add shared-images-untagged test #124
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests | |
on: | |
push: | |
pull_request_target: | |
types: [assigned, opened, synchronize, reopened] | |
permissions: | |
id-token: write | |
packages: write | |
contents: read | |
attestations: write | |
concurrency: | |
group: ci-tests | |
cancel-in-progress: true | |
env: | |
REGISTRY: ghcr.io | |
IMAGE: ghcr.io/${{ github.repository }} | |
jobs: | |
general-tests: | |
name: General Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
id: setup-node | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: .node-version | |
cache: npm | |
- name: Install Dependencies | |
id: npm-ci | |
run: npm ci | |
- name: Check Format | |
id: npm-format-check | |
run: npm run format:check | |
- name: Lint | |
id: npm-lint | |
run: npm run lint | |
- name: Test | |
id: npm-ci-test | |
run: npm run ci-test | |
integration-tests: | |
name: Test | |
runs-on: ubuntu-latest | |
needs: general-tests | |
strategy: | |
max-parallel: 1 | |
matrix: | |
tests: | |
- title: '1a - Single: Untagged' | |
purpose: 'Removes all untagged images (single arch)' | |
folder: '1a_single-untagged' | |
- title: '1b - Multi: Untagged' | |
purpose: 'Removes all untagged images (multi arch)' | |
folder: '1b_multi-untagged' | |
- title: '2a - Single: Tagged' | |
purpose: 'Removes images with specific tag (single arch)' | |
folder: '2a_single-tagged' | |
tags: 'uclibc-1.35,uclibc-1.36' | |
- title: '2b - Multi: Tagged' | |
purpose: 'Removes images with specific tag (multi arch)' | |
folder: '2b_multi-tagged' | |
tags: 'uclibc-1.35,uclibc-1.36' | |
- title: '3a - Single: Keep N Tagged' | |
purpose: | |
'Removes all tags except the newest 2 tagged images (single arch) | |
and keeps untagged' | |
folder: '3a_single-keep-n-tagged' | |
keep-n-tagged: 2 | |
exclude-tags: dummy | |
- title: '3b - Multi: Keep N Tagged' | |
purpose: | |
'Removes all tags except the newest 2 tagged images (multi arch) | |
and keeps untagged' | |
folder: '3b_multi-keep-n-tagged' | |
keep-n-tagged: 2 | |
exclude-tags: dummy | |
- title: '4a - Single: Keep N Untagged' | |
purpose: | |
'Keeps all tagged images and removes all but the newest 2 untagged | |
images (single arch)' | |
folder: '4a_single-keep-n-untagged' | |
keep-n-untagged: 2 | |
- title: '4b - Multi: Keep N Untagged' | |
purpose: | |
'Keeps all tagged images and removes all but the newest 2 untagged | |
images (multi arch)' | |
folder: '4b_multi-keep-n-untagged' | |
keep-n-untagged: 2 | |
- title: '5 - Dry-Run' | |
purpose: 'No packages are removed' | |
folder: '5_dry-run' | |
dry-run: true | |
- title: '6a - Missing Digests: Tagged' | |
purpose: 'Looks for missing digests' | |
folder: '6a_missing-digests-tagged' | |
tags: 'uclibc-1.34' | |
steps: | |
# Setup for test execution | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: .node-version | |
cache: npm | |
# Execution of respective test | |
- name: 'Starting Test: ${{ matrix.tests.title }}' | |
run: | | |
echo "Purpose of test: ${{ matrix.tests.purpose }}" | |
TAGS="" | |
if [ ! -z "${{ matrix.tests.tags }}" ]; then | |
TAGS="${{ matrix.tests.tags }}" | |
fi | |
KEEP_N_TAGGED="" | |
if [ ! -z "${{ matrix.tests.keep-n-tagged }}" ]; then | |
KEEP_N_TAGGED="${{ matrix.tests.keep-n-tagged }}" | |
fi | |
KEEP_N_UNTAGGED="" | |
if [ ! -z "${{ matrix.tests.keep-n-untagged }}" ]; then | |
KEEP_N_UNTAGGED="${{ matrix.tests.keep-n-untagged }}" | |
fi | |
EXCLUDE_TAGS="" | |
if [ ! -z "${{ matrix.tests.exclude-tags }}" ]; then | |
EXCLUDE_TAGS="${{ matrix.tests.exclude-tags }}" | |
fi | |
DRY_RUN="" | |
if [ ! -z "${{ matrix.tests.dry-run }}" ]; then | |
DRY_RUN="TRUE" | |
fi | |
DRY_RUN="" | |
if [ ! -z "${{ matrix.tests.dry-run }}" ]; then | |
DRY_RUN="TRUE" | |
fi | |
DELAY="0" | |
if [ ! -z "$KEEP_N_TAGGED" ] || [ ! -z "$KEEP_N_UNTAGGED" ]; then | |
DELAY="3000" | |
fi | |
echo "TAGS=$TAGS" >> $GITHUB_ENV | |
echo "KEEP_N_TAGGED=$KEEP_N_TAGGED" >> $GITHUB_ENV | |
echo "KEEP_N_UNTAGGED=$KEEP_N_UNTAGGED" >> $GITHUB_ENV | |
echo "EXCLUDE_TAGS=$EXCLUDE_TAGS" >> $GITHUB_ENV | |
echo "DRY_RUN=$DRY_RUN" >> $GITHUB_ENV | |
echo "DELAY=$DELAY" >> $GITHUB_ENV | |
# - name: ' > Debug: Print Matrix Variables' | |
# run: | | |
# echo "tags: ${{ matrix.tests.tags }}" | |
# echo "keep-n-tagged: ${{ matrix.tests.keep-n-tagged }}" | |
# echo "keep-n-untagged: ${{ matrix.tests.keep-n-untagged }}" | |
# echo "exclude-tags: ${{ matrix.tests.exclude-tags }}" | |
# echo "dry-run: ${{ matrix.tests.dry-run }}" | |
# - name: ' > Debug: Print Env Variables' | |
# run: | | |
# echo "tags: ${{ env.TAGS }}" | |
# echo "keep-n-tagged: ${{ env.KEEP_N_TAGGED }}" | |
# echo "keep-n-untagged: ${{ env.KEEP_N_UNTAGGED }}" | |
# echo "exclude-tags: ${{ env.EXCLUDE_TAGS }}" | |
# echo "dry-run: ${{ env.DRY_RUN }}" | |
- name: ' > Priming Test Environment' | |
run: | | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} \ | |
--directory tests/${{ matrix.tests.folder }} \ | |
--mode prime --delay ${{ env.DELAY }} | |
- name: ' > Running Workflow' | |
uses: ./ | |
with: | |
tags: ${{ env.TAGS }} | |
keep-n-tagged: ${{ env.KEEP_N_TAGGED }} | |
keep-n-untagged: ${{ env.KEEP_N_UNTAGGED }} | |
exclude-tags: ${{ env.EXCLUDE_TAGS }} | |
dry-run: ${{ env.DRY_RUN }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: ' > Validating Outcome' | |
run: | | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} \ | |
--directory tests/${{ matrix.tests.folder }} \ | |
--mode validate | |
attestation-tests: | |
name: Attestation Tests | |
runs-on: ubuntu-latest | |
env: | |
REGISTRY: ghcr.io | |
needs: integration-tests | |
steps: | |
# Setup for test execution | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: .node-version | |
cache: npm | |
# referrer/attestation tests | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- id: lower-repo | |
run: | | |
echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT | |
# attestation tagged test | |
- name: Prime Test - Attestation Tagged | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/attestation-tagged --mode prime | |
- name: Build and push image | |
id: push1 | |
uses: docker/[email protected] | |
with: | |
context: tests/attestation-tagged | |
file: tests/attestation-tagged/Dockerfile.image | |
push: true | |
tags: | |
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test | |
- name: Attest Image | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: | |
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }} | |
subject-digest: ${{ steps.push1.outputs.digest }} | |
push-to-registry: true | |
- name: Run Test - Attestation Tagged | |
uses: ./ | |
with: | |
tags: test | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Validate Test Results - Attestation Tagged | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/attestation-tagged --mode validate | |
# attestation untagged test | |
- name: Prime Test - Attestation UnTagged | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/attestation-untagged --mode prime | |
- name: Build and push image 1 | |
id: push2 | |
uses: docker/[email protected] | |
with: | |
context: tests/attestation-untagged | |
file: tests/attestation-untagged/Dockerfile.image1 | |
push: true | |
tags: | |
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test | |
- name: Attest Image 1 | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: | |
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }} | |
subject-digest: ${{ steps.push2.outputs.digest }} | |
push-to-registry: true | |
- name: Build and push image 2 | |
id: push3 | |
uses: docker/[email protected] | |
with: | |
context: tests/attestation-untagged | |
file: tests/attestation-untagged/Dockerfile.image2 | |
push: true | |
tags: | |
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test | |
- name: Attest Image 2 | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: | |
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }} | |
subject-digest: ${{ steps.push3.outputs.digest }} | |
push-to-registry: true | |
- name: Save Digests - Attestation UnTagged | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/attestation-untagged --mode save-expected --tag test | |
- name: Run Test - Attestation UnTagged | |
uses: ./ | |
with: | |
validate: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Validate Test Results - Attestation Tagged | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/attestation-untagged --mode validate | |
shared-image-tagged-test: | |
name: Shared Images Tagged Test | |
runs-on: ubuntu-latest | |
needs: attestation-tests | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Prime Test - Shared Images Tagged Test | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/shared-images-tagged --mode prime | |
- name: Create builder | |
run: docker buildx create --name mybuilder --use --bootstrap | |
- name: Build multi-platform image1 | |
run: | |
docker buildx build --cache-to | |
"type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
"type=registry,ref=$IMAGE-cache:latest" --platform | |
linux/amd64,linux/arm64 --push -t "$IMAGE:image1" | |
tests/shared-images-tagged | |
- name: Build multi-platform image2 | |
run: | |
docker buildx build --cache-to | |
"type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
"type=registry,ref=$IMAGE-cache:latest" --platform | |
linux/amd64,linux/arm64 --push -t "$IMAGE:image2" | |
tests/shared-images-tagged | |
- name: Save Digests - Shared Images Tagged Test | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/shared-images-tagged --mode save-expected --tag image2 | |
- name: Run Test - Shared Images Tagged Test | |
uses: ./ | |
with: | |
validate: true | |
delete-tags: image1 | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Validate Test Results - Shared Images Tagged Test | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/shared-images-tagged --mode validate | |
shared-image-untagged-test: | |
name: Shared Images Untagged Test | |
runs-on: ubuntu-latest | |
needs: shared-image-tagged-test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Prime Test - Shared Images Untagged Test | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/shared-images-untagged --mode prime | |
- name: Create builder | |
run: docker buildx create --name mybuilder --use --bootstrap | |
- name: Build multi-platform dummy | |
run: | |
docker buildx build --cache-to | |
"type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
"type=registry,ref=$IMAGE-cache:latest" --platform | |
linux/amd64,linux/arm64 --push -t "$IMAGE:dummy" | |
tests/shared-images-untagged | |
- name: Build multi-platform dummy | |
run: | |
docker buildx build --cache-to | |
"type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
"type=registry,ref=$IMAGE-cache:latest" --platform | |
linux/amd64,linux/arm64 --push -t "$IMAGE:dummy" | |
tests/shared-images-untagged | |
- name: Reload dummy - Shared Images Untagged Test | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/shared-images-untagged --mode prime-dummy | |
- name: Run Test - Shared Images Untagged Test | |
uses: ./ | |
with: | |
validate: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Validate Test Results - Shared Images Untagged Test | |
run: | |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
tests/shared-images-untagged --mode validate |