Modify Harbor testing to make more reliable (DataDog#21106)

* Add option to specify container to check logs from and to wait for health when running docker compose up

* Add changelog

* Fix tests and cover

* Modify Harbor testing to make more reliable

* Mark redis as healthy dependency for 2.0.5

Author: AAraKKe

harbor/tests/compose/harbor-1.10.0/config/nginx/nginx.conf

@@ -23,10 +23,11 @@ http {
     server core:8080;
   }
 
-  upstream portal {
-    server portal:8080;
-  }
-  
+  # The following upstream block is for the Harbor Portal (UI), which has been disabled for this integration's tests.
+  # upstream portal {
+  #   server portal:8080;
+  # }
+
   log_format timed_combined '$remote_addr - '
     '"$request" $status $body_bytes_sent '
     '"$http_referer" "$http_user_agent" '
@@ -43,41 +44,42 @@ http {
     # SSL
     ssl_certificate /etc/cert/server.crt;
     ssl_certificate_key /etc/cert/server.key;
-  
+
     # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
     ssl_protocols TLSv1.2;
     ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
-  
+
     # disable any limits to avoid HTTP 413 for large image uploads
     client_max_body_size 0;
-  
+
     # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
     chunked_transfer_encoding on;
 
     # Add extra headers
     add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
     add_header X-Frame-Options DENY;
     add_header Content-Security-Policy "frame-ancestors 'none'";
-  
+
     # costumized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf
     include /etc/nginx/conf.d/harbor.https.*.conf;
 
-    location / {
-      proxy_pass http://portal/;
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $scheme;
-
-      proxy_cookie_path / "/; HttpOnly; Secure";
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
+    # The following location block is for the Harbor Portal (UI), which has been disabled for this integration's tests.
+    # location / {
+    #   proxy_pass http://portal/;
+    #   proxy_set_header Host $host;
+    #   proxy_set_header X-Real-IP $remote_addr;
+    #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #
+    #   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
+    #   proxy_set_header X-Forwarded-Proto $scheme;
+    #
+    #   proxy_cookie_path / "/; Secure";
+    #
+    #   proxy_buffering off;
+    #   proxy_request_buffering off;
+    # }
 
     location /c/ {
       proxy_pass http://core/c/;
@@ -93,7 +95,7 @@ http {
       proxy_buffering off;
       proxy_request_buffering off;
     }
-  
+
     location /api/ {
       proxy_pass http://core/api/;
       proxy_set_header Host $host;
@@ -104,7 +106,7 @@ http {
       proxy_set_header X-Forwarded-Proto $scheme;
 
       proxy_cookie_path / "/; Secure";
-      
+
       proxy_buffering off;
       proxy_request_buffering off;
     }
@@ -119,7 +121,7 @@ http {
       proxy_set_header X-Forwarded-Proto $scheme;
 
       proxy_cookie_path / "/; Secure";
-      
+
       proxy_buffering off;
       proxy_request_buffering off;
     }
@@ -133,7 +135,7 @@ http {
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      
+
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_buffering off;
@@ -145,7 +147,7 @@ http {
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      
+
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
 
@@ -163,5 +165,5 @@ http {
       listen 8080;
       #server_name harbordomain.com;
       return 308 https://$host$request_uri;
-  } 
+  }
 }

harbor/tests/compose/harbor-1.10.0/docker-compose.yml

@@ -15,23 +15,24 @@ services:
     networks:
       - harbor-110
     dns_search: .
-  registryctl:
-    image: goharbor/harbor-registryctl:v1.10.11
-    container_name: registryctl
-    env_file:
-      - ./config/registryctl/env
-    restart: always
-    cap_drop:
-      - ALL
-    cap_add:
-      - CHOWN
-      - SETGID
-      - SETUID
-    volumes:
-      - ./config/registryctl/config.yml:/etc/registryctl/config.yml
-    networks:
-      - harbor-110
-    dns_search: .
+  # The following service is not essential for the integration tests and has been commented out to improve stability and startup time.
+  # registryctl:
+  #   image: goharbor/harbor-registryctl:v1.10.11
+  #   container_name: registryctl
+  #   env_file:
+  #     - ./config/registryctl/env
+  #   restart: always
+  #   cap_drop:
+  #     - ALL
+  #   cap_add:
+  #     - CHOWN
+  #     - SETGID
+  #     - SETUID
+  #   volumes:
+  #     - ./config/registryctl/config.yml:/etc/registryctl/config.yml
+  #   networks:
+  #     - harbor-110
+  #   dns_search: .
   postgresql:
     image: goharbor/harbor-db:v1.10.11
     container_name: harbor-db
@@ -48,6 +49,11 @@ services:
     dns_search: .
     env_file:
       - ./config/db/env
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
   core:
     image: goharbor/harbor-core:v1.10.11
     container_name: harbor-core
@@ -76,45 +82,51 @@ services:
           - harbor-core
     dns_search: .
     depends_on:
-      - registry
-      - redis
-      - postgresql
-  portal:
-    image: goharbor/harbor-portal:v1.10.11
-    container_name: harbor-portal
-    restart: always
-    cap_drop:
-      - ALL
-    cap_add:
-      - CHOWN
-      - SETGID
-      - SETUID
-      - NET_BIND_SERVICE
-    networks:
-      - harbor-110
-    dns_search: .
-
-  jobservice:
-    image: goharbor/harbor-jobservice:v1.10.11
-    container_name: harbor-jobservice
-    env_file:
-      - ./config/jobservice/env
-    restart: always
-    cap_drop:
-      - ALL
-    cap_add:
-      - CHOWN
-      - SETGID
-      - SETUID
-    volumes:
-      - type: bind
-        source: ./config/jobservice/config.yml
-        target: /etc/jobservice/config.yml
-    networks:
-      - harbor-110
-    dns_search: .
-    depends_on:
-      - core
+      registry:
+        condition: service_started
+      redis:
+        condition: service_healthy
+      postgresql:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://127.0.0.1:8080/api/systeminfo -o /dev/null"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  # The following services are not essential for the integration tests and have been commented out to improve stability and startup time.
+  # portal:
+  #   image: goharbor/harbor-portal:v1.10.11
+  #   container_name: harbor-portal
+  #   user: root
+  #   restart: always
+  #   networks:
+  #     - harbor-110
+  #   dns_search: .
+  #   depends_on:
+  #     core:
+  #       condition: service_healthy
+  # jobservice:
+  #   image: goharbor/harbor-jobservice:v1.10.11
+  #   container_name: harbor-jobservice
+  #   env_file:
+  #     - ./config/jobservice/env
+  #   restart: always
+  #   cap_drop:
+  #     - ALL
+  #   cap_add:
+  #     - CHOWN
+  #     - SETGID
+  #     - SETUID
+  #   volumes:
+  #     - type: bind
+  #       source: ./config/jobservice/config.yml
+  #       target: /etc/jobservice/config.yml
+  #   networks:
+  #     - harbor-110
+  #   dns_search: .
+  #   depends_on:
+  #     core:
+  #       condition: service_healthy
   redis:
     image: goharbor/redis-photon:v1.10.11
     container_name: redis
@@ -131,6 +143,11 @@ services:
         aliases:
           - redis
     dns_search: .
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
   proxy:
     image: goharbor/nginx-photon:v1.10.11
     container_name: nginx
@@ -152,27 +169,34 @@ services:
       - 80:8080
       - 443:8443
     depends_on:
-      - registry
-      - core
-      - portal
-  chartmuseum:
-    container_name: chartmuseum
-    image: goharbor/chartmuseum-photon:v1.10.11
-    restart: always
-    cap_drop:
-      - ALL
-    cap_add:
-      - CHOWN
-      - DAC_OVERRIDE
-      - SETGID
-      - SETUID
-    networks:
-      - harbor-chartmuseum-110
-    dns_search: .
-    volumes:
-      - ./config/chartserver:/etc/chartserver:z
-    env_file:
-      ./config/chartserver/env
+      registry:
+        condition: service_started
+      core:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://core:8080/api/systeminfo -o /dev/null"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  # The following service is not essential for the integration tests and has been commented out to improve stability and startup time.
+  # chartmuseum:
+  #   container_name: chartmuseum
+  #   image: goharbor/chartmuseum-photon:v1.10.11
+  #   restart: always
+  #   cap_drop:
+  #     - ALL
+  #   cap_add:
+  #     - CHOWN
+  #     - DAC_OVERRIDE
+  #     - SETGID
+  #     - SETUID
+  #   networks:
+  #     - harbor-chartmuseum-110
+  #   dns_search: .
+  #   volumes:
+  #     - ./config/chartserver:/etc/chartserver:z
+  #   env_file:
+  #     ./config/chartserver/env
 networks:
   harbor-110:
     external: false