github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-18 05:28:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8a7a754236ca83b2999526ca321bc5ee540ef6ab
zot/test/blackbox/pushpull_running_dedupe.bats
T
Andrei Aaron 95ce68ccb0 refactor(test/blackbox): extract shared push/pull helpers (#4132) 
* refactor(test/blackbox): extract shared push/pull helpers

Move duplicated push/pull/regclient/oras/helm helper functions out of
fips140.bats, pushpull.bats and helpers_upgrade.bash into a single
helpers_pushpull.bash, then have all three suites load from there.

The helpers now share verify_prerequisites, get_zot_port, common assertion
helpers (catalog/tag presence, OCI index ref name) and the regclient
pagination listing. helpers_upgrade.bash keeps only the test_release_*
and test_new_* wrappers that compose those helpers.

Net effect: ~1000 lines of duplicated test scaffolding removed across
the four files; behavior of the existing test cases is preserved.

Refs: #3727
Signed-off-by: Akash Kumar <meakash7902@gmail.com>

* refactor(test/blackbox): share pushpull lifecycle and dedupe authn helpers

Build on the shared helpers_pushpull.bash to remove more duplicated
blackbox scaffolding:

- Add pushpull_setup_file/pushpull_teardown/pushpull_teardown_file keyed
  on PUSHPULL_FIPS_MODE so pushpull.bats and fips140.bats only set the
  flag and delegate lifecycle, instead of each carrying a near-identical
  setup_file/teardown.
- Add helpers_pushpull_authn.bash (loaded by pushpull_authn.bats and
  fips140_authn.bats) for shared htpasswd setup, FIPS vs non-FIPS config
  and teardown, and the regclient/OCI/ML test helpers; both authn suites
  collapse to one-line @test bodies keyed on PUSHPULL_AUTHN_FIPS_MODE.
- Make each authn helper self-sufficient by performing its own regctl
  login, removing the hidden dependency on the first test having logged
  in.
- Split the implicit manifest delete out of helper_pull_image_index_and_delete
  into a standalone helper_delete_manifest, surfaced as its own
  "delete image index" @test in the pushpull, fips140 and upgrade suites,
  so the delete is explicit and no longer an order-fragile side effect of
  a pull.

Refs: #3727
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): harden flaky oras pull and sync signature tests

Set org.opencontainers.image.title on oras artifact push and verify pull
both via oras pull and manifest/blob fetch. Add retry_until_success and
use it for periodic notation/cosign signature sync checks on slow CI.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): address Copilot review feedback in push/pull helpers

Use curl --fail for manifest deletes so HTTP errors fail the test. Remove
the duplicate regctl --format flag in helper_push_manifest_with_regclient.
Harden helper_authn_ml_artifacts with run and status checks, using a
binary-safe shell redirect for the ONNX artifact round-trip.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): isolate pushpull helper temp files and prerequisites

Write oras artifact and docker build files under BATS_TEST_TMPDIR
instead of the test working directory, and check git/docker in
verify_prerequisites for clearer failures when running bats directly.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test): use verify_prerequisites exit status in bats setup

Replace `$(verify_prerequisites)` with a direct call across blackbox
and scale-out suites.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): unify blackbox log path to zot/zot-log.json

Drop the FIPS vs non-FIPS split between zot-log.json and zot.log in
pushpull, authn, and upgrade helpers.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* refactor(test/blackbox): loop over tools in verify_prerequisites

Replace repeated command -v checks with a single loop over curl, jq,
git, and docker.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* refactor(test/blackbox): fix exit code for retry_until_success

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* refactor(test/blackbox): inline upgrade tests and drop helpers_upgrade

Call helper_* directly from upgrade.bats and upgrade_minimal.bats,
load helpers_pushpull in those suites, and move teardown there. Remove
helpers_upgrade.bash now that the release/new wrappers are gone.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* refactor(test/blackbox): require explicit args on pushpull helpers

Drop parameter defaults from shared push/pull helpers and pass image,
repository, and pagination values explicitly at each call site.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): clarify docker push/pull negative test naming

Rename helper_push_docker_image to helper_build_docker_image_push_and_pull
and update test titles to reflect build plus expected push/pull failures
without the docker compatibility extension.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): isolate regctl config per BATS suite

regctl persists login and TLS settings on disk, so push/pull blackbox
tests could leak state into ~/.regctl/config.json across suites. Point
REGCTL_CONFIG at BATS_FILE_TMPDIR for pushpull, authn, and upgrade
suites, configure TLS once in authn setup, and drop redundant logout
and per-login TLS setup.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* fix(test/blackbox): harden upgrade suite log dump on failure

Touch zot-log.json during upgrade setup and only cat it in teardown when
the file exists, so a missing log cannot mask the underlying test failure.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

---------

Signed-off-by: Akash Kumar <meakash7902@gmail.com>
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
Co-authored-by: Akash Kumar <meakash7902@gmail.com>
2026-06-15 10:56:11 +03:00

334 lines
11 KiB
Bash
Raw Blame History

# Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-dedupe-nightly"
# Makefile target installs & checks all necessary tooling
# Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites()
load helpers_zot
load ../port_helper
function verify_prerequisites {
if [ ! $(command -v curl) ]; then
echo "you need to install curl as a prerequisite to running the tests" >&3
return 1
fi
if [ ! $(command -v jq) ]; then
echo "you need to install jq as a prerequisite to running the tests" >&3
return 1
fi
return 0
}
function setup_file() {
# Verify prerequisites are available
if ! verify_prerequisites; then
exit 1
fi
# Download test data to folder common for the entire suite, not just this file
skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/test-images/alpine:3.17.3 oci:${TEST_DATA_DIR}/alpine:1
# Setup zot server
local zot_root_dir=${BATS_FILE_TMPDIR}/zot
local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
local oci_data_dir=${BATS_FILE_TMPDIR}/oci
mkdir -p ${zot_root_dir}
mkdir -p ${oci_data_dir}
zot_port=$(get_free_port_for_service "zot")
echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port
cat > ${zot_config_file}<<EOF
{
"distSpecVersion": "1.1.1",
"storage": {
"rootDirectory": "${zot_root_dir}",
"dedupe": false,
"gc": true,
"gcInterval": "30s"
},
"http": {
"address": "0.0.0.0",
"port": "${zot_port}"
},
"log": {
"level": "debug",
"output": "${BATS_FILE_TMPDIR}/zot.log"
}
}
EOF
git -C ${BATS_FILE_TMPDIR} clone https://github.com/project-zot/helm-charts.git
zot_serve ${ZOT_PATH} ${zot_config_file}
wait_zot_reachable ${zot_port}
}
function teardown() {
# conditionally printing on failure is possible from teardown but not from from teardown_file
cat ${BATS_FILE_TMPDIR}/zot.log
}
function teardown_file() {
zot_stop_all
}
function get_zot_port() {
cat ${BATS_FILE_TMPDIR}/zot.port
}
@test "push image - dedupe not running" {
zot_port=$(get_zot_port)
start=`date +%s`
run skopeo --insecure-policy copy --dest-tls-verify=false \
oci:${TEST_DATA_DIR}/alpine:1 \
docker://127.0.0.1:${zot_port}/alpine:1
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "push image exec time: $runtime sec" >&3
run curl http://127.0.0.1:${zot_port}/v2/_catalog
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.repositories[]') = '"alpine"' ]
run curl http://127.0.0.1:${zot_port}/v2/alpine/tags/list
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.tags[]') = '"1"' ]
}
@test "pull image - dedupe not running" {
zot_port=$(get_zot_port)
local oci_data_dir=${BATS_FILE_TMPDIR}/oci
start=`date +%s`
run skopeo --insecure-policy copy --src-tls-verify=false \
docker://127.0.0.1:${zot_port}/alpine:1 \
oci:${oci_data_dir}/alpine:1
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "pull image exec time: $runtime sec" >&3
run cat ${BATS_FILE_TMPDIR}/oci/alpine/index.json
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.manifests[].annotations."org.opencontainers.image.ref.name"') = '"1"' ]
}
@test "push 50 images with dedupe disabled" {
zot_port=$(get_zot_port)
for i in {1..50}
do
run skopeo --insecure-policy copy --dest-tls-verify=false \
oci:${TEST_DATA_DIR}/alpine:1 \
docker://127.0.0.1:${zot_port}/alpine${i}:1
[ "$status" -eq 0 ]
done
}
@test "restart zot with dedupe enabled" {
zot_port=$(get_zot_port)
local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
# stop server
zot_stop_all
# enable dedupe
sed -i 's/false/true/g' ${zot_config_file}
zot_serve ${ZOT_PATH} ${zot_config_file}
# sleep a bit before running wait_zot_reachable(curl)
sleep 5
wait_zot_reachable ${zot_port}
# deduping will now run in background (task scheduler) while we push images, shouldn't interfere
}
@test "push image - dedupe running" {
zot_port=$(get_zot_port)
start=`date +%s`
run skopeo --insecure-policy copy --dest-tls-verify=false \
oci:${TEST_DATA_DIR}/alpine:1 \
docker://127.0.0.1:${zot_port}/dedupe/alpine:1
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "push image exec time: $runtime sec" >&3
}
@test "pull image - dedupe running" {
zot_port=$(get_zot_port)
local oci_data_dir=${BATS_FILE_TMPDIR}/oci
mkdir -p ${oci_data_dir}/dedupe/
start=`date +%s`
run skopeo --insecure-policy copy --src-tls-verify=false \
docker://127.0.0.1:${zot_port}/dedupe/alpine:1 \
oci:${oci_data_dir}/dedupe/alpine:1
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "pull image exec time: $runtime sec" >&3
}
@test "pull deduped image - dedupe running" {
zot_port=$(get_zot_port)
local oci_data_dir=${BATS_FILE_TMPDIR}/oci
mkdir -p ${oci_data_dir}/dedupe/
start=`date +%s`
run skopeo --insecure-policy copy --src-tls-verify=false \
docker://127.0.0.1:${zot_port}/alpine2:1 \
oci:${oci_data_dir}/dedupe/alpine2:1
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "pull image exec time: $runtime sec" >&3
}
@test "push image index - dedupe running" {
zot_port=$(get_zot_port)
# --multi-arch below pushes an image index (containing many images) instead
# of an image manifest (single image)
start=`date +%s`
run skopeo --insecure-policy copy --format=oci --dest-tls-verify=false --multi-arch=all \
docker://public.ecr.aws/docker/library/busybox:latest \
docker://127.0.0.1:${zot_port}/busybox:latest
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "push image index exec time: $runtime sec" >&3
run curl http://127.0.0.1:${zot_port}/v2/busybox/tags/list
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.tags[]') = '"latest"' ]
}
@test "pull image index - dedupe running" {
zot_port=$(get_zot_port)
local oci_data_dir=${BATS_FILE_TMPDIR}/oci
start=`date +%s`
run skopeo --insecure-policy copy --src-tls-verify=false --multi-arch=all \
docker://127.0.0.1:${zot_port}/busybox:latest \
oci:${oci_data_dir}/busybox:latest
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "pull image index exec time: $runtime sec" >&3
run cat ${BATS_FILE_TMPDIR}/oci/busybox/index.json
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.manifests[].annotations."org.opencontainers.image.ref.name"') = '"latest"' ]
run skopeo --insecure-policy --override-arch=arm64 --override-os=linux copy --src-tls-verify=false --multi-arch=all \
docker://127.0.0.1:${zot_port}/busybox:latest \
oci:${oci_data_dir}/busybox:latest
[ "$status" -eq 0 ]
run cat ${BATS_FILE_TMPDIR}/oci/busybox/index.json
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.manifests[].annotations."org.opencontainers.image.ref.name"') = '"latest"' ]
run curl -X DELETE http://127.0.0.1:${zot_port}/v2/busybox/manifests/latest
[ "$status" -eq 0 ]
}
@test "push oras artifact - dedupe running" {
zot_port=$(get_zot_port)
echo "{\"name\":\"foo\",\"value\":\"bar\"}" > config.json
echo "hello world" > artifact.txt
start=`date +%s`
run oras push --plain-http 127.0.0.1:${zot_port}/hello-artifact:v2 \
--config config.json:application/vnd.acme.rocket.config.v1+json artifact.txt:text/plain -d -v
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "push oras artifact exec time: $runtime sec" >&3
rm -f artifact.txt
rm -f config.json
}
@test "pull oras artifact - dedupe running" {
zot_port=$(get_zot_port)
start=`date +%s`
run oras pull --plain-http 127.0.0.1:${zot_port}/hello-artifact:v2 -d -v
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "pull oras artifact exec time: $runtime sec" >&3
grep -q "hello world" artifact.txt
rm -f artifact.txt
}
@test "attach oras artifacts - dedupe running" {
zot_port=$(get_zot_port)
# attach signature
echo "{\"artifact\": \"\", \"signature\": \"pat hancock\"}" > ${BATS_FILE_TMPDIR}/signature.json
start=`date +%s`
run oras attach --disable-path-validation --plain-http 127.0.0.1:${zot_port}/alpine:1 --artifact-type 'signature/example' ${BATS_FILE_TMPDIR}/signature.json:application/json
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "attach signature exec time: $runtime sec" >&3
# attach sbom
echo "{\"version\": \"0.0.0.0\", \"artifact\": \"'127.0.0.1:${zot_port}/alpine:1'\", \"contents\": \"good\"}" > ${BATS_FILE_TMPDIR}/sbom.json
start=`date +%s`
run oras attach --disable-path-validation --plain-http 127.0.0.1:${zot_port}/alpine:1 --artifact-type 'sbom/example' ${BATS_FILE_TMPDIR}/sbom.json:application/json
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "attach sbom exec time: $runtime sec" >&3
}
@test "discover oras artifacts - dedupe running" {
zot_port=$(get_zot_port)
start=`date +%s`
run oras discover --plain-http --format json 127.0.0.1:${zot_port}/alpine:1
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "discover oras artifacts exec time: $runtime sec" >&3
[ $(echo "$output" | jq -r ".manifests | length") -eq 2 ]
}
@test "push helm chart - dedupe running" {
zot_port=$(get_zot_port)
run helm package ${BATS_FILE_TMPDIR}/helm-charts/charts/zot -d ${BATS_FILE_TMPDIR}
[ "$status" -eq 0 ]
local chart_version=$(awk '/version/{printf $2}' ${BATS_FILE_TMPDIR}/helm-charts/charts/zot/Chart.yaml)
start=`date +%s`
run helm push ${BATS_FILE_TMPDIR}/zot-${chart_version}.tgz oci://localhost:${zot_port}/zot-chart
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "helm push exec time: $runtime sec" >&3
}
@test "pull helm chart - dedupe running" {
zot_port=$(get_zot_port)
local chart_version=$(awk '/version/{printf $2}' ${BATS_FILE_TMPDIR}/helm-charts/charts/zot/Chart.yaml)
start=`date +%s`
run helm pull oci://localhost:${zot_port}/zot-chart/zot --version ${chart_version} -d ${BATS_FILE_TMPDIR}
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "helm pull exec time: $runtime sec" >&3
}
@test "push image with regclient - dedupe running" {
zot_port=$(get_zot_port)
run regctl registry set localhost:${zot_port} --tls disabled
[ "$status" -eq 0 ]
start=`date +%s`
run regctl image copy ocidir://${TEST_DATA_DIR}/alpine:1 localhost:${zot_port}/test-regclient
[ "$status" -eq 0 ]
end=`date +%s`
runtime=$((end-start))
echo "regclient push exec time: $runtime" >&3
}
Reference in New Issue View Git Blame Copy Permalink