github.com/ahmet2mir/goreleaser@v0.180.3-0.20210927151101-8e5ee5a9b8c5/internal/pipe/sign/sign_docker_test.go (about) 1 package sign 2 3 import ( 4 "os" 5 "testing" 6 7 "github.com/goreleaser/goreleaser/internal/artifact" 8 "github.com/goreleaser/goreleaser/pkg/config" 9 "github.com/goreleaser/goreleaser/pkg/context" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func TestDockerSignDescription(t *testing.T) { 14 require.NotEmpty(t, DockerPipe{}.String()) 15 } 16 17 func TestDockerSignDefault(t *testing.T) { 18 ctx := &context.Context{ 19 Config: config.Project{ 20 DockerSigns: []config.Sign{{}}, 21 }, 22 } 23 err := DockerPipe{}.Default(ctx) 24 require.NoError(t, err) 25 require.Equal(t, ctx.Config.DockerSigns[0].Cmd, "cosign") 26 require.Equal(t, ctx.Config.DockerSigns[0].Signature, "") 27 require.Equal(t, ctx.Config.DockerSigns[0].Args, []string{"sign", "-key=cosign.key", "$artifact"}) 28 require.Equal(t, ctx.Config.DockerSigns[0].Artifacts, "none") 29 } 30 31 func TestDockerSignDisabled(t *testing.T) { 32 ctx := context.New(config.Project{}) 33 ctx.Config.DockerSigns = []config.Sign{ 34 {Artifacts: "none"}, 35 } 36 err := DockerPipe{}.Publish(ctx) 37 require.EqualError(t, err, "artifact signing is disabled") 38 } 39 40 func TestDockerSignInvalidArtifacts(t *testing.T) { 41 ctx := context.New(config.Project{}) 42 ctx.Config.DockerSigns = []config.Sign{ 43 {Artifacts: "foo"}, 44 } 45 err := DockerPipe{}.Publish(ctx) 46 require.EqualError(t, err, "invalid list of artifacts to sign: foo") 47 } 48 49 func TestDockerSignArtifacts(t *testing.T) { 50 key := "testdata/cosign/cosign.key" 51 cmd := "sh" 52 args := []string{"-c", "echo ${artifact} > ${signature} && cosign sign -key=" + key + " -upload=false ${artifact} > ${signature}"} 53 password := "password" 54 55 img1 := "ghcr.io/caarlos0/goreleaser-docker-manifest-actions-example:1.2.1-amd64" 56 img2 := "ghcr.io/caarlos0/goreleaser-docker-manifest-actions-example:1.2.1-arm64v8" 57 man1 := "ghcr.io/caarlos0/goreleaser-docker-manifest-actions-example:1.2.1" 58 59 for name, cfg := range map[string]struct { 60 Signs []config.Sign 61 Expected []string 62 }{ 63 "no signature file": { 64 Expected: nil, // no sigs 65 Signs: []config.Sign{ 66 { 67 Artifacts: "all", 68 Stdin: &password, 69 Cmd: "cosign", 70 Args: []string{"sign", "-key=" + key, "-upload=false", "${artifact}"}, 71 }, 72 }, 73 }, 74 "sign all": { 75 Expected: []string{ 76 "testdata/cosign/all_img1.sig", 77 "testdata/cosign/all_img2.sig", 78 "testdata/cosign/all_man1.sig", 79 }, 80 Signs: []config.Sign{ 81 { 82 Artifacts: "all", 83 Stdin: &password, 84 Signature: `testdata/cosign/all_${artifactID}.sig`, 85 Cmd: cmd, 86 Args: args, 87 }, 88 }, 89 }, 90 "sign all filtering id": { 91 Expected: []string{"testdata/cosign/all_filter_by_id_img2.sig"}, 92 Signs: []config.Sign{ 93 { 94 Artifacts: "all", 95 IDs: []string{"img2"}, 96 Stdin: &password, 97 Signature: "testdata/cosign/all_filter_by_id_${artifactID}.sig", 98 Cmd: cmd, 99 Args: args, 100 }, 101 }, 102 }, 103 "sign images only": { 104 Expected: []string{ 105 "testdata/cosign/images_img1.sig", 106 "testdata/cosign/images_img2.sig", 107 }, 108 Signs: []config.Sign{ 109 { 110 Artifacts: "images", 111 Stdin: &password, 112 Signature: "testdata/cosign/images_${artifactID}.sig", 113 Cmd: cmd, 114 Args: args, 115 }, 116 }, 117 }, 118 "sign manifests only": { 119 Expected: []string{"testdata/cosign/manifests_man1.sig"}, 120 Signs: []config.Sign{ 121 { 122 Artifacts: "manifests", 123 Stdin: &password, 124 Signature: "testdata/cosign/manifests_${artifactID}.sig", 125 Cmd: cmd, 126 Args: args, 127 }, 128 }, 129 }, 130 } { 131 t.Run(name, func(t *testing.T) { 132 ctx := context.New(config.Project{}) 133 ctx.Config.DockerSigns = cfg.Signs 134 135 t.Cleanup(func() { 136 for _, f := range cfg.Expected { 137 require.NoError(t, os.Remove(f)) 138 } 139 }) 140 141 ctx.Artifacts.Add(&artifact.Artifact{ 142 Name: img1, 143 Path: img1, 144 Type: artifact.DockerImage, 145 Extra: map[string]interface{}{ 146 "ID": "img1", 147 }, 148 }) 149 ctx.Artifacts.Add(&artifact.Artifact{ 150 Name: img2, 151 Path: img2, 152 Type: artifact.DockerImage, 153 Extra: map[string]interface{}{ 154 "ID": "img2", 155 }, 156 }) 157 ctx.Artifacts.Add(&artifact.Artifact{ 158 Name: man1, 159 Path: man1, 160 Type: artifact.DockerManifest, 161 Extra: map[string]interface{}{ 162 "ID": "man1", 163 }, 164 }) 165 166 require.NoError(t, DockerPipe{}.Default(ctx)) 167 require.NoError(t, DockerPipe{}.Publish(ctx)) 168 var sigs []string 169 for _, sig := range ctx.Artifacts.Filter(artifact.ByType(artifact.Signature)).List() { 170 sigs = append(sigs, sig.Name) 171 } 172 require.Equal(t, cfg.Expected, sigs) 173 }) 174 } 175 } 176 177 func TestDockerSkip(t *testing.T) { 178 t.Run("skip", func(t *testing.T) { 179 require.True(t, DockerPipe{}.Skip(context.New(config.Project{}))) 180 }) 181 182 t.Run("skip sign", func(t *testing.T) { 183 ctx := context.New(config.Project{}) 184 ctx.SkipSign = true 185 require.True(t, DockerPipe{}.Skip(ctx)) 186 }) 187 188 t.Run("dont skip", func(t *testing.T) { 189 ctx := context.New(config.Project{ 190 DockerSigns: []config.Sign{ 191 {}, 192 }, 193 }) 194 require.False(t, DockerPipe{}.Skip(ctx)) 195 }) 196 }