From 74df6bae2533456e1c0d6fdf1beed5023d7168b5 Mon Sep 17 00:00:00 2001 From: Sascha Schwarze Date: Fri, 22 Sep 2023 23:03:41 +0200 Subject: [PATCH] Setup webhook in integration test --- .github/workflows/ci.yml | 5 + Makefile | 12 +- hack/setup-webhook-cert-integration-test.sh | 81 +++++++++++++ test/integration/integration_suite_test.go | 16 ++- test/utils/webhook.go | 128 ++++++++++++++++++++ 5 files changed, 237 insertions(+), 5 deletions(-) create mode 100755 hack/setup-webhook-cert-integration-test.sh create mode 100644 test/utils/webhook.go diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b609386ef4..43a4894bd5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,7 +111,12 @@ jobs: kubectl -n tekton-pipelines rollout status deployment tekton-pipelines-webhook --timeout=1m - name: Test run: | + # host.docker.internal does not work in a GitHub action + docker exec kind-control-plane bash -c "echo '172.17.0.1 host.docker.internal' >>/etc/hosts" + + # Build and load the Git image export GIT_CONTAINER_IMAGE="$(KO_DOCKER_REPO=kind.local ko publish ./cmd/git)" + make test-integration e2e: diff --git a/Makefile b/Makefile index 057e50032c..127f6d23e4 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ TEST_NAMESPACE ?= default TEKTON_VERSION ?= v0.44.0 # E2E test flags -TEST_E2E_FLAGS ?= --fail-fast -p --randomize-all -timeout=1h -trace -vv +TEST_E2E_FLAGS ?= -p --randomize-all -timeout=1h -trace -v # E2E test service account name to be used for the build runs, can be set to generated to use the generated service account feature TEST_E2E_SERVICEACCOUNT_NAME ?= pipeline @@ -204,6 +204,7 @@ test-unit-ginkgo: ginkgo # Based on https://github.com/kubernetes/community/blob/master/contributors/devel/sig-testing/integration-tests.md .PHONY: test-integration test-integration: install-apis ginkgo + ./hack/setup-webhook-cert-integration-test.sh $(GINKGO) \ --randomize-all \ --randomize-suites \ @@ -211,7 +212,6 @@ test-integration: install-apis ginkgo -trace \ test/integration/... - .PHONY: test-e2e test-e2e: install-strategies test-e2e-plain @@ -237,7 +237,13 @@ install-with-pprof: GOOS=$(GO_OS) GOARCH=$(GO_ARCH) GOFLAGS="$(GO_FLAGS) -tags=pprof_enabled" ko apply -R -f deploy/ -- --server-side install-apis: - kubectl apply -f deploy/crds/ --server-side + for resource in buildruns builds buildstrategies clusterbuildstrategies ; do \ + if kubectl get crd "$${resource}.shipwright.io" >/dev/null 2>&1 ; then \ + kubectl replace -f "deploy/crds/shipwright.io_$${resource}.yaml" ; \ + else \ + kubectl create -f "deploy/crds/shipwright.io_$${resource}.yaml" ; \ + fi ; \ + done for i in 1 2 3 ; do \ kubectl wait --timeout=$(TIMEOUT) --for="condition=Established" crd/clusterbuildstrategies.shipwright.io && \ break ; \ diff --git a/hack/setup-webhook-cert-integration-test.sh b/hack/setup-webhook-cert-integration-test.sh new file mode 100755 index 0000000000..fa795d5b06 --- /dev/null +++ b/hack/setup-webhook-cert-integration-test.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# Copyright The Shipwright Contributors +# +# SPDX-License-Identifier: Apache-2.0 + +set -euo pipefail + +if ! hash jq >/dev/null 2>&1 ; then + echo "[ERROR] jq is not installed" + exit 1 +fi + +if ! hash openssl >/dev/null 2>&1 ; then + echo "[ERROR] openssl is not installed" + exit 1 +fi + +echo "[INFO] Generating key and signing request for Shipwright Build Webhook" + +cat </tmp/csr.conf +[req] +req_extensions = v3_req +distinguished_name = req_distinguished_name +[req_distinguished_name] +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +subjectAltName = @alt_names +[alt_names] +DNS.1 = host.docker.internal +EOF + +openssl genrsa -out /tmp/server-key.pem 2048 +openssl req -new -days 365 -key /tmp/server-key.pem -subj "/O=system:nodes/CN=system:node:host.docker.internal" -out /tmp/server.csr -config /tmp/csr.conf + +echo "[INFO] Deleting previous CertificateSigningRequest" +kubectl delete csr shipwright-build-webhook-csr --ignore-not-found + +echo "[INFO] Create a CertificateSigningRequest" +cat <