feat(build): add fiat-integration module to exercise the just-built d…

…ocker imageTest docker image (#1158) * feat(docker): add HEALTHCHECK to facilitate testing container startup * feat(build): add fiat-integration module to exercise the just-built docker image * feat(gha): run integration test in pr builds multi-arch with --load doesn't work, so add a separate step using the local platform to make an image available for testing. see docker/buildx#59 * feat(gha): run integration test in branch builds
spinnaker · May 1, 2024 · 69fdb4c · 69fdb4c
1 parent ad0f319
commit 69fdb4c
Show file tree

Hide file tree

Showing 10 changed files with 289 additions and 6 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -39,6 +39,19 @@ jobs:
         env:
           ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }}
         run: ./gradlew build --stacktrace ${{ steps.build_variables.outputs.REPO }}-web:installDist
+      - name: Build local slim container image for testing
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.slim
+          load: true
+          platforms: local
+          tags: |
+            "${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-unvalidated"
+      - name: Test local slim container image
+        env:
+          FULL_DOCKER_IMAGE_NAME: "${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-unvalidated"
+        run: ./gradlew ${{ steps.build_variables.outputs.REPO }}-integration:test
       - name: Login to GAR
         # Only run this on repositories in the 'spinnaker' org, not on forks.
         if: startsWith(github.repository, 'spinnaker/')
@@ -99,4 +112,4 @@ jobs:
           push: true
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-java11-unvalidated-ubuntu"
-            "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-ubuntu"
+            "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-ubuntu"
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -72,4 +72,17 @@ jobs:
           platforms: linux/amd64,linux/arm64
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-java11-ubuntu"
-            "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-ubuntu"
+            "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-ubuntu"
+      - name: Build local slim container image for testing
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.slim
+          load: true
+          platforms: local
+          tags: |
+            "${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}"
+      - name: Test local slim container image
+        env:
+          FULL_DOCKER_IMAGE_NAME: "${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}"
+        run: ./gradlew ${{ steps.build_variables.outputs.REPO }}-integration:test
diff --git a/Dockerfile.java11.slim b/Dockerfile.java11.slim
@@ -1,9 +1,10 @@
 FROM alpine:3.16
 LABEL maintainer="sig-platform@spinnaker.io"
-RUN apk --no-cache add --update bash openjdk11-jre
+RUN apk --no-cache add --update bash curl openjdk11-jre
 RUN addgroup -S -g 10111 spinnaker
 RUN adduser -S -G spinnaker -u 10111 spinnaker
 COPY fiat-web/build/install/fiat /opt/fiat
 RUN mkdir -p /opt/fiat/plugins && chown -R spinnaker:nogroup /opt/fiat/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:7003/health | grep UP || exit 1
 CMD ["/opt/fiat/bin/fiat"]
diff --git a/Dockerfile.java11.ubuntu b/Dockerfile.java11.ubuntu
@@ -1,8 +1,9 @@
 FROM ubuntu:bionic
 LABEL maintainer="sig-platform@spinnaker.io"
-RUN apt-get update && apt-get -y install openjdk-11-jre-headless wget
+RUN apt-get update && apt-get -y install curl openjdk-11-jre-headless wget
 RUN adduser --system --uid 10111 --group spinnaker
 COPY fiat-web/build/install/fiat /opt/fiat
 RUN mkdir -p /opt/fiat/plugins && chown -R spinnaker:nogroup /opt/fiat/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:7003/health | grep UP || exit 1
 CMD ["/opt/fiat/bin/fiat"]
diff --git a/Dockerfile.slim b/Dockerfile.slim
@@ -1,9 +1,10 @@
 FROM alpine:3.16
 LABEL maintainer="sig-platform@spinnaker.io"
-RUN apk --no-cache add --update bash openjdk17-jre
+RUN apk --no-cache add --update bash curl openjdk17-jre
 RUN addgroup -S -g 10111 spinnaker
 RUN adduser -S -G spinnaker -u 10111 spinnaker
 COPY fiat-web/build/install/fiat /opt/fiat
 RUN mkdir -p /opt/fiat/plugins && chown -R spinnaker:nogroup /opt/fiat/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:7003/health | grep UP || exit 1
 CMD ["/opt/fiat/bin/fiat"]
diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu
@@ -1,8 +1,9 @@
 FROM ubuntu:bionic
 LABEL maintainer="sig-platform@spinnaker.io"
-RUN apt-get update && apt-get -y install openjdk-17-jre-headless wget
+RUN apt-get update && apt-get -y install curl openjdk-17-jre-headless wget
 RUN adduser --system --uid 10111 --group spinnaker
 COPY fiat-web/build/install/fiat /opt/fiat
 RUN mkdir -p /opt/fiat/plugins && chown -R spinnaker:nogroup /opt/fiat/plugins
 USER spinnaker
+HEALTHCHECK CMD curl http://localhost:7003/health | grep UP || exit 1
 CMD ["/opt/fiat/bin/fiat"]
diff --git a/fiat-integration/fiat-integration.gradle b/fiat-integration/fiat-integration.gradle
@@ -0,0 +1,25 @@
+dependencies {
+  testImplementation "com.fasterxml.jackson.core:jackson-databind"
+  testImplementation "com.github.tomakehurst:wiremock-jre8-standalone"
+  testImplementation "org.assertj:assertj-core"
+  testImplementation "org.junit.jupiter:junit-jupiter-api"
+  testImplementation "org.slf4j:slf4j-api"
+  testImplementation "org.testcontainers:testcontainers"
+  testImplementation "org.testcontainers:junit-jupiter"
+  testRuntimeOnly "ch.qos.logback:logback-classic"
+}
+
+test.configure {
+  def fullDockerImageName = System.getenv('FULL_DOCKER_IMAGE_NAME')
+  onlyIf("there is a docker image to test") {
+    fullDockerImageName != null && fullDockerImageName.trim() != ''
+  }
+}
+
+test {
+  // So stdout and stderr from the just-built container are available in CI
+  testLogging.showStandardStreams = true
+
+  // Run the tests when the docker image changes
+  inputs.property 'fullDockerImageName', System.getenv('FULL_DOCKER_IMAGE_NAME')
+}
diff --git a/fiat-integration/src/test/java/com/netflix/spinnaker/fiat/StandaloneContainerTest.java b/fiat-integration/src/test/java/com/netflix/spinnaker/fiat/StandaloneContainerTest.java
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2024 Salesforce, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.netflix.spinnaker.fiat;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assumptions.assumeTrue;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.tomakehurst.wiremock.client.WireMock;
+import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.util.Map;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInfo;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.Network;
+import org.testcontainers.containers.output.Slf4jLogConsumer;
+import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import org.testcontainers.utility.DockerImageName;
+
+@Testcontainers
+class StandaloneContainerTest {
+
+  private static final String REDIS_NETWORK_ALIAS = "redisHost";
+
+  private static final int REDIS_PORT = 6379;
+
+  private static final Logger logger = LoggerFactory.getLogger(StandaloneContainerTest.class);
+
+  private static final Network network = Network.newNetwork();
+
+  // fiat gets accounts and applications from clouddriver, and fiat's health
+  // depends on that succeeding.
+  @RegisterExtension
+  static final WireMockExtension wmClouddriver =
+      WireMockExtension.newInstance().options(wireMockConfig().dynamicPort()).build();
+
+  // fiat gets service accounts and applications from front50, and fiat's health
+  // depends on that succeeding.
+  @RegisterExtension
+  static final WireMockExtension wmFront50 =
+      WireMockExtension.newInstance().options(wireMockConfig().dynamicPort()).build();
+
+  static int clouddriverPort;
+  static int front50Port;
+
+  private static final GenericContainer redis =
+      new GenericContainer(DockerImageName.parse("library/redis:5-alpine"))
+          .withNetwork(network)
+          .withNetworkAliases(REDIS_NETWORK_ALIAS)
+          .withExposedPorts(REDIS_PORT);
+
+  private static GenericContainer fiatContainer;
+
+  @BeforeAll
+  static void setupOnce() throws Exception {
+    front50Port = wmFront50.getRuntimeInfo().getHttpPort();
+    logger.info("wiremock front50 http port: {} ", front50Port);
+
+    clouddriverPort = wmClouddriver.getRuntimeInfo().getHttpPort();
+    logger.info("wiremock clouddriver http port: {} ", clouddriverPort);
+
+    // set up front50 stubs
+    wmFront50.stubFor(
+        WireMock.get(urlPathEqualTo("/v2/applications"))
+            .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+    wmFront50.stubFor(
+        WireMock.get(urlPathEqualTo("/serviceAccounts"))
+            .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+    // set up clouddriver stubs
+    wmClouddriver.stubFor(
+        WireMock.get(urlPathEqualTo("/applications"))
+            .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+    wmClouddriver.stubFor(
+        WireMock.get(urlPathEqualTo("/credentials"))
+            .willReturn(aResponse().withStatus(200).withBody("[]")));
+
+    String fullDockerImageName = System.getenv("FULL_DOCKER_IMAGE_NAME");
+
+    // Skip the tests if there's no docker image.  This allows gradlew build to work.
+    assumeTrue(fullDockerImageName != null);
+
+    // expose front50 to fiat
+    org.testcontainers.Testcontainers.exposeHostPorts(front50Port);
+
+    // expose clouddriver to fiat
+    org.testcontainers.Testcontainers.exposeHostPorts(clouddriverPort);
+
+    redis.start();
+
+    DockerImageName dockerImageName = DockerImageName.parse(fullDockerImageName);
+
+    fiatContainer =
+        new GenericContainer(dockerImageName)
+            .withNetwork(network)
+            .withExposedPorts(7003)
+            .dependsOn(redis)
+            .waitingFor(Wait.forHealthcheck())
+            .withEnv("SPRING_APPLICATION_JSON", getSpringApplicationJson());
+
+    Slf4jLogConsumer logConsumer = new Slf4jLogConsumer(logger);
+    fiatContainer.start();
+    fiatContainer.followOutput(logConsumer);
+  }
+
+  private static String getSpringApplicationJson() throws JsonProcessingException {
+    String redisUrl = "redis://" + REDIS_NETWORK_ALIAS + ":" + REDIS_PORT;
+    logger.info("redisUrl: '{}'", redisUrl);
+    Map<String, String> properties =
+        Map.of(
+            "redis.connection",
+            redisUrl,
+            "services.igor.baseUrl",
+            "http://nowhere",
+            "services.clouddriver.baseUrl",
+            "http://" + GenericContainer.INTERNAL_HOST_HOSTNAME + ":" + clouddriverPort,
+            "services.front50.baseUrl",
+            "http://" + GenericContainer.INTERNAL_HOST_HOSTNAME + ":" + front50Port);
+    ObjectMapper mapper = new ObjectMapper();
+    return mapper.writeValueAsString(properties);
+  }
+
+  @AfterAll
+  static void cleanupOnce() {
+    if (fiatContainer != null) {
+      fiatContainer.stop();
+    }
+
+    if (redis != null) {
+      redis.stop();
+    }
+  }
+
+  @BeforeEach
+  void init(TestInfo testInfo) {
+    System.out.println("--------------- Test " + testInfo.getDisplayName());
+  }
+
+  @Test
+  void testHealthCheck() throws Exception {
+    // hit an arbitrary endpoint
+    HttpRequest request =
+        HttpRequest.newBuilder()
+            .uri(
+                new URI(
+                    "http://"
+                        + fiatContainer.getHost()
+                        + ":"
+                        + fiatContainer.getFirstMappedPort()
+                        + "/health"))
+            .GET()
+            .build();
+
+    HttpClient client = HttpClient.newHttpClient();
+
+    HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
+    assertThat(response).isNotNull();
+    logger.info("response: {}, {}", response.statusCode(), response.body());
+    assertThat(response.statusCode()).isEqualTo(200);
+  }
+}
diff --git a/fiat-integration/src/test/resources/logback.xml b/fiat-integration/src/test/resources/logback.xml
@@ -0,0 +1,36 @@
+<!--
+
+    Copyright 2024 Salesforce, Inc.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<configuration>
+
+    <!-- see https://java.testcontainers.org/supported_docker_environment/logging_config/ -->
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <root level="DEBUG">
+        <appender-ref ref="STDOUT" />
+    </root>
+
+    <logger name="org.testcontainers" level="INFO"/>
+    <logger name="tc" level="INFO"/>
+    <logger name="com.github.dockerjava" level="WARN"/>
+    <logger name="com.github.dockerjava.zerodep.shaded.org.apache.hc.client5.http.wire" level="OFF"/>
+    <logger name="wiremock.org.eclipse.jetty" level="INFO"/>
+</configuration>
diff --git a/settings.gradle b/settings.gradle
@@ -39,6 +39,7 @@ include 'fiat-api',
         'fiat-file',
         'fiat-github',
         'fiat-google-groups',
+        'fiat-integration',
         'fiat-ldap',
         'fiat-roles',
         'fiat-sql',