root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity
buildah/tests/commit.bats

247 lines
9.5 KiB
Plaintext
Raw Normal View History

add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
#!/usr/bin/env bats
load helpers
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
@test "commit-flags-order-verification" {
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 --tls-verify
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "--tls-verify"
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 -q
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "-q"
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 -f=docker --quiet --creds=bla:bla
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "-f=docker"
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit cnt1 --creds=bla:bla
Add flags/arguments order verification to one arg commands Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Closes: #984 Approved by: rhatdan
2018-09-03 19:20:52 +08:00
check_options_flag_err "--creds=bla:bla"
}
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
@test "commit" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid alpine-image
BATS tests - extensive but minor cleanup This started off as bug fixes necessary to get BATS tests actually working on RHEL8 (they weren't). It grew. I will defend my actions in the first comment post. Primary change: import some helpers from podman BATS tests, most importantly 'run_buildah' and 'is'. The vast majority of the changes you'll see here are of the form: - run buildah ... - [ $status = 0 ] - [ check $output ] + run_buildah ... ! automatically checks status + is "$output" "..." Also: chmod'ed some files -x. Necessary because rpmbuild tries to be oh-so-clever about requirements, and when it sees an executable file with a shebang line like '#!env bats' it helpfully adds 'Requires: /usr/bin/bats' to the rpm, which then fails to install because RHEL8 does not have bats. Also: refactored duplicate code in a few places, by writing and invoking module-specific helper functions. Also: changed a handful of 'buildah's to run_buildah, in order to get error checking and debug logging. Also: added descriptive reasons to many "skip"s. Also: selinux test: some tweakery to make it run on production system (context is different if /usr/bin/buildah is chcon'ed appropriately). I can't get this test to pass on Fedora from a build dir, and I'm actually not convinced that this test has ever passed, but let's see what CI shows. Also: selinux test: skip broken test (#1465). Also: version test: skip parts of it if running w/o sources. Tests are now passing as root on RHEL8; rootless has numerous failures which I don't believe are related to this PR. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-02 05:56:29 +08:00
run_buildah images alpine-image
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
@test "commit format test" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid alpine-image-oci
run_buildah commit --format docker --disable-compression=false --signature-policy ${TESTSDIR}/policy.json $cid alpine-image-docker
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
Avoid feeding run_buildah to pipe The usage 'run_buildah ... | grep' (or pipe whatever) works, but it's a super bad pattern. Replace all instances of it with a one-two of 'run_buildah' and 'expect_output'. Some of these needed a little minor massaging. Also: 'run_buildah ... || true' -> 'run_buildah 125 ...'. I don't review all buildah PRs, so this one slipped by me. Also: clean up trailing whitespace Digression: why is 'run_buildah | grep' bad? Because: - it is inaccurate. run_buildah does 'echo $output', but it also emits other output (the buildah command itself, and possible expected-status mismatch). It is possible that a pipe-grep could trigger on one of these. - the reason run_buildah emits these things is so a human can look at debug output on failure and recognize what command was run, what the output was. If we pipe-grep, we lose that. - it is possible that a pipe-grep will mask a failing run_buildah (I'm not sure about this) - expect_output is more precise anyway, hence makes a better test. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-08-12 04:46:36 +08:00
run_buildah inspect --type=image --format '{{.Manifest}}' alpine-image-oci
mediatype=$(jq -r '.layers[0].mediaType' <<<"$output")
expect_output --from="$mediatype" "application/vnd.oci.image.layer.v1.tar"
run_buildah inspect --type=image --format '{{.Manifest}}' alpine-image-docker
mediatype=$(jq -r '.layers[1].mediaType' <<<"$output")
expect_output --from="$mediatype" "application/vnd.docker.image.rootfs.diff.tar.gzip"
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
@test "commit quiet test" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah commit --iidfile /dev/null --signature-policy ${TESTSDIR}/policy.json -q $cid alpine-image
rename 'is' to 'expect_output' ...and make the "$output" argument implicit, as well as the description text. This greatly simplifies its invocation. Also: make it test for exact matches unless --substring option is passed; this eases my mind about a few potentially ambiguous situations such as the one in #1464. Also: add comments to two truth-table check functions Also: reorder some config checks alphabetically, for ease of reading. Thanks to Tom Sweeney for the suggestions and encouragement. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1492 Approved by: rhatdan
2019-04-05 23:59:54 +08:00
expect_output ""
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
@test "commit rm test" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json --rm $cid alpine-image
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 rm $cid
Add --policy flag to buildah pull This allows the user to specify the pull policy for pulling images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-11-10 19:58:31 +08:00
expect_output --substring "error removing container \"alpine-working-container\": container not known"
add commit test Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #772 Approved by: rhatdan
2018-06-11 14:55:51 +08:00
}
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
@test "commit-alternate-storage" {
Move away from using docker.io November 2020, docker.io started restricting unauthenticated image pulls. Try to work around this by using a custom registries.conf file. For the most part this means copying images from docker.io to quay.io, via: $ skopeo copy --all docker://docker.io/library/img:tag \ docker://quay.io/libpod/img:tag ...for the following values of 'img:tag': busybox:musl centos:7 centos:8 centos:latest composer:latest debian:latest ubuntu:latest docker:latest php:7.2 For each of those, it was necessary to go into the quay.io GUI, click the image name, click the settings (gear) icon at bottom left, click 'Make public', and confirm. This process did not work in four instances, which required special-casing: commit.bats : openshift/hello-openshift did not match the mirroring rules; I switched to alpine instead. Nalin confirmed on IRC that there was no magic reason for requiring hello-openshift. pull.bats : change a SHA. AFAICT there was nothing magic about the SHA being used, it was just a convenient one for purposes of testing pull-by-sha. I simply switched to the SHA of an image present on quay. registries.bats : was assuming that fedora-minimal shortname would be pulled from fedora registry. Unfortunately, we have a copy on quay (for podman tests), so that's what we pull by shortname, and it does not match the SHA of the fedoraproject.org one. Solution: pull by tag (fedora-minimal:32) and hope that nobody ever mirrors that one on quay. run.bats : another pull-by-SHA, but this time I changed the SHA to a named tag, and skopeo copy'd that image from docker.io to the given name on quay. This time there _is_ something magic about that particular SHA (it's an image with a specific volume quirk) but there's no actual reason to reference it by SHA - we simply did so because we have no control over tag names on docker.io. Since we control tag names on quay.io, it's easy and more maintainable to give this image a descriptive tag. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-12-08 06:36:43 +08:00
_prefetch alpine
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
echo FROM
Move away from using docker.io November 2020, docker.io started restricting unauthenticated image pulls. Try to work around this by using a custom registries.conf file. For the most part this means copying images from docker.io to quay.io, via: $ skopeo copy --all docker://docker.io/library/img:tag \ docker://quay.io/libpod/img:tag ...for the following values of 'img:tag': busybox:musl centos:7 centos:8 centos:latest composer:latest debian:latest ubuntu:latest docker:latest php:7.2 For each of those, it was necessary to go into the quay.io GUI, click the image name, click the settings (gear) icon at bottom left, click 'Make public', and confirm. This process did not work in four instances, which required special-casing: commit.bats : openshift/hello-openshift did not match the mirroring rules; I switched to alpine instead. Nalin confirmed on IRC that there was no magic reason for requiring hello-openshift. pull.bats : change a SHA. AFAICT there was nothing magic about the SHA being used, it was just a convenient one for purposes of testing pull-by-sha. I simply switched to the SHA of an image present on quay. registries.bats : was assuming that fedora-minimal shortname would be pulled from fedora registry. Unfortunately, we have a copy on quay (for podman tests), so that's what we pull by shortname, and it does not match the SHA of the fedoraproject.org one. Solution: pull by tag (fedora-minimal:32) and hope that nobody ever mirrors that one on quay. run.bats : another pull-by-SHA, but this time I changed the SHA to a named tag, and skopeo copy'd that image from docker.io to the given name on quay. This time there _is_ something magic about that particular SHA (it's an image with a specific volume quirk) but there's no actual reason to reference it by SHA - we simply did so because we have no control over tag names on docker.io. Since we control tag names on quay.io, it's easy and more maintainable to give this image a descriptive tag. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-12-08 06:36:43 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
echo COMMIT
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid "containers-storage:[vfs@${TESTDIR}/root2+${TESTDIR}/runroot2]newimage"
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
echo FROM
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah --storage-driver vfs --root ${TESTDIR}/root2 --runroot ${TESTDIR}/runroot2 from --signature-policy ${TESTSDIR}/policy.json newimage
commit: recognize committing to second storage locations Recognize cases when we're committing to local storage, but in a location other than where the working container is, by checking if the base image (by ID, in case it's tagged and the tag points to a different image with different layers) is present in the destination's store. In those cases, we can't just assume that we can skip exporting the base image's layers. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2018-06-22 23:20:02 +08:00
}
Let util.ResolveName() return parsing errors Allow util.ResolveName() to return errors from libraries that it uses. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #948 Approved by: rhatdan
2018-08-22 04:33:36 +08:00
@test "commit-rejected-name" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
Return exit code from failed containers Buildah run was exiting with the correct exit code, when a container failed. Buildah bud was not, so this should fix this. Also switched to the proper exit codes when containers fail. When Buildah fails to execute it will exit with a 125 exit code like Podman does. If a command fails to execute inside of a container we will exit with a 126. Currently we do not support the 127 for exiting when the command does not exist. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-04-16 21:48:43 +08:00
run_buildah 125 commit --signature-policy ${TESTSDIR}/policy.json $cid ThisNameShouldBeRejected
rename 'is' to 'expect_output' ...and make the "$output" argument implicit, as well as the description text. This greatly simplifies its invocation. Also: make it test for exact matches unless --substring option is passed; this eases my mind about a few potentially ambiguous situations such as the one in #1464. Also: add comments to two truth-table check functions Also: reorder some config checks alphabetically, for ease of reading. Thanks to Tom Sweeney for the suggestions and encouragement. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1492 Approved by: rhatdan
2019-04-05 23:59:54 +08:00
expect_output --substring "must be lower"
Let util.ResolveName() return parsing errors Allow util.ResolveName() to return errors from libraries that it uses. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #948 Approved by: rhatdan
2018-08-22 04:33:36 +08:00
}
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
@test "commit-no-empty-created-by" {
oops, missed some tests in commit.bats ...also, update from rebase Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-05 23:59:54 +08:00
if ! python3 -c 'import json, sys' 2> /dev/null ; then
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
skip "python interpreter with json module not found"
fi
target=new-image
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah config --created-by "untracked actions" $cid
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid ${target}
run_buildah inspect --format '{{.Config}}' ${target}
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
config="$output"
oops, missed some tests in commit.bats ...also, update from rebase Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-05 23:59:54 +08:00
run python3 -c 'import json, sys; config = json.load(sys.stdin); print(config["history"][len(config["history"])-1]["created_by"])' <<< "$config"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
echo "$output"
[ "${status}" -eq 0 ]
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "untracked actions"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
BATS major cleanup, part 1: log-level PR #1935 removed the default --debug logging; so all run_buildah calls now use the default (error). It is safe to remove unnecessary instances of --log-level=error . For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/ --log-level=error / /' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 02:28:27 +08:00
run_buildah config --created-by "" $cid
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid ${target}
run_buildah inspect --format '{{.Config}}' ${target}
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
config="$output"
oops, missed some tests in commit.bats ...also, update from rebase Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #1472 Approved by: TomSweeneyRedHat
2019-04-05 23:59:54 +08:00
run python3 -c 'import json, sys; config = json.load(sys.stdin); print(config["history"][len(config["history"])-1]["created_by"])' <<< "$config"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
echo "$output"
[ "${status}" -eq 0 ]
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "/bin/sh"
commit: check that we always set a "created-by" Check that when we use "buildah commit" to create an image, we always specify a value in the created-by field in the item that we're appending to the image's history. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-04-04 02:57:55 +08:00
}
commit: make target image names optional Make the name of the image to create an optional parameter. If none is specified, use a temporary mostly-random name that can't be interpreted as an ID, so that the image copying logic will compute the correct ID to assign to the new image, and remove the temporary name before returning. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1486 Approved by: rhatdan
2019-03-21 01:06:29 +08:00
@test "commit-no-name" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
commit: make target image names optional Make the name of the image to create an optional parameter. If none is specified, use a temporary mostly-random name that can't be interpreted as an ID, so that the image copying logic will compute the correct ID to assign to the new image, and remove the temporary name before returning. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1486 Approved by: rhatdan
2019-03-21 01:06:29 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid
}
Check nonexsit authfile Signed-off-by: Qi Wang <qiwan@redhat.com> Closes: #1967 Approved by: rhatdan
2019-11-06 11:57:38 +08:00
Spelling Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-22 00:19:56 +08:00
@test "commit should fail with nonexistent authfile" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
Spelling Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-22 00:19:56 +08:00
run_buildah 125 commit --authfile /tmp/nonexistent --signature-policy ${TESTSDIR}/policy.json $cid alpine-image
Check nonexsit authfile Signed-off-by: Qi Wang <qiwan@redhat.com> Closes: #1967 Approved by: rhatdan
2019-11-06 11:57:38 +08:00
}
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
@test "commit-builder-identity" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid alpine-image
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
run_buildah --version
local -a output_fields=($output)
buildah_version=${output_fields[2]}
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
run_buildah inspect --format '{{ index .Docker.Config.Labels "io.buildah.version"}}' alpine-image
expect_output "$buildah_version"
Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat
2019-11-13 00:50:21 +08:00
}
commit(docker): always set ContainerID and ContainerConfig For the sake of the Docker output format, always set the ContainerID field, and if we have a non-nil Config, set ContainerConfig to the same values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1989 Approved by: rhatdan
2019-11-20 04:23:14 +08:00
@test "commit-parent-id" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
run_buildah inspect --format '{{.FromImageID}}' $cid
iid=$output
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json --format docker $cid alpine-image
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah inspect --format '{{.Docker.Parent}}' alpine-image
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "sha256:$iid" "alpine-image -> .Docker.Parent"
commit(docker): always set ContainerID and ContainerConfig For the sake of the Docker output format, always set the ContainerID field, and if we have a non-nil Config, set ContainerConfig to the same values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1989 Approved by: rhatdan
2019-11-20 04:23:14 +08:00
}
@test "commit-container-id" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch alpine
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah from --quiet --pull --signature-policy ${TESTSDIR}/policy.json alpine
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
# There is exactly one container. Get its ID.
run_buildah containers --format '{{.ContainerID}}'
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
cid=$output
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json --format docker $cid alpine-image
BATS major cleanup, part 2: use more run_buildah Replace this pattern: cid=$(buildah ...) with: run_buildah ... cid=$output As a special case, if the buildah command is 'from' and the string 'scratch' does not appear in the arguments, add '--quiet'. Otherwise we'll get Pulling messages as part of $output. This is an overkill solution. For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 03:11:08 +08:00
run_buildah inspect --format '{{.Docker.Container}}' alpine-image
BATS major cleanup: part 4: manual stuff This is the manual part of the cleanup. - remove most 'buildah rm's from cleanup steps - remove unused variables - use expect_output when possible, not 'test [ x = y ]' - includes fixing some not-what-you-think-it-is uses of run_buildah | grep - be careful not to leave droppings in current directory Special attention to: - authenticate.bats: create Dockerfile in temp dir, not pwd! - push.bats: remove broken output check - registries.bats: refactor, remove duplicate tests & code - rmi.bats: better checking of messages - secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) ! We don't want to leave droppings behind if we fail; this has bitten us before. And, since there's only one test, there's no need to override setup() / teardown(). Do setup inline, and take advantage of existing defaults. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 07:21:51 +08:00
expect_output "$cid" "alpine-image -> .Docker.Container"
Tests: Add container name and id check in containers test steps Add some checkpoint for checking container name and id inside the tests. Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-11-06 18:20:33 +08:00
}
Tests: Add two commit test Add following test cases for commit: - commit with name - commit to docker-distribution Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-10-28 16:25:42 +08:00
@test "commit with name" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch busybox
PR takeover of #1966 PR 1966 has languished for three weeks without activity from submitter. In the interests of getting it online, I have taken it over and: - rebased - fixed several misunderstandings (bugs) noted in review feedback - fixed a few more I also slightly rewrote two tests (tag by id, commit with name) that were incomprehensible to me: unnecessary mount/umount and no actual testing of anything other than checking exit status. I believe the new code is closer to the intention of testing but please pay closer attention to those bits. Also: fixed the basic 'inspect' test. It looks like at some point in the last month #1917 added a version string to the buildah-inspect output. The test was fixed on master, but ypu's PR did not incorporate those fixes and the test was breaking. I took the liberty of cleaning up the entire test for readability and maintainability. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2004 Approved by: rhatdan
2019-12-04 02:18:24 +08:00
run_buildah from --quiet --signature-policy ${TESTSDIR}/policy.json --name busyboxc busybox
expect_output "busyboxc"
# Commit with a new name
newname="commitbyname/busyboxname"
run_buildah commit --signature-policy ${TESTSDIR}/policy.json busyboxc $newname
run_buildah from --signature-policy ${TESTSDIR}/policy.json localhost/$newname
expect_output "busyboxname-working-container"
cname=$output
run_buildah inspect --format '{{.FromImage}}' $cname
expect_output "localhost/$newname:latest"
Tests: Add two commit test Add following test cases for commit: - commit with name - commit to docker-distribution Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-10-28 16:25:42 +08:00
}
@test "commit to docker-distribution" {
Flake handling: cache and prefetch images Show of hands: who here loves submitting a PR, then coming back hours later to find one job failed, then spending time poring over logs and finding a network error? Anyone? Anyone? This is a lame attempt to minimize such flakes by caching commonly-used images and restoring them on demand. We introduce a new helper, _prefetch(), which podman-pulls an image the first time, podman-saves it, then on subsequent calls (for the same image) podman-loads it: @test foo { _prefetch alpine busybox ...tests that run buildah-from either } This is an imperfect solution: it is incomplete and will grow more so over time as new tests are added. It is difficult to verify its coverage. I'm really unhappy with it but if it works, the Total Sum Of Unhappiness might decrease overall thanks to fewer flakes. If it doesn't work, it's trivial to remove _prefetch calls using a sed script. Shall we give it a chance? Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-12-09 21:45:52 +08:00
_prefetch busybox
BATS major cleanup, step 3: yet more run_buildah Replace plain 'buildah' invocations with run_buildah For ease of review, this commit was entirely machine-generated via: $ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2029 Approved by: rhatdan
2019-12-12 04:03:37 +08:00
run_buildah from --signature-policy ${TESTSDIR}/policy.json --name busyboxc busybox
Tests: Add two commit test Add following test cases for commit: - commit with name - commit to docker-distribution Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #2004 Approved by: rhatdan
2019-10-28 16:25:42 +08:00
run_buildah commit --signature-policy ${TESTSDIR}/policy.json --tls-verify=false --creds testuser:testpassword busyboxc docker://localhost:5000/commit/busybox
run_buildah from --signature-policy ${TESTSDIR}/policy.json --name fromdocker --tls-verify=false --creds testuser:testpassword docker://localhost:5000/commit/busybox
commit(docker): always set ContainerID and ContainerConfig For the sake of the Docker output format, always set the ContainerID field, and if we have a non-nil Config, set ContainerConfig to the same values. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1989 Approved by: rhatdan
2019-11-20 04:23:14 +08:00
}
Implement commit for encryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-17 23:48:14 +08:00
@test "commit encrypted local oci image" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json busybox
cid=$output
run_buildah commit --iidfile /dev/null --signature-policy ${TESTSDIR}/policy.json --encryption-key jwe:${TESTDIR}/tmp/mykey.pub -q $cid oci:${TESTDIR}/tmp/busybox_enc
imgtype -show-manifest oci:${TESTDIR}/tmp/busybox_enc | grep "+encrypted"
rm -rf ${TESTDIR}/tmp
}
@test "commit oci encrypt to registry" {
_prefetch busybox
mkdir ${TESTDIR}/tmp
openssl genrsa -out ${TESTDIR}/tmp/mykey.pem 1024
openssl rsa -in ${TESTDIR}/tmp/mykey.pem -pubout > ${TESTDIR}/tmp/mykey.pub
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json busybox
cid=$output
run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword --signature-policy ${TESTSDIR}/policy.json --encryption-key jwe:${TESTDIR}/tmp/mykey.pub -q $cid docker://localhost:5000/buildah/busybox_encrypted:latest
# this test, just checks the ability to commit an image to a registry
# there is no good way to test the details of the image unless with ./buildah pull, test will be in pull.bats
rm -rf ${TESTDIR}/tmp
}
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
@test "commit omit-timestamp" {
_prefetch busybox
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json busybox
cid=$output
run_buildah run $cid touch /test
run_buildah commit --signature-policy ${TESTSDIR}/policy.json --omit-timestamp -q $cid omit
run_buildah inspect --format '{{ .Docker.Created }}' omit
expect_output --substring "1970-01-01"
run_buildah inspect --format '{{ .OCIv1.Created }}' omit
expect_output --substring "1970-01-01"
Use --timestamp rather then --omit-timestamp We recieved feedback on the --omit-timestamp that users would rather specify the timestamp seconds rather then just use EPOCH. This PR removes --omit-timestamp from buildah bud since this has never been released. We also hide --omit-timestamp from buildah commit and allow users to continue to use it, but it conflicts with --timestamp. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-27 04:56:57 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json omit
cid=$output
run_buildah run $cid ls -l /test
expect_output --substring "1970"
rm -rf ${TESTDIR}/tmp
}
@test "commit timestamp" {
_prefetch busybox
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json busybox
cid=$output
run_buildah run $cid touch /test
run_buildah commit --signature-policy ${TESTSDIR}/policy.json --timestamp 0 -q $cid omit
run_buildah inspect --format '{{ .Docker.Created }}' omit
expect_output --substring "1970-01-01"
run_buildah inspect --format '{{ .OCIv1.Created }}' omit
expect_output --substring "1970-01-01"
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json omit
cid=$output
run_buildah run $cid ls -l /test
expect_output --substring "1970"
rm -rf ${TESTDIR}/tmp
}