-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default the ContainerUser to rootless users on .NET 8 and above #393
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,12 +16,13 @@ public class ParseContainerPropertiesTests | |
[DockerDaemonAvailableFact] | ||
public void Baseline() | ||
{ | ||
var (project, _) = ProjectInitializer.InitProject(new () { | ||
var (project, _, d) = ProjectInitializer.InitProject(new () { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need to dispose the ProjectCollection to ensure that the binlogs get written, again to help with debugging. |
||
[ContainerBaseImage] = "mcr.microsoft.com/dotnet/runtime:7.0", | ||
[ContainerRegistry] = "localhost:5010", | ||
[ContainerImageName] = "dotnet/testimage", | ||
[ContainerImageTags] = "7.0;latest" | ||
}); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
Assert.True(instance.Build(new[]{ComputeContainerConfig}, null, null, out var outputs)); | ||
|
||
|
@@ -37,11 +38,11 @@ public void Baseline() | |
[DockerDaemonAvailableFact] | ||
public void SpacesGetReplacedWithDashes() | ||
{ | ||
var (project, _) = ProjectInitializer.InitProject(new () { | ||
var (project, _, d) = ProjectInitializer.InitProject(new () { | ||
[ContainerBaseImage] = "mcr microsoft com/dotnet runtime:7.0", | ||
[ContainerRegistry] = "localhost:5010" | ||
}); | ||
|
||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
Assert.True(instance.Build(new[]{ComputeContainerConfig}, null, null, out var outputs)); | ||
|
||
|
@@ -53,13 +54,13 @@ public void SpacesGetReplacedWithDashes() | |
[DockerDaemonAvailableFact] | ||
public void RegexCatchesInvalidContainerNames() | ||
{ | ||
var (project, logs) = ProjectInitializer.InitProject(new () { | ||
var (project, logs, d) = ProjectInitializer.InitProject(new () { | ||
[ContainerBaseImage] = "mcr.microsoft.com/dotnet/runtime:7.0", | ||
[ContainerRegistry] = "localhost:5010", | ||
[ContainerImageName] = "dotnet testimage", | ||
[ContainerImageTag] = "5.0" | ||
}); | ||
|
||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
Assert.True(instance.Build(new[]{ComputeContainerConfig}, new [] { logs }, null, out var outputs)); | ||
Assert.Contains(logs.Messages, m => m.Message?.Contains("'ContainerImageName' was not a valid container image name, it was normalized to 'dotnet-testimage'") == true); | ||
|
@@ -68,13 +69,13 @@ public void RegexCatchesInvalidContainerNames() | |
[DockerDaemonAvailableFact] | ||
public void RegexCatchesInvalidContainerTags() | ||
{ | ||
var (project, logs) = ProjectInitializer.InitProject(new () { | ||
var (project, logs, d) = ProjectInitializer.InitProject(new () { | ||
[ContainerBaseImage] = "mcr.microsoft.com/dotnet/runtime:7.0", | ||
[ContainerRegistry] = "localhost:5010", | ||
[ContainerImageName] = "dotnet/testimage", | ||
[ContainerImageTag] = "5 0" | ||
}); | ||
|
||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
Assert.False(instance.Build(new[]{ComputeContainerConfig}, new [] { logs }, null, out var outputs)); | ||
|
||
|
@@ -85,14 +86,14 @@ public void RegexCatchesInvalidContainerTags() | |
[DockerDaemonAvailableFact] | ||
public void CanOnlySupplyOneOfTagAndTags() | ||
{ | ||
var (project, logs) = ProjectInitializer.InitProject(new () { | ||
var (project, logs, d) = ProjectInitializer.InitProject(new () { | ||
[ContainerBaseImage] = "mcr.microsoft.com/dotnet/runtime:7.0", | ||
[ContainerRegistry] = "localhost:5010", | ||
[ContainerImageName] = "dotnet/testimage", | ||
[ContainerImageTag] = "5.0", | ||
[ContainerImageTags] = "latest;oldest" | ||
}); | ||
|
||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
Assert.False(instance.Build(new[]{ComputeContainerConfig}, new [] { logs }, null, out var outputs)); | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ | |
using Xunit; | ||
using Microsoft.NET.Build.Containers.IntegrationTests; | ||
using Microsoft.NET.Build.Containers.UnitTests; | ||
using System.Linq; | ||
|
||
namespace Microsoft.NET.Build.Containers.Targets.IntegrationTests; | ||
|
||
|
@@ -18,10 +19,11 @@ public class TargetsTests | |
[DockerDaemonAvailableTheory] | ||
public void CanSetEntrypointArgsToUseAppHost(bool useAppHost, params string[] entrypointArgs) | ||
{ | ||
var (project, _) = ProjectInitializer.InitProject(new() | ||
var (project, _, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
[UseAppHost] = useAppHost.ToString() | ||
}, projectName: $"{nameof(CanSetEntrypointArgsToUseAppHost)}_{useAppHost}_{String.Join("_", entrypointArgs)}"); | ||
using var _ = d; | ||
Assert.True(project.Build(ComputeContainerConfig)); | ||
var computedEntrypointArgs = project.GetItems(ContainerEntrypoint).Select(i => i.EvaluatedInclude).ToArray(); | ||
foreach (var (First, Second) in entrypointArgs.Zip(computedEntrypointArgs)) | ||
|
@@ -38,10 +40,11 @@ public void CanSetEntrypointArgsToUseAppHost(bool useAppHost, params string[] en | |
[DockerDaemonAvailableTheory] | ||
public void CanNormalizeInputContainerNames(string projectName, string expectedContainerImageName, bool shouldPass) | ||
{ | ||
var (project, _) = ProjectInitializer.InitProject(new() | ||
var (project, _, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
[AssemblyName] = projectName | ||
}, projectName: $"{nameof(CanNormalizeInputContainerNames)}_{projectName}_{expectedContainerImageName}_{shouldPass}"); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
instance.Build(new[] { ComputeContainerConfig }, null, null, out var outputs).Should().Be(shouldPass, "Build should have succeeded"); | ||
Assert.Equal(expectedContainerImageName, instance.GetPropertyValue(ContainerImageName)); | ||
|
@@ -56,11 +59,12 @@ public void CanNormalizeInputContainerNames(string projectName, string expectedC | |
[DockerDaemonAvailableTheory] | ||
public void CanWarnOnInvalidSDKVersions(string sdkVersion, bool isAllowed) | ||
{ | ||
var (project, _) = ProjectInitializer.InitProject(new() | ||
var (project, _, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
["NETCoreSdkVersion"] = sdkVersion, | ||
["PublishProfile"] = "DefaultContainer" | ||
}, projectName: $"{nameof(CanWarnOnInvalidSDKVersions)}_{sdkVersion}_{isAllowed}"); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
var derivedIsAllowed = Boolean.Parse(project.GetProperty("_IsSDKContainerAllowedVersion").EvaluatedValue); | ||
// var buildResult = instance.Build(new[]{"_ContainerVerifySDKVersion"}, null, null, out var outputs); | ||
|
@@ -72,10 +76,11 @@ public void CanWarnOnInvalidSDKVersions(string sdkVersion, bool isAllowed) | |
[DockerDaemonAvailableTheory] | ||
public void GetsConventionalLabelsByDefault(bool shouldEvaluateLabels) | ||
{ | ||
var (project, _) = ProjectInitializer.InitProject(new() | ||
var (project, _, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
[ContainerGenerateLabels] = shouldEvaluateLabels.ToString() | ||
}, projectName: $"{nameof(GetsConventionalLabelsByDefault)}_{shouldEvaluateLabels}"); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
instance.Build(new[] { ComputeContainerConfig }, null, null, out var outputs).Should().BeTrue("Build should have succeeded"); | ||
if (shouldEvaluateLabels) | ||
|
@@ -98,14 +103,15 @@ public void ShouldNotIncludeSourceControlLabelsUnlessUserOptsIn(bool includeSour | |
var commitHash = "abcdef"; | ||
var repoUrl = "https://git.cosmere.com/shard/whimsy.git"; | ||
|
||
var (project, _) = ProjectInitializer.InitProject(new() | ||
var (project, logger, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
["PublishRepositoryUrl"] = includeSourceControl.ToString(), | ||
["PrivateRepositoryUrl"] = repoUrl, | ||
["SourceRevisionId"] = commitHash | ||
}, projectName: $"{nameof(ShouldNotIncludeSourceControlLabelsUnlessUserOptsIn)}_{includeSourceControl}"); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
instance.Build(new[] { ComputeContainerConfig }, null, null, out var outputs).Should().BeTrue("Build should have succeeded"); | ||
instance.Build(new[] { ComputeContainerConfig }, null, null, out var outputs).Should().BeTrue("Build should have succeeded but failed due to {0}", String.Join("\n", logger.AllMessages)); | ||
var labels = instance.GetItems(ContainerLabel); | ||
if (includeSourceControl) | ||
{ | ||
|
@@ -121,32 +127,54 @@ public void ShouldNotIncludeSourceControlLabelsUnlessUserOptsIn(bool includeSour | |
}; | ||
} | ||
|
||
[InlineData("7.0.100", "7.0", "7.0")] | ||
[InlineData("7.0.100-preview.7", "7.0", "7.0")] | ||
[InlineData("7.0.100-rc.1", "7.0", "7.0")] | ||
[InlineData("8.0.100", "8.0", "8.0")] | ||
[InlineData("8.0.100", "7.0", "7.0")] | ||
[InlineData("8.0.100-preview.7", "8.0", "8.0-preview.7")] | ||
[InlineData("8.0.100-rc.1", "8.0", "8.0-rc.1")] | ||
[InlineData("8.0.100-rc.1", "7.0", "7.0")] | ||
[InlineData("8.0.200", "8.0", "8.0")] | ||
[InlineData("8.0.200", "7.0", "7.0")] | ||
[InlineData("8.0.200-preview3", "7.0", "7.0")] | ||
[InlineData("8.0.200-preview3", "8.0", "8.0")] | ||
[InlineData("6.0.100", "6.0", "6.0")] | ||
[InlineData("6.0.100-preview.1", "6.0", "6.0")] | ||
[InlineData("7.0.100", "v7.0", "7.0")] | ||
[InlineData("7.0.100-preview.7", "v7.0", "7.0")] | ||
[InlineData("7.0.100-rc.1", "v7.0", "7.0")] | ||
[InlineData("8.0.100", "v8.0", "8.0")] | ||
[InlineData("8.0.100", "v7.0", "7.0")] | ||
[InlineData("8.0.100-preview.7", "v8.0", "8.0-preview.7")] | ||
[InlineData("8.0.100-rc.1", "v8.0", "8.0-rc.1")] | ||
[InlineData("8.0.100-rc.1", "v7.0", "7.0")] | ||
[InlineData("8.0.200", "v8.0", "8.0")] | ||
[InlineData("8.0.200", "v7.0", "7.0")] | ||
[InlineData("8.0.200-preview3", "v7.0", "7.0")] | ||
[InlineData("8.0.200-preview3", "v8.0", "8.0")] | ||
[InlineData("6.0.100", "v6.0", "6.0")] | ||
[InlineData("6.0.100-preview.1", "v6.0", "6.0")] | ||
[Theory] | ||
public void CanComputeTagsForSupportedSDKVersions(string sdkVersion, string tfm, string expectedTag) | ||
{ | ||
var (project, logger) = ProjectInitializer.InitProject(new() | ||
var (project, logger, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
["NETCoreSdkVersion"] = sdkVersion, | ||
["_TargetFrameworkVersionWithoutV"] = tfm, | ||
["TargetFrameworkVersion"] = tfm, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I changed the ProjectInitializer to use TFM instead of the private property, and 'generate' the private property as part of the method call. This seemed less surprising. |
||
["PublishProfile"] = "DefaultContainer" | ||
}, projectName: $"{nameof(CanComputeTagsForSupportedSDKVersions)}_{sdkVersion}_{tfm}_{expectedTag}"); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
instance.Build(new[]{"_ComputeContainerBaseImageTag"}, null, null, out var outputs).Should().BeTrue(String.Join(Environment.NewLine, logger.Errors)); | ||
var computedTag = instance.GetProperty("_ContainerBaseImageTag").EvaluatedValue; | ||
computedTag.Should().Be(expectedTag); | ||
} | ||
|
||
[InlineData("v8.0", "linux-x64", "64198")] | ||
[InlineData("v8.0", "win-x64", "ContainerUser")] | ||
[InlineData("v7.0", "linux-x64", null)] | ||
[InlineData("v7.0", "win-x64", null)] | ||
[InlineData("v9.0", "linux-x64", "64198")] | ||
[InlineData("v9.0", "win-x64", "ContainerUser")] | ||
Comment on lines
+160
to
+165
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Our boundary conditions are:
So these 6 tests should cover all permutations. |
||
[Theory] | ||
public void CanComputeContainerUser(string tfm, string rid, string expectedUser) | ||
{ | ||
var (project, logger, d) = ProjectInitializer.InitProject(new() | ||
{ | ||
["TargetFrameworkVersion"] = tfm, | ||
["ContainerRuntimeIdentifier"] = rid | ||
}, projectName: $"{nameof(CanComputeTagsForSupportedSDKVersions)}_{tfm}_{rid}_{expectedUser}"); | ||
using var _ = d; | ||
var instance = project.CreateProjectInstance(global::Microsoft.Build.Execution.ProjectInstanceSettings.None); | ||
instance.Build(new[]{ComputeContainerConfig}, null, null, out var outputs).Should().BeTrue(String.Join(Environment.NewLine, logger.Errors)); | ||
var computedTag = instance.GetProperty("ContainerUser")?.EvaluatedValue; | ||
computedTag.Should().Be(expectedUser); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added this as a helper while debugging tests.