diff --git a/.github/workflows/reusable-misc-tests-1.yml b/.github/workflows/reusable-misc-tests-1.yml index 014464c617..87bfcbea9e 100644 --- a/.github/workflows/reusable-misc-tests-1.yml +++ b/.github/workflows/reusable-misc-tests-1.yml @@ -67,9 +67,6 @@ jobs: done - name: Execute interactive debugger test run: ./scripts/tests/interactive-debugger/test-interactive.py --earthly ${{inputs.BUILT_EARTHLY_PATH}} --timeout 180 - - name: "cloud-stored docker credential test (Earthly only)" # TODO Move to seperate earthly-only workflow file - run: FRONTEND=${{inputs.BINARY}} earthly=${{inputs.BUILT_EARTHLY_PATH}} ./scripts/tests/cloud-docker-credentials-integration.sh - if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository - name: Execute version test run: "${{inputs.BUILT_EARTHLY_PATH}} --version" - name: Execute docker2earth test diff --git a/.github/workflows/reusable-misc-tests-2.yml b/.github/workflows/reusable-misc-tests-2.yml index 92dcece52e..f0892649f4 100644 --- a/.github/workflows/reusable-misc-tests-2.yml +++ b/.github/workflows/reusable-misc-tests-2.yml @@ -32,6 +32,9 @@ jobs: misc-tests-2: if: ${{!inputs.SKIP_JOB}} runs-on: ${{inputs.RUNS_ON}} + permissions: + contents: read + packages: read env: FORCE_COLOR: 1 EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" @@ -57,8 +60,6 @@ jobs: echo "EARTHLY_VERSION_FLAG_OVERRIDES=$EARTHLY_VERSION_FLAG_OVERRIDES" >> "$GITHUB_ENV" - name: Run linux-amd64 specific tests run: ${{inputs.SUDO}} ${{inputs.BUILT_EARTHLY_PATH}} --ci -P ./tests+ga-linux-amd64 - - name: Execute tests requiring .git directory - run: go test ./analytics --tags=hasgitdirectory - name: Execute earthly ${{inputs.BINARY}} command run: (cd tests/docker && ${{inputs.SUDO}} ../../${{inputs.BUILT_EARTHLY_PATH}} docker-build --tag examples-test-docker:latest . && diff <(docker run --rm examples-test-docker:latest) <(echo "hello dockerfile") ) - name: Execute private image test (Earthly Only) # TODO move to separate workflow diff --git a/scripts/tests/cloud-docker-credentials-integration.sh b/scripts/tests/cloud-docker-credentials-integration.sh deleted file mode 100755 index f09f23f45c..0000000000 --- a/scripts/tests/cloud-docker-credentials-integration.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash -set -eu - -earthly=${earthly:=earthly} -if [ "$earthly" != "earthly" ]; then - earthly=$(realpath "$earthly") -fi -echo "running tests with $earthly" -"$earthly" --version - -# prevent the self-update of earthly from running (this ensures no bogus data is printed to stdout, -# which would mess with the secrets data being fetched) -date +%s > /tmp/last-earthly-prerelease-check - -set +x # dont remove or the token will be leaked -test -n "$EARTHLY_TOKEN" || (echo "error: EARTHLY_TOKEN is not set" && exit 1) -set -x -EARTHLY_INSTALLATION_NAME="earthly-integration" -export EARTHLY_INSTALLATION_NAME -rm -rf "$HOME/.earthly.integration/" - -# ensure earthly login works (and print out who gets logged in) -"$earthly" account login - -# A username / password has been stored in the cloud to a docker hub user (that is not part of earthly) via: -# earthly secret --org earthly-technologies --project core-test-cloud-docker-credentials-test set std/registry/registry-1.docker.io/username verygoodusername -# earthly secret --org earthly-technologies --project core-test-cloud-docker-credentials-test set std/registry/registry-1.docker.io/password verygoodpassword # just kidding -# -# And our earthly-user that GHA uses has been configured to have access: -# earthly projects --org earthly-technologies --project core-test-cloud-docker-credentials-test members add other-service+earthly@earthly.dev read+secrets - -# check that secrets is working, and we are running with the correct user -test "$("$earthly" secret --org earthly-technologies --project core-test-cloud-docker-credentials-test get std/registry/registry-1.docker.io/username)" = "verygoodusername" - -echo ==== test that the private verygoodimage can be fetched using the credentials from secrets ==== -rm -rf /tmp/earthly-cloud-docker-credentials-test-1 - -mkdir /tmp/earthly-cloud-docker-credentials-test-1 -cd /tmp/earthly-cloud-docker-credentials-test-1 -cat >> Earthfile < docker-pull.log; then - cat docker-pull.log - echo "error: this test requires that docker does not have access to pull the verygoodimage" - exit 1 -fi -if ! grep 'requested access to the resource is denied' docker-pull.log >/dev/null; then - cat docker-pull.log - echo expected denied failed, but got somthing else - exit 1 -fi - -# then test that earthly can access the verygoodimage (by using the cloud-hosted registry credentials) -"$earthly" --no-cache +test1 - -echo "=== All tests have passed ===" diff --git a/tests/Earthfile b/tests/Earthfile index 9c662d64f8..a4fb1df968 100644 --- a/tests/Earthfile +++ b/tests/Earthfile @@ -802,7 +802,8 @@ ci-arg-test: --output_contains="CI environment" private-image-test: - FROM earthly/private-test:latest + # NOTE(jhorsts): I assume any private image is good - use dindtest. + FROM ghcr.io/earthbuild/dindtest:alpine-3.22-docker-28.3.0-r0 RUN --entrypoint echo hello world gen-dockerfile-test: diff --git a/tests/docker2earth/Dockerfile2 b/tests/docker2earth/Dockerfile2 index a410cfd68e..b1216e2794 100644 --- a/tests/docker2earth/Dockerfile2 +++ b/tests/docker2earth/Dockerfile2 @@ -1,6 +1,5 @@ FROM golang:1.16 WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html COPY app.go . RUN go mod init RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . diff --git a/tests/docker2earth/args-before-from.Dockerfile b/tests/docker2earth/args-before-from.Dockerfile index 5923a59558..5b5f76be3e 100644 --- a/tests/docker2earth/args-before-from.Dockerfile +++ b/tests/docker2earth/args-before-from.Dockerfile @@ -4,7 +4,6 @@ ARG GO_MINOR=16 ARG GO_VERSION="${GO_MAJOR}.${GO_MINOR}" FROM "${BASE}:${GO_VERSION}" WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html COPY app.go . RUN go mod init RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . diff --git a/tests/registry-certs/test.sh b/tests/registry-certs/test.sh index 15c6e7ce0b..1147bfd2e5 100755 --- a/tests/registry-certs/test.sh +++ b/tests/registry-certs/test.sh @@ -15,17 +15,18 @@ test -n "$frontend" || (>&2 echo "Error: frontend is empty" && exit 1) # Cleanup previous run. "$frontend" stop registry || true "$frontend" rm registry || true -"$frontend" rm network registry-certs || true +"$frontend" network disconnect registry-certs earthly-buildkitd || true +"$frontend" network rm registry-certs || true rm -rf "$testdir/certs" || true -# Create user defined network. -"$frontend" network create -d bridge registry-certs - -# Start registry to get its IP address. -"$frontend" run --rm -d --network registry-certs --name registry registry:2 -export REGISTRY_IP="$("$frontend" inspect -f {{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}} registry)" +# Define network settings. I've chosen a subnet that is unlikely to conflict +# with default Docker networks. +export REGISTRY_IP="172.29.0.2" export REGISTRY="$REGISTRY_IP" -"$frontend" stop registry +SUBNET="172.29.0.0/16" + +# Create user defined network. +"$frontend" network create --subnet="$SUBNET" -d bridge registry-certs # Generate certs. "$earthly" \ @@ -44,6 +45,10 @@ export REGISTRY="$REGISTRY_IP" -p "127.0.0.1:5443:443" \ --name registry registry:2 +# Ensure buildkitd can connect to the registry-certs network so that +# build containers can communicate with the registry. +"$frontend" network connect registry-certs earthly-buildkitd + # Test. set +e "$earthly" --allow-privileged \