tests: bud: make parallel-safe

- all images pushed to a local registry must have a unique name. Bring in safename() helper from podman tests. - all cache tests must use a private TMPDIR - in force-compression test, use a custom-crafted image with no possibility of sharing layers with any other image that any other test might push to the registry. - use a private crun tmpdir in seccomp test, because crun does some unexpected caching. And, forgive me, a little refactoring of unpleasant duplication Signed-off-by: Ed Santiago <[email protected]>
containers · Nov 4, 2024 · 68722ca · 68722ca
1 parent fb37abb
commit 68722ca
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 25 deletions.
diff --git a/tests/bud.bats b/tests/bud.bats
@@ -16,7 +16,7 @@ load helpers
   start_registry
   run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
 
-  imgname="img$(random_string | tr A-Z a-z)"
+  imgname="img-$(safename)"
   run_buildah build $WITH_POLICY_JSON -t "${imgname}1" --platform linux/amd64 -f $BUDFILES/dockerfile/Dockerfile
   run_buildah build $WITH_POLICY_JSON -t "${imgname}2" --platform linux/arm64 -f $BUDFILES/dockerfile/Dockerfile
 
@@ -51,7 +51,7 @@ _EOF
   start_registry
   run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
 
-  imgname="img$(random_string | tr A-Z a-z)"
+  imgname="img-$(safename)"
   run_buildah build $WITH_POLICY_JSON -t "${imgname}1" --platform linux/amd64 -f $contextdir/Dockerfile1
   run_buildah build $WITH_POLICY_JSON -t "${imgname}2" --platform linux/arm64 -f $contextdir/Dockerfile1
 
@@ -81,7 +81,7 @@ _EOF
   start_registry
   run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
 
-  imgname="img$(random_string | tr A-Z a-z)"
+  imgname="img-$(safename)"
   run_buildah build $WITH_POLICY_JSON -t "${imgname}1" --platform linux/amd64 -f $contextdir/Dockerfile1
   run_buildah build $WITH_POLICY_JSON -t "${imgname}2" --platform linux/arm64 -f $contextdir/Dockerfile1
 
@@ -131,7 +131,7 @@ _EOF
 }
 
 @test "no layer should be created on scratch" {
-  imgname="img$(random_string | tr A-Z a-z)"
+  imgname="img-$(safename)"
 
   run_buildah build --layers --label "label1=value1" -t $imgname -f $BUDFILES/from-scratch/Containerfile
   run_buildah inspect -f '{{len .Docker.RootFS.DiffIDs}}' $imgname
@@ -156,32 +156,32 @@ FROM scratch
 COPY /therecanbeonly1 /uniquefile
 _EOF
 
-  imgname="img$(random_string | tr A-Z a-z)"
+  imgname="img-$(safename)"
 
   start_registry
   run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
   run_buildah build $WITH_POLICY_JSON -t $imgname --platform linux/amd64 $contextdir
 
   # Helper function. push our image with the given options, and run skopeo inspect
   function _test_buildah_push() {
-      run_buildah push \
-                  $WITH_POLICY_JSON \
-                  --authfile ${TEST_SCRATCH_DIR}/test.auth \
-                  --tls-verify=false \
-                  $* \
-                  $imgname \
-                  docker://localhost:${REGISTRY_PORT}/$imgname
-
-      echo "# skopeo inspect $imgname"
-      run podman run --rm \
-          --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z \
-          --net host \
-          quay.io/skopeo/stable inspect \
-          --authfile=/test.auth \
-          --tls-verify=false \
-          --raw \
-          docker://localhost:${REGISTRY_PORT}/$imgname
-      echo "$output"
+    run_buildah push \
+                $WITH_POLICY_JSON \
+                --authfile ${TEST_SCRATCH_DIR}/test.auth \
+                --tls-verify=false \
+                $* \
+                $imgname \
+                docker://localhost:${REGISTRY_PORT}/$imgname
+
+    echo "# skopeo inspect $imgname"
+    run podman run --rm \
+        --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z \
+        --net host \
+        quay.io/skopeo/stable inspect \
+        --authfile=/test.auth \
+        --tls-verify=false \
+        --raw \
+        docker://localhost:${REGISTRY_PORT}/$imgname
+    echo "$output"
   }
 
   # layers should have no trace of zstd since push was with --compression-format gzip
@@ -5634,8 +5634,8 @@ _EOF
     cruntmp=${TEST_SCRATCH_DIR}/crun
     mkdir $cruntmp
     run_buildah build --runtime=crun --runtime-flag=debug --runtime-flag=root=$cruntmp \
-                    --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json \
-                    -q -t alpine-bud-crun $WITH_POLICY_JSON --file ${mytmpdir}/Containerfile .
+                --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json \
+                -q -t alpine-bud-crun $WITH_POLICY_JSON --file ${mytmpdir}/Containerfile .
     expect_output --substring "unknown seccomp syscall"
   fi
 

diff --git a/tests/helpers.bash b/tests/helpers.bash
@@ -233,6 +233,25 @@ function random_string() {
     head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length
 }
 
+##############
+#  safename  #  Returns a pseudorandom string suitable for container/image/etc names
+##############
+#
+# Name will include the bats test number and a pseudorandom element,
+# eg "t123-xyz123". safename() will return the same string across
+# multiple invocations within a given test; this makes it easier for
+# a maintainer to see common name patterns.
+#
+# String is lower-case so it can be used as an image name
+#
+function safename() {
+    safenamepath=$BATS_SUITE_TMPDIR/.safename.$BATS_SUITE_TEST_NUMBER
+    if [[ ! -e $safenamepath ]]; then
+        echo -n "t${BATS_SUITE_TEST_NUMBER}-$(random_string 8 | tr A-Z a-z)" >$safenamepath
+    fi
+    cat $safenamepath
+}
+
 function buildah() {
     ${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} "$@"
 }