# Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci" # Makefile target installs & checks all necessary tooling # Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites() load helpers_zot load helpers_wait load ../port_helper function verify_prerequisites() { if [ ! $(command -v curl) ]; then echo "you need to install curl as a prerequisite to running the tests" >&3 return 1 fi if [ ! $(command -v jq) ]; then echo "you need to install jq as a prerequisite to running the tests" >&3 return 1 fi return 0 } function setup_file() { export COSIGN_PASSWORD="" export COSIGN_OCI_EXPERIMENTAL=1 export COSIGN_EXPERIMENTAL=1 # Verify prerequisites are available if ! $(verify_prerequisites); then exit 1 fi # Download test data to folder common for the entire suite, not just this file skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/golang:1.20 oci:${TEST_DATA_DIR}/golang:1.20 # Setup zot server local zot_sync_per_root_dir=${BATS_FILE_TMPDIR}/zot-per local zot_sync_ondemand_root_dir=${BATS_FILE_TMPDIR}/zot-ondemand local zot_sync_per_config_file=${BATS_FILE_TMPDIR}/zot_sync_per_config.json local zot_sync_ondemand_config_file=${BATS_FILE_TMPDIR}/zot_sync_ondemand_config.json local zot_minimal_root_dir=${BATS_FILE_TMPDIR}/zot-minimal local zot_minimal_config_file=${BATS_FILE_TMPDIR}/zot_minimal_config.json local oci_data_dir=${BATS_FILE_TMPDIR}/oci mkdir -p ${zot_sync_per_root_dir} mkdir -p ${zot_sync_ondemand_root_dir} mkdir -p ${zot_minimal_root_dir} mkdir -p ${oci_data_dir} zot_port1=$(get_free_port_for_service "zot1") echo ${zot_port1} > ${BATS_FILE_TMPDIR}/zot.port1 zot_port2=$(get_free_port_for_service "zot2") echo ${zot_port2} > ${BATS_FILE_TMPDIR}/zot.port2 zot_port3=$(get_free_port_for_service "zot3") echo ${zot_port3} > ${BATS_FILE_TMPDIR}/zot.port3 cat >${zot_sync_per_config_file} <${zot_sync_ondemand_config_file} <${zot_minimal_config_file} <"${trust_policy_file}" { "version": "1.0", "trustPolicies": [ { "name": "notation-sign-sync-test", "registryScopes": [ "*" ], "signatureVerification": { "level" : "strict" }, "trustStores": [ "ca:notation-sign-sync-test" ], "trustedIdentities": [ "*" ] } ] } EOF run notation policy import --force "${trust_policy_file}" [ "$status" -eq 0 ] run notation sign --debug --verbose --key "notation-sign-sync-test" --insecure-registry localhost:${zot_port3}/golang:1.20 [ "$status" -eq 0 ] run notation verify --debug --verbose --insecure-registry localhost:${zot_port3}/golang:1.20 [ "$status" -eq 0 ] run notation list --insecure-registry localhost:${zot_port3}/golang:1.20 [ "$status" -eq 0 ] } @test "sync signatures periodically" { zot_port1=`cat ${BATS_FILE_TMPDIR}/zot.port1` # wait for signatures to be copied run sleep 15s run notation verify --insecure-registry localhost:${zot_port1}/golang:1.20 [ "$status" -eq 0 ] run cosign verify --key ${BATS_FILE_TMPDIR}/cosign-sign-sync-test.pub localhost:${zot_port1}/golang:1.20 [ "$status" -eq 0 ] } @test "sync signatures ondemand" { zot_port2=`cat ${BATS_FILE_TMPDIR}/zot.port2` run notation verify --insecure-registry localhost:${zot_port2}/golang:1.20 [ "$status" -eq 0 ] run cosign verify --key ${BATS_FILE_TMPDIR}/cosign-sign-sync-test.pub localhost:${zot_port2}/golang:1.20 [ "$status" -eq 0 ] } # sync oras artifacts @test "push oras artifact periodically" { zot_port3=`cat ${BATS_FILE_TMPDIR}/zot.port3` echo "{\"name\":\"foo\",\"value\":\"bar\"}" > config.json echo "hello world" > artifact.txt run oras push --plain-http 127.0.0.1:${zot_port3}/hello-artifact:v2 \ --config config.json:application/vnd.acme.rocket.config.v1+json artifact.txt:text/plain -d -v [ "$status" -eq 0 ] rm -f artifact.txt rm -f config.json } @test "sync oras artifact periodically" { zot_port1=`cat ${BATS_FILE_TMPDIR}/zot.port1` # wait for oras artifact to be copied run sleep 15s run oras pull --plain-http 127.0.0.1:${zot_port1}/hello-artifact:v2 -d -v [ "$status" -eq 0 ] grep -q "hello world" artifact.txt rm -f artifact.txt } @test "sync oras artifact on demand" { zot_port2=`cat ${BATS_FILE_TMPDIR}/zot.port2` run oras pull --plain-http 127.0.0.1:${zot_port2}/hello-artifact:v2 -d -v [ "$status" -eq 0 ] grep -q "hello world" artifact.txt rm -f artifact.txt } # sync helm chart @test "push helm chart" { zot_port3=`cat ${BATS_FILE_TMPDIR}/zot.port3` run helm package ${BATS_FILE_TMPDIR}/helm-charts/charts/zot -d ${BATS_FILE_TMPDIR} [ "$status" -eq 0 ] local chart_version=$(awk '/version/{printf $2}' ${BATS_FILE_TMPDIR}/helm-charts/charts/zot/Chart.yaml) run helm push ${BATS_FILE_TMPDIR}/zot-${chart_version}.tgz oci://localhost:${zot_port3}/zot-chart [ "$status" -eq 0 ] } @test "sync helm chart periodically" { zot_port1=`cat ${BATS_FILE_TMPDIR}/zot.port1` # wait for helm chart to be copied run sleep 15s local chart_version=$(awk '/version/{printf $2}' ${BATS_FILE_TMPDIR}/helm-charts/charts/zot/Chart.yaml) run helm pull oci://localhost:${zot_port1}/zot-chart/zot --version ${chart_version} -d ${BATS_FILE_TMPDIR} [ "$status" -eq 0 ] } @test "sync helm chart on demand" { zot_port2=`cat ${BATS_FILE_TMPDIR}/zot.port2` local chart_version=$(awk '/version/{printf $2}' ${BATS_FILE_TMPDIR}/helm-charts/charts/zot/Chart.yaml) run helm pull oci://localhost:${zot_port2}/zot-chart/zot --version ${chart_version} -d ${BATS_FILE_TMPDIR} [ "$status" -eq 0 ] } # sync OCI artifacts @test "push OCI artifact (oci image mediatype) with regclient" { zot_port1=`cat ${BATS_FILE_TMPDIR}/zot.port1` zot_port2=`cat ${BATS_FILE_TMPDIR}/zot.port2` zot_port3=`cat ${BATS_FILE_TMPDIR}/zot.port3` run regctl registry set localhost:${zot_port3} --tls disabled run regctl registry set localhost:${zot_port1} --tls disabled run regctl registry set localhost:${zot_port2} --tls disabled run regctl artifact put localhost:${zot_port3}/artifact:demo <