Add container testing

.github/workflows/main.yml

@@ -9,26 +9,27 @@ jobs:
   supported-arch-matrix:
     name: Supported processor architectures
     runs-on: ubuntu-latest
-    needs:
-      - lint-dockerfile
+#    needs:
+#      - lint-dockerfile
     outputs:
       arch: ${{ steps.supported-arch-matrix.outputs.arch }}
     steps:
       - uses: actions/checkout@v4
       - id: supported-arch-matrix
         name: Generate Arch
         run: |
-          echo "arch=[\"linux/amd64\",\"linux/arm64\"]" >> $GITHUB_OUTPUT
-  lint-dockerfile:
-    name: Lint Dockerfile
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Lint Dockerfile
-        uses: docker://hadolint/hadolint:latest-debian
-        with:
-          entrypoint: hadolint
-          args: ./Dockerfile
+          echo "arch=[\"linux/amd64\"]" >> $GITHUB_OUTPUT
+#          echo "arch=[\"linux/amd64\",\"linux/arm64\"]" >> $GITHUB_OUTPUT
+#  lint-dockerfile:
+#    name: Lint Dockerfile
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v4
+#      - name: Lint Dockerfile
+#        uses: docker://hadolint/hadolint:latest-debian
+#        with:
+#          entrypoint: hadolint
+#          args: ./Dockerfile
   build-docker-image:
     name: Build ${{ matrix.platform }} image
     strategy:
@@ -37,7 +38,7 @@ jobs:
         platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }}
     needs:
       - supported-arch-matrix
-      - lint-dockerfile
+#      - lint-dockerfile
     runs-on: ubuntu-latest
     steps:
       - name: Prepare
@@ -61,34 +62,35 @@ jobs:
         with:
           name: docker-image-${{ env.PLATFORM_PAIR }}
           path: ./docker-image
-  scan-vulnerability:
-    name: Scan for vulnerabilities (${{ matrix.platform }})
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }}
-    needs:
-      - supported-arch-matrix
-      - build-docker-image
-    runs-on: ubuntu-latest
-    steps:
-      - name: Prepare
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: docker-image-${{ env.PLATFORM_PAIR }}
-          path: /tmp/docker-image
-      - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
-      - run: rm -Rf /tmp/docker-image/
-      - run: echo -e "${{ env.DOCKER_IMAGE }}:${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table % || true'
+#  scan-vulnerability:
+#    name: Scan for vulnerabilities (${{ matrix.platform }})
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }}
+#    needs:
+#      - supported-arch-matrix
+#      - build-docker-image
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Prepare
+#        run: |
+#          platform=${{ matrix.platform }}
+#          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+#      - uses: actions/checkout@v4
+#      - uses: actions/download-artifact@v4
+#        with:
+#          name: docker-image-${{ env.PLATFORM_PAIR }}
+#          path: /tmp/docker-image
+#      - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
+#      - run: rm -Rf /tmp/docker-image/
+#      - run: echo -e "${{ env.DOCKER_IMAGE }}:${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table % || true'
   tests:
     name: Test ${{ matrix.platform }}
     needs:
       - supported-arch-matrix
-      - scan-vulnerability
+      - build-docker-image
+#      - scan-vulnerability
     strategy:
       fail-fast: false
       matrix:
@@ -108,6 +110,7 @@ jobs:
           path: /tmp/docker-image
       - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar
       - run: docker image ls -a
+      - run: ./tests.sh "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}"
   push-image:
     if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
     name: Push

test/test_bash.py

@@ -0,0 +1,9 @@
+import pytest
+
+def test_bash_true_results_in_0(host):
+    output = host.run('bash -c "true"')
+    assert output.rc == 0
+
+def test_bash_true_results_in_0(host):
+    output = host.run('bash -c "false"')
+    assert output.rc > 0

test/test_user.py

@@ -0,0 +1,11 @@
+import pytest
+
+def test_user_app(host):
+    userName = 'app'
+    groupName = 'app'
+    homeDir = '/opt/app'
+
+    usr = host.user(userName)
+    assert userName in usr.name
+    assert groupName in usr.group
+    assert homeDir in usr.home

tests.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# A simple script to start a Docker container
+# and run Testinfra in it
+# Original script: https://gist.github.com/renatomefi/bbf44d4e8a2614b1390416c6189fbb8e
+# Author: @renatomefi https://github.com/renatomefi
+#
+
+set -eEuo pipefail
+
+# The first parameter is a Docker tag or image id
+declare -r DOCKER_TAG="$1"
+
+printf "Starting a container for '%s'\\n" "$DOCKER_TAG"
+
+DOCKER_CONTAINER=$(docker run --rm -v "$(pwd)/test:/tests" -t -d "$DOCKER_TAG")
+readonly DOCKER_CONTAINER
+
+# Let's register a trap function, if our tests fail, finish or the script gets
+# interrupted, we'll still be able to remove the running container
+function tearDown {
+    docker rm -f "$DOCKER_CONTAINER" &>/dev/null &
+}
+trap tearDown EXIT TERM ERR
+
+# Finally, run the tests!
+echo "Running test suite: $TEST_SUITE"
+docker run --rm -t \
+    -v "$(pwd)/test:/tests" \
+    -v "$(pwd)/tmp/test-results:/results" \
+    -v /var/run/docker.sock:/var/run/docker.sock:ro \
+    renatomefi/docker-testinfra:5 \
+    --disable-pytest-warnings \
+    --verbose --hosts="docker://$DOCKER_CONTAINER"