feat(build): add gate-integration module to exercise the just-built d…

…ocker image (#1794) * feat(docker): add HEALTHCHECK to facilitate testing container startup * feat(build): add gate-integration module to exercise the just-built docker image * feat(gha): run integration test in pr builds multi-arch with --load doesn't work, so add a separate step using the local platform to make an image available for testing. see docker/buildx#59
spinnaker · May 1, 2024 · 4cf1b9d · 4cf1b9d
1 parent c933978
commit 4cf1b9d
Show file tree

Hide file tree

Showing 9 changed files with 284 additions and 5 deletions.
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -72,4 +72,17 @@ jobs:
  platforms: linux/amd64,linux/arm64
  tags: |
  "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-java11-ubuntu"
- "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-ubuntu"
+ "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-ubuntu"
+ - name: Build local slim container image for testing
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ file: Dockerfile.slim
+ load: true
+ platforms: local
+ tags: |
+ "${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}"
+ - name: Test local slim container image
+ env:
+ FULL_DOCKER_IMAGE_NAME: "${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}"
+ run: ./gradlew ${{ steps.build_variables.outputs.REPO }}-integration:test
diff --git a/Dockerfile.java11.slim b/Dockerfile.java11.slim
@@ -1,9 +1,10 @@
 FROM alpine:3.16
 LABEL maintainer="[email protected]"
-RUN apk --no-cache add --update bash openjdk11-jre
+RUN apk --no-cache add --update bash curl openjdk11-jre
 RUN addgroup -S -g 10111 spinnaker
 RUN adduser -S -G spinnaker -u 10111 spinnaker
 COPY gate-web/build/install/gate /opt/gate
 RUN mkdir -p /opt/gate/plugins && chown -R spinnaker:nogroup /opt/gate/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:8084/health | grep UP || exit 1
 CMD ["/opt/gate/bin/gate"]
diff --git a/Dockerfile.java11.ubuntu b/Dockerfile.java11.ubuntu
@@ -1,8 +1,9 @@
 FROM ubuntu:bionic
 LABEL maintainer="[email protected]"
-RUN apt-get update && apt-get -y install openjdk-11-jre-headless wget
+RUN apt-get update && apt-get -y install curl openjdk-11-jre-headless wget
 RUN adduser --system --uid 10111 --group spinnaker
 COPY gate-web/build/install/gate /opt/gate
 RUN mkdir -p /opt/gate/plugins && chown -R spinnaker:nogroup /opt/gate/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:8084/health | grep UP || exit 1
 CMD ["/opt/gate/bin/gate"]
diff --git a/Dockerfile.slim b/Dockerfile.slim
@@ -1,9 +1,10 @@
 FROM alpine:3.18
 LABEL maintainer="[email protected]"
-RUN apk --no-cache add --update bash openjdk17-jre
+RUN apk --no-cache add --update bash curl openjdk17-jre
 RUN addgroup -S -g 10111 spinnaker
 RUN adduser -S -G spinnaker -u 10111 spinnaker
 COPY gate-web/build/install/gate /opt/gate
 RUN mkdir -p /opt/gate/plugins && chown -R spinnaker:nogroup /opt/gate/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:8084/health | grep UP || exit 1
 CMD ["/opt/gate/bin/gate"]
diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu
@@ -1,8 +1,9 @@
 FROM ubuntu:jammy
 LABEL maintainer="[email protected]"
-RUN apt-get update && apt-get -y install openjdk-17-jre-headless wget
+RUN apt-get update && apt-get -y install curl openjdk-17-jre-headless wget
 RUN adduser --system --uid 10111 --group spinnaker
 COPY gate-web/build/install/gate /opt/gate
 RUN mkdir -p /opt/gate/plugins && chown -R spinnaker:nogroup /opt/gate/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:8084/health | grep UP || exit 1
 CMD ["/opt/gate/bin/gate"]
diff --git a/gate-integration/gate-integration.gradle b/gate-integration/gate-integration.gradle
@@ -0,0 +1,25 @@
+dependencies {
+ testImplementation "com.fasterxml.jackson.core:jackson-databind"
+ testImplementation "com.github.tomakehurst:wiremock-jre8-standalone"
+ testImplementation "org.assertj:assertj-core"
+ testImplementation "org.junit.jupiter:junit-jupiter-api"
+ testImplementation "org.slf4j:slf4j-api"
+ testImplementation "org.testcontainers:testcontainers"
+ testImplementation "org.testcontainers:junit-jupiter"
+ testRuntimeOnly "ch.qos.logback:logback-classic"
+}
+
+test.configure {
+ def fullDockerImageName = System.getenv('FULL_DOCKER_IMAGE_NAME')
+ onlyIf("there is a docker image to test") {
+ fullDockerImageName != null && fullDockerImageName.trim() != ''
+ }
+}
+
+test {
+ // So stdout and stderr from the just-built container are available in CI
+ testLogging.showStandardStreams = true
+
+ // Run the tests when the docker image changes
+ inputs.property 'fullDockerImageName', System.getenv('FULL_DOCKER_IMAGE_NAME')
+}
diff --git a/gate-integration/src/test/java/com/netflix/spinnaker/gate/StandaloneContainerTest.java b/gate-integration/src/test/java/com/netflix/spinnaker/gate/StandaloneContainerTest.java
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2024 Salesforce, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.netflix.spinnaker.gate;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assumptions.assumeTrue;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.tomakehurst.wiremock.client.WireMock;
+import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.util.Map;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInfo;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.Network;
+import org.testcontainers.containers.output.Slf4jLogConsumer;
+import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import org.testcontainers.utility.DockerImageName;
+
+@Testcontainers
+class StandaloneContainerTest {
+
+ private static final String REDIS_NETWORK_ALIAS = "redisHost";
+
+ private static final int REDIS_PORT = 6379;
+
+ private static final Logger logger = LoggerFactory.getLogger(StandaloneContainerTest.class);
+
+ private static final Network network = Network.newNetwork();
+
+ // gate caches application information from both clouddriver and front50, and
+ // account information from clouddriver. gate's health doesn't depend on this
+ // succeeding, but when it fails it spams the log with a log of noise.
+ @RegisterExtension
+ static final WireMockExtension wmClouddriver =
+ WireMockExtension.newInstance().options(wireMockConfig().dynamicPort()).build();
+
+ @RegisterExtension
+ static final WireMockExtension wmFront50 =
+ WireMockExtension.newInstance().options(wireMockConfig().dynamicPort()).build();
+
+ static int clouddriverPort;
+ static int front50Port;
+
+ private static final GenericContainer redis =
+ new GenericContainer(DockerImageName.parse("library/redis:5-alpine"))
+ .withNetwork(network)
+ .withNetworkAliases(REDIS_NETWORK_ALIAS)
+ .withExposedPorts(REDIS_PORT);
+
+ private static GenericContainer gateContainer;
+
+ @BeforeAll
+ static void setupOnce() throws Exception {
+ front50Port = wmFront50.getRuntimeInfo().getHttpPort();
+ logger.info("wiremock front50 http port: {} ", front50Port);
+
+ clouddriverPort = wmClouddriver.getRuntimeInfo().getHttpPort();
+ logger.info("wiremock clouddriver http port: {} ", clouddriverPort);
+
+ // set up front50 stubs
+ wmFront50.stubFor(
+ WireMock.get(urlPathEqualTo("/v2/applications"))
+ .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+ wmFront50.stubFor(
+ WireMock.get(urlPathEqualTo("/health"))
+ .willReturn(aResponse().withStatus(200).withBody("{}")));
+
+ // set up clouddriver stubs
+ wmClouddriver.stubFor(
+ WireMock.get(urlPathEqualTo("/applications"))
+ .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+ wmClouddriver.stubFor(
+ WireMock.get(urlPathEqualTo("/credentials"))
+ .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+ wmClouddriver.stubFor(
+ WireMock.get(urlPathEqualTo("/health"))
+ .willReturn(aResponse().withStatus(200).withBody("{}")));
+
+ String fullDockerImageName = System.getenv("FULL_DOCKER_IMAGE_NAME");
+
+ // Skip the tests if there's no docker image. This allows gradlew build to work.
+ assumeTrue(fullDockerImageName != null);
+
+ // expose front50 to gate
+ org.testcontainers.Testcontainers.exposeHostPorts(front50Port);
+
+ // expose clouddriver to gate
+ org.testcontainers.Testcontainers.exposeHostPorts(clouddriverPort);
+
+ redis.start();
+
+ DockerImageName dockerImageName = DockerImageName.parse(fullDockerImageName);
+
+ gateContainer =
+ new GenericContainer(dockerImageName)
+ .withNetwork(network)
+ .withExposedPorts(8084)
+ .dependsOn(redis)
+ .waitingFor(Wait.forHealthcheck())
+ .withEnv("SPRING_APPLICATION_JSON", getSpringApplicationJson());
+
+ Slf4jLogConsumer logConsumer = new Slf4jLogConsumer(logger);
+ gateContainer.start();
+ gateContainer.followOutput(logConsumer);
+ }
+
+ private static String getSpringApplicationJson() throws JsonProcessingException {
+ String redisUrl = "redis://" + REDIS_NETWORK_ALIAS + ":" + REDIS_PORT;
+ logger.info("redisUrl: '{}'", redisUrl);
+ Map<String, String> properties =
+ Map.of(
+ "services.rosco.enabled",
+ "false",
+ "services.echo.enabled",
+ "false",
+ "services.orca.enabled",
+ "false",
+ "services.fiat.baseUrl",
+ "http://nowhere",
+ "redis.connection",
+ redisUrl,
+ "services.clouddriver.baseUrl",
+ "http://" + GenericContainer.INTERNAL_HOST_HOSTNAME + ":" + clouddriverPort,
+ "services.front50.baseUrl",
+ "http://" + GenericContainer.INTERNAL_HOST_HOSTNAME + ":" + front50Port);
+ ObjectMapper mapper = new ObjectMapper();
+ return mapper.writeValueAsString(properties);
+ }
+
+ @AfterAll
+ static void cleanupOnce() {
+ if (gateContainer != null) {
+ gateContainer.stop();
+ }
+
+ if (redis != null) {
+ redis.stop();
+ }
+ }
+
+ @BeforeEach
+ void init(TestInfo testInfo) {
+ System.out.println("--------------- Test " + testInfo.getDisplayName());
+ }
+
+ @Test
+ void testHealthCheck() throws Exception {
+ // hit an arbitrary endpoint
+ HttpRequest request =
+ HttpRequest.newBuilder()
+ .uri(
+ new URI(
+ "http://"
+ + gateContainer.getHost()
+ + ":"
+ + gateContainer.getFirstMappedPort()
+ + "/health"))
+ .GET()
+ .build();
+
+ HttpClient client = HttpClient.newHttpClient();
+
+ HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
+ assertThat(response).isNotNull();
+ logger.info("response: {}, {}", response.statusCode(), response.body());
+ assertThat(response.statusCode()).isEqualTo(200);
+ }
+}
diff --git a/gate-integration/src/test/resources/logback.xml b/gate-integration/src/test/resources/logback.xml
@@ -0,0 +1,36 @@
+<!--
+
+ Copyright 2024 Salesforce, Inc.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<configuration>
+
+ <!-- see https://java.testcontainers.org/supported_docker_environment/logging_config/ -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <root level="DEBUG">
+ <appender-ref ref="STDOUT" />
+ </root>
+
+ <logger name="org.testcontainers" level="INFO"/>
+ <logger name="tc" level="INFO"/>
+ <logger name="com.github.dockerjava" level="WARN"/>
+ <logger name="com.github.dockerjava.zerodep.shaded.org.apache.hc.client5.http.wire" level="OFF"/>
+ <logger name="wiremock.org.eclipse.jetty" level="INFO"/>
+</configuration>
diff --git a/settings.gradle b/settings.gradle
@@ -32,6 +32,7 @@ include "gate-api",
  "gate-basic",
  "gate-bom",
  "gate-iap",
+ "gate-integration",
  "gate-ldap",
  "gate-oauth2",
  "gate-proxy",