-
-
Notifications
You must be signed in to change notification settings - Fork 583
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tests to check for expiring apt keys in images (#2958)
- Loading branch information
Showing
9 changed files
with
193 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/usr/bin/env bats | ||
|
||
# Run these tests from the repo root directory | ||
|
||
load functions.sh | ||
|
||
function setup { | ||
basic_setup | ||
|
||
echo "# Starting container using: docker run --rm -u "$MOUNTUID:$MOUNTGID" --rm -v $VOLUME:/var/lib/mysql --mount "type=bind,src=$PWD/test/testdata,target=/mnt/ddev_config" --name=$CONTAINER_NAME -p $HOSTPORT:3306 -d $IMAGE" | ||
docker run --rm -u "$MOUNTUID:$MOUNTGID" --rm -v $VOLUME:/var/lib/mysql --mount "type=bind,src=$PWD/test/testdata,target=/mnt/ddev_config" --name=$CONTAINER_NAME -p $HOSTPORT:3306 -d $IMAGE | ||
containercheck | ||
} | ||
|
||
@test "verify apt keys are not expiring" { | ||
MAX_DAYS_BEFORE_EXPIRATION=90 | ||
if [ "${DDEV_IGNORE_EXPIRING_KEYS:-}" = "true" ]; then | ||
skip "Skipping because DDEV_IGNORE_EXPIRING_KEYS is set" | ||
fi | ||
docker exec -e "max=$MAX_DAYS_BEFORE_EXPIRATION" ${CONTAINER_NAME} bash -c ' | ||
dates=$(apt-key list 2>/dev/null | awk "/\[expires/ { gsub(/[\[\]]/, \"\"); print \$6;}") | ||
for item in ${dates}; do | ||
today=$(date -I) | ||
let diff=($(date +%s -d ${item})-$(date +%s -d ${today}))/86400 | ||
if [ ${diff} -le ${max} ]; then | ||
exit 1 | ||
fi | ||
done | ||
' | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/bin/bash | ||
|
||
function basic_setup { | ||
export CONTAINER_NAME="testserver" | ||
export HOSTPORT=33000 | ||
export MYTMPDIR="${HOME}/tmp/testserver-sh_${RANDOM}_$$" | ||
export outdir="${HOME}/tmp/mariadb_testserver/output_${RANDOM}_$$" | ||
export VOLUME="dbserver_test-${RANDOM}_$$" | ||
|
||
export MOUNTUID=33 | ||
export MOUNTGID=33 | ||
|
||
docker rm -f ${CONTAINER_NAME} 2>/dev/null || true | ||
|
||
# Initialize the volume with the correct ownership | ||
docker run --rm -v "${VOLUME}:/var/lib/mysql:nocopy" busybox chown -R ${MOUNTUID}:${MOUNTGID} /var/lib/mysql | ||
} | ||
|
||
function teardown { | ||
docker rm -f ${CONTAINER_NAME} | ||
docker volume rm $VOLUME || true | ||
} | ||
|
||
# Wait for container to be ready. | ||
function containercheck { | ||
for i in {15..0}; do | ||
# fail if we can't find the container | ||
if ! docker inspect ${CONTAINER_NAME} >/dev/null; then | ||
break | ||
fi | ||
|
||
status="$(docker inspect ${CONTAINER_NAME} | jq -r '.[0].State.Status')" | ||
if [ "${status}" != "running" ]; then | ||
break | ||
fi | ||
health="$(docker inspect --format '{{json .State.Health }}' ${CONTAINER_NAME} | jq -r .Status)" | ||
case ${health} in | ||
healthy) | ||
return 0 | ||
;; | ||
*) | ||
sleep 1 | ||
;; | ||
esac | ||
done | ||
echo "# --- ddev-dbserver FAIL -----" | ||
return 1 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/usr/bin/env bats | ||
|
||
# Run these tests from the repo root directory | ||
|
||
load functions.sh | ||
|
||
function setup { | ||
basic_setup | ||
|
||
echo "# Starting ${IMAGE}" >&3 | ||
docker run --rm -u "$MOUNTUID:$MOUNTGID" --name=$CONTAINER_NAME -d ${IMAGE} | ||
containercheck | ||
} | ||
|
||
@test "verify apt keys are not expiring" { | ||
MAX_DAYS_BEFORE_EXPIRATION=90 | ||
if [ "${DDEV_IGNORE_EXPIRING_KEYS:-}" = "true" ]; then | ||
skip "Skipping because DDEV_IGNORE_EXPIRING_KEYS is set" | ||
fi | ||
docker exec -e "max=$MAX_DAYS_BEFORE_EXPIRATION" ${CONTAINER_NAME} bash -c ' | ||
dates=$(apt-key list 2>/dev/null | awk "/\[expires/ { gsub(/[\[\]]/, \"\"); print \$6;}") | ||
for item in ${dates}; do | ||
today=$(date -I) | ||
let diff=($(date +%s -d ${item})-$(date +%s -d ${today}))/86400 | ||
if [ ${diff} -le ${max} ]; then | ||
exit 1 | ||
fi | ||
done | ||
' | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/bash | ||
|
||
# Find the directory of this script | ||
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null && pwd)" | ||
|
||
set -o errexit | ||
set -o pipefail | ||
set -o nounset | ||
|
||
if [ $# != 1 ]; then | ||
echo "Usage: $0 <imagespec>" | ||
exit 1 | ||
fi | ||
export IMAGE=$1 | ||
|
||
export CURRENT_ARCH=$(../get_arch.sh) | ||
|
||
# /usr/local/bin is added for git-bash, where it may not be in the $PATH. | ||
export PATH="/usr/local/bin:$PATH" | ||
bats test || (echo "bats tests failed for IMAGE=${IMAGE}" && exit 2) | ||
printf "Test successful for IMAGE=${IMAGE}\n\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters