write-e2e-tests: run full test environment (#130)

* write-e2e-tests: run full test environment

.circleci/config.yml

@@ -63,7 +63,8 @@ workflows:
 
       - general/python-release-poetry:
           name: python package [pypi]
-          context: pypi
+          context:
+            - pypi
           repository: pypi
           requires:
             - 'hold: tagged pipeline'
@@ -84,7 +85,6 @@ workflows:
       #       --build-arg=PYTHON_USERNAME=$NEXUS_USERNAME
       #       --build-arg=PYTHON_PASSWORD=$NEXUS_PASSWORD
       #       --build-arg=PYTHON_REPOSITORY=python
-      #       --build-arg=REPO_DOMAIN=$REPO_DOMAIN
       #     requires:
       #       - python package [nexus]
       #       - python package [pypi]
@@ -98,16 +98,15 @@ workflows:
           name: docker build [dockerhub]
           image-name: pass-operator
           context:
-            - nexus
+            - pypi
             - dockerhub
           tag: $CIRCLE_TAG
-          # This installs the artifact from my private registry instead of the public one.
           args: >-
             --build-arg=PYTHON_PACKAGE_VERSION=$CIRCLE_TAG
-            --build-arg=PYTHON_USERNAME=$NEXUS_USERNAME
-            --build-arg=PYTHON_PASSWORD=$NEXUS_PASSWORD
-            --build-arg=PYTHON_REPOSITORY=python
-            --build-arg=REPO_DOMAIN=$REPO_DOMAIN
+            --build-arg=PYTHON_USERNAME=$TWINE_USERNAME
+            --build-arg=PYTHON_PASSWORD=$TWINE_PASSWORD
+            --build-arg=PYTHON_REPOSITORY=pypi
+            --target=production
           requires:
             # - python package [nexus]
             - python package [pypi]

Dockerfile

@@ -1,10 +1,29 @@
 ARG IMAGE=python
 ARG TAG=3.10.13
 
-FROM ${IMAGE}:${TAG}
+FROM ${IMAGE}:${TAG} AS base
 
 SHELL [ "/bin/bash", "-c" ]
 
+ENV PYTHONUNBUFFERED=1 \
+    OPERATOR_INTERVAL=60 \
+    OPERATOR_INITIAL_DELAY=3 \
+    OPERATOR_PRIORITY=100 \
+    OPERATOR_NAMESPACE=default \
+    PASS_BINARY=/usr/bin/pass \
+    PASS_DIRECTORY=repo \
+    PASS_GPG_KEY_ID="" \
+    PASS_GPG_KEY="" \
+    PASS_GPG_PASSPHRASE="" \
+    PASS_GIT_URL="" \
+    PASS_GIT_BRANCH=main \
+    PASS_SSH_PRIVATE_KEY="" \
+    PYTHONUNBUFFERED=1
+
+ARG TINI_VERSION=v0.19.0
+ARG PASS_VERSION=1.7.4-6
+ARG ARCHITECTURE=arm64
+
 # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
 LABEL org.opencontainers.image.description "© PremiScale, Inc. 2024"
 LABEL org.opencontainers.image.licenses "GPLv3"
@@ -14,58 +33,63 @@ LABEL org.opencontainers.image.documentation "https://premiscale.com"
 USER root
 
 # https://github.com/krallin/tini
-ARG TINI_VERSION=v0.19.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
-RUN chmod +x /tini
+RUN curl -sL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-${ARCHITECTURE} -o /tini \
+    && chmod +x /tini
 
-ARG PASS_VERSION=1.7.4-6
 RUN apt update \
     && apt list -a pass \
     && apt install -y pass="$PASS_VERSION" \
     && rm -rf /var/apt/lists/*
 
 # Add 'passoperator' user and group.
-# Funny enough, 'operator' is already a user in Linux.
+# Funny enough, the 'operator' user already exists on Linux.
 RUN groupadd passoperator \
     && useradd -rm -d /opt/pass-operator -s /bin/bash -g passoperator -u 10001 passoperator
 
 WORKDIR /opt/pass-operator
 
+# Ensure that the 'operator' user owns the directory and set up a Git hook that prevents the user from pushing.
 RUN chown -R passoperator:passoperator . \
     && mkdir /hooks \
     && printf "[pull]\\n    rebase = true\\n[core]\\n    hooksPath = /hooks" > /etc/gitconfig
 COPY --chown=root:root --chmod=555 bin/pre-push.sh /hooks/pre-push
 
 USER 10001
 
+COPY --chown=passoperator:passoperator --chmod=550 bin/entrypoint.sh /entrypoint.sh
+
+## DEVELOPMENT IMAGE
+
+FROM base AS develop
+
+COPY src/ ./src/
+COPY README.md LICENSE poetry.lock pyproject.toml ./
+
+ENV PATH=/opt/pass-operator/.local/bin:${PATH}
+
+# Set up SSH and install the pass-operator package from my private registry.
+RUN mkdir -p "$HOME"/.local/bin "$HOME"/.ssh "$HOME"/.gnupg \
+    && chmod 700 "$HOME"/.gnupg \
+    && curl -sSL https://install.python-poetry.org | python3 - \
+    && poetry install \
+    && poetry run passoperator --version
+
+ENTRYPOINT [ "/tini", "--", "/entrypoint.sh" ]
+
+## PRODUCTION IMAGE
+
+FROM base as production
+
 ARG PYTHON_USERNAME
 ARG PYTHON_PASSWORD
 ARG PYTHON_REPOSITORY
 ARG PYTHON_INDEX=https://${PYTHON_USERNAME}:${PYTHON_PASSWORD}@${PYTHON_REPOSITORY}
 ARG PYTHON_PACKAGE_VERSION=0.0.1
 
-ENV PATH=${PATH}:/opt/pass-operator/.local/bin \
-    PYTHONUNBUFFERED=1
-
 # Set up SSH and install the pass-operator package from my private registry.
 RUN mkdir -p "$HOME"/.local/bin "$HOME"/.ssh "$HOME"/.gnupg \
     && chmod 700 "$HOME"/.gnupg \
     && pip install --upgrade pip \
     && pip install --no-cache-dir --no-input --extra-index-url="${PYTHON_INDEX}" pass-operator=="${PYTHON_PACKAGE_VERSION}"
 
-ENV OPERATOR_INTERVAL=60 \
-    OPERATOR_INITIAL_DELAY=3 \
-    OPERATOR_PRIORITY=100 \
-    OPERATOR_NAMESPACE=default \
-    PASS_BINARY=/usr/bin/pass \
-    PASS_DIRECTORY=repo \
-    PASS_GPG_KEY_ID="" \
-    PASS_GPG_KEY="" \
-    PASS_GPG_PASSPHRASE="" \
-    PASS_GIT_URL="" \
-    PASS_GIT_BRANCH=main \
-    PASS_SSH_PRIVATE_KEY=""
-
-COPY --chown=passoperator:passoperator --chmod=550 bin/entrypoint.sh /entrypoint.sh
-
 ENTRYPOINT [ "/tini", "--", "/entrypoint.sh" ]

package.json

@@ -16,8 +16,8 @@
     "minikube:up": "./scripts/minikube.sh start",
     "minikube:down": "./scripts/minikube.sh stop",
     "minikube:delete": "./scripts/minikube.sh delete",
-    "test:e2e": "yarn minikube:up && poetry run pytest -vrP src/test/e2e; yarn minikube:delete",
-    "test:unit": "poetry run pytest -vrP src/test/unit",
+    "test:e2e": "yarn minikube:up && poetry run pytest --full-trace -vrP src/test/e2e; yarn minikube:delete",
+    "test:unit": "poetry run pytest --full-trace -vrP src/test/unit",
     "test:e2e:test": "./src/test_hook.py"
   }
 }

scripts/minikube.sh

@@ -34,8 +34,16 @@ if [ "$1" == "start" ]; then
         --disk-size 30g
 
     # Docker registry for localhost images.
-    docker run --name docker-registry-redirect --rm -itd --network=host ubuntu:22.04 /bin/bash -c "apt update && apt install -y socat && socat TCP-LISTEN:5000,reuseaddr,fork TCP:$(minikube ip -p pass-operator):5000"
-
+    docker run --name docker-registry-redirect -itd --rm --network=host alpine/socat:latest "TCP-LISTEN:5000,reuseaddr,fork" "TCP:$(minikube ip -p pass-operator):5000"
+    # docker run --name docker-registry-redirect --rm -itd --network=host alpine/socat:latest /bin/bash -c "socat TCP-LISTEN:5000,reuseaddr,fork TCP:$(minikube ip -p pass-operator):5000"
+
+    # Wait for the package lock to be released, otherwise we can't push docker containers because the container isn't listening / redirecting on port 5000, yet.
+    # i=1
+    # until [ "$(docker exec -it docker-registry-redirect /bin/bash -c 'lsof /var/lib/dpkg/lock' || printf "no")" = "" ]; do
+    #     printf "INFO: Waiting for the package lock to be released, attempt %i\\n" "$(( i++ ))"
+    #     sleep 5
+    # done
+    sleep 15
     kubectl config current-context
     kubectl get nodes -o wide
     kubectl get pods -A

src/test/common.py

@@ -33,13 +33,14 @@ def run(command: List[str], shell=False, timeout: float = 300) -> CommandOutput:
 
     Args:
         command (str): shell command to run as a string.
-        split (str, optional): character to split the command by. Defaults to None.
         shell (bool, optional): whether to run the command in a shell. Defaults to False.
+        timeout (float, optional): timeout in seconds. Defaults to 300.
 
     Returns:
         CommandOutput: output, error, and return code.
     """
-    # print(' '.join(command))
+    # print(' '.join(c if c != '' else '""' for c in command))
+
     with Popen(command, stdin=PIPE, stdout=PIPE, stderr=PIPE, text=True, shell=shell, encoding='utf-8') as p:
         stdout, stderr = p.communicate(timeout=timeout) # blocking
         ret = CommandOutput(stdout.rstrip(), stderr.rstrip(), p.returncode)