feat: run test not in docker by default (#1606) [TOOLS][MAJOR]

Co-authored-by: Cas Lubbers <[email protected]>
Co-authored-by: Jehoszafat Zimnowoda <[email protected]>

Author: 3 people

.env.sample

@@ -1,5 +1,4 @@
 # will bypass docker but expects all binaries present on host
-IN_DOCKER=1
 VERBOSITY=2
 # will disable contacting the cluster as found in kube context:
 DISABLE_SYNC=1

.github/workflows/otomi-tools-build-push.yaml

@@ -4,9 +4,9 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version to build and push'
+        description: 'Placeholder, this value is not yet used.'
         required: false
-        default: 'latest'
+        default: 'run'
         type: string
   push:
     branches:
@@ -26,6 +26,13 @@ jobs:
         with:
           fetch-depth: '2'
 
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -63,29 +70,19 @@ jobs:
             echo OLD_VERSION = ${OLD_VERSION}
             echo NEW_VERSION = ${NEW_VERSION}
           fi
-
           echo "No need to bump the version. Will skip next steps."
 
-      - name: Build and tag Docker image
-        if: ${{ env.NEW_VERSION != null }}
-        run: |
-          docker buildx build --load -t ${{ env.NAMESPACE }}/${{ env.REPO }} -f tools/Dockerfile .
-          docker tag ${{ env.NAMESPACE }}/${{ env.REPO }} ${{ env.NAMESPACE }}/${{ env.REPO }}:${{ env.NEW_VERSION }}
-
-      - name: Squash image
-        if: ${{ env.NEW_VERSION != null }}
-        run: |
-          pip3 install docker-squash
-          docker-squash otomi/tools -t ${{ env.NAMESPACE }}/${{ env.REPO }}:${{ env.NEW_VERSION }}
-
       - name: Login to GitHub Container Registry
         if: ${{ env.NEW_VERSION != null }}
         uses: docker/login-action@v3
         with:
           username: 'otomi'
           password: '${{ secrets.DOCKERHUB_OTOMI_TOKEN }}'
-
-      - name: Push Docker image
-        if: ${{ env.NEW_VERSION != null }}
-        run: |
-          docker push ${{ env.NAMESPACE }}/${{ env.REPO }}:${{ env.NEW_VERSION }}
+      - name: image build and push tag for branch
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64
+          file: tools/Dockerfile
+          tags: |
+            ${{ env.NAMESPACE }}/${{ env.REPO }}:${{ env.NEW_VERSION }}

.husky/pre-push

@@ -2,11 +2,3 @@
 . "$(dirname "$0")/_/husky.sh"
 
 npm run lint
-
-# Not in main
-if ! git diff HEAD main --quiet; then
-  # if values files have BOTH been modified, then we know migrate is safe
-  if test $(git diff origin/main --name-only | awk 'xor(/values-schema.yaml/,/values-changes.yaml/)' | wc -l) = 2; then
-    npm run migrate-values
-  fi
-fi

Dockerfile

@@ -1,4 +1,4 @@
-FROM otomi/tools:v1.6.0 as ci
+FROM otomi/tools:multi-arch as ci
 
 ENV APP_HOME=/home/app/stack
 
@@ -9,7 +9,6 @@ ARG SKIP_TESTS='false'
 ENV NODE_ENV='test'
 ENV CI=true
 ENV ENV_DIR=$APP_HOME/env
-ENV IN_DOCKER='1'
 ENV VERBOSITY='2'
 ENV DISABLE_SYNC='1'
 ENV NODE_PATH='dist'
@@ -28,11 +27,10 @@ FROM ci as clean
 RUN npm prune --production
 
 #-----------------------------
-FROM otomi/tools:v1.6.0 as prod
+FROM otomi/tools:multi-arch as prod
 
 ENV APP_HOME=/home/app/stack
 ENV ENV_DIR=/home/app/stack/env
-ENV IN_DOCKER='1'
 ENV VERBOSITY='0'
 ENV NODE_NO_WARNINGS='1'
 ENV NODE_PATH='dist'

bin/build-gatekeeper-artifacts.sh

@@ -49,7 +49,7 @@ function build() {
 function decorate() {
   echo "Decorating template/constraints files with properties."
   local map_constraints_expr='.policies as $constraints |  $constraints | keys[] | {(.): $constraints[.]}'
-  for constraint in $(yq r $policies_file -j | jq --raw-output -S -c "$map_constraints_expr"); do
+  for constraint in $(yq -o=json $policies_file | jq --raw-output -S -c "$map_constraints_expr"); do
     local key=$(echo $constraint | jq --raw-output '. | keys[0]')
     # NOTE:
     # Konstraint library is generating filenames from folder names using the dash symbol "-" as uppercase markup. Example:  file-name => FileName
@@ -58,16 +58,16 @@ function decorate() {
     # decorate constraints with parameters
     local constraints_file=$(ls $tmp_path/constraint_* | grep -i "$filename.yaml")
     local parameters=$(echo $constraint | jq --raw-output -c "{\"spec\":{\"parameters\": {\"$key\"} }}")
-    local constraints=$(yq r -P -j $constraints_file | jq --raw-output -c '.')
-    jq -n --argjson constraints $constraints --argjson parameters $parameters '$constraints * $parameters | .' | yq r -P - >"$constraints_file"
+    local constraints=$(yq -o=json $constraints_file | jq --raw-output -c '.')
+    jq -n --argjson constraints $constraints --argjson parameters $parameters '$constraints * $parameters | .' | yq -o=yaml - >"$constraints_file"
     # decorate constraint templates with openAPI schema properties
     local map_properties_expr='. as $properties | {"spec":{"crd":{"spec":{"validation": {"openAPIV3Schema": $properties }}}}} | .'
     local policy_json_path="properties.policies.properties[${key}]"
-    local properties=$(yq -j r $compiled_schema_path $policy_json_path | yq d - '**.required.' | yq d - '**.default.' | yq d - '**.additionalProperties.' | jq -c --raw-output "$map_properties_expr")
+    local properties=$(yq e 'del(..|.required?, .default?, .additionalProperties?)' -o=json -I=0 $compiled_schema_path | jq -c --raw-output "$map_properties_expr")
     local ctemplates_file=$(ls $tmp_path/template_* | grep -i "$filename.yaml")
     local template_file=${ctemplates_file/$tmp_path/$templates_path}
-    local template=$(yq r -P -j $ctemplates_file | jq --raw-output -c '.')
-    jq -n --argjson template "$template" --argjson properties "$properties" '$template * $properties | .' | yq r -P - >"$template_file"
+    local template=$(yq e -o=json -I=0 $ctemplates_file | jq --raw-output -c '.')
+    jq -n --argjson template "$template" --argjson properties "$properties" '$template * $properties | .' | yq e -o=yaml - >"$template_file"
   done
 }
 

bin/common.sh

@@ -106,11 +106,10 @@ fi
 function _rind() {
   local cmd="$1"
   shift
-  if [ $has_docker = 'true' ] && [ -z "$IN_DOCKER" ]; then
+  if [ $has_docker = 'true' ] && [ "${IN_DOCKER,,}" == "true" ]; then
     docker run --rm \
       $LINUX_WORKAROUND \
       -v $ENV_DIR:$ENV_DIR \
-      -e IN_DOCKER='1' \
       -e ENV_DIR=$ENV_DIR \
       $otomi_tools_image $cmd "$@"
     return $?
@@ -133,7 +132,7 @@ function yq() {
 
 function yqr() {
   local all_values=$(hf_values)
-  local ret=$(echo "$all_values" | yq r - "$@")
+  local ret=$(echo "$all_values" | yq "$@" -)
   [ -z "$ret" ] && return 1
   echo $ret
 }
@@ -149,14 +148,14 @@ function get_k8s_version() {
 
 function otomi_image_tag() {
   local otomi_version=$OTOMI_VERSION
-  [ -z "$otomi_version" ] && [ -f $otomi_settings ] && otomi_version=$(yq r $otomi_settings otomi.version)
+  [ -z "$otomi_version" ] && [ -f $otomi_settings ] && otomi_version=$(yq '.otomi.version' $otomi_settings)
   [ -z "$otomi_version" ] && otomi_version=$(cat $PWD/package.json | jq -r .version)
   [ -z "$otomi_version" ] && otomi_version='main'
   echo $otomi_version
 }
 
 function customer_name() {
-  [ -f $otomi_settings ] && yq r $otomi_settings "customer.name" && return 0
+  [ -f $otomi_settings ] && yq 'customer.name' $otomi_settings && return 0
   [ -n "$CI" ] && return 0
   return 1
 }
@@ -236,7 +235,7 @@ function hf_values() {
   hf -f helmfile.tpl/helmfile-dump.yaml build |
     grep -Ev $helmfile_output_hide |
     sed -e $replace_paths_pattern |
-    yq read -P - 'renderedvalues'
+    yq '.renderedvalues' -
 }
 
 function hf_template() {

binzx/installer

@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
 
 readonly script=otomi
-readonly branch=${OTOMI_TAG:-main}
+readonly current_branch=$(git rev-parse --abbrev-ref HEAD)
+readonly branch=${OTOMI_TAG:-$current_branch}
 readonly remote=https://raw.githubusercontent.com/redkubes/otomi-core/$branch/binzx/$script
 readonly path=/usr/local/bin
 
@@ -38,6 +39,9 @@ if [[ $SHELL == *zsh* ]] || [[ $SHELL == *bash* ]]; then
       acPath='/usr/local/share/zsh/site-functions/_otomi'
       if [[ $SHELL == *bash* ]]; then
         acPath='/usr/local/etc/bash_completion.d/otomi.bash'
+        mkdir -p /usr/local/etc/bash_completion.d
+      else
+        mkdir -p /usr/local/share/zsh/site-functions
       fi
       otomi completion | tr -d '\r' >$acPath
       chmod +x $acPath
@@ -51,5 +55,8 @@ if [[ $SHELL == *zsh* ]] || [[ $SHELL == *bash* ]]; then
   esac
 fi
 
+# The /tmp/otomi is created by regular user. Installer creates it with root permisions only
+rm -rf /tmp/otomi
+
 echo "Otomi has been installed in $file"
 echo 'You can now run it by calling `otomi`'

binzx/otomi

@@ -14,15 +14,21 @@
 # shellcheck disable=SC2128
 [ "${BASH_VERSINFO:-0}" -lt 4 ] && echo "You are using $BASH_VERSINFO, while we only support Bash -ge than version 4. Please upgrade." && exit 1
 calling_args="$*"
+if [ -z "$IN_DOCKER" ]; then
+  IN_DOCKER=false
+fi
 if [ "$NODE_ENV" == "test" ]; then
   CI=1
   ENV_DIR="$PWD/tests/fixtures"
   NOPULL=1
   OTOMI_TAG="main"
-elif [ -z "$ENV_DIR" ] && [ -n "$IN_DOCKER" ]; then
+elif [ -z "$ENV_DIR" ] && [ "${IN_DOCKER,,}" == "false" ]; then
   ENV_DIR="$PWD/env"
-elif [ -z "$IN_DOCKER" ] && [ -n "$ENV_DIR" ]; then
-  mkdir -p $ENV_DIR
+elif [ -z "$IN_DOCKER" ]; then
+  IN_DOCKER=false
+  if [ -n "$ENV_DIR" ]; then
+    mkdir -p $ENV_DIR
+  fi
 fi
 [[ "$ENV_DIR" == *"../"* ]] && echo "Don't provide an ENV_DIR that contains '../'!" && exit 1
 # treat CI and chart as non interactive
@@ -176,7 +182,7 @@ check_update() {
   fi
 }
 
-[ -z $DONT_CHECK_UPDATE ] && [ -z $IN_DOCKER ] && silent echo "Checking for updates" && check_update
+[ -z $DONT_CHECK_UPDATE ] && [ "${IN_DOCKER,,}" != "false" ] && silent echo "Checking for updates" && check_update
 
 tmp_env=$(mktemp)
 
@@ -232,7 +238,7 @@ dump_vars "${vars[@]}"
 
 cat >>$tmp_env <<EOF
 OTOMI_CALLER_COMMAND=${BASH_SOURCE[0]##*/}
-IN_DOCKER=1
+IN_DOCKER=false
 EOF
 
 helm_config="$HOME/.config/helm"
@@ -279,7 +285,7 @@ if [ "$1" = "bash" ] && [ "$#" = "1" ]; then
   cmd="bash"
 fi
 
-if { { [ "$otomi_version_used" = 'latest' ] || [ "$otomi_version_used" = 'main' ]; } || [ -n "$FORCE_PULL" ]; } && [ -z $NOPULL ] && [ -z $IN_DOCKER ]; then
+if { { [ "$otomi_version_used" = 'latest' ] || [ "$otomi_version_used" = 'main' ]; } || [ -n "$FORCE_PULL" ]; } && [ -z $NOPULL ] && [ "${IN_DOCKER,,}" != "false" ]; then
   silent echo "Pulling latest version of the docker image, please wait"
   silent docker pull $otomi_tools_image
   status=$?
@@ -304,7 +310,7 @@ mkdir -p /tmp/otomi
 # Issue arises due to OSX not assuming UTF-8 format: https://unix.stackexchange.com/a/64905 need to set LC_ALL=C
 container_name="otomi-core-$(cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | fold -w 6 | head -n 1)"
 
-if [ -n "$IN_DOCKER" ]; then
+if [ "${IN_DOCKER,,}" == "false" ]; then
   silent echo $cmd
   $cmd
   status=$?

chart/otomi/localtest.sh

@@ -8,7 +8,7 @@ set -eu
 # Set port forwarding so otomi the 'otomi apply' can push values to gitea
 # k port-forward -n gitea svc/gitea-http 3000:3000
 
-export IN_DOCKER=1
+export IN_DOCKER=false
 # OTOMI_DEV_APPLY_LABEL - In local test you can narrow down the helm releases that are going to be installed while perogotim otomi apply
 # export OTOMI_DEV_APPLY_LABEL=pkg=gitea
 export VALUES_INPUT=${VALUES_INPUT:-'tests/bootstrap/input.yaml'}

charts/otomi-pipelines/templates/tekton-otomi-git-clone.yaml

@@ -25,7 +25,7 @@ spec:
   stepTemplate:
     computeResources: {{- toYaml .Values.tektonTask.resources | nindent 6 }}
     workingDir: $(workspaces.source.path)
-    image: otomi/core:v1.0.0
+    image: otomi/core:{{ .Values.otomiVersion }}
   steps:
     - name: git-clone
       script: |
@@ -63,7 +63,7 @@ spec:
             echo -n "0" > $(results.CI.path) && export CI="0" && echo "Finished"
         fi
         
-        echo -n "$(yq r values/env/settings.yaml otomi.version)" > $(results.OTOMI_VERSION.path)
+        echo -n "$(yq '.otomi.version' values/env/settings.yaml)" > $(results.OTOMI_VERSION.path)
         cd values
         # Check if team files has been changed
         if git diff --name-only  HEAD~1 | grep  -e "env/.*.teams" -e "env/teams"; then

charts/otomi-pipelines/templates/tekton-otomi-task-teams.yaml

@@ -30,7 +30,7 @@ spec:
     - name: CI
       value: $(params["CI"])
     - name: IN_DOCKER
-      value: '1'
+      value: 'false'
     - name: ENV_DIR
       value: /home/app/stack/env
     - name: VERBOSE

charts/otomi-pipelines/templates/tekton-otomi-task.yaml

@@ -30,7 +30,7 @@ spec:
     - name: CI
       value: $(params["CI"])
     - name: IN_DOCKER
-      value: '1'
+      value: 'false'
     - name: ENV_DIR
       value: /home/app/stack/env
     - name: VERBOSE

charts/otomi-pipelines/values.yaml

@@ -30,4 +30,6 @@ kms: {}
 
 giteaPassword: ""
 
-cloneUnsecure: false
+cloneUnsecure: false
+
+otomiVersion: 0.1.0

docs/development.md

@@ -418,7 +418,7 @@ npm run install-deps
 Then instruct Otomi to not run in docker:
 
 ```
-export IN_DOCKER=1
+export IN_DOCKER=false
 ```
 
 Next you can execute `otomi apply` or `otomi status` against your to connect with your kubernetes cluster.

package.json

@@ -117,9 +117,9 @@
   },
   "scripts": {
     "install-deps": "bin/install-deps.sh",
-    "app-versions:csv": "echo 'name,appVersion,chartVersion'; for f in $(find charts -name Chart.yaml -type f -maxdepth 2| sort); do yq eval -o=json $f | jq -rc '. | [.name, .appVersion, .version] | @csv' | tr -d '\"'; done",
+    "app-versions:csv": "echo 'name,appVersion,chartVersion'; for f in $(find charts -name Chart.yaml -type f -maxdepth 2| sort); do yq e -o=json -I=0 $f | jq -rc '. | [.name, .appVersion, .version] | @csv' | tr -d '\"'; done",
     "adr": "adr-log -d adr -i",
-    "check-policies": "NODE_ENV=test binzx/otomi check-policies",
+    "check-policies": "ENV_DIR=$PWD/tests/fixtures NODE_ENV=test binzx/otomi check-policies",
     "clean": "rm -rf dist >/dev/null",
     "compile": "npm run clean && tsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json -v --dir dist && chmod +x ./dist/src/otomi.js",
     "compile:watch": "npm run compile && tsc -w",
@@ -134,7 +134,7 @@
     "lint": "run-p spellcheck lint:hf lint:ts lint:types",
     "lint-staged": "lint-staged",
     "lint:fix": "prettier --write tests/**/*.yaml --write '.values/env/**/*.yaml' && npm run lint:ts:fix",
-    "lint:hf": "NODE_ENV=test binzx/otomi lint",
+    "lint:hf": "ENV_DIR=$PWD/tests/fixtures NODE_ENV=test binzx/otomi lint",
     "lint:ts": "eslint --ext ts src",
     "lint:ts:fix": "eslint --fix --ext ts src",
     "lint:types": "tsc --noEmit",
@@ -150,11 +150,11 @@
     "tasks:copy-certs": "binzx/otomi task -n copyCerts",
     "test": "run-s test:ts lint validate-values validate-templates check-policies",
     "test:opa": "NODE_ENV=test binzx/otomi x opa test policies -v",
-    "test:ts": "NODE_ENV=test jest",
+    "test:ts": "ENV_DIR=$PWD/tests/fixtures NODE_ENV=test jest",
     "test:ts-cov": "jest --coverage",
-    "validate-templates": "NODE_ENV=test binzx/otomi validate-templates",
+    "validate-templates": "ENV_DIR=$PWD/tests/fixtures NODE_ENV=test binzx/otomi validate-templates",
     "validate-templates:all": "set -e; i=25; while [ $i -le 28 ]; do NODE_ENV=test binzx/otomi validate-templates -k 1.$i; i=$(($i+1)); done",
-    "validate-values": "NODE_ENV=test binzx/otomi validate-values",
+    "validate-values": "ENV_DIR=$PWD/tests/fixtures NODE_ENV=test binzx/otomi validate-values",
     "bootstrap-dev": "rm -rf /tmp/otomi-bootstrap-dev; CI=1 VALUES_INPUT=$PWD/tests/bootstrap/input.yaml ENV_DIR=/tmp/otomi-bootstrap-dev binzx/otomi bootstrap",
     "bootstrap-dev-with-repo": "CI=1 ENV_DIR=/tmp/otomi-bootstrap-dev binzx/otomi bootstrap"
   },

schemas/gen-missing-crd-schemas.sh

@@ -21,7 +21,7 @@ rm -rf $input_folder/*
 for pkg in "pipeline" "pipelinerun" "task" "taskrun" ; do
   pkg_file="$input_folder/$pkg.yaml"
   echo '' >$pkg_file
-  for crd in $(kubectl get crd | grep $pkg | awk '{print $1}'); do kubectl get crd $crd -o yaml | yq e 'del(.metadata)' | yq e 'del(.status)' >>$pkg_file && printf "\n---\n" >>$pkg_file; done
+  for crd in $(kubectl get crd | grep $pkg | awk '{print $1}'); do kubectl get crd $crd -o yaml | yq 'del(.metadata, .status)' - >>$pkg_file && printf "\n---\n" >>$pkg_file; done
   pushd $gen_folder || exit
   ../crd2jsonschema.py ../input-crds/$pkg.yaml
   popd || exit

src/cmd/migrate.test.ts

@@ -413,5 +413,5 @@ describe('Network policies migrations', () => {
     await applyChanges([valuesChanges], false, deps)
     const expectedValues = getExpectedValues()
     expect(deps.writeValues).toBeCalledWith(expectedValues, true)
-  })
+  }, 20000)
 })