syspkg/testing/docker/docker-compose.test.yml at 1e42e9754964a337aa495f810d7aa149ddb8cda3 · bluet/syspkg · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
version: '3.8'

# Multi-OS testing with Docker Compose
# Usage: docker-compose -f testing/docker/docker-compose.test.yml up

services:
  # Ubuntu - APT testing
  ubuntu-apt-test:
    build:
      context: ../..
      dockerfile: testing/docker/ubuntu.Dockerfile
    environment:
      - IN_CONTAINER=true
      - TEST_OS=ubuntu
      - TEST_OS_VERSION=22.04
      - TEST_PACKAGE_MANAGER=apt
      - TEST_TAGS=unit,integration,apt
    volumes:
      - ../..:/workspace
    working_dir: /workspace
    # NOTE: bash -ec ensures any failed required command (test, apt update)
    # exits immediately. The `|| true` on fixture-generation lines is the
    # explicit opt-out — those steps are allowed to fail without failing the
    # build. Previously this used `&&` chaining which silently masked test
    # failures because trailing `|| true` caught failures from earlier in the
    # chain.
    command: >
      bash -ec "
        echo 'Running Ubuntu APT tests...';
        go test -v -tags='unit integration apt' ./manager/apt ./osinfo;
        echo 'Generating APT fixtures...';
        apt update;
        apt search vim > testing/fixtures/apt/search-vim-ubuntu22.txt 2>/dev/null || true;
        apt show vim > testing/fixtures/apt/show-vim-ubuntu22.txt 2>/dev/null || true
      "

  # Rocky Linux 8 - YUM testing
  rockylinux-yum-test:
    build:
      context: ../..
      dockerfile: testing/docker/rockylinux.Dockerfile
    environment:
      - IN_CONTAINER=true
      - TEST_OS=rockylinux
      - TEST_OS_VERSION=8
      - TEST_PACKAGE_MANAGER=yum
      - TEST_TAGS=unit,integration,yum
    volumes:
      - ../..:/workspace
    working_dir: /workspace
    # See ubuntu-apt-test for rationale on bash -ec + ; separators.
    command: >
      bash -ec "
        echo 'Running Rocky Linux YUM tests...';
        go test -v -tags='unit integration yum' ./manager/yum ./osinfo;
        echo 'Generating YUM fixtures...';
        yum search vim > testing/fixtures/yum/search-vim-rocky8.txt 2>/dev/null || true;
        yum info vim-enhanced > testing/fixtures/yum/info-vim-rocky8.txt 2>/dev/null || true;
        yum list --installed > testing/fixtures/yum/list-installed-rocky8.txt 2>/dev/null || true
      "

  # AlmaLinux 8 - YUM testing
  almalinux-yum-test:
    build:
      context: ../..
      dockerfile: testing/docker/almalinux.Dockerfile
    environment:
      - IN_CONTAINER=true
      - TEST_OS=almalinux
      - TEST_OS_VERSION=8
      - TEST_PACKAGE_MANAGER=yum
      - TEST_TAGS=unit,integration,yum
    volumes:
      - ../..:/workspace
    working_dir: /workspace
    # See ubuntu-apt-test for rationale on bash -ec + ; separators.
    command: >
      bash -ec "
        echo 'Running AlmaLinux YUM tests...';
        go test -v -tags='unit integration yum' ./manager/yum ./osinfo;
        echo 'Generating YUM fixtures...';
        yum search vim > testing/fixtures/yum/search-vim-alma8.txt 2>/dev/null || true;
        yum info vim-enhanced > testing/fixtures/yum/info-vim-alma8.txt 2>/dev/null || true
      "

  # TODO: Enable when DNF support is implemented
  # fedora-dnf-test:
  #   build:
  #     context: ../..
  #     dockerfile: testing/docker/fedora.Dockerfile
  #   environment:
  #     - IN_CONTAINER=true
  #     - TEST_OS=fedora
  #     - TEST_OS_VERSION=39
  #     - TEST_PACKAGE_MANAGER=dnf
  #     - TEST_TAGS=unit,integration,dnf
  #   volumes:
  #     - ../..:/workspace
  #   working_dir: /workspace
  #   command: >
  #     bash -c "
  #       echo 'Running Fedora DNF tests...' &&
  #       go test -v -tags='unit integration dnf' ./manager/dnf ./osinfo 2>/dev/null || echo 'DNF manager not implemented yet' &&
  #       echo 'Generating DNF fixtures...' &&
  #       dnf search vim > testing/fixtures/dnf/search-vim-fedora39.txt 2>/dev/null || true &&
  #       dnf info vim > testing/fixtures/dnf/info-vim-fedora39.txt 2>/dev/null || true
  #     "

  # TODO: Enable when APK support is implemented
  # alpine-apk-test:
  #   build:
  #     context: ../..
  #     dockerfile: testing/docker/alpine.Dockerfile
  #   environment:
  #     - IN_CONTAINER=true
  #     - TEST_OS=alpine
  #     - TEST_OS_VERSION=3.18
  #     - TEST_PACKAGE_MANAGER=apk
  #     - TEST_TAGS=unit,integration,apk
  #   volumes:
  #     - ../..:/workspace
  #   working_dir: /workspace
  #   command: >
  #     sh -c "
  #       echo 'Running Alpine APK tests...' &&
  #       go test -v -tags='unit integration apk' ./manager/apk ./osinfo 2>/dev/null || echo 'APK manager not implemented yet' &&
  #       echo 'Generating APK fixtures...' &&
  #       apk update &&
  #       apk search vim > testing/fixtures/apk/search-vim-alpine.txt 2>/dev/null || true &&
  #       apk info vim > testing/fixtures/apk/info-vim-alpine.txt 2>/dev/null || true
  #     "

# Test runner that runs all tests in parallel
  test-all:
    image: ubuntu:24.04
    # Long-form depends_on with service_completed_successfully so test-all
    # waits for the actual tests to complete before running. With short-form,
    # test-all's `echo` could finish in milliseconds and abort the compose
    # run (--abort-on-container-exit) before the real tests had a chance to
    # report failure — exactly the same class of CI-honesty bug the bash -ec
    # change in this same release fixes one layer up.
    depends_on:
      ubuntu-apt-test:
        condition: service_completed_successfully
      rockylinux-yum-test:
        condition: service_completed_successfully
      almalinux-yum-test:
        condition: service_completed_successfully
      # fedora-dnf-test:    # TODO: Enable when DNF support is implemented
      #   condition: service_completed_successfully
      # alpine-apk-test:    # TODO: Enable when APK support is implemented
      #   condition: service_completed_successfully
    # Defense-in-depth: this aggregator service only runs an echo, so it can
    # safely use a read-only root, no-new-privileges, and a read-only bind
    # mount. Required services (ubuntu/rocky/alma) need write access for
    # fixture generation, so they don't get these constraints.
    read_only: true
    security_opt:
      # Quoted to avoid YAML parser ambiguity around `key:value` parsing
      # while preserving Docker's documented `no-new-privileges:true` form.
      - "no-new-privileges:true"
    volumes:
      - ../..:/workspace:ro
    working_dir: /workspace
    command: >
      bash -c "
        echo 'All OS-specific tests completed!'
      "