Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a presubmit to restrict test only libraries from linking into prod binaries #115175

Closed
mikedanese opened this issue Jan 18, 2023 · 7 comments · Fixed by #121735
Closed

Add a presubmit to restrict test only libraries from linking into prod binaries #115175

mikedanese opened this issue Jan 18, 2023 · 7 comments · Fixed by #121735
Assignees
@akshatdalton
Labels
area/test-infra help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/testing Categorizes an issue or PR as relevant to SIG Testing. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@mikedanese
Copy link
Member

We have many "test only" packages through out the project, containing fixtures, helpers, utilities, etc... These test libraries are not intended for use in production binaries. They often lack rigorous review and sufficient testing for use in production binaries. We should make sure they don't accidentally get pulled in.

Strawman proposal, test only packages must import "testing". Blank import is sufficient:

import (
  ...

  // Restrict to tests
  _ "testing"
)

Then write a presubmit that fails if we find testing.init symbol in the release binary.

$ go list -json ./cmd/kubectl | jq 'any(.Deps[]; . == "testing")'
true

This approach is trivial and fairly effective although a more sophisticated approach could print a dep chain.
@mikedanese mikedanese added priority/backlog Higher priority than priority/awaiting-more-evidence. area/test-infra help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Jan 18, 2023
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Jan 18, 2023
@akshatdalton
Copy link

/assign

@akshatdalton
Copy link

I hope I will be able to contribute once this gets marked as triage/accepted.

@aojea
Copy link
Member

aojea commented Jan 22, 2023

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 22, 2023
@aojea
Copy link
Member

aojea commented Jan 22, 2023

Then write a presubmit that fails if we find testing.init symbol in the release binary.

@mikedanese I think that will be enough a new hack\verify-testing-import.sh script or a check in the building scripts

/cc @BenTheElder since he has experience from the providerless building effort

@akshatdalton
Copy link

akshatdalton commented Jan 26, 2023
edited

@mikedanese @aojea I got what we want to achieve here but I'm little confused about:

Then write a presubmit that fails if we find testing.init symbol in the release binary.

$ go list -json ./cmd/kubectl | jq 'any(.Deps[]; . == "testing")'
true
  • how can I create a binary and search for testing.init?
  • If I execute: go list -json ./cmd/kubectl | jq 'any(.Deps[]; . == "testing")' after adding the import _ "testing" then only it is giving true - what do we want to achieve by executing this command exactly? I got what it is doing.

I've opened a thread in slack as well: https://kubernetes.slack.com/archives/CDHA7K9L5/p1674680329897449

@vlasebian
Copy link
Contributor

Hello! Is there anyone working on this issue at the moment? If not and the issue it's still relevant, I would like to work on it if possible. Thank you.

@vlasebian vlasebian mentioned this issue Nov 5, 2023
Merged
@vlasebian
Copy link
Contributor

I opened a PR in the meantime, if it's not needed anymore, I can close it.

@liggitt liggitt mentioned this issue Nov 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@akshatdalton akshatdalton

Labels
area/test-infra help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/testing Categorizes an issue or PR as relevant to SIG Testing. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add script for restricting import of test only libraries vlasebian/kubernetes
5 participants
@mikedanese @aojea @k8s-ci-robot @vlasebian @akshatdalton