-
Notifications
You must be signed in to change notification settings - Fork 105
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Consolidate logic in the platform package - Remove the platform/launch package as it is not needed to avoid having the launcher depend on the lifecycle Signed-off-by: Natalie Arellano <narellano@vmware.com> * Reinstate platform/launch package to keep the launcher binary smaller Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix constant Signed-off-by: Natalie Arellano <narellano@vmware.com> * Remove comment Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP Signed-off-by: Natalie Arellano <narellano@vmware.com> * Don't mount layers fixture in container This way changes from the first build (/layers/config/metadata.toml, /layers/sbom, etc.) are not propagated to the second build. Signed-off-by: Natalie Arellano <narellano@vmware.com> * Set environment variables from the extended build image in the build context Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix format string Signed-off-by: Natalie Arellano <narellano@vmware.com> * Restorer pulls builder manifest and config Signed-off-by: Natalie Arellano <narellano@vmware.com> * Copy extend-config.toml from extension output to /layers/generated Signed-off-by: Natalie Arellano <narellano@vmware.com> * Only import kaniko on linux Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: units pass Refactor buildpack build, detect, and generate to separate data model from service Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: fixed some TODOs Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: addressed some more TODOs, units pass Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: units pass Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: acceptance tests pass Signed-off-by: Natalie Arellano <narellano@vmware.com> * Address some minor TODOs Signed-off-by: Natalie Arellano <narellano@vmware.com> * When running extender acceptance, don't mount in /workspace directory This leads to incorrect permissions issues when running on linux Signed-off-by: Natalie Arellano <narellano@vmware.com> * Don't try to check for specific curl version This appears flaky Signed-off-by: Natalie Arellano <narellano@vmware.com> * fixes from testing. (#902) Signed-off-by: Ozzy Osborne <bardweller@gmail.com> Signed-off-by: Ozzy Osborne <bardweller@gmail.com> * Lint Signed-off-by: Natalie Arellano <narellano@vmware.com> * Add tests and TODO Signed-off-by: Natalie Arellano <narellano@vmware.com> * Change CNB_BUILDPACK_DIR -> CNB_EXTENSION_DIR Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fill in default generated dir Signed-off-by: Natalie Arellano <narellano@vmware.com> * Ensure kaniko doesn't try to pull 'oci:/kaniko/cache/base/sha256:XXX' from a remote registry Signed-off-by: Natalie Arellano <narellano@vmware.com> * Add test Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix panic Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix assertion Signed-off-by: Natalie Arellano <narellano@vmware.com> * Pass build_id as UUID to Dockerfile Signed-off-by: Natalie Arellano <narellano@vmware.com> * Add tests for selective package Signed-off-by: Natalie Arellano <narellano@vmware.com> * Remove kaniko fork - Fix acceptance by adding CacheRunLayers option and moving 'ARG build_id=0' statements Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix windows Signed-off-by: Natalie Arellano <narellano@vmware.com> * Dockerfile validation (#918) * Add Dockerfile Validation Signed-off-by: Ozzy Osborne <bardweller@gmail.com> * use mobi buildkit dockerfile parsing Signed-off-by: Ozzy Osborne <bardweller@gmail.com> Signed-off-by: Ozzy Osborne <bardweller@gmail.com> * Add units for Dockerfile validation Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix launcher Signed-off-by: Natalie Arellano <narellano@vmware.com> * Minor improvements - Test ReadGroup for extensions - Ensure stderr is captured for acceptance test that might expect it - Read group.toml into an accurate struct (that has extension and optional set for extensions) and set these fields to false before writing out to TOML or JSON Signed-off-by: Natalie Arellano <narellano@vmware.com> * Skip image extensions tests on Windows Signed-off-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Ozzy Osborne <bardweller@gmail.com> Co-authored-by: Javier Romero <rjavier@vmware.com> Co-authored-by: Ozzy Osborne <bardweller@gmail.com>
- Loading branch information
1 parent
0205531
commit 2f8a818
Showing
99 changed files
with
6,693 additions
and
3,256 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
//go:build acceptance | ||
// +build acceptance | ||
|
||
package acceptance | ||
|
||
import ( | ||
"fmt" | ||
"io/ioutil" | ||
"math/rand" | ||
"os" | ||
"os/exec" | ||
"path/filepath" | ||
"runtime" | ||
"testing" | ||
"time" | ||
|
||
"github.com/google/go-containerregistry/pkg/authn" | ||
"github.com/google/go-containerregistry/pkg/v1/empty" | ||
"github.com/google/go-containerregistry/pkg/v1/remote" | ||
"github.com/sclevine/spec" | ||
"github.com/sclevine/spec/report" | ||
|
||
"github.com/buildpacks/lifecycle/api" | ||
"github.com/buildpacks/lifecycle/auth" | ||
"github.com/buildpacks/lifecycle/internal/selective" | ||
h "github.com/buildpacks/lifecycle/testhelpers" | ||
) | ||
|
||
var ( | ||
extendImage string | ||
extendRegAuthConfig string | ||
extendRegNetwork string | ||
extenderPath string | ||
extendDaemonFixtures *daemonImageFixtures | ||
extendRegFixtures *regImageFixtures | ||
extendTest *PhaseTest | ||
) | ||
|
||
func TestExtender(t *testing.T) { | ||
h.SkipIf(t, runtime.GOOS == "windows", "Extender is not supported on Windows") | ||
|
||
rand.Seed(time.Now().UTC().UnixNano()) | ||
|
||
testImageDockerContext := filepath.Join("testdata", "extender") | ||
extendTest = NewPhaseTest(t, "extender", testImageDockerContext) | ||
extendTest.Start(t) | ||
defer extendTest.Stop(t) | ||
|
||
extendImage = extendTest.testImageRef | ||
extenderPath = extendTest.containerBinaryPath | ||
extendRegAuthConfig = extendTest.targetRegistry.authConfig | ||
extendRegNetwork = extendTest.targetRegistry.network | ||
extendDaemonFixtures = extendTest.targetDaemon.fixtures | ||
extendRegFixtures = extendTest.targetRegistry.fixtures | ||
|
||
for _, platformAPI := range api.Platform.Supported { | ||
spec.Run(t, "acceptance-extender/"+platformAPI.String(), testExtenderFunc(platformAPI.String()), spec.Parallel(), spec.Report(report.Terminal{})) | ||
} | ||
} | ||
|
||
func testExtenderFunc(platformAPI string) func(t *testing.T, when spec.G, it spec.S) { | ||
return func(t *testing.T, when spec.G, it spec.S) { | ||
it.Before(func() { | ||
h.SkipIf(t, api.MustParse(platformAPI).LessThan("0.10"), "") | ||
}) | ||
|
||
when("kaniko case", func() { | ||
var kanikoDir, buildImageDigest string | ||
|
||
it.Before(func() { | ||
var err error | ||
kanikoDir, err = ioutil.TempDir("", "lifecycle-acceptance") | ||
h.AssertNil(t, err) | ||
|
||
// push "builder" image to test registry | ||
h.Run(t, exec.Command("docker", "tag", extendImage, extendTest.RegRepoName(extendImage))) | ||
h.AssertNil(t, h.PushImage(h.DockerCli(t), extendTest.RegRepoName(extendImage), extendTest.targetRegistry.registry.EncodedLabeledAuth())) | ||
|
||
// warm kaniko cache - this mimics what the analyzer or restorer would have done | ||
os.Setenv("DOCKER_CONFIG", extendTest.targetRegistry.dockerConfigDir) | ||
ref, auth, err := auth.ReferenceForRepoName(authn.DefaultKeychain, extendTest.RegRepoName(extendImage)) | ||
h.AssertNil(t, err) | ||
remoteImage, err := remote.Image(ref, remote.WithAuth(auth)) | ||
h.AssertNil(t, err) | ||
buildImageHash, err := remoteImage.Digest() | ||
h.AssertNil(t, err) | ||
buildImageDigest = buildImageHash.String() | ||
baseCacheDir := filepath.Join(kanikoDir, "cache", "base") | ||
h.AssertNil(t, os.MkdirAll(baseCacheDir, 0755)) | ||
layoutPath, err := selective.Write(filepath.Join(baseCacheDir, buildImageDigest), empty.Index) | ||
h.AssertNil(t, err) | ||
h.AssertNil(t, layoutPath.AppendImage(remoteImage)) | ||
}) | ||
|
||
it.After(func() { | ||
_ = os.RemoveAll(kanikoDir) | ||
}) | ||
|
||
when("extending the build image", func() { | ||
it("succeeds", func() { | ||
extendArgs := []string{ | ||
ctrPath(extenderPath), | ||
"-generated", "/layers/generated", | ||
"-log-level", "debug", | ||
"-gid", "1000", | ||
"-uid", "1234", | ||
"oci:/kaniko/cache/base/" + buildImageDigest, | ||
} | ||
|
||
t.Log("first build extends the build image by running Dockerfile commands") | ||
firstOutput := h.DockerRunWithCombinedOutput(t, | ||
extendImage, | ||
h.WithFlags( | ||
"--env", "CNB_PLATFORM_API="+platformAPI, | ||
"--volume", fmt.Sprintf("%s:/kaniko", kanikoDir), | ||
), | ||
h.WithArgs(extendArgs...), | ||
) | ||
h.AssertStringDoesNotContain(t, firstOutput, "Did not find cache key, pulling remote image...") | ||
h.AssertStringContains(t, firstOutput, "ca-certificates") | ||
h.AssertStringContains(t, firstOutput, "Hello Extensions buildpack\ncurl") // output by buildpack, shows that curl was installed on the build image | ||
t.Log("sets environment variables from the extended build image in the build context") | ||
h.AssertStringContains(t, firstOutput, "CNB_STACK_ID for buildpack: stack-id-from-ext-tree") | ||
|
||
t.Log("cleans the kaniko directory") | ||
fis, err := ioutil.ReadDir(kanikoDir) | ||
h.AssertNil(t, err) | ||
h.AssertEq(t, len(fis), 1) // 1: /kaniko/cache | ||
|
||
t.Log("second build extends the build image by pulling from the cache directory") | ||
secondOutput := h.DockerRunWithCombinedOutput(t, | ||
extendImage, | ||
h.WithFlags( | ||
"--env", "CNB_PLATFORM_API="+platformAPI, | ||
"--volume", fmt.Sprintf("%s:/kaniko", kanikoDir), | ||
), | ||
h.WithArgs(extendArgs...), | ||
) | ||
h.AssertStringDoesNotContain(t, secondOutput, "Did not find cache key, pulling remote image...") | ||
h.AssertStringDoesNotContain(t, secondOutput, "ca-certificates") | ||
h.AssertStringContains(t, secondOutput, "Hello Extensions buildpack\ncurl") // output by buildpack, shows that curl is still installed in the unpacked cached layer | ||
}) | ||
}) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
FROM ubuntu:bionic | ||
|
||
COPY ./container/ / |
Oops, something went wrong.