smoke-tests/Taskfile.yml at main · mindersec/smoke-tests · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
---
version: '3'

dotenv:
  - '.env'

env:
  IMAGE: localhost/smoke-test-experiments
  TAG: latest
  # Sets the hierarchical multitenancy entitlement for any project that has a parent_id unset
  SET_HIERARCHICAL_SQL: "INSERT INTO entitlements (feature, project_id) VALUES ('project_hierarchy_operations_enabled', (SELECT id FROM projects WHERE parent_id IS NULL AND metadata->>'self_enrolled' = 'true'));"

vars:
  _GLOBAL_CONTAINER_OPTS: -it --rm
  _PODMAN_OPTS: --userns=keep-id --security-opt label=disable

tasks:
  test:
    desc: Run tests using the robot command
    summary: |
      This task runs the robot command to execute the tests.

      The task mounts the current directory to the container and runs the tests
      using the robot command. The task also mounts the minder binary, and the
      offline token file to the container if they are available in the current directory.
      The minder configuration file is only mounted if it is provided in the environment.

      Available variables:

      - MINDER_BINARY_PATH: The path to the minder binary. If not provided, the
        task will try to find the minder binary in the system.
      - MINDER_CONFIG: The path to the minder configuration file. If not provided,
        the task will use the default configuration file in the current directory
        (./config.yaml).
      - MINDER_OFFLINE_TOKEN_PATH: The path to the offline token file. If not provided,
        the task will use the default offline token file in the current directory
        (./offline.token).
      - MINDER_RULETYPES_PATH: The path to the ruletypes file. If not provided, the
        tests will clone the ruletypes repository from GitHub.
      - CLI_ARGS: Additional arguments to pass to the robot command.
    cmds:
      - task: test-podman-or-docker
        vars:
          _CONTAINER_CMD:
            sh: "which podman || which docker"

  test-podman-or-docker:
    internal: true
    deps:
      - build
    cmds:
      - |
        {{._CONTAINER_CMD}} run {{._CONTAINER_OPTS}} \
          --network=host \
          -v ./:$CTESTDIR \
          -v {{._MINDER_BINARY_PATH}}:/usr/bin/minder \
          {{if .MINDER_CONFIG}} -v {{.MINDER_CONFIG}}:/etc/minder/config.yaml {{end}} \
          {{if .MINDER_RULETYPES_PATH}} -v {{.MINDER_RULETYPES_PATH}}:/opt/minder-ruletypes {{end}} \
          -v {{.MINDER_OFFLINE_TOKEN_PATH | default "./offline.token" }}:/opt/minder-offline.token \
          --mount type=tmpfs,destination=/.config \
          -e MINDER_OFFLINE_TOKEN_PATH=/opt/minder-offline.token \
          -e MINDER_CONFIG=/etc/minder/config.yaml \
          -e MINDER_TEST_ORG=$MINDER_TEST_ORG \
          -e GH_TOKEN=$(gh auth token) \
          $IMAGE:$TAG \
          --outputdir $CTESTDIR/results \
          --pythonpath $CTESTDIR \
          --xunit $CTESTDIR/results/xoutput.xml \
          {{if .CLI_ARGS}} {{.CLI_ARGS}}{{end}} $CTESTDIR/minder-tests
    requires:
      vars:
        - _CONTAINER_CMD
    env:
      CTESTDIR: /robottests
    vars:
      _MINDER_BINARY_PATH:
        sh: '{{if .MINDER_BINARY_PATH}} echo {{.MINDER_BINARY_PATH}} {{else}} which minder {{end}}'
      _CONTAINER_OPTS: '{{._GLOBAL_CONTAINER_OPTS}} {{if ._CONTAINER_CMD | contains "podman"}} {{._PODMAN_OPTS}} {{end}}'
    preconditions:
      - sh: test -f {{._MINDER_BINARY_PATH}}
        msg: "The minder binary is missing. Please provide the path to the minder binary and try again."
      - sh: test -f {{.MINDER_OFFLINE_TOKEN_PATH | default "./offline.token" }}
        msg: "The offline token file is missing. Please create the offline token file and try again."
      - sh: "{{if .MINDER_CONFIG}}test -f {{.MINDER_CONFIG}}{{else}} true {{end}}"
        msg: "The minder configuration file is missing. Please create the configuration file and try again."

  build:
    desc: Build the smoke test image
    cmds:
      - task: build-docker-or-podman
        vars:
          _CONTAINER_CMD:
            sh: "which podman || which docker"

  build-docker-or-podman:
    internal: true
    cmds:
      - "{{._CONTAINER_CMD}} build -t $IMAGE:$TAG ."
    sources:
      - Dockerfile
      - requirements.txt
    status:
      - "podman image exists $IMAGE:$TAG"

  lint:
    desc: Run all linters
    deps:
      - lint-flake8
      - lint-bandit
      - lint-robot

  lint-flake8:
    desc: Run the flake8 linter
    deps:
      - venv
    cmds:
      - cmd: |
          source .venv/bin/activate
          echo "Running flake8..."
          flake8 resources/
        silent: true

  lint-bandit:
    desc: Run the bandit linter
    deps:
      - venv
    cmds:
      - cmd: |
          source .venv/bin/activate
          echo "Running bandit..."
          bandit -q -r resources/
        silent: true

  lint-robot:
    desc: Run the robot linter
    deps:
      - venv
    cmds:
      - cmd: |
          source .venv/bin/activate
          echo "Running robot..."
          robocop minder-tests/
        silent: true

  robot-tidy:
    desc: Run the robot tidy command
    deps:
      - venv
    cmds:
      - cmd: |
          source .venv/bin/activate
          echo "Running robot tidy..."
          robotidy minder-tests/
        silent: true

  venv:
    desc: Create a virtual environment for python3
    cmds:
      - cmd: |
          echo "* Creating a virtual environment..."
          python3 -m venv .venv
        silent: true
      - cmd: |
          echo "* Activating the virtual environment..."
          source .venv/bin/activate

          echo "* Installing dependencies..."
          pip3 install --upgrade pip

          echo "* Installing requirements..."
          pip3 install -r requirements.txt

          echo "* Installing dev requirements..."
          pip3 install -r requirements-dev.txt
        silent: true
      - cmd: echo -e "\n\nVirtual environment created successfully."
        silent: true
      - cmd: 'echo "To activate the virtual environment, run: source .venv/bin/activate"'
        silent: true
    sources:
      - .venv
      - requirements.txt
      - requirements-dev.txt
    preconditions:
      - sh: "python3 --version"
        msg: "python3 is required to create the virtual environment. Please install Python 3 and try again."

  set-hierarchical-local:
    desc: Enables hierarchical multitenancy for the given project with a local database
    cmds:
      - cmd: |
          echo "Enabling subprojects for root projects..."
          PGPASSWORD='postgres' psql -h localhost -p 5432 -U postgres -d minder -c "$SET_HIERARCHICAL_SQL"

  set-hierarchical-docker:
    desc: Enables hierarchical multitenancy for the given project with a docker database
    cmds:
      - cmd: |
          echo "Enabling subprojects for root projects..."
          docker exec -it postgres_container psql -h localhost -p 5432 -U postgres -d minder -c "$SET_HIERARCHICAL_SQL"