root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity
buildah/tests/commit.bats

329 lines
12 KiB
Plaintext
Raw Normal View History

add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
#!/usr/bin/env bats
load helpers
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
@test "commit-flags-order-verification" {
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 --tls-verify
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "--tls-verify"
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 -q
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "-q"
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 -f=docker --quiet --creds=bla:bla
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "-f=docker"
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 --creds=bla:bla
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "--creds=bla:bla"
}
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
@test "commit" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON $cid alpine-image
BATS tests - extensive but minor cleanup This started off as bug fixes necessary to get BATS tests actually working on RHEL8 (they weren't). It grew. I will defend my actions in the first comment post. Primary change: import some helpers from podman BATS tests, most importantly 'run_buildah' and 'is'. The vast majority of the changes you'll see here are of the form: - run buildah ... - [ $status = 0 ] - [ check $output ] + run_buildah ... ! automatically checks status + is "$output" "..." Also: chmod'ed some files -x. Necessary because rpmbuild tries to be oh-so-clever about requirements, and when it sees an executable file with a shebang line like '#!env bats' it helpfully adds 'Requires: /usr/bin/bats' to the rpm, which then fails to install because RHEL8 does not have bats. Also: refactored duplicate code in a few places, by writing and invoking module-specific helper functions. Also: changed a handful of 'buildah's to run_buildah, in order to get error checking and debug logging. Also: added descriptive reasons to many "skip"s. Also: selinux test: some tweakery to make it run on production system (context is different if /usr/bin/buildah is chcon'ed appropriately). I can't get this test to pass on Fedora from a build dir, and I'm actually not convinced that this test has ever passed, but let's see what CI shows. Also: selinux test: skip broken test (#1465). Also: version test: skip parts of it if running w/o sources. Tests are now passing as root on RHEL8; rootless has numerous failures which I don't believe are related to this PR. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-02 05:56:29 +08:00
run_buildah images alpine-image
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
buildah: set XDG_RUNTIME_DIR before setting default runroot In sessions which are rootless and contains no valid login session `XDG_RUNTIME_DIR` is not set for such use-case `getStore(` automatically sets `XDG_RUNTIME_DIR` just move it before we set default `runroot` so we end up populating correcting `runroot` for cases which are rootless and no valid login is present. Closes: https://github.com/containers/buildah/issues/4093 Signed-off-by: Aditya R <arajan@redhat.com>
2022-07-11 14:09:18 +08:00
# Mainly this test is added for rootless setups where XDG_RUNTIME_DIR
# is not set and we end up setting incorrect runroot at various steps
# Use case is typically seen on environments where current session
# is invalid login session.
@test "commit image on rootless setup with mount" {
unset XDG_RUNTIME_DIR
run dd if=/dev/zero of=${TEST_SCRATCH_DIR}/file count=1 bs=10M
run_buildah from scratch
CONT=$output
unset XDG_RUNTIME_DIR
run_buildah mount $CONT
MNT=$output
run cp ${TEST_SCRATCH_DIR}/file $MNT/file
run_buildah umount $CONT
run_buildah commit $CONT foo
run_buildah images foo
expect_output --substring "10.5 MB"
}
build, commit: allow removing default identity labels Allow end users to remove default identity labels if they want to. Since there are instances where images can be reproduced across version hence users must have option to suppress default labels. Closes: https://github.com/containers/buildah/issues/3826 Signed-off-by: Aditya R <arajan@redhat.com>
2022-04-04 13:37:01 +08:00
@test "commit-with-remove-identity-label" {
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
build, commit: allow removing default identity labels Allow end users to remove default identity labels if they want to. Since there are instances where images can be reproduced across version hence users must have option to suppress default labels. Closes: https://github.com/containers/buildah/issues/3826 Signed-off-by: Aditya R <arajan@redhat.com>
2022-04-04 13:37:01 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit --identity-label=false $WITH_POLICY_JSON $cid alpine-image
build, commit: allow removing default identity labels Allow end users to remove default identity labels if they want to. Since there are instances where images can be reproduced across version hence users must have option to suppress default labels. Closes: https://github.com/containers/buildah/issues/3826 Signed-off-by: Aditya R <arajan@redhat.com>
2022-04-04 13:37:01 +08:00
run_buildah images alpine-image
run_buildah inspect --format '{{printf "%q" .Docker.Config.Labels}}' alpine-image
expect_output "map[]"
}
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
@test "commit format test" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON $cid alpine-image-oci
run_buildah commit --format docker --disable-compression=false $WITH_POLICY_JSON $cid alpine-image-docker
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
Avoid feeding run_buildah to pipe The usage 'run_buildah ... | grep' (or pipe whatever) works, but it's a super bad pattern. Replace all instances of it with a one-two of 'run_buildah' and 'expect_output'. Some of these needed a little minor massaging. Also: 'run_buildah ... || true' -> 'run_buildah 125 ...'. I don't review all buildah PRs, so this one slipped by me. Also: clean up trailing whitespace Digression: why is 'run_buildah | grep' bad? Because: - it is inaccurate. run_buildah does 'echo $output', but it also emits other output (the buildah command itself, and possible expected-status mismatch). It is possible that a pipe-grep could trigger on one of these. - the reason run_buildah emits these things is so a human can look at debug output on failure and recognize what command was run, what the output was. If we pipe-grep, we lose that. - it is possible that a pipe-grep will mask a failing run_buildah (I'm not sure about this) - expect_output is more precise anyway, hence makes a better test. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-08-12 04:46:36 +08:00
run_buildah inspect --type=image --format '{{.Manifest}}' alpine-image-oci
mediatype=$(jq -r '.layers[0].mediaType' <<<"$output")
expect_output --from="$mediatype" "application/vnd.oci.image.layer.v1.tar"
run_buildah inspect --type=image --format '{{.Manifest}}' alpine-image-docker
mediatype=$(jq -r '.layers[1].mediaType' <<<"$output")
expect_output --from="$mediatype" "application/vnd.docker.image.rootfs.diff.tar.gzip"
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
Add --unsetenv option to buildah commit and build This option will allow users to remove environment variables from the final image. Fixes: https://github.com/containers/buildah/issues/3512 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-11-02 04:52:48 +08:00
@test "commit --unsetenv PATH" {
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
Add --unsetenv option to buildah commit and build This option will allow users to remove environment variables from the final image. Fixes: https://github.com/containers/buildah/issues/3512 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-11-02 04:52:48 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit --unsetenv PATH $WITH_POLICY_JSON $cid alpine-image-oci
run_buildah commit --unsetenv PATH --format docker --disable-compression=false $WITH_POLICY_JSON $cid alpine-image-docker
Add --unsetenv option to buildah commit and build This option will allow users to remove environment variables from the final image. Fixes: https://github.com/containers/buildah/issues/3512 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-11-02 04:52:48 +08:00
run_buildah inspect --type=image --format '{{.OCIv1.Config.Env}}' alpine-image-oci
expect_output "[]" "No Path should be defined"
run_buildah inspect --type=image --format '{{.Docker.Config.Env}}' alpine-image-docker
expect_output "[]" "No Path should be defined"
}
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
@test "commit quiet test" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit --iidfile /dev/null $WITH_POLICY_JSON -q $cid alpine-image
rename 'is' to 'expect_output' ...and make the "$output" argument implicit, as well as the description text. This greatly simplifies its invocation. Also: make it test for exact matches unless --substring option is passed; this eases my mind about a few potentially ambiguous situations such as the one in #1464. Also: add comments to two truth-table check functions Also: reorder some config checks alphabetically, for ease of reading. Thanks to Tom Sweeney for the suggestions and encouragement. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1492 Approved by: rhatdan
2019-04-05 23:59:54 +08:00
expect_output ""
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
@test "commit rm test" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON --rm $cid alpine-image
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 rm $cid
Fix stutters Podman adds an Error: to every error message. So starting an error message with "error" ends up being reported to the user as Error: error ... This patch removes the stutter. Also ioutil.ReadFile errors report the Path, so wrapping the err message with the path causes a stutter. Signed-off-by: Daniel J Walsh dwalsh@redhat.com [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-09-18 18:36:08 +08:00
expect_output --substring "removing container \"alpine-working-container\": container not known"
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
@test "commit-alternate-storage" {
Move away from using docker.io November 2020, docker.io started restricting unauthenticated image pulls. Try to work around this by using a custom registries.conf file. For the most part this means copying images from docker.io to quay.io, via: $ skopeo copy --all docker://docker.io/library/img:tag \ docker://quay.io/libpod/img:tag ...for the following values of 'img:tag': busybox:musl centos:7 centos:8 centos:latest composer:latest debian:latest ubuntu:latest docker:latest php:7.2 For each of those, it was necessary to go into the quay.io GUI, click the image name, click the settings (gear) icon at bottom left, click 'Make public', and confirm. This process did not work in four instances, which required special-casing: commit.bats : openshift/hello-openshift did not match the mirroring rules; I switched to alpine instead. Nalin confirmed on IRC that there was no magic reason for requiring hello-openshift. pull.bats : change a SHA. AFAICT there was nothing magic about the SHA being used, it was just a convenient one for purposes of testing pull-by-sha. I simply switched to the SHA of an image present on quay. registries.bats : was assuming that fedora-minimal shortname would be pulled from fedora registry. Unfortunately, we have a copy on quay (for podman tests), so that's what we pull by shortname, and it does not match the SHA of the fedoraproject.org one. Solution: pull by tag (fedora-minimal:32) and hope that nobody ever mirrors that one on quay. run.bats : another pull-by-SHA, but this time I changed the SHA to a named tag, and skopeo copy'd that image from docker.io to the given name on quay. This time there _is_ something magic about that particular SHA (it's an image with a specific volume quirk) but there's no actual reason to reference it by SHA - we simply did so because we have no control over tag names on docker.io. Since we control tag names on quay.io, it's easy and more maintainable to give this image a descriptive tag. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-12-08 06:36:43 +08:00
_prefetch alpine
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
echo FROM
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
echo COMMIT
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
run_buildah commit $WITH_POLICY_JSON $cid "containers-storage:[vfs@${TEST_SCRATCH_DIR}/root2+${TEST_SCRATCH_DIR}/runroot2]newimage"
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
echo FROM
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
run_buildah --storage-driver vfs --root ${TEST_SCRATCH_DIR}/root2 --runroot ${TEST_SCRATCH_DIR}/runroot2 from $WITH_POLICY_JSON newimage
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
}
Let util.ResolveName() return parsing errors Allow util.ResolveName() to return errors from libraries that it uses. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #948 Approved by: rhatdan
2018-08-22 04:33:36 +08:00
@test "commit-rejected-name" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah 125 commit $WITH_POLICY_JSON $cid ThisNameShouldBeRejected
rename 'is' to 'expect_output' ...and make the "$output" argument implicit, as well as the description text. This greatly simplifies its invocation. Also: make it test for exact matches unless --substring option is passed; this eases my mind about a few potentially ambiguous situations such as the one in #1464. Also: add comments to two truth-table check functions Also: reorder some config checks alphabetically, for ease of reading. Thanks to Tom Sweeney for the suggestions and encouragement. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1492 Approved by: rhatdan
2019-04-05 23:59:54 +08:00
expect_output --substring "must be lower"
Let util.ResolveName() return parsing errors Allow util.ResolveName() to return errors from libraries that it uses. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #948 Approved by: rhatdan
2018-08-22 04:33:36 +08:00
}
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
@test "commit-no-empty-created-by" {
oops, missed some tests in commit.bats ...also, update from rebase Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-05 23:59:54 +08:00
if ! python3 -c 'import json, sys' 2> /dev/null ; then
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
skip "python interpreter with json module not found"
fi
target=new-image
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah config --created-by "untracked actions" $cid
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON $cid ${target}
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah inspect --format '{{.Config}}' ${target}
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
config="$output"
oops, missed some tests in commit.bats ...also, update from rebase Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-05 23:59:54 +08:00
run python3 -c 'import json, sys; config = json.load(sys.stdin); print(config["history"][len(config["history"])-1]["created_by"])' <<< "$config"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
echo "$output"
[ "${status}" -eq 0 ]
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "untracked actions"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah config --created-by "" $cid
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON $cid ${target}
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah inspect --format '{{.Config}}' ${target}
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
config="$output"
oops, missed some tests in commit.bats ...also, update from rebase Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-05 23:59:54 +08:00
run python3 -c 'import json, sys; config = json.load(sys.stdin); print(config["history"][len(config["history"])-1]["created_by"])' <<< "$config"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
echo "$output"
[ "${status}" -eq 0 ]
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "/bin/sh"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
}
commit: make target image names optional Make the name of the image to create an optional parameter. If none is specified, use a temporary mostly-random name that can't be interpreted as an ID, so that the image copying logic will compute the correct ID to assign to the new image, and remove the temporary name before returning. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1486 Approved by: rhatdan
2019-03-21 01:06:29 +08:00
@test "commit-no-name" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON $cid
commit: make target image names optional Make the name of the image to create an optional parameter. If none is specified, use a temporary mostly-random name that can't be interpreted as an ID, so that the image copying logic will compute the correct ID to assign to the new image, and remove the temporary name before returning. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1486 Approved by: rhatdan
2019-03-21 01:06:29 +08:00
}
Check nonexsit authfile Signed-off-by: Qi Wang <qiwan@redhat.com> Closes: #1967 Approved by: rhatdan
2019-11-06 11:57:38 +08:00
Spelling Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-22 00:19:56 +08:00
@test "commit should fail with nonexistent authfile" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah 125 commit --authfile /tmp/nonexistent $WITH_POLICY_JSON $cid alpine-image
Check nonexsit authfile Signed-off-by: Qi Wang <qiwan@redhat.com> Closes: #1967 Approved by: rhatdan
2019-11-06 11:57:38 +08:00
}
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
@test "commit-builder-identity" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON $cid alpine-image
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
run_buildah --version
local -a output_fields=($output)
buildah_version=${output_fields[2]}
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
run_buildah inspect --format '{{ index .Docker.Config.Labels "io.buildah.version"}}' alpine-image
expect_output "$buildah_version"
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
}
commit(docker): always set ContainerID and ContainerConfig For the sake of the Docker output format, always set the ContainerID field, and if we have a non-nil Config, set ContainerConfig to the same values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1989 Approved by: rhatdan
2019-11-20 04:23:14 +08:00
@test "commit-parent-id" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull $WITH_POLICY_JSON alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
run_buildah inspect --format '{{.FromImageID}}' $cid
iid=$output
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON --format docker $cid alpine-image
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah inspect --format '{{.Docker.Parent}}' alpine-image
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "sha256:$iid" "alpine-image -> .Docker.Parent"
commit(docker): always set ContainerID and ContainerConfig For the sake of the Docker output format, always set the ContainerID field, and if we have a non-nil Config, set ContainerConfig to the same values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1989 Approved by: rhatdan
2019-11-20 04:23:14 +08:00
}
@test "commit-container-id" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull $WITH_POLICY_JSON alpine
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
# There is exactly one container. Get its ID.
run_buildah containers --format '{{.ContainerID}}'
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON --format docker $cid alpine-image
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah inspect --format '{{.Docker.Container}}' alpine-image
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "$cid" "alpine-image -> .Docker.Container"
Tests: Add container name and id check in containers test steps Add some checkpoint for checking container name and id inside the tests. Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-11-06 18:20:33 +08:00
}
Tests: Add two commit test Add following test cases for commit: - commit with name - commit to docker-distribution Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-10-28 16:25:42 +08:00
@test "commit with name" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch busybox
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet $WITH_POLICY_JSON --name busyboxc busybox
PR takeover of #1966 PR 1966 has languished for three weeks without activity from submitter. In the interests of getting it online, I have taken it over and: - rebased - fixed several misunderstandings (bugs) noted in review feedback - fixed a few more I also slightly rewrote two tests (tag by id, commit with name) that were incomprehensible to me: unnecessary mount/umount and no actual testing of anything other than checking exit status. I believe the new code is closer to the intention of testing but please pay closer attention to those bits. Also: fixed the basic 'inspect' test. It looks like at some point in the last month #1917 added a version string to the buildah-inspect output. The test was fixed on master, but ypu's PR did not incorporate those fixes and the test was breaking. I took the liberty of cleaning up the entire test for readability and maintainability. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2004 Approved by: rhatdan
2019-12-04 02:18:24 +08:00
expect_output "busyboxc"
# Commit with a new name
newname="commitbyname/busyboxname"
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON busyboxc $newname
PR takeover of #1966 PR 1966 has languished for three weeks without activity from submitter. In the interests of getting it online, I have taken it over and: - rebased - fixed several misunderstandings (bugs) noted in review feedback - fixed a few more I also slightly rewrote two tests (tag by id, commit with name) that were incomprehensible to me: unnecessary mount/umount and no actual testing of anything other than checking exit status. I believe the new code is closer to the intention of testing but please pay closer attention to those bits. Also: fixed the basic 'inspect' test. It looks like at some point in the last month #1917 added a version string to the buildah-inspect output. The test was fixed on master, but ypu's PR did not incorporate those fixes and the test was breaking. I took the liberty of cleaning up the entire test for readability and maintainability. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2004 Approved by: rhatdan
2019-12-04 02:18:24 +08:00
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from $WITH_POLICY_JSON localhost/$newname
PR takeover of #1966 PR 1966 has languished for three weeks without activity from submitter. In the interests of getting it online, I have taken it over and: - rebased - fixed several misunderstandings (bugs) noted in review feedback - fixed a few more I also slightly rewrote two tests (tag by id, commit with name) that were incomprehensible to me: unnecessary mount/umount and no actual testing of anything other than checking exit status. I believe the new code is closer to the intention of testing but please pay closer attention to those bits. Also: fixed the basic 'inspect' test. It looks like at some point in the last month #1917 added a version string to the buildah-inspect output. The test was fixed on master, but ypu's PR did not incorporate those fixes and the test was breaking. I took the liberty of cleaning up the entire test for readability and maintainability. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2004 Approved by: rhatdan
2019-12-04 02:18:24 +08:00
expect_output "busyboxname-working-container"
cname=$output
run_buildah inspect --format '{{.FromImage}}' $cname
expect_output "localhost/$newname:latest"
Tests: Add two commit test Add following test cases for commit: - commit with name - commit to docker-distribution Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-10-28 16:25:42 +08:00
}
@test "commit to docker-distribution" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch busybox
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from $WITH_POLICY_JSON --name busyboxc busybox
integration tests: learn to start a dummy registry When a test needs to talk to a registry server, launch one as part of the test rather than depending on it having been started by someone else. Use run_buildah where we used to use 'run buildah' without checking the return code, and in a few cases where we did check it. In the "from with non buildah container" test, use "podman create" with host networking, in an attempt to avoid messing with networking in cases where we're running on a system with a version of podman that will create a bridge with CNI that we'll also create with netavark. We're not sharing storage between the two invocations, so the logic that tries to detect this problem won't detect it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2022-03-10 23:22:37 +08:00
start_registry
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword busyboxc docker://localhost:${REGISTRY_PORT}/commit/busybox
run_buildah from $WITH_POLICY_JSON --name fromdocker --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/commit/busybox
commit(docker): always set ContainerID and ContainerConfig For the sake of the Docker output format, always set the ContainerID field, and if we have a non-nil Config, set ContainerConfig to the same values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1989 Approved by: rhatdan
2019-11-20 04:23:14 +08:00
}
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
@test "commit encrypted local oci image" {
tests: skip tests for rootless which need unshare Instrument test so that they can be executed in rootless environment. Certain tests perform mount directly and they need a seperate usernamespace, these tests are marked to be skipped for `rootless environment` Signed-off-by: Aditya R <arajan@redhat.com>
2022-03-04 18:38:38 +08:00
skip_if_rootless_environment
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
_prefetch busybox
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
run_buildah commit --iidfile /dev/null $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub -q $cid oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc
imgtype -show-manifest oci:${TEST_SCRATCH_DIR}/tmp/busybox_enc | grep "+encrypted"
rm -rf ${TEST_SCRATCH_DIR}/tmp
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
}
@test "commit oci encrypt to registry" {
_prefetch busybox
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
mkdir ${TEST_SCRATCH_DIR}/tmp
openssl genrsa -out ${TEST_SCRATCH_DIR}/tmp/mykey.pem 1024
openssl rsa -in ${TEST_SCRATCH_DIR}/tmp/mykey.pem -pubout > ${TEST_SCRATCH_DIR}/tmp/mykey.pub
integration tests: learn to start a dummy registry When a test needs to talk to a registry server, launch one as part of the test rather than depending on it having been started by someone else. Use run_buildah where we used to use 'run buildah' without checking the return code, and in a few cases where we did check it. In the "from with non buildah container" test, use "podman create" with host networking, in an attempt to avoid messing with networking in cases where we're running on a system with a version of podman that will create a bridge with CNI that we'll also create with netavark. We're not sharing storage between the two invocations, so the logic that tries to detect this problem won't detect it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2022-03-10 23:22:37 +08:00
start_registry
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
cid=$output
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON --encryption-key jwe:${TEST_SCRATCH_DIR}/tmp/mykey.pub -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_encrypted:latest
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
# this test, just checks the ability to commit an image to a registry
# there is no good way to test the details of the image unless with ./buildah pull, test will be in pull.bats
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
rm -rf ${TEST_SCRATCH_DIR}/tmp
Add test for prevention of reusing encrypted layers This fix modifies the test "commit oci encrypt to registry" to verify that encrypted layers are not reused for a non-encrypted image. see: https://github.com/containers/image/pull/1533 Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
2022-04-29 05:27:16 +08:00
# verify that encrypted layers are not cached or reused for an non-encrypted image (See containers/image#1533)
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_not_encrypted:latest
run_buildah from $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/buildah/busybox_not_encrypted:latest
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
}
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
@test "commit omit-timestamp" {
_prefetch busybox
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
cid=$output
run_buildah run $cid touch /test
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON --omit-timestamp -q $cid omit
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
run_buildah inspect --format '{{ .Docker.Created }}' omit
expect_output --substring "1970-01-01"
run_buildah inspect --format '{{ .OCIv1.Created }}' omit
expect_output --substring "1970-01-01"
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON omit
Use --timestamp rather then --omit-timestamp We recieved feedback on the --omit-timestamp that users would rather specify the timestamp seconds rather then just use EPOCH. This PR removes --omit-timestamp from buildah bud since this has never been released. We also hide --omit-timestamp from buildah commit and allow users to continue to use it, but it conflicts with --timestamp. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-27 04:56:57 +08:00
cid=$output
run_buildah run $cid ls -l /test
expect_output --substring "1970"
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
rm -rf ${TEST_SCRATCH_DIR}/tmp
Use --timestamp rather then --omit-timestamp We recieved feedback on the --omit-timestamp that users would rather specify the timestamp seconds rather then just use EPOCH. This PR removes --omit-timestamp from buildah bud since this has never been released. We also hide --omit-timestamp from buildah commit and allow users to continue to use it, but it conflicts with --timestamp. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-27 04:56:57 +08:00
}
@test "commit timestamp" {
_prefetch busybox
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
Use --timestamp rather then --omit-timestamp We recieved feedback on the --omit-timestamp that users would rather specify the timestamp seconds rather then just use EPOCH. This PR removes --omit-timestamp from buildah bud since this has never been released. We also hide --omit-timestamp from buildah commit and allow users to continue to use it, but it conflicts with --timestamp. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-27 04:56:57 +08:00
cid=$output
run_buildah run $cid touch /test
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah commit $WITH_POLICY_JSON --timestamp 0 -q $cid omit
Use --timestamp rather then --omit-timestamp We recieved feedback on the --omit-timestamp that users would rather specify the timestamp seconds rather then just use EPOCH. This PR removes --omit-timestamp from buildah bud since this has never been released. We also hide --omit-timestamp from buildah commit and allow users to continue to use it, but it conflicts with --timestamp. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-27 04:56:57 +08:00
run_buildah inspect --format '{{ .Docker.Created }}' omit
expect_output --substring "1970-01-01"
run_buildah inspect --format '{{ .OCIv1.Created }}' omit
expect_output --substring "1970-01-01"
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON omit
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
cid=$output
run_buildah run $cid ls -l /test
expect_output --substring "1970"
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
rm -rf ${TEST_SCRATCH_DIR}/tmp
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
}
Add authentication system tests for 'commit' and 'bud' Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
2021-04-07 04:11:12 +08:00
@test "commit with authfile" {
_prefetch busybox
Rename $TESTSDIR (the plural one), step 1 of 3 ...refactor '--signature-policy .../policy.json' to $WITH_POLICY_JSON Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
Add authentication system tests for 'commit' and 'bud' Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
2021-04-07 04:11:12 +08:00
cid=$output
run_buildah run $cid touch /test
integration tests: learn to start a dummy registry When a test needs to talk to a registry server, launch one as part of the test rather than depending on it having been started by someone else. Use run_buildah where we used to use 'run buildah' without checking the return code, and in a few cases where we did check it. In the "from with non buildah container" test, use "podman create" with host networking, in an attempt to avoid messing with networking in cases where we're running on a system with a version of podman that will create a bridge with CNI that we'll also create with netavark. We're not sharing storage between the two invocations, so the logic that tries to detect this problem won't detect it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2022-03-10 23:22:37 +08:00
start_registry
Rename $TESTSDIR (the plural one), step 4 of 3 ...rename $TESTDIR (the singular one) to $TEST_SCRATCH_DIR, which is clearer but unfortunately longer Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-26 23:09:11 +08:00
run_buildah login --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword --tls-verify=false localhost:${REGISTRY_PORT}
run_buildah commit --authfile ${TEST_SCRATCH_DIR}/test.auth $WITH_POLICY_JSON --tls-verify=false $cid docker://localhost:${REGISTRY_PORT}/buildah/my-busybox
Add authentication system tests for 'commit' and 'bud' Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
2021-04-07 04:11:12 +08:00
expect_output --substring "Writing manifest to image destination"
}
Scrub user and group names from layer diffs When generating layer diffs or extracting container contents, scrub the user and group name fields in tar headers before saving them. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2022-08-11 02:19:19 +08:00
@test "commit-without-names" {
_prefetch busybox
run_buildah from --quiet --pull=false $WITH_POLICY_JSON busybox
cid=$output
run_buildah run $cid touch /testfile
run_buildah run $cid chown $(id -u):$(id -g) /testfile
run_buildah commit $cid dir:${TEST_SCRATCH_DIR}/new-image
config=$(jq -r .config.digest ${TEST_SCRATCH_DIR}/new-image/manifest.json)
echo "config blob is $config"
diffid=$(jq -r '.rootfs.diff_ids[-1]' ${TEST_SCRATCH_DIR}/new-image/${config##*:})
echo "new layer is $diffid"
run_buildah copy $cid ${TEST_SCRATCH_DIR}/new-image/${diffid##*:} /testdiff.tar
# use in-container version of tar to avoid worrying about differences in
# output formats between tar implementations
run_buildah run $cid tar tvf /testdiff.tar testfile
echo "new file looks like [$output]"
# ownership information should be forced to be in number/number format
# instead of name/name because the names are gone
assert "$output" =~ $(id -u)/$(id -g)
}