Don't pollute
Several tests were doing '--iidfile x', where 'x' is a filename with no path. This is super bad: if running as root, it leaves litter in the current directory. If rootless, it may throw EPERM. Clean those up, using $TESTDIR for each one. Tested by running the test suite on my laptop and confirming there are no more droppings. And, refactor one particularly hairy set of duplicated build incantations: make them a series of simple clean loops. Signed-off-by: Ed Santiago <santiago@redhat.com>
This commit is contained in:
Ed Santiago
parent
bc5080ccdd
commit
2637df51e9
|
|
@ -67,9 +67,9 @@ load helpers
|
|||
root=$output
|
||||
cp ${TESTDIR}/randomfile $root/randomfile
|
||||
run_buildah unmount $cid
|
||||
run_buildah commit --iidfile output.iid --signature-policy ${TESTSDIR}/policy.json $cid containers-storage:new-image
|
||||
iid=$(cat output.iid)
|
||||
[[ "$iid" == "sha256:"* ]]
|
||||
run_buildah commit --iidfile ${TESTDIR}/output.iid --signature-policy ${TESTSDIR}/policy.json $cid containers-storage:new-image
|
||||
iid=$(< ${TESTDIR}/output.iid)
|
||||
assert "$iid" =~ "sha256:[0-9a-f]{64}"
|
||||
run_buildah rmi $iid
|
||||
run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid containers-storage:new-image
|
||||
run_buildah rm $cid
|
||||
|
|
|
|||
117
tests/bud.bats
117
tests/bud.bats
|
|
@ -2672,14 +2672,14 @@ EOM
|
|||
|
||||
@test "bud with-rusage-logfile" {
|
||||
_prefetch alpine
|
||||
run_buildah build --log-rusage --rusage-logfile "foo.log" --layers --pull=false --format docker --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/shell
|
||||
run_buildah build --log-rusage --rusage-logfile ${TESTDIR}/foo.log --layers --pull=false --format docker --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/shell
|
||||
# the logfile should exist
|
||||
if [ ! -e "foo.log" ]; then die "foo.log not present!"; fi
|
||||
if [ ! -e ${TESTDIR}/foo.log ]; then die "rusage-logfile foo.log did not get created!"; fi
|
||||
# expect that foo.log only contains lines that were formatted using pkg/rusage.FormatDiff()
|
||||
formatted_lines=$(grep ".*\(system\).*\(user\).*\(elapsed\).*input.*output" foo.log | wc -l)
|
||||
line_count=$(cat foo.log | wc -l)
|
||||
formatted_lines=$(grep ".*\(system\).*\(user\).*\(elapsed\).*input.*output" ${TESTDIR}/foo.log | wc -l)
|
||||
line_count=$(wc -l <${TESTDIR}/foo.log)
|
||||
if [[ "$formatted_lines" -ne "$line_count" ]]; then
|
||||
die "Got ${formatted_lines} lines formatted with pkg/rusage.FormatDiff() but foo.log has ${line_count} lines"
|
||||
die "Got ${formatted_lines} lines formatted with pkg/rusage.FormatDiff() but rusage-logfile has ${line_count} lines"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -2758,85 +2758,64 @@ EOF
|
|||
|
||||
@test "bud cache by format" {
|
||||
# Build first in Docker format. Whether we do OCI or Docker first shouldn't matter, so we picked one.
|
||||
run_buildah build --iidfile first-docker --format docker --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
run_buildah build --iidfile ${TESTDIR}/first-docker --format docker --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
# Build in OCI format. Cache should not re-use the same images, so we should get a different image ID.
|
||||
run_buildah build --iidfile first-oci --format oci --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
run_buildah build --iidfile ${TESTDIR}/first-oci --format oci --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
# Build in Docker format again. Cache traversal should 100% hit the Docker image, so we should get its image ID.
|
||||
run_buildah build --iidfile second-docker --format docker --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
run_buildah build --iidfile ${TESTDIR}/second-docker --format docker --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
# Build in OCI format again. Cache traversal should 100% hit the OCI image, so we should get its image ID.
|
||||
run_buildah build --iidfile second-oci --format oci --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
run_buildah build --iidfile ${TESTDIR}/second-oci --format oci --layers --quiet --signature-policy ${TESTSDIR}/policy.json ${TESTSDIR}/bud/cache-format
|
||||
# Compare them. The two images we built in Docker format should be the same, the two we built in OCI format
|
||||
# should be the same, but the OCI and Docker format images should be different.
|
||||
cmp first-docker second-docker
|
||||
cmp first-oci second-oci
|
||||
run cmp first-docker first-oci
|
||||
[[ "$status" -ne 0 ]]
|
||||
assert "$(< ${TESTDIR}/first-docker)" = "$(< ${TESTDIR}/second-docker)" \
|
||||
"iidfile(first docker) == iidfile(second docker)"
|
||||
assert "$(< ${TESTDIR}/first-oci)" = "$(< ${TESTDIR}/second-oci)" \
|
||||
"iidfile(first oci) == iidfile(second oci)"
|
||||
|
||||
assert "$(< ${TESTDIR}/first-docker)" != "$(< ${TESTDIR}/first-oci)" \
|
||||
"iidfile(first docker) != iidfile(first oci)"
|
||||
}
|
||||
|
||||
@test "bud cache add-copy-chown" {
|
||||
# Build each variation of COPY (from context, from previous stage) and ADD (from context, not overriding an archive, URL) twice.
|
||||
# Each second build should produce an image with the same ID as the first build, because the cache matches, but they should
|
||||
# otherwise all be different.
|
||||
run_buildah build --iidfile copy1 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.copy1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile prev1 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.prev1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile add1 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.add1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile tar1 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.tar1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile url1 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.url1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile copy2 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.copy2 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile prev2 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.prev2 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile add2 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.add2 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile tar2 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.tar2 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile url2 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.url2 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile copy3 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.copy1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile prev3 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.prev1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile add3 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.add1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile tar3 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.tar1 ${TESTSDIR}/bud/cache-chown
|
||||
run_buildah build --iidfile url3 --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f Dockerfile.url1 ${TESTSDIR}/bud/cache-chown
|
||||
local actions="copy prev add tar url";
|
||||
for i in 1 2 3; do
|
||||
for action in $actions; do
|
||||
# iidfiles are 1 2 3, but dockerfiles are only 1 2 then back to 1
|
||||
iidfile=${TESTDIR}/${action}${i}
|
||||
containerfile=Dockerfile.${action}$(((i-1) % 2 + 1))
|
||||
|
||||
# The third round of builds should match all of the first rounds by way of caching.
|
||||
cmp copy1 copy3
|
||||
cmp prev1 prev3
|
||||
cmp add1 add3
|
||||
cmp tar1 tar3
|
||||
cmp url1 url3
|
||||
run_buildah build --iidfile $iidfile --layers --quiet --signature-policy ${TESTSDIR}/policy.json -f $containerfile ${TESTSDIR}/bud/cache-chown
|
||||
done
|
||||
done
|
||||
|
||||
# The second round of builds should not match the first rounds, since the different ownership
|
||||
# makes the changes look different to the cache, except for cases where we extract an archive,
|
||||
# where --chown is ignored.
|
||||
run cmp copy1 copy2
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp prev1 prev2
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp add1 add2
|
||||
[[ "$status" -ne 0 ]]
|
||||
cmp tar1 tar2
|
||||
run cmp url1 url2
|
||||
[[ "$status" -ne 0 ]]
|
||||
for action in $actions; do
|
||||
# The third round of builds should match all of the first rounds by way
|
||||
# of caching.
|
||||
assert "$(< ${TESTDIR}/${action}1)" = "$(< ${TESTDIR}/${action}3)" \
|
||||
"iidfile(${action}1) = iidfile(${action}3)"
|
||||
|
||||
# The first rounds of builds should all be different from each other, as a sanity thing.
|
||||
run cmp copy1 prev1
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp copy1 add1
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp copy1 tar1
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp copy1 url1
|
||||
[[ "$status" -ne 0 ]]
|
||||
# The second round of builds should not match the first rounds, since
|
||||
# the different ownership makes the changes look different to the cache,
|
||||
# except for cases where we extract an archive, where --chown is ignored.
|
||||
local op="!="
|
||||
if [[ $action = "tar" ]]; then
|
||||
op="=";
|
||||
fi
|
||||
assert "$(< ${TESTDIR}/${action}1)" $op "$(< ${TESTDIR}/${action}2)" \
|
||||
"iidfile(${action}1) $op iidfile(${action}2)"
|
||||
|
||||
run cmp prev1 add1
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp prev1 tar1
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp prev1 url1
|
||||
[[ "$status" -ne 0 ]]
|
||||
|
||||
run cmp add1 tar1
|
||||
[[ "$status" -ne 0 ]]
|
||||
run cmp add1 url1
|
||||
[[ "$status" -ne 0 ]]
|
||||
|
||||
run cmp tar1 url1
|
||||
[[ "$status" -ne 0 ]]
|
||||
# The first rounds of builds should all be different from each other,
|
||||
# as a sanity thing.
|
||||
for other in $actions; do
|
||||
if [[ $other != $action ]]; then
|
||||
assert "$(< ${TESTDIR}/${action}1)" != "$(< ${TESTDIR}/${other}1)" \
|
||||
"iidfile(${action}1) != iidfile(${other}1)"
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
@test "bud-terminal" {
|
||||
|
|
|
|||
|
|
@ -361,8 +361,8 @@ load helpers
|
|||
|
||||
@test "from cidfile test" {
|
||||
_prefetch alpine
|
||||
run_buildah from --cidfile output.cid --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
||||
cid=$(cat output.cid)
|
||||
run_buildah from --cidfile ${TESTDIR}/output.cid --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
||||
cid=$(< ${TESTDIR}/output.cid)
|
||||
run_buildah containers -f id=${cid}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
|
|||
echo 'much content, wow.' > ${TESTDIR}/build/content.txt
|
||||
echo 'FROM scratch' > ${TESTDIR}/build/Dockerfile
|
||||
echo 'ADD content.txt /' >> ${TESTDIR}/build/Dockerfile
|
||||
run_buildah bud --layers --iidfile image-id.txt ${TESTDIR}/build
|
||||
run_buildah bud --layers --iidfile ${TESTDIR}/image-id.txt ${TESTDIR}/build
|
||||
# Make sure we can add the new image to the list.
|
||||
run_buildah manifest add test-list $(cat image-id.txt)
|
||||
run_buildah manifest add test-list $(< ${TESTDIR}/image-id.txt)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ function _gpg_setup() {
|
|||
GPGOPTS=
|
||||
fi
|
||||
|
||||
cat > genkey-answers <<- EOF
|
||||
cat > ${TESTDIR}/genkey-answers <<- EOF
|
||||
%echo Generating a basic OpenPGP key
|
||||
Key-Type: RSA
|
||||
Key-Length: 2048
|
||||
|
|
@ -28,7 +28,7 @@ function _gpg_setup() {
|
|||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
gpg --batch $GPGOPTS --gen-key --passphrase '' < genkey-answers
|
||||
gpg --batch $GPGOPTS --gen-key --passphrase '' < ${TESTDIR}/genkey-answers
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -79,13 +79,15 @@ function _gpg_setup() {
|
|||
@test "build-with-dockerfile-signatures" {
|
||||
_gpg_setup
|
||||
|
||||
cat > Dockerfile <<- EOF
|
||||
builddir=${TESTDIR}/builddir
|
||||
mkdir -p $builddir
|
||||
cat > ${builddir}/Dockerfile <<- EOF
|
||||
FROM scratch
|
||||
ADD Dockerfile /
|
||||
EOF
|
||||
|
||||
# We should be able to sign at build-time.
|
||||
run_buildah bud --signature-policy ${TESTSDIR}/policy.json --sign-by amanda@localhost -t signed-scratch-image .
|
||||
run_buildah bud --signature-policy ${TESTSDIR}/policy.json --sign-by amanda@localhost -t signed-scratch-image ${builddir}
|
||||
|
||||
mkdir -p ${TESTDIR}/signed-image
|
||||
# Pushing should preserve the signature.
|
||||
|
|
|
|||
Loading…
Reference in New Issue