Update e2e engine image (#18747)

1. Update containerd version to 1.7.1
2. Update docker compose version to 2.18.1
3. Update helm version to 3.12.0
4. Update ORAS version to 1.0.0
5. Update CNAB version to 0.4.0
6. Update imgpkg version to 0.36.2
7. Update cosign version to 2.0.2
8. Update docker version to 24.0.2
9. Update chromedriver version to 114.0.5735.16

Signed-off-by: Yang Jiao <jiaoya@vmware.com>

tests/apitests/python/library/cosign.py

@@ -6,5 +6,5 @@ def generate_key_pair():
     base.run_command(command)
 
 def sign_artifact(artifact):
-    command = ["cosign", "sign", "--allow-insecure-registry", "--key", "cosign.key", artifact]
+    command = ["cosign", "sign", "-y", "--allow-insecure-registry", "--key", "cosign.key", artifact]
     base.run_command(command)

tests/apitests/python/library/helm.py

@@ -1,17 +1,16 @@
 # -*- coding: utf-8 -*-
 
-import os
 import base
 
 
-def helm3_7_registry_login(ip, user, password):
-    command = ["helm3.7", "registry", "login", ip, "-u", user, "-p", password]
+def helm_registry_login(ip, user, password):
+    command = ["helm", "registry", "login", ip, "-u", user, "-p", password, "--insecure"]
     base.run_command(command)
 
-def helm3_7_package(file_path):
-    command = ["helm3.7", "package", file_path]
+def helm_package(file_path):
+    command = ["helm", "package", file_path]
     base.run_command(command)
 
-def helm3_7_push(file_path, ip, project_name):
-    command = ["helm3.7", "push", file_path, "oci://{}/{}".format(ip, project_name)]
+def helm_push(file_path, ip, project_name):
+    command = ["helm", "push", file_path, "oci://{}/{}".format(ip, project_name), "--insecure-skip-tls-verify"]
     base.run_command(command)

tests/apitests/python/test_push_chart_by_helm3.7_chart_cli.py → tests/apitests/python/test_push_chart_by_helm_chart_cli.py

@@ -47,11 +47,11 @@ def tearDown(self):
     def testPushChartByHelmChartCLI(self):
         """
         Test case:
-            Push Chart File By Helm3.7 CLI
+            Push Chart File By Helm CLI
         Test step and expected result:
             1. Create a new user(UA);
             2. Create a new project(PA) by user(UA);
-            3. Push an chart(CA) to Harbor by helm3.7 CLI successfully;
+            3. Push an chart(CA) to Harbor by helm CLI successfully;
             4. List artifacts successfully;
             5. Get chart(CA) by reference successfully;
             6. Get addition successfully;
@@ -70,15 +70,15 @@ def testPushChartByHelmChartCLI(self):
         TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(
             metadata={"public": "false"}, **TestProjects.USER_CLIENT)
 
-        # 3 Push an chart(CA) to Harbor by helm3.7 CLI successfully;
+        # 3 Push an chart(CA) to Harbor by hel CLI successfully;
         command = ["tar", "zxf", self.chart_file_path]
         base.run_command(command)
-        # 3.1 helm3_7_registry_login;
-        helm.helm3_7_registry_login(ip=harbor_server, user=user_name, password=self.user_push_chart_password)
-        # 3.2 helm3_7_package;
-        helm.helm3_7_package(file_path=self.chart_file_name)
-        # 3.2 helm3_7_push;
-        helm.helm3_7_push(file_path=self.chart_file_package_name, ip=harbor_server,
+        # 3.1 helm_registry_login;
+        helm.helm_registry_login(ip=harbor_server, user=user_name, password=self.user_push_chart_password)
+        # 3.2 helm_package;
+        helm.helm_package(file_path=self.chart_file_name)
+        # 3.2 helm_push;
+        helm.helm_push(file_path=self.chart_file_package_name, ip=harbor_server,
                           project_name=TestProjects.project_push_chart_name)
 
         # 4. List artifacts successfully;

tests/ci/api_run.sh

@@ -21,7 +21,7 @@ set +e
 docker ps
 # run db auth api cases
 if [ "$1" = 'DB' ]; then
-    docker run -i --privileged -v $DIR/../../:/drone -v $DIR/../:/ca -w /drone $E2E_IMAGE robot --exclude proxy_cache --exclude push_chart --exclude push_chart_by_Helm3.7 -v DOCKER_USER:${DOCKER_USER} -v DOCKER_PWD:${DOCKER_PWD} -v ip:$2  -v ip1: -v http_get_ca:false -v HARBOR_PASSWORD:Harbor12345 /drone/tests/robot-cases/Group1-Nightly/Setup.robot /drone/tests/robot-cases/Group0-BAT/API_DB.robot
+    docker run -i --privileged -v $DIR/../../:/drone -v $DIR/../:/ca -w /drone $E2E_IMAGE robot --exclude proxy_cache -v DOCKER_USER:${DOCKER_USER} -v DOCKER_PWD:${DOCKER_PWD} -v ip:$2  -v ip1: -v http_get_ca:false -v HARBOR_PASSWORD:Harbor12345 /drone/tests/robot-cases/Group1-Nightly/Setup.robot /drone/tests/robot-cases/Group0-BAT/API_DB.robot
 elif [ "$1" = 'PROXY_CACHE' ]; then
     docker run -i --privileged -v $DIR/../../:/drone -v $DIR/../:/ca -w /drone $E2E_IMAGE robot --include setup  --include proxy_cache -v DOCKER_USER:${DOCKER_USER} -v DOCKER_PWD:${DOCKER_PWD} -v ip:$2  -v ip1: -v http_get_ca:false -v HARBOR_PASSWORD:Harbor12345 /drone/tests/robot-cases/Group1-Nightly/Setup.robot /drone/tests/robot-cases/Group0-BAT/API_DB.robot
 elif [ "$1" = 'LDAP' ]; then

tests/resources/Cosign_Util.robot

@@ -24,9 +24,9 @@ Cosign Generate Key Pair
 
 Cosign Sign
     [Arguments]  ${artifact}
-    Wait Unitl Command Success  cosign sign --allow-insecure-registry --key cosign.key ${artifact}
+    Wait Unitl Command Success  cosign sign -y --allow-insecure-registry --key cosign.key ${artifact}
 
 Cosign Verify
     [Arguments]  ${artifact}  ${signed}
     Run Keyword If  ${signed}==${true}  Wait Unitl Command Success  cosign verify --key cosign.pub ${artifact}
-    ...  ELSE  Command Should be Failed  cosign verify --key cosign.pub ${artifact}
+    ...  ELSE  Command Should be Failed  cosign verify --key cosign.pub ${artifact}

tests/resources/Helm-Util.robot

@@ -18,22 +18,22 @@ Library  OperatingSystem
 Library  Process
 
 *** Keywords ***
-Helm3.7 Registry Login
+Helm Registry Login
     [Arguments]  ${ip}  ${user}  ${password}
-    Wait Unitl Command Success  helm3.7 registry login ${ip} -u ${user} -p ${password}
+    Wait Unitl Command Success  helm registry login ${ip} -u ${user} -p ${password} --insecure
 
-Helm3.7 Package
+Helm Package
     [Arguments]  ${file_path}
-    Wait Unitl Command Success  helm3.7 package ${file_path}
+    Wait Unitl Command Success  helm package ${file_path}
 
-Helm3.7 Push
+Helm Push
     [Arguments]  ${file_path}  ${ip}  ${repo_name}
-    Wait Unitl Command Success  helm3.7 push ${file_path} oci://${ip}/${repo_name}
+    Wait Unitl Command Success  helm push ${file_path} oci://${ip}/${repo_name} --insecure-skip-tls-verify
 
-Helm3.7 Pull
+Helm Pull
     [Arguments]  ${ip}  ${repo_name}  ${version}
-    Wait Unitl Command Success  helm3.7 pull oci://${ip}/${repo_name}/harbor --version ${version}
+    Wait Unitl Command Success  helm pull oci://${ip}/${repo_name}/harbor --version ${version} --insecure-skip-tls-verify
 
-Helm3.7 Registry Logout
+Helm Registry Logout
     [Arguments]  ${ip}
-    Wait Unitl Command Success  helm3.7 registry logout ${ip}
+    Wait Unitl Command Success  helm registry logout ${ip}

tests/resources/TestCaseBody.robot

@@ -163,20 +163,20 @@ Manage Project Member Without Sign In Harbor
     Push image  ${ip}  ${sign_in_user}  ${sign_in_pwd}  project${d}  hello-world
     User Should Be Guest  ${test_user2}  ${sign_in_pwd}  project${d}  is_oidc_mode=${is_oidc_mode}
 
-Helm3.7 CLI Work Flow
+Helm CLI Work Flow
     [Arguments]  ${sign_in_user}  ${sign_in_pwd}
     ${d}=   Get Current Date    result_format=%m%s
     Create An New Project And Go Into Project  project${d}
     Run  rm -rf ./${harbor_helm_name}
     Wait Unitl Command Success  tar zxf ${files_directory}/${harbor_helm_filename}
-    Helm3.7 Registry Login  ${ip}  ${sign_in_user}  ${sign_in_pwd}
-    Helm3.7 Package  ./${harbor_helm_name}
-    Helm3.7 Push  ${harbor_helm_package}  ${ip}  project${d}
+    Helm Registry Login  ${ip}  ${sign_in_user}  ${sign_in_pwd}
+    Helm Package  ./${harbor_helm_name}
+    Helm Push  ${harbor_helm_package}  ${ip}  project${d}
     Run  rm -rf ./${harbor_helm_package}
     Retry File Should Not Exist  ./${harbor_helm_package}
-    Helm3.7 Pull  ${ip}  project${d}  ${harbor_helm_version}
+    Helm Pull  ${ip}  project${d}  ${harbor_helm_version}
     Retry File Should Exist  ./${harbor_helm_package}
-    Helm3.7 Registry Logout  ${ip}
+    Helm Registry Logout  ${ip}
 
 #Important Note: All CVE IDs in CVE Allowlist cases must unique!
 Body Of Verfiy System Level CVE Allowlist

tests/robot-cases/Group0-BAT/API_DB.robot

@@ -84,9 +84,9 @@ Test Case - Push Index By Docker Manifest
     [Tags]  push_index
     Harbor API Test  ./tests/apitests/python/test_push_index_by_docker_manifest.py
 
-Test Case - Push Chart By Helm3.7 Chart CLI
-    [Tags]  push_chart_by_Helm3.7
-    Harbor API Test  ./tests/apitests/python/test_push_chart_by_helm3.7_chart_cli.py
+Test Case - Push Chart By Helm Chart CLI
+    [Tags]  push_chart_by_helm
+    Harbor API Test  ./tests/apitests/python/test_push_chart_by_helm_chart_cli.py
 
 Test Case - Push Cnab Bundle
     [Tags]  push_cnab

tests/robot-cases/Group1-Nightly/Common.robot

@@ -1004,13 +1004,13 @@ Test Case - Export CVE
     Lists Should Be Equal  ${expected_cve_data}  ${actual_cve_data}  ignore_order=True
     Close Browser
 
-Test Case - Helm3.7 CLI Push And Pull In Harbor
+Test Case - Helm CLI Push And Pull In Harbor
     [Tags]  helm_push_and_push
     Init Chrome Driver
     ${user}=    Set Variable    user004
     ${pwd}=    Set Variable    Test1@34
     Sign In Harbor  ${HARBOR_URL}  ${user}  ${pwd}
-    Retry Keyword N Times When Error  4  Helm3.7 CLI Work Flow  ${user}  ${pwd}
+    Retry Keyword N Times When Error  4  Helm CLI Work Flow  ${user}  ${pwd}
     Close Browser
 
 Test Case - Job Service Dashboard Job Queues

tests/test-engine-image/Dockerfile.api_test

@@ -3,6 +3,8 @@ FROM photon:4.0
 ENV LANG C.UTF-8
 ENV HELM_EXPERIMENTAL_OCI=1
 ENV COSIGN_PASSWORD=Harbor12345
+ENV COSIGN_EXPERIMENTAL=1
+ENV COSIGN_OCI_EXPERIMENTAL=1
 
 COPY --from=tool_builder /tool/tools.tar.gz /usr/local/bin
 

tests/test-engine-image/Dockerfile.common

@@ -22,41 +22,27 @@ RUN apt-get update && apt-get install -y software-properties-common && \
 
 RUN pwd && mkdir /tool/binary && \
     # Install CONTAINERD
-    CONTAINERD_VERSION=1.6.9 &&  \
+    CONTAINERD_VERSION=1.7.1 &&  \
     wget https://github.com/containerd/containerd/releases/download/v$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz && \
     tar zxvf containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz && \
     cd bin && cp -f containerd ctr /tool/binary/ && \
     # docker compose
-    curl -L "https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)" -o /tool/binary/docker-compose && \
+    curl -L "https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-$(uname -s)-$(uname -m)" -o /tool/binary/docker-compose && \
     chmod +x /tool/binary/docker-compose && \
-    # Install helm v2
-    HELM2_VERSION=2.16.12 && wget https://get.helm.sh/helm-v$HELM2_VERSION-linux-amd64.tar.gz && \
-    tar zxvf helm-v$HELM2_VERSION-linux-amd64.tar.gz && \
-    cp linux-amd64/helm /tool/binary/helm && \
-    cp linux-amd64/helm /tool/binary/helm2 && \
-    # Install helm v3
-    HELM3_VERSION=3.3.3 && wget https://get.helm.sh/helm-v$HELM3_VERSION-linux-amd64.tar.gz && \
-    tar zxvf helm-v$HELM3_VERSION-linux-amd64.tar.gz && \
+    # Install helm
+    HELM_VERSION=3.12.0 && wget https://get.helm.sh/helm-v$HELM_VERSION-linux-amd64.tar.gz && \
+    tar zxvf helm-v$HELM_VERSION-linux-amd64.tar.gz && \
     ls || pwd && \
-    mv linux-amd64/helm /tool/binary/helm3 && \
-    # Install helm v3.10
-    HELM3_10_VERSION=3.10.1 && wget https://get.helm.sh/helm-v$HELM3_10_VERSION-linux-amd64.tar.gz && \
-    tar zxvf helm-v$HELM3_10_VERSION-linux-amd64.tar.gz && \
-    ls || pwd && \
-    mv linux-amd64/helm /tool/binary/helm3.7 && \
+    mv linux-amd64/helm /tool/binary/helm && \
     # Install ORAS
-    ORAS_VERSION=0.16.0 && curl -LO https://github.com/deislabs/oras/releases/download/v$ORAS_VERSION/oras_${ORAS_VERSION}_linux_amd64.tar.gz && \
+    ORAS_VERSION=1.0.0 && curl -LO https://github.com/deislabs/oras/releases/download/v$ORAS_VERSION/oras_${ORAS_VERSION}_linux_amd64.tar.gz && \
     mkdir -p oras-install/  && \
     tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/  && \
     mv oras-install/oras /tool/binary/ && \
-    # Install notary
-    NOTARY_VERSION=0.6.1 && wget https://github.com/theupdateframework/notary/releases/download/v$NOTARY_VERSION/notary-Linux-amd64 && \
-    chmod +x notary-Linux-amd64 && \
-    mv notary-Linux-amd64 /tool/binary/notary && \
     # Install CNAB
     CNAB_PATH=$(go env GOPATH)/src/github.com/cnabio && \
     mkdir -p $CNAB_PATH && cd $CNAB_PATH && git clone https://github.com/cnabio/cnab-to-oci.git && \
-    cd cnab-to-oci && git checkout v0.3.7 && \
+    cd cnab-to-oci && git checkout v0.4.0 && \
     go list && \
     make build && \
     mv bin/cnab-to-oci /tool/binary/ && \
@@ -68,12 +54,12 @@ RUN pwd && mkdir /tool/binary && \
     WASM_TO_OCI_VERSION=0.1.2 && wget https://github.com/engineerd/wasm-to-oci/releases/download/v${WASM_TO_OCI_VERSION}/linux-amd64-wasm-to-oci && \
     chmod +x linux-amd64-wasm-to-oci && mv linux-amd64-wasm-to-oci /tool/binary/wasm-to-oci && \
     # Install imgpkg
-    IMGPKG_VERSION=0.33.0 && wget https://github.com/vmware-tanzu/carvel-imgpkg/releases/download/v$IMGPKG_VERSION/imgpkg-linux-amd64 && \
+    IMGPKG_VERSION=0.36.2 && wget https://github.com/vmware-tanzu/carvel-imgpkg/releases/download/v$IMGPKG_VERSION/imgpkg-linux-amd64 && \
     mv imgpkg-linux-amd64 /tool/binary/imgpkg && chmod +x /tool/binary/imgpkg && \
     # Install cosign
-    COSIGN_VERSION=1.13.1 && wget https://github.com/sigstore/cosign/releases/download/v$COSIGN_VERSION/cosign-linux-amd64 && \
+    COSIGN_VERSION=2.0.2 && wget https://github.com/sigstore/cosign/releases/download/v$COSIGN_VERSION/cosign-linux-amd64 && \
     mv cosign-linux-amd64 /tool/binary/cosign && chmod +x /tool/binary/cosign && \
     pwd
 
 RUN cd /tool/binary/ && tar czvf tools.tar.gz * && cp tools.tar.gz /tool
-# --- End of base file ---
+# --- End of base file ---

tests/test-engine-image/Dockerfile.ui_test

@@ -5,6 +5,8 @@ ENV TZ=Asia/Shanghai \
 ENV LANG C.UTF-8
 ENV HELM_EXPERIMENTAL_OCI=1
 ENV COSIGN_PASSWORD=Harbor12345
+ENV COSIGN_EXPERIMENTAL=1
+ENV COSIGN_OCI_EXPERIMENTAL=1
 RUN apt-get update && apt-get install -y --no-install-recommends wget curl gnupg2
 RUN apt-get install libseccomp2
 RUN wget  --no-check-certificate -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
@@ -37,8 +39,8 @@ RUN pip3 install --upgrade pip pyasn1 google-apitools==0.5.31 gsutil \
     requests dbbot robotframework-seleniumlibrary robotframework-pabot \
     robotframework-JSONLibrary hurry.filesize --upgrade && \
     apt-get clean all
-# Upgrade chromedriver version to 107.0.5304.62
-RUN wget -N https://chromedriver.storage.googleapis.com/107.0.5304.62/chromedriver_linux64.zip && \
+# Upgrade chromedriver version to 113.0.5672.24
+RUN wget -N https://chromedriver.storage.googleapis.com/113.0.5672.24/chromedriver_linux64.zip && \
     unzip chromedriver_linux64.zip && \
     chmod +x chromedriver && \
     mv -f chromedriver /usr/local/share/chromedriver && \
@@ -47,7 +49,7 @@ RUN wget -N https://chromedriver.storage.googleapis.com/107.0.5304.62/chromedriv
 
 RUN pwd && ls && \
     # Install docker
-    DOCKER_VERSION=20.10.3 && wget https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz && \
+    DOCKER_VERSION=24.0.2 && wget https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz && \
     tar --strip-components=1 -xvzf docker-$DOCKER_VERSION.tgz -C /usr/bin &&  \
     rm docker-$DOCKER_VERSION.tgz