From 68722ca805bc32c33c5f9b3fab502b31e2c199ee Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Tue, 29 Oct 2024 14:30:56 -0600 Subject: [PATCH] tests: bud: make parallel-safe - all images pushed to a local registry must have a unique name. Bring in safename() helper from podman tests. - all cache tests must use a private TMPDIR - in force-compression test, use a custom-crafted image with no possibility of sharing layers with any other image that any other test might push to the registry. - use a private crun tmpdir in seccomp test, because crun does some unexpected caching. And, forgive me, a little refactoring of unpleasant duplication Signed-off-by: Ed Santiago --- tests/bud.bats | 50 +++++++++++++++++++++++----------------------- tests/helpers.bash | 19 ++++++++++++++++++ 2 files changed, 44 insertions(+), 25 deletions(-) diff --git a/tests/bud.bats b/tests/bud.bats index 832f82c212b..33a762380f6 100644 --- a/tests/bud.bats +++ b/tests/bud.bats @@ -16,7 +16,7 @@ load helpers start_registry run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT} - imgname="img$(random_string | tr A-Z a-z)" + imgname="img-$(safename)" run_buildah build $WITH_POLICY_JSON -t "${imgname}1" --platform linux/amd64 -f $BUDFILES/dockerfile/Dockerfile run_buildah build $WITH_POLICY_JSON -t "${imgname}2" --platform linux/arm64 -f $BUDFILES/dockerfile/Dockerfile @@ -51,7 +51,7 @@ _EOF start_registry run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT} - imgname="img$(random_string | tr A-Z a-z)" + imgname="img-$(safename)" run_buildah build $WITH_POLICY_JSON -t "${imgname}1" --platform linux/amd64 -f $contextdir/Dockerfile1 run_buildah build $WITH_POLICY_JSON -t "${imgname}2" --platform linux/arm64 -f $contextdir/Dockerfile1 @@ -81,7 +81,7 @@ _EOF start_registry run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT} - imgname="img$(random_string | tr A-Z a-z)" + imgname="img-$(safename)" run_buildah build $WITH_POLICY_JSON -t "${imgname}1" --platform linux/amd64 -f $contextdir/Dockerfile1 run_buildah build $WITH_POLICY_JSON -t "${imgname}2" --platform linux/arm64 -f $contextdir/Dockerfile1 @@ -131,7 +131,7 @@ _EOF } @test "no layer should be created on scratch" { - imgname="img$(random_string | tr A-Z a-z)" + imgname="img-$(safename)" run_buildah build --layers --label "label1=value1" -t $imgname -f $BUDFILES/from-scratch/Containerfile run_buildah inspect -f '{{len .Docker.RootFS.DiffIDs}}' $imgname @@ -156,7 +156,7 @@ FROM scratch COPY /therecanbeonly1 /uniquefile _EOF - imgname="img$(random_string | tr A-Z a-z)" + imgname="img-$(safename)" start_registry run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT} @@ -164,24 +164,24 @@ _EOF # Helper function. push our image with the given options, and run skopeo inspect function _test_buildah_push() { - run_buildah push \ - $WITH_POLICY_JSON \ - --authfile ${TEST_SCRATCH_DIR}/test.auth \ - --tls-verify=false \ - $* \ - $imgname \ - docker://localhost:${REGISTRY_PORT}/$imgname - - echo "# skopeo inspect $imgname" - run podman run --rm \ - --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z \ - --net host \ - quay.io/skopeo/stable inspect \ - --authfile=/test.auth \ - --tls-verify=false \ - --raw \ - docker://localhost:${REGISTRY_PORT}/$imgname - echo "$output" + run_buildah push \ + $WITH_POLICY_JSON \ + --authfile ${TEST_SCRATCH_DIR}/test.auth \ + --tls-verify=false \ + $* \ + $imgname \ + docker://localhost:${REGISTRY_PORT}/$imgname + + echo "# skopeo inspect $imgname" + run podman run --rm \ + --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z \ + --net host \ + quay.io/skopeo/stable inspect \ + --authfile=/test.auth \ + --tls-verify=false \ + --raw \ + docker://localhost:${REGISTRY_PORT}/$imgname + echo "$output" } # layers should have no trace of zstd since push was with --compression-format gzip @@ -5634,8 +5634,8 @@ _EOF cruntmp=${TEST_SCRATCH_DIR}/crun mkdir $cruntmp run_buildah build --runtime=crun --runtime-flag=debug --runtime-flag=root=$cruntmp \ - --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json \ - -q -t alpine-bud-crun $WITH_POLICY_JSON --file ${mytmpdir}/Containerfile . + --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json \ + -q -t alpine-bud-crun $WITH_POLICY_JSON --file ${mytmpdir}/Containerfile . expect_output --substring "unknown seccomp syscall" fi diff --git a/tests/helpers.bash b/tests/helpers.bash index 1f381ee3581..148daa584b1 100644 --- a/tests/helpers.bash +++ b/tests/helpers.bash @@ -233,6 +233,25 @@ function random_string() { head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length } +############## +# safename # Returns a pseudorandom string suitable for container/image/etc names +############## +# +# Name will include the bats test number and a pseudorandom element, +# eg "t123-xyz123". safename() will return the same string across +# multiple invocations within a given test; this makes it easier for +# a maintainer to see common name patterns. +# +# String is lower-case so it can be used as an image name +# +function safename() { + safenamepath=$BATS_SUITE_TMPDIR/.safename.$BATS_SUITE_TEST_NUMBER + if [[ ! -e $safenamepath ]]; then + echo -n "t${BATS_SUITE_TEST_NUMBER}-$(random_string 8 | tr A-Z a-z)" >$safenamepath + fi + cat $safenamepath +} + function buildah() { ${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@" }