circleci: add test-image

Author: antoinerg

.circleci/config.yml

@@ -29,6 +29,9 @@ workflows:
           requires:
             - test-node-v6
             - test-node-v8
+      - test-image:
+          requires:
+            - docker-build-and-push
 
 version: 2
 jobs:
@@ -91,6 +94,21 @@ jobs:
     docker:
       - image: circleci/node:8.11-stretch-browsers
 
+  test-image:
+    docker:
+      - image: quay.io/plotly/image-exporter:$CIRCLE_SHA1
+    steps:
+      - checkout
+      - run:
+          name: Run image test
+          command: |
+            set -e
+            cd test/image
+            ./render_mocks_cli build
+            ./compare_images baselines build
+      - store_artifacts:
+          path: test/image
+
   docker-build-and-push:
     docker:
       - image: circleci/node:8.11-stretch-browsers

.gitignore

@@ -10,3 +10,6 @@ coverage
 deployment/*.retry
 
 /yarn-error.log
+
+test/image/build
+test/image/diff

deployment/ImageMagickPolicy.xml

@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+<!ELEMENT policymap (policy)+>
+<!ELEMENT policy (#PCDATA)>
+<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
+<!ATTLIST policy name CDATA #IMPLIED>
+<!ATTLIST policy rights CDATA #IMPLIED>
+<!ATTLIST policy pattern CDATA #IMPLIED>
+<!ATTLIST policy value CDATA #IMPLIED>
+]>
+<!--
+  Configure ImageMagick policies.
+
+  Domains include system, delegate, coder, filter, path, or resource.
+
+  Rights include none, read, write, and execute.  Use | to combine them,
+  for example: "read | write" to permit read from, or write to, a path.
+
+  Use a glob expression as a pattern.
+
+  Suppose we do not want users to process MPEG video images:
+
+    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+  Here we do not want users reading images from HTTP:
+
+    <policy domain="coder" rights="none" pattern="HTTP" />
+
+  Lets prevent users from executing any image filters:
+
+    <policy domain="filter" rights="none" pattern="*" />
+
+  The /repository file system is restricted to read only.  We use a glob
+  expression to match all paths that start with /repository:
+
+    <policy domain="path" rights="read" pattern="/repository/*" />
+
+  Any large image is cached to disk rather than memory:
+
+    <policy domain="resource" name="area" value="1GB"/>
+
+  Define arguments for the memory, map, area, and disk resources with
+  SI prefixes (.e.g 100MB).  In addition, resource policies are maximums for
+  each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+  exceeds policy maximum so memory limit is 1GB).
+-->
+<policymap>
+  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+  <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
+  <!-- <policy domain="resource" name="map" value="4GiB"/> -->
+  <!-- <policy domain="resource" name="area" value="1GB"/> -->
+  <!-- <policy domain="resource" name="disk" value="16EB"/> -->
+  <!-- <policy domain="resource" name="file" value="768"/> -->
+  <!-- <policy domain="resource" name="thread" value="4"/> -->
+  <!-- <policy domain="resource" name="throttle" value="0"/> -->
+  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- <policy domain="cache" name="shared-secret" value="passphrase"/> -->
+
+  <policy domain="path" rights="none" pattern="@*" />
+  <!--
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+  <policy domain="coder" rights="none" pattern="TEXT" />
+  <policy domain="coder" rights="none" pattern="SHOW" />
+  <policy domain="coder" rights="none" pattern="WIN" />
+  <policy domain="coder" rights="none" pattern="PLT" />
+  -->
+
+  <!-- disable ghostscript format types -->
+  <!--
+  <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <policy domain="coder" rights="none" pattern="PDF" />
+  <policy domain="coder" rights="none" pattern="XPS" />
+  -->
+  <policy domain="coder" rights="read|write" pattern="*" />
+
+</policymap>

deployment/entrypoint.sh

@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
 if [[ $1 == "--help" || $1 == "--version" || $1 == "graph" ]]; then
-    xvfb-run --server-args "-screen 0 640x480x24" -a /var/www/image-exporter/bin/orca.js $@
+    xvfb-run --server-args "-screen 0 640x480x24" -a /var/www/image-exporter/bin/orca.js "$@"
 elif [[ $1 == "serve" ]]; then
     shift 1 # Remove argument "serve" since it is assumed in the following
-    /run_server $@
+    /run_server "$@"
 else # By default, run the server
-    /run_server $@
+    /run_server "$@"
 fi

deployment/run_server

@@ -14,7 +14,7 @@ BUILD_DIR=/var/www/image-exporter/build
 if [[ -n "${PLOTLY_JS_SRC}" ]]; then
   # Fetch plotly js bundle and save it locally:
   mkdir -p $BUILD_DIR
-  wget --retry-connrefused --no-check-certificate -O $BUILD_DIR/plotly-bundle.js $PLOTLY_JS_SRC
+  wget --retry-connrefused --no-check-certificate -O $BUILD_DIR/plotly-bundle.js "$PLOTLY_JS_SRC"
   PLOTLYJS_ARG="--plotlyJS $BUILD_DIR/plotly-bundle.js"
 fi