Skip to content

Commit

Permalink
Merge pull request #376 from elsesiy/issue-93-2
Browse files Browse the repository at this point in the history
Add e2e test for file signing
  • Loading branch information
k8s-ci-robot authored Sep 2, 2024
2 parents 7aa8e8f + 75738c7 commit 52bb822
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 15 deletions.
9 changes: 9 additions & 0 deletions .github/workflows/e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:

jobs:
Expand Down Expand Up @@ -45,5 +48,11 @@ jobs:
registry: localhost:5000
tls-verify: false

- name: Generate test file
id: test-file
run: |
echo "release sign test" > ${{ runner.temp }}/test-file-${{ github.run_id }}
- name: Run e2e tests
run: go run mage.go E2ETest
with:
path: ${{ runner.temp }}/test-file-${{ github.run_id }}
59 changes: 44 additions & 15 deletions test/e2e/sign_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"fmt"
"io"
"net/http"
"os"
"strings"
"testing"

Expand All @@ -41,22 +42,16 @@ const (
)

func TestSignImageSuccess(t *testing.T) {
// Test the prerequisites
opts := sign.Default()
opts.IgnoreTlog = true
opts.CertIdentityRegexp = "https://github.com/kubernetes-sigs/release-sdk/.github/workflows/e2e.yml@.*"
opts.CertOidcIssuer = "https://token.actions.githubusercontent.com"

signer := sign.New(opts)
signer := testSigner(t)
signed, err := signer.IsImageSigned(imageRef)
require.Nil(t, err)
require.NoError(t, err)
require.False(t, signed)

// Sign the image
res, err := signer.SignImage(imageRef)

// Verify the results
assert.Nil(t, err)
require.NoError(t, err)
assert.Nil(t, res.File())
image := res.Image()
assert.NotNil(t, image)
Expand All @@ -73,28 +68,28 @@ func TestSignImageSuccess(t *testing.T) {
fmt.Printf(": %s\n", url)

client := &http.Client{}
req, err := http.NewRequest("GET", url, nil)
require.Nil(t, err)
req, err := http.NewRequest("GET", url, http.NoBody)
require.NoError(t, err)
req.Header.Set("Accept", ociManifestType)

resp, err := client.Do(req)
require.Nil(t, err)
require.NoError(t, err)
defer resp.Body.Close()

body, err := io.ReadAll(resp.Body)
require.Nil(t, err)
require.NoError(t, err)

response := string(body)
assert.Contains(t, response, "-----BEGIN CERTIFICATE-----")
assert.Contains(t, response, "-----END CERTIFICATE-----")
assert.Contains(t, response, fmt.Sprintf(`"mediaType":"%s"`, ociManifestType))

signed, err = signer.IsImageSigned(imageRef)
require.Nil(t, err)
require.NoError(t, err)
assert.True(t, signed)

obj, err := signer.VerifyImage(imageRef)
require.Nil(t, err)
require.NoError(t, err)
assert.Equal(t, res, obj)
}

Expand All @@ -104,3 +99,37 @@ func TestSignImageFailureWrongImageRef(t *testing.T) {
_, err := signer.SignImage(registry + "/not-existing:latest")
assert.ErrorContains(t, err, "entity not found in registry")
}

func TestSignFileSuccess(t *testing.T) {
signer := testSigner(t)

// propagated by the github actions workflow
testFilePath := os.Getenv("INPUT_PATH")
require.NotEmpty(t, testFilePath)
signedObject, err := signer.SignFile(testFilePath)
require.NoError(t, err)
require.NotNil(t, signedObject.File)

verifiedObject, err := signer.VerifyFile(testFilePath, true)
require.NoError(t, err)
require.NotNil(t, verifiedObject.File)
}

func TestSignFileFailureWrongFilePath(t *testing.T) {
signer := sign.New(nil)
_, err := signer.SignFile("/dummy/test")
assert.ErrorContains(t, err, "file retrieve sha256:")
}

func testSigner(t *testing.T) *sign.Signer {
t.Helper()

opts := sign.Default()
opts.IgnoreTlog = true
opts.CertIdentityRegexp = "https://github.com/kubernetes-sigs/release-sdk/.github/workflows/e2e.yml@.*"
opts.CertOidcIssuer = "https://token.actions.githubusercontent.com"

signer := sign.New(opts)

return signer
}

0 comments on commit 52bb822

Please sign in to comment.