From 2fa0a82d0f999e4d964f6c8b47273e22aa3087d0 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 12 Jan 2024 16:07:21 -0800 Subject: [PATCH] Use local rekor and fulcio instances in e2e tests In 70683571 the e2e tests moved from running on the locally-spun-up rekor instance to the public instance. This means test signatures are piling up in the public instance, and the tests may be taking longer than they need to since they are using an external service. This change moves back to using the local rekor instance, which the e2e has still been spinning up even though it has been going unused. Also now do the same for fulcio. Signed-off-by: Colleen Murphy --- test/e2e_test.go | 4 +-- test/e2e_test.sh | 66 ++++++++++++++++++++++++++++-------------------- 2 files changed, 41 insertions(+), 29 deletions(-) diff --git a/test/e2e_test.go b/test/e2e_test.go index f91e0fddb96..09c397eb176 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -77,8 +77,8 @@ import ( const ( serverEnv = "REKOR_SERVER" - rekorURL = "https://rekor.sigstore.dev" - fulcioURL = "https://fulcio.sigstore.dev" + rekorURL = "http://127.0.0.1:3000" + fulcioURL = "http://127.0.0.1:5555" ) var keyPass = []byte("hello") diff --git a/test/e2e_test.sh b/test/e2e_test.sh index df585c8766e..7fb9a1310df 100755 --- a/test/e2e_test.sh +++ b/test/e2e_test.sh @@ -16,41 +16,51 @@ set -ex -echo "copying rekor repo" pushd $HOME -if [[ ! -d rekor ]]; then - git clone https://github.com/sigstore/rekor.git -else - pushd rekor - git pull - popd -fi -cd rekor + +echo "downloading service repos" +for repo in rekor fulcio; do + if [[ ! -d $repo ]]; then + git clone https://github.com/sigstore/${repo}.git + else + pushd $repo + git pull + popd + fi +done echo "starting services" -docker-compose up -d +export FULCIO_METRICS_PORT=2113 +for repo in rekor fulcio; do + pushd $repo + docker-compose up -d + echo -n "waiting up to 60 sec for system to start" + count=0 + until [ $(docker-compose ps | grep -c "(healthy)") == 3 ]; + do + if [ $count -eq 6 ]; then + echo "! timeout reached" + exit 1 + else + echo -n "." + sleep 10 + let 'count+=1' + fi + done + popd +done cleanup_services() { echo "cleaning up" - pushd $HOME/rekor - docker-compose down - popd + for repo in rekor fulcio; do + pushd $HOME/$repo + docker-compose down + popd + done } trap cleanup_services EXIT -count=0 - -echo -n "waiting up to 60 sec for system to start" -until [ $(docker-compose ps | grep -c "(healthy)") == 3 ]; -do - if [ $count -eq 6 ]; then - echo "! timeout reached" - exit 1 - else - echo -n "." - sleep 10 - let 'count+=1' - fi -done +curl http://127.0.0.1:3000/api/v1/log/publicKey > rekor.pub +export SIGSTORE_REKOR_PUBLIC_KEY=$(pwd)/rekor.pub echo echo "running tests" @@ -69,6 +79,8 @@ docker run -d -p 5000:5000 --restart always -e REGISTRY_STORAGE_DELETE_ENABLED=t export COSIGN_TEST_REPO=localhost:5000 go test -tags=e2e -v ./test/... -run TestSignVerifyClean +# Use the public instance to verify existing images and manifests +unset SIGSTORE_REKOR_PUBLIC_KEY # Test `cosign dockerfile verify` ./cosign dockerfile verify ./test/testdata/single_stage.Dockerfile --certificate-identity https://github.com/distroless/alpine-base/.github/workflows/release.yaml@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com if (./cosign dockerfile verify ./test/testdata/unsigned_build_stage.Dockerfile --certificate-identity https://github.com/distroless/alpine-base/.github/workflows/release.yaml@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com); then false; fi