diff --git a/Makefile b/Makefile index c1bfe463..864997a1 100644 --- a/Makefile +++ b/Makefile @@ -53,10 +53,9 @@ ifeq ($(GOOS), linux) endif endif -# If $TESTFLAGS is set, it is passed as extra arguments to 'go test'. +# If $TESTFLAGS is set, it is passed as extra arguments to 'go test' on integration tests. # You can select certain tests to run, with `-run ` for example: # -# make test-unit TESTFLAGS='-run ^TestManifestDigest$' # make test-integration TESTFLAGS='-run copySuite.TestCopy.*' export TESTFLAGS ?= -timeout=15m @@ -205,7 +204,7 @@ test-integration: # Intended for CI, assumed to be running in quay.io/libpod/skopeo_cidev container. test-integration-local: bin/skopeo hack/warn-destructive-tests.sh - hack/test-integration.sh + hack/test-integration.sh $(SKOPEO_LDFLAGS) $(TESTFLAGS) # complicated set of options needed to run podman-in-podman test-system: @@ -222,7 +221,7 @@ test-system: # Intended for CI, assumed to already be running in quay.io/libpod/skopeo_cidev container. test-system-local: bin/skopeo hack/warn-destructive-tests.sh - hack/test-system.sh + hack/test-system.sh SKOPEO_LDFLAGS="$(SKOPEO_LDFLAGS)" BUILDTAGS="$(BUILDTAGS)" test-unit: # Just call (make test unit-local) here instead of worrying about environment differences diff --git a/hack/test-integration.sh b/hack/test-integration.sh index 63dc2485..c050b8ad 100755 --- a/hack/test-integration.sh +++ b/hack/test-integration.sh @@ -3,6 +3,6 @@ set -e make PREFIX=/usr install -echo "cd ./integration;" go test $TESTFLAGS ${BUILDTAGS:+-tags "$BUILDTAGS"} +echo "cd ./integration;" go test "$@" ${BUILDTAGS:+-tags "$BUILDTAGS"} cd ./integration -go test $TESTFLAGS ${BUILDTAGS:+-tags "$BUILDTAGS"} \ No newline at end of file +go test "$@" ${BUILDTAGS:+-tags "$BUILDTAGS"} diff --git a/hack/test-system.sh b/hack/test-system.sh index 5474cfca..0f170b40 100755 --- a/hack/test-system.sh +++ b/hack/test-system.sh @@ -38,7 +38,7 @@ EOF fi # Build skopeo, install into /usr/bin -make PREFIX=/usr install +make PREFIX=/usr install "$@" # Run tests SKOPEO_BINARY=/usr/bin/skopeo bats --tap systemtest diff --git a/integration/copy_test.go b/integration/copy_test.go index 56f30c5f..4eb5eb8d 100644 --- a/integration/copy_test.go +++ b/integration/copy_test.go @@ -8,6 +8,7 @@ import ( "fmt" "io/fs" "log" + "maps" "net/http" "net/http/httptest" "os" @@ -101,6 +102,16 @@ func (s *copySuite) TearDownSuite() { } } +// policyFixture applies the general edits, as well as extraSubstitutions, to the policy.json fixture, +// and returns a path to a policy, which will be automatically removed when the test completes. +func (s *copySuite) policyFixture(extraSubstitutions map[string]string) string { + t := s.T() + edits := map[string]string{"@keydir@": s.gpgHome} + maps.Copy(edits, extraSubstitutions) + policyPath := fileFromFixture(t, "fixtures/policy.json", edits) + return policyPath +} + func (s *copySuite) TestCopyWithManifestList() { t := s.T() dir := t.TempDir() @@ -744,8 +755,7 @@ func (s *copySuite) TestCopySignatures() { dir := t.TempDir() dirDest := "dir:" + dir - policy := fileFromFixture(t, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome}) - defer os.Remove(policy) + policy := s.policyFixture(nil) // type: reject assertSkopeoFails(t, fmt.Sprintf(".*Source image rejected: Running image %s:latest is rejected by policy.*", testFQIN), @@ -808,8 +818,7 @@ func (s *copySuite) TestCopyDirSignatures() { // Note the "/@dirpath@": The value starts with a slash so that it is not rejected in other tests which do not replace it, // but we must ensure that the result is a canonical path, not something starting with a "//". - policy := fileFromFixture(t, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome, "/@dirpath@": topDir + "/restricted"}) - defer os.Remove(policy) + policy := s.policyFixture(map[string]string{"/@dirpath@": topDir + "/restricted"}) // Get some images. assertSkopeoSucceeds(t, "", "copy", "--retry-times", "3", testFQIN+":armfh", topDirDest+"/dir1") @@ -916,8 +925,7 @@ func (s *copySuite) TestCopyDockerLookaside() { })) defer splitLookasideReadServer.Close() - policy := fileFromFixture(t, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome}) - defer os.Remove(policy) + policy := s.policyFixture(nil) registriesDir := filepath.Join(tmpDir, "registries.d") err = os.Mkdir(registriesDir, 0755) require.NoError(t, err) @@ -977,8 +985,7 @@ func (s *copySuite) TestCopyAtomicExtension() { } registriesDir := filepath.Join(topDir, "registries.d") dirDest := "dir:" + topDir - policy := fileFromFixture(t, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome}) - defer os.Remove(policy) + policy := s.policyFixture(nil) // Get an image to work with to an atomic: destination. Also verifies that we can use Docker repositories without X-Registry-Supports-Signatures assertSkopeoSucceeds(t, "", "--tls-verify=false", "--registries.d", registriesDir, "copy", "--retry-times", "3", @@ -1035,8 +1042,7 @@ func (s *copySuite) TestCopyVerifyingMirroredSignatures() { registriesDir := filepath.Join(topDir, "registries.d") // An empty directory to disable lookaside use dirDest := "dir:" + filepath.Join(topDir, "unused-dest") - policy := fileFromFixture(t, "fixtures/policy.json", map[string]string{"@keydir@": s.gpgHome}) - defer os.Remove(policy) + policy := s.policyFixture(nil) // We use X-R-S-S for this testing to avoid having to deal with the lookasides. // A downside is that OpenShift records signatures per image, so the error messages below diff --git a/integration/utils_test.go b/integration/utils_test.go index 1d8dfc55..d30ba3ac 100644 --- a/integration/utils_test.go +++ b/integration/utils_test.go @@ -174,8 +174,8 @@ func modifyEnviron(env []string, name, value string) []string { return append(res, prefix+value) } -// fileFromFixture applies edits to inputPath and returns a path to the temporary file. -// Callers should defer os.Remove(the_returned_path) +// fileFromFixture applies edits to inputPath and returns a path to the temporary file with the edits, +// which will be automatically removed when the test completes. func fileFromFixture(t *testing.T, inputPath string, edits map[string]string) string { contents, err := os.ReadFile(inputPath) require.NoError(t, err) @@ -188,6 +188,7 @@ func fileFromFixture(t *testing.T, inputPath string, edits map[string]string) st file, err := os.CreateTemp("", "policy.json") require.NoError(t, err) path := file.Name() + t.Cleanup(func() { os.Remove(path) }) _, err = file.Write(contents) require.NoError(t, err)