Use local rekor and fulcio instances in e2e tests

In 7068357 the e2e tests moved from running on the locally-spun-up rekor instance to the public instance. This means test signatures are piling up in the public instance, and the tests may be taking longer than they need to since they are using an external service. This change moves back to using the local rekor instance, which the e2e has still been spinning up even though it has been going unused. Also now do the same for fulcio. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
sigstore · Jan 13, 2024 · 65b8755 · 65b8755
1 parent 3a706cb
commit 65b8755
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 29 deletions.
diff --git a/test/e2e_test.go b/test/e2e_test.go
@@ -77,8 +77,8 @@ import (
 
 const (
 	serverEnv = "REKOR_SERVER"
-	rekorURL  = "https://rekor.sigstore.dev"
-	fulcioURL = "https://fulcio.sigstore.dev"
+	rekorURL  = "http://127.0.0.1:3000"
+	fulcioURL = "http://127.0.0.1:5555"
 )
 
 var keyPass = []byte("hello")

diff --git a/test/e2e_test.sh b/test/e2e_test.sh
@@ -16,41 +16,51 @@
 
 set -ex
 
-echo "copying rekor repo"
 pushd $HOME
-if [[ ! -d rekor ]]; then
-   git clone https://github.com/sigstore/rekor.git
-else
-   pushd rekor
-   git pull
-   popd
-fi
-cd rekor
+
+echo "downloading service repos"
+for repo in rekor fulcio; do
+    if [[ ! -d $repo ]]; then
+        git clone https://github.com/sigstore/${repo}.git
+    else
+        pushd $repo
+        git pull
+        popd
+    fi
+done
 
 echo "starting services"
-docker-compose up -d
+export FULCIO_METRICS_PORT=2113
+for repo in rekor fulcio; do
+    pushd $repo
+    docker-compose up -d
+    echo -n "waiting up to 60 sec for system to start"
+    count=0
+    until [ $(docker-compose ps | grep -c "(healthy)") == 3 ];
+    do
+        if [ $count -eq 6 ]; then
+           echo "! timeout reached"
+           exit 1
+        else
+           echo -n "."
+           sleep 10
+           let 'count+=1'
+        fi
+    done
+    popd
+done
 cleanup_services() {
     echo "cleaning up"
-    pushd $HOME/rekor
-    docker-compose down
-    popd
+    for repo in rekor fulcio; do
+        pushd $HOME/$repo
+        docker-compose down
+        popd
+    done
 }
 trap cleanup_services EXIT
 
-count=0
-
-echo -n "waiting up to 60 sec for system to start"
-until [ $(docker-compose ps | grep -c "(healthy)") == 3 ];
-do
-    if [ $count -eq 6 ]; then
-       echo "! timeout reached"
-       exit 1
-    else
-       echo -n "."
-       sleep 10
-       let 'count+=1'
-    fi
-done
+curl http://127.0.0.1:3000/api/v1/log/publicKey > rekor.pub
+export SIGSTORE_REKOR_PUBLIC_KEY=$(pwd)/rekor.pub
 
 echo
 echo "running tests"
@@ -69,6 +79,8 @@ docker run -d -p 5000:5000 --restart always -e REGISTRY_STORAGE_DELETE_ENABLED=t
 export COSIGN_TEST_REPO=localhost:5000
 go test -tags=e2e -v ./test/... -run TestSignVerifyClean
 
+# Use the public instance to verify existing images and manifests
+unset SIGSTORE_REKOR_PUBLIC_KEY
 # Test `cosign dockerfile verify`
 ./cosign dockerfile verify ./test/testdata/single_stage.Dockerfile --certificate-identity https://github.com/distroless/alpine-base/.github/workflows/release.yaml@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com
 if (./cosign dockerfile verify ./test/testdata/unsigned_build_stage.Dockerfile --certificate-identity https://github.com/distroless/alpine-base/.github/workflows/release.yaml@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com); then false; fi