SECURESIGN-185 | Add tests to all pipelines (#190)

Pr to re add rekor e2e tests in RHTAP May have to wait until resource quota issues are fixed for it to run
securesign · Dec 12, 2023 · c84fe7e · c84fe7e
1 parent 180ed09
commit c84fe7e
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 7 deletions.
diff --git a/.tekton/rekor-build-test-image.yaml b/.tekton/rekor-build-test-image.yaml
@@ -0,0 +1,61 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: build-test-image
+  annotations:
+    tekton.dev/title: "Build a test image for rekor-server"
+spec:
+  workspaces:
+    - name: source
+  results:
+    - name: TEST_IMAGE_URL
+      description: The reference of the built image.
+  steps:
+    - name: build-and-push-test-image
+      securityContext:
+        capabilities:
+          add: ["SETFCAP"]
+      workingDir: $(workspaces.source.path)
+      image: quay.io/buildah/stable:v1
+      volumeMounts:
+        - name: docker-config-volume
+          mountPath: $(workspaces.source.path)/.docker
+        - name: brew-config-volume
+          mountPath: $(workspaces.source.path)/.brew_auth
+        - name: varlibcontainers
+          mountPath: /home/build/.local/share/containers
+      env:
+        - name: REGISTRY_AUTH_FILE
+          value: .docker/.dockerconfigjson
+      script: |
+        #!/usr/bin/env sh
+        buildah --storage-driver=vfs bud \
+        --target=test --format=oci \
+        --tls-verify=true --no-cache \
+        --authfile .brew_auth/.dockerconfigjson \
+        -f source/Dockerfile -t quay.io/securesign/rekor-server_test:latest source
+
+        buildah --storage-driver=vfs push \
+        --tls-verify=true \
+        quay.io/securesign/rekor-server_test:latest \
+        docker://quay.io/securesign/rekor-server_test:latest
+
+    - name: get-image-sha
+      workingDir: $(workspaces.source.path)
+      image: quay.io/skopeo/stable:v1
+      script: |
+        export IMAGE_DIGEST=$(skopeo inspect docker://quay.io/securesign/rekor-server_test:latest | grep -m1 '"Digest":' | awk -F'"' '{print $4}')
+        echo -n "quay.io/securesign/rekor-server_test@$IMAGE_DIGEST" > $(results.TEST_IMAGE_URL.path)
+
+  volumes:
+    - name: docker-config-volume
+      secret:
+        secretName: rekor-test-build-secret
+    - name: brew-config-volume
+      secret:
+        secretName: brew-registry-pull-secret
+    - name: varlibcontainers
+      emptyDir: {}
+# This file bundles the builds for the rekor test image .
+# If any changes are made to this file, it must be pushed to Quay using the following command:
+# 'tkn bundle push quay.io/securesign/rekor-build-test-image:latest -f .tekton/rekor-build-test-image.yaml'.
diff --git a/.tekton/rekor-e2e-test.yaml b/.tekton/rekor-e2e-test.yaml
@@ -15,7 +15,7 @@ spec:
 
   sidecars:
     - name: mysql
-      image: gcr.io/trillian-opensource-ci/db_server:v1.4.0
+      image: quay.io/redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/trillian-database:0870a57daf2b2cca85219e76064606969c0369df
       env:
         - name: MYSQL_ROOT_PASSWORD
           value: zaphod
@@ -27,18 +27,18 @@ spec:
           value: zaphod
 
     - name: redis-server
-      image: registry.redhat.io/rhel9/redis-6@sha256:031a5a63611e1e6a9fec47492a32347417263b79ad3b63bcee72fc7d02d64c94
+      image: registry.redhat.io/rhel9/redis-6@sha256:91b755b9fb09b7299896f9a90f7d2752fdba36a8e6e9b9d1ddc17f3f92466745
 
     - name: trillian-log-server
-      image: quay.io/redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/trillian-logserver:build-58a79-1696502872
+      image: quay.io/redhat-user-workloads/rhtas-tenant/trillian-1-0-gamma/trillian-logserver-1-5:b0fbe2d8a36ceb49d83536fe59d00dc48e055901
       workingDir: $(workspaces.source.path)/source
       command: 
         - "/bin/sh"
         - "-c"
         - 'sleep 60 && /trillian_log_server --storage_system=mysql --mysql_uri="test:zaphod@tcp(127.0.0.1:3306)/test" --rpc_endpoint=0.0.0.0:8090 --http_endpoint=0.0.0.0:8091 --alsologtostderr'
 
     - name: trillian-log-signer
-      image: quay.io/redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/trillian-logsigner:build-38813-1696586021
+      image: quay.io/redhat-user-workloads/rhtas-tenant/trillian-1-0-gamma/trillian-logsigner-1-5:b0fbe2d8a36ceb49d83536fe59d00dc48e055901
       workingDir: $(workspaces.source.path)/source
       command: 
         - "/bin/sh"
@@ -69,6 +69,4 @@ spec:
 
 # This file bundles the e2e tests for rekor. 
 # If any changes are made to this file, it must be pushed to Quay using the following command:
-# 'tkn bundle push quay.io/securesign/rekor-e2e-test:latest -f .tekton/rekor-e2e-test.yaml'.
-# This will generate a new SHA for the bundle. 
-# Ensure that this new SHA is updated in the pull and push pipeline files for each component.
+# 'tkn bundle push quay.io/securesign/rekor-e2e-test:latest -f .tekton/rekor-e2e-test.yaml'.
diff --git a/.tekton/rekor-server-1-0-gamma-pull-request.yaml b/.tekton/rekor-server-1-0-gamma-pull-request.yaml
@@ -398,6 +398,39 @@ spec:
       workspaces:
         - name: source
           workspace: workspace
+    - name: build-test-image
+      runAfter:
+      - prefetch-dependencies
+      taskRef:
+        params:
+        - name: name
+          value: build-test-image
+        - name: bundle
+          value: quay.io/securesign/rekor-build-test-image:latest
+        - name: kind
+          value: task
+        resolver: bundles
+      workspaces:
+        - name: source
+          workspace: workspace
+    - name: run-e2e-test
+      params:
+      - name: TEST_IMAGE_URL
+        value: $(tasks.build-test-image.results.TEST_IMAGE_URL)
+      runAfter:
+      - build-test-image
+      taskRef:
+        params:
+        - name: name
+          value: rekor-e2e-test
+        - name: bundle
+          value: quay.io/securesign/rekor-e2e-test:latest
+        - name: kind
+          value: task
+        resolver: bundles
+      workspaces:
+        - name: source
+          workspace: workspace
     workspaces:
     - name: workspace
     - name: git-auth