLIENT_SIGNED_BUCKET

/tmp/workspace/sign.sh /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom --sigtype .sig --platform linux
/tmp/workspace/sign.sh /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom --sigtype .asc --platform linux
)
promoteRepos.sh(
set -e
Expand All @@ -75,12 +75,7 @@
ls -l

mv -v repomd.pom repomd.xml
mv -v repomd.pom.sig repomd.xml.sig

# This step is required as yum only accept .asc and signing workflow only support .sig
cat repomd.xml.sig | gpg --enarmor | sed 's@ARMORED FILE@SIGNATURE@g' > repomd.xml.asc

rm -vf repomd.xml.sig
mv -v repomd.pom.asc repomd.xml.asc

ls -l

Expand All @@ -91,7 +86,7 @@
promoteRepos.sh(aws s3 sync /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/ s3://ARTIFACT_PRODUCTION_BUCKET_NAME/releases/bundle/opensearch/1.x/yum/ --no-progress)
PromoteRepos_Jenkinsfile.stage(promote apt repo, groovy.lang.Closure)
PromoteRepos_Jenkinsfile.script(groovy.lang.Closure)
PromoteRepos_Jenkinsfile.promoteRepos({distributionRepoType=apt, buildNumber=123, jobName=opensearch, manifest=tests/data/opensearch-1.3.0.yml})
PromoteRepos_Jenkinsfile.promoteRepos({jobName=opensearch, buildNumber=123, distributionRepoType=apt, manifest=tests/data/opensearch-1.3.0.yml})
promoteRepos.legacySCM(groovy.lang.Closure)
promoteRepos.library({identifier=jenkins@main, retriever=null})
promoteRepos.readYaml({file=tests/data/opensearch-1.3.0.yml})
Expand All @@ -115,42 +110,44 @@
ls -l
)
promoteRepos.println(Apt Repo Starts)
promoteRepos.sh(#!/bin/bash
set -e
set +x

ARTIFACT_PATH="/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt"

echo "------------------------------------------------------------------------"
echo "Check Utility Versions"
gpg_version_requirement="2.2.0"
aptly_version_requirement="1.5.0"

gpg_version_check=`gpg --version | head -n 1 | grep -oE '[0-9.]+'`
gpg_version_check_final=`echo $gpg_version_check $gpg_version_requirement | tr ' ' '
' | sort -V | head -n 1`
aptly_version_check=`aptly version | head -n 1 | grep -oE '[0-9.]+'`
aptly_version_check_final=`echo $aptly_version_check $aptly_version_requirement | tr ' ' '
' | sort -V | head -n 1`

echo -e "gpg_version_requirement gpg_version_check"
echo -e "$gpg_version_requirement $gpg_version_check"
echo -e "aptly_version_requirement aptly_version_check"
echo -e "$aptly_version_requirement $aptly_version_check"

if [[ $gpg_version_requirement = $gpg_version_check_final ]] && [[ $aptly_version_requirement = $aptly_version_check_final ]]; then
echo "Utility version is equal or greater than set limit, continue."
else
echo "Utility version is lower than set limit, exit 1"
exit 1
fi

)
promoteRepos.string({credentialsId=jenkins-rpm-signing-account-number, variable=RPM_SIGNING_ACCOUNT_NUMBER})
promoteRepos.string({credentialsId=jenkins-rpm-signing-passphrase-secrets-arn, variable=RPM_SIGNING_PASSPHRASE_SECRETS_ARN})
promoteRepos.string({credentialsId=jenkins-rpm-signing-secret-key-secrets-arn, variable=RPM_SIGNING_SECRET_KEY_ID_SECRETS_ARN})
promoteRepos.string({credentialsId=jenkins-rpm-signing-key-id, variable=RPM_SIGNING_KEY_ID})
promoteRepos.withCredentials([RPM_SIGNING_ACCOUNT_NUMBER, RPM_SIGNING_PASSPHRASE_SECRETS_ARN, RPM_SIGNING_SECRET_KEY_ID_SECRETS_ARN, RPM_SIGNING_KEY_ID], groovy.lang.Closure)
promoteRepos.echo(APT Sign Repo)
promoteRepos.withAWS({role=jenkins-prod-rpm-signing-assume-role, roleAccount=RPM_SIGNING_ACCOUNT_NUMBER, duration=900, roleSessionName=jenkins-signing-session}, groovy.lang.Closure)
promoteRepos.sh(#!/bin/bash
set -e
set +x

ARTIFACT_PATH="/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt"

echo "------------------------------------------------------------------------"
echo "Check Utility Versions"
gpg_version_requirement="2.2.0"
aptly_version_requirement="1.5.0"

gpg_version_check=`gpg --version | head -n 1 | grep -oE '[0-9.]+'`
gpg_version_check_final=`echo $gpg_version_check $gpg_version_requirement | tr ' ' '
' | sort -V | head -n 1`
aptly_version_check=`aptly version | head -n 1 | grep -oE '[0-9.]+'`
aptly_version_check_final=`echo $aptly_version_check $aptly_version_requirement | tr ' ' '
' | sort -V | head -n 1`

echo -e "gpg_version_requirement gpg_version_check"
echo -e "$gpg_version_requirement $gpg_version_check"
echo -e "aptly_version_requirement aptly_version_check"
echo -e "$aptly_version_requirement $aptly_version_check"

if [[ $gpg_version_requirement = $gpg_version_check_final ]] && [[ $aptly_version_requirement = $aptly_version_check_final ]]; then
echo "Utility version is equal or greater than set limit, continue."
else
echo "Utility version is lower than set limit, exit 1"
exit 1
fi

export GPG_TTY=`tty`

Expand All @@ -160,21 +157,29 @@
aws secretsmanager get-secret-value --region us-west-2 --secret-id "RPM_SIGNING_SECRET_KEY_ID_SECRETS_ARN" | jq -r .SecretBinary | base64 --decode | gpg --quiet --import --pinentry-mode loopback --passphrase-file passphrase -

echo "------------------------------------------------------------------------"
echo "Start Signing Apt"
rm -rf ~/.aptly
mkdir $ARTIFACT_PATH/base
find $ARTIFACT_PATH -type f -name "*.deb" | xargs -I {} mv -v {} $ARTIFACT_PATH/base
aptly repo create -distribution=stable -component=main opensearch
aptly repo add opensearch $ARTIFACT_PATH/base
aptly repo show -with-packages opensearch
aptly snapshot create opensearch-1.x from repo opensearch
aptly publish snapshot -batch=true -passphrase-file=passphrase opensearch-1.x
rm -v passphrase
rm -rf $ARTIFACT_PATH/*
cp -rvp ~/.aptly/public/* $ARTIFACT_PATH/
ls $ARTIFACT_PATH

)
promoteRepos.sh(#!/bin/bash

echo "Start Signing Apt"
rm -rf ~/.aptly
mkdir $ARTIFACT_PATH/base
find $ARTIFACT_PATH -type f -name "*.deb" | xargs -I {} mv -v {} $ARTIFACT_PATH/base
aptly repo create -distribution=stable -component=main opensearch
aptly repo add opensearch $ARTIFACT_PATH/base
aptly repo show -with-packages opensearch
aptly snapshot create opensearch-1.x from repo opensearch
aptly publish snapshot -batch=true -passphrase-file=passphrase opensearch-1.x
echo "------------------------------------------------------------------------"
echo "Clean up gpg"
gpg --batch --yes --delete-secret-keys RPM_SIGNING_KEY_ID
gpg --batch --yes --delete-keys RPM_SIGNING_KEY_ID
rm -v passphrase
echo "------------------------------------------------------------------------"
rm -rf $ARTIFACT_PATH/*
cp -rvp ~/.aptly/public/* $ARTIFACT_PATH/
ls $ARTIFACT_PATH

)
promoteRepos.withAWS({role=ARTIFACT_PROMOTION_ROLE_NAME, roleAccount=AWS_ACCOUNT_ARTIFACT, duration=900, roleSessionName=jenkins-session}, groovy.lang.Closure)
promoteRepos.println(Pushing Prod apt)
promoteRepos.sh(aws s3 sync /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt/ s3://ARTIFACT_PRODUCTION_BUCKET_NAME/releases/bundle/opensearch/1.x/apt/ --no-progress)
60 changes: 60 additions & 0 deletions tests/jenkins/lib-testers/PromoteReposLibTester.groovy
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
import static org.hamcrest.CoreMatchers.notNullValue
import static org.hamcrest.MatcherAssert.assertThat

class PromoteReposLibTester extends LibFunctionTester {

private String jobName
private String buildNumber
private String distributionRepoType

public PromoteReposLibTester(jobName, buildNumber, distributionRepoType) {
this.jobName = jobName
this.buildNumber = buildNumber
this.distributionRepoType = distributionRepoType
}

void configure(helper, binding){
binding.setVariable('PUBLIC_ARTIFACT_URL', 'https://ci.opensearch.org/dbc')
binding.setVariable('GITHUB_BOT_TOKEN_NAME', 'github_bot_token_name')
def configs = ["role": "dummy_role",
"external_id": "dummy_ID",
"unsigned_bucket": "dummy_unsigned_bucket",
"signed_bucket": "dummy_signed_bucket"]
binding.setVariable('configs', configs)
helper.addFileExistsMock('/tmp/workspace/sign.sh', true)
helper.registerAllowedMethod("readJSON", [Map.class], {c -> configs})
helper.registerAllowedMethod("git", [Map])
helper.registerAllowedMethod("withCredentials", [Map, Closure], { args, closure ->
closure.delegate = delegate
return helper.callClosure(closure)
})
helper.registerAllowedMethod("withAWS", [Map, Closure], { args, closure ->
closure.delegate = delegate
return helper.callClosure(closure)
})
}

void parameterInvariantsAssertions(call){
assertThat(call.args.jobName.first(), notNullValue())
assertThat(call.args.buildNumber.first(), notNullValue())
assertThat(call.args.distributionRepoType.first(), notNullValue())
}

boolean expectedParametersMatcher(call) {
return call.args.jobName.first().toString().equals(this.jobName)
&& call.args.buildNumber.first().toString().equals(this.buildNumber)
&& call.args.distributionRepoType.first().toString().equals(this.distributionRepoType)
}

String libFunctionName() {
return 'promoteRepos'
}
}
Loading

0 comments on commit e4ba68a

Please sign in to comment.