From ba7962f5b651da4335e0b22dfb140af7580b336f Mon Sep 17 00:00:00 2001 From: Gareth Healy Date: Mon, 8 Jan 2024 12:46:23 +0000 Subject: [PATCH] added integration test and fixed verify (#209) Signed-off-by: Gareth Healy --- .github/workflows/ci.yml | 18 +++++++++++ .gitignore | 7 ++++- Makefile | 4 +++ cmd/verify.go | 2 +- pkg/rekor/rekor.go | 3 ++ scripts/generate-test-chart.sh | 24 +++++++++++++++ tests/integration.sh | 56 ++++++++++++++++++++++++++++++++++ 7 files changed, 112 insertions(+), 2 deletions(-) create mode 100755 scripts/generate-test-chart.sh create mode 100644 tests/integration.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3bb8d37..a601aab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,9 @@ jobs: restore-keys: | ${{ runner.os }}-go- + - name: Setup Bats and bats libs + uses: bats-core/bats-action@e4efaa4edd28f6c43ea5bd55c0a23bdd62360100 # v1.5.4 + - name: Verify go.mod is sane run: go mod tidy && git diff --no-patch --exit-code @@ -38,3 +41,18 @@ jobs: - name: Test run: make test + + - name: Create Integration Pre-Reqs + run: ./scripts/generate-test-chart.sh + + - name: Upload helm-sigstore-test-0.1.0.tgz + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + with: + name: helm-sigstore-test-0.1.0.tgz + path: | + helm-sigstore-test-0.1.0.tgz + helm-sigstore-test-0.1.0.tgz.prov + .gnupg/sigstore-secring.gpg + + - name: Integration Test + run: make integration diff --git a/.gitignore b/.gitignore index 7815da3..1ea58dd 100644 --- a/.gitignore +++ b/.gitignore @@ -20,4 +20,9 @@ dist # OSX .DS_Store -.vscode \ No newline at end of file +.vscode +.idea + +helm-sigstore-test/ +helm-sigstore-test-0.1.0.tgz +.gnupg/ diff --git a/Makefile b/Makefile index 476946b..5a513cc 100644 --- a/Makefile +++ b/Makefile @@ -69,6 +69,10 @@ lint: golangci-lint ## Runs golangci-lint linter test: ## Runs go tests go test ./... +integration: ## Runs integration tests + command -v bats &> /dev/null || { echo >&2 'ERROR: bats not installed; see: https://bats-core.readthedocs.io/en/stable/installation.html - Aborting'; exit 1; } + bats --verbose-run tests/integration.sh + ################## # release section ################## diff --git a/cmd/verify.go b/cmd/verify.go index 91aa4b0..c563f77 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -91,7 +91,7 @@ func NewVerifyCmd() *cobra.Command { if err != nil { return err } - eimpl, err := rekortypes.CreateVersionedEntry(pe) + eimpl, err := rekortypes.UnmarshalEntry(pe) if err != nil { return err } diff --git a/pkg/rekor/rekor.go b/pkg/rekor/rekor.go index 3b66a00..75ec202 100644 --- a/pkg/rekor/rekor.go +++ b/pkg/rekor/rekor.go @@ -90,6 +90,9 @@ func (r *Rekor) Upload(request *UploadRequest) (*UploadResponse, error) { re.HelmObj.Chart.Provenance.Content = strfmt.Base64(request.Provenance) re.HelmObj.PublicKey = &models.HelmV001SchemaPublicKey{} re.HelmObj.PublicKey.Content = (*strfmt.Base64)(&request.PublicKey) + if ok, err := re.Insertable(); !ok { + return nil, err + } entry := models.Helm{} entry.APIVersion = swag.String(re.APIVersion()) diff --git a/scripts/generate-test-chart.sh b/scripts/generate-test-chart.sh new file mode 100755 index 0000000..41ec059 --- /dev/null +++ b/scripts/generate-test-chart.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# Copyright 2024 The Sigstore Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "Creating throw away key..." +mkdir -p .gnupg +gpg --batch --passphrase '' --quick-generate-key "helm-sigstore-test" +gpg --export-secret-keys > .gnupg/sigstore-secring.gpg + +echo "Creating, packaging and signing chart temp chart..." +helm create helm-sigstore-test +helm package --sign --key 'helm-sigstore-test' --keyring .gnupg/sigstore-secring.gpg helm-sigstore-test +cat helm-sigstore-test-0.1.0.tgz.prov diff --git a/tests/integration.sh b/tests/integration.sh new file mode 100644 index 0000000..02dfbcb --- /dev/null +++ b/tests/integration.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bats + +# +# Copyright 2024 The Sigstore Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +@test "print help" { + cmd="bin/helm-sigstore help" + run ${cmd} + + echo "${cmd} : ${status} : ${output}" + [ "$status" -eq 0 ] +} + +@test "print version" { + cmd="bin/helm-sigstore version" + run ${cmd} + + echo "${cmd} : ${status} : ${output}" + [ "$status" -eq 0 ] +} + +@test "upload packaged chart" { + cmd="bin/helm-sigstore upload helm-sigstore-test-0.1.0.tgz --keyring .gnupg/sigstore-secring.gpg" + run ${cmd} + + echo "${cmd} : ${status} : ${output}" + [ "$status" -eq 0 ] +} + +@test "search packaged chart" { + cmd="bin/helm-sigstore search helm-sigstore-test-0.1.0.tgz" + run ${cmd} + + echo "${cmd} : ${status} : ${output}" + [ "$status" -eq 0 ] +} + +@test "verify packaged chart" { + cmd="bin/helm-sigstore verify helm-sigstore-test-0.1.0.tgz --keyring .gnupg/sigstore-secring.gpg" + run ${cmd} + + echo "${cmd} : ${status} : ${output}" + [ "$status" -eq 0 ] +}