diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a03930f..0d0c237 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -18,17 +18,18 @@ jobs: - id: supported-arch-matrix name: Generate Arch run: | - echo "arch=[\"linux/amd64\",\"linux/arm64\"]" >> $GITHUB_OUTPUT - lint-dockerfile: - name: Lint Dockerfile - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Lint Dockerfile - uses: docker://hadolint/hadolint:latest-debian - with: - entrypoint: hadolint - args: ./Dockerfile + echo "arch=[\"linux/amd64\"]" >> $GITHUB_OUTPUT +# echo "arch=[\"linux/amd64\",\"linux/arm64\"]" >> $GITHUB_OUTPUT +# lint-dockerfile: +# name: Lint Dockerfile +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v4 +# - name: Lint Dockerfile +# uses: docker://hadolint/hadolint:latest-debian +# with: +# entrypoint: hadolint +# args: ./Dockerfile build-docker-image: name: Build ${{ matrix.platform }} image strategy: @@ -37,7 +38,7 @@ jobs: platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} needs: - supported-arch-matrix - - lint-dockerfile +# - lint-dockerfile runs-on: ubuntu-latest steps: - name: Prepare @@ -61,34 +62,35 @@ jobs: with: name: docker-image-${{ env.PLATFORM_PAIR }} path: ./docker-image - scan-vulnerability: - name: Scan for vulnerabilities (${{ matrix.platform }}) - strategy: - fail-fast: false - matrix: - platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} - needs: - - supported-arch-matrix - - build-docker-image - runs-on: ubuntu-latest - steps: - - name: Prepare - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - uses: actions/checkout@v4 - - uses: actions/download-artifact@v4 - with: - name: docker-image-${{ env.PLATFORM_PAIR }} - path: /tmp/docker-image - - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar - - run: rm -Rf /tmp/docker-image/ - - run: echo -e "${{ env.DOCKER_IMAGE }}:${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table % || true' +# scan-vulnerability: +# name: Scan for vulnerabilities (${{ matrix.platform }}) +# strategy: +# fail-fast: false +# matrix: +# platform: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} +# needs: +# - supported-arch-matrix +# - build-docker-image +# runs-on: ubuntu-latest +# steps: +# - name: Prepare +# run: | +# platform=${{ matrix.platform }} +# echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV +# - uses: actions/checkout@v4 +# - uses: actions/download-artifact@v4 +# with: +# name: docker-image-${{ env.PLATFORM_PAIR }} +# path: /tmp/docker-image +# - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar +# - run: rm -Rf /tmp/docker-image/ +# - run: echo -e "${{ env.DOCKER_IMAGE }}:${{ env.PLATFORM_PAIR }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table % || true' tests: name: Test ${{ matrix.platform }} needs: - supported-arch-matrix - - scan-vulnerability + - build-docker-image +# - scan-vulnerability strategy: fail-fast: false matrix: @@ -108,6 +110,7 @@ jobs: path: /tmp/docker-image - run: docker load --input /tmp/docker-image/docker_image-${{ env.PLATFORM_PAIR }}.tar - run: docker image ls -a + - run: ./tests.sh "${DOCKER_IMAGE}:${{ env.PLATFORM_PAIR }}" push-image: if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' name: Push diff --git a/test/test_bash.py b/test/test_bash.py new file mode 100644 index 0000000..f2d02ec --- /dev/null +++ b/test/test_bash.py @@ -0,0 +1,9 @@ +import pytest + +def test_bash_true_results_in_0(host): + output = host.run('bash -c "true"') + assert output.rc == 0 + +def test_bash_true_results_in_0(host): + output = host.run('bash -c "false"') + assert output.rc > 0 diff --git a/test/test_user.py b/test/test_user.py new file mode 100644 index 0000000..01e41f8 --- /dev/null +++ b/test/test_user.py @@ -0,0 +1,11 @@ +import pytest + +def test_user_app(host): + userName = 'app' + groupName = 'app' + homeDir = '/opt/app' + + usr = host.user(userName) + assert userName in usr.name + assert groupName in usr.group + assert homeDir in usr.home diff --git a/tests.sh b/tests.sh new file mode 100755 index 0000000..4745132 --- /dev/null +++ b/tests.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# +# A simple script to start a Docker container +# and run Testinfra in it +# Original script: https://gist.github.com/renatomefi/bbf44d4e8a2614b1390416c6189fbb8e +# Author: @renatomefi https://github.com/renatomefi +# + +set -eEuo pipefail + +# The first parameter is a Docker tag or image id +declare -r DOCKER_TAG="$1" + +printf "Starting a container for '%s'\\n" "$DOCKER_TAG" + +DOCKER_CONTAINER=$(docker run --rm -v "$(pwd)/test:/tests" -t -d "$DOCKER_TAG") +readonly DOCKER_CONTAINER + +# Let's register a trap function, if our tests fail, finish or the script gets +# interrupted, we'll still be able to remove the running container +function tearDown { + docker rm -f "$DOCKER_CONTAINER" &>/dev/null & +} +trap tearDown EXIT TERM ERR + +# Finally, run the tests! +echo "Running test suite: $TEST_SUITE" +docker run --rm -t \ + -v "$(pwd)/test:/tests" \ + -v "$(pwd)/tmp/test-results:/results" \ + -v /var/run/docker.sock:/var/run/docker.sock:ro \ + renatomefi/docker-testinfra:5 \ + --disable-pytest-warnings \ + --verbose --hosts="docker://$DOCKER_CONTAINER"