Update Testing (#2)

* Initial test updates

* Add utils files

* Makefile update

* Update e2e test

.gitignore

@@ -9,9 +9,19 @@ defense-unicorns-distro/preflight.sh
 tmp
 zarf-sbom
 
+.cache/
 .idea/
-.vscode/
 build/
+.DS_Store
 *.tar.zst
+test/tf/public-ec2-instance/.tool-versions
 zarf-sbom
-tmp/
+tmp/
+values-*.yaml
+
+# Terraform
+test/tf/public-ec2-instance/.test-data
+test/tf/public-ec2-instance/.terraform
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.lock.hcl

.pre-commit-config.yaml

@@ -0,0 +1,53 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-added-large-files
+        args: ["--maxkb=1024"]
+      - id: check-merge-conflict
+      - id: detect-aws-credentials
+        args:
+          - "--allow-missing-credentials"
+      - id: detect-private-key
+        exclude: |
+          (?x)^(
+            kustomizations/bigbang/environment-bb/values-bigbang.enc.yaml
+          )$
+      - id: end-of-file-fixer
+        exclude: "^kustomizations/bigbang/vendor/.*$"
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+        exclude: "^kustomizations/bigbang/vendor/.*$"
+        args: [--markdown-linebreak-ext=md]
+      - id: check-yaml
+        exclude: |
+          (?x)^(
+            charts/raw/templates/resources.yaml
+          )$
+        args:
+          - "--allow-multiple-documents"
+  - repo: https://github.com/sirosen/fix-smartquotes
+    rev: 0.2.0
+    hooks:
+      - id: fix-smartquotes
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.23.0
+    hooks:
+      - id: check-jsonschema
+        name: "Validate Zarf Configs Against Schema"
+        files: "zarf.yaml"
+        types: [yaml]
+        args:
+          [
+            "--schemafile",
+            "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.28.0/zarf.schema.json",
+            "--no-cache"
+          ]
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v1.52.2
+    hooks:
+      - id: golangci-lint
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 35.105.1
+    hooks:
+      - id: renovate-config-validator

.tool-versions

@@ -0,0 +1,7 @@
+golang 1.20.4
+golangci-lint 1.52.2
+pre-commit 3.3.2
+terraform 1.4.6
+tflint 0.46.1
+tfsec 1.28.1
+sops 3.7.3

Makefile

@@ -0,0 +1,178 @@
+# The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to
+# the build folder.
+ZARF_VERSION := v0.28.3
+
+# The version of the build harness container to use
+BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness
+BUILD_HARNESS_VERSION := 1.8.1
+
+DUBBD_K3D_VERSION := 0.5.0
+
+# Figure out which Zarf binary we should use based on the operating system we are on
+ZARF_BIN := zarf
+UNAME_S := $(shell uname -s)
+UNAME_P := $(shell uname -p)
+ifneq ($(UNAME_S),Linux)
+	ifeq ($(UNAME_S),Darwin)
+		ZARF_BIN := $(addsuffix -mac,$(ZARF_BIN))
+	endif
+	ifeq ($(UNAME_P),i386)
+		ZARF_BIN := $(addsuffix -intel,$(ZARF_BIN))
+	endif
+	ifeq ($(UNAME_P),arm64)
+		ZARF_BIN := $(addsuffix -apple,$(ZARF_BIN))
+	endif
+endif
+
+# Silent mode by default. Run `make VERBOSE=1` to turn off silent mode.
+ifndef VERBOSE
+.SILENT:
+endif
+
+# Optionally add the "-it" flag for docker run commands if the env var "CI" is not set (meaning we are on a local machine and not in github actions)
+TTY_ARG :=
+ifndef CI
+	TTY_ARG := -it
+endif
+
+.DEFAULT_GOAL := help
+
+# Idiomatic way to force a target to always run, by having it depend on this dummy target
+FORCE:
+
+.PHONY: help
+help: ## Show a list of all targets
+	grep -E '^\S*:.*##.*$$' $(MAKEFILE_LIST) \
+	| sed -n 's/^\(.*\): \(.*\)##\(.*\)/\1:\3/p' \
+	| column -t -s ":"
+
+########################################################################
+# Utility Section
+########################################################################
+
+.PHONY: docker-save-build-harness
+docker-save-build-harness: ## Pulls the build harness docker image and saves it to a tarball
+	mkdir -p .cache/docker
+	docker pull $(BUILD_HARNESS_REPO):$(BUILD_HARNESS_VERSION)
+	docker save -o .cache/docker/build-harness.tar $(BUILD_HARNESS_REPO):$(BUILD_HARNESS_VERSION)
+
+.PHONY: docker-load-build-harness
+docker-load-build-harness: ## Loads the saved build harness docker image
+	docker load -i .cache/docker/build-harness.tar
+
+.PHONY: run-pre-commit-hooks
+run-pre-commit-hooks: ## Run all pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
+	mkdir -p .cache/pre-commit
+	docker run --rm -v "${PWD}:/app" --workdir "/app" -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" $(BUILD_HARNESS_REPO):$(BUILD_HARNESS_VERSION) bash -c 'git config --global --add safe.directory /app && asdf install && pre-commit run -a'
+
+.PHONY: fix-cache-permissions
+fix-cache-permissions: ## Fixes the permissions on the pre-commit cache
+	docker run --rm -v "${PWD}:/app" --workdir "/app" -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" $(BUILD_HARNESS_REPO):$(BUILD_HARNESS_VERSION) chmod -R a+rx .cache
+
+########################################################################
+# Test Section
+########################################################################
+
+.PHONY: test
+test: ## Run all automated tests. Requires access to an AWS account. Costs money. Requires env vars "REPO_URL", "GIT_BRANCH", "REGISTRY1_USERNAME", "REGISTRY1_PASSWORD", "GHCR_USERNAME", "GHCR_PASSWORD", "AWS_AVAILABILITY_ZONE" and other standard AWS env vars.
+	mkdir -p .cache/go
+	mkdir -p .cache/go-build
+	echo "Running automated tests. This will take several minutes. At times it does not log anything to the console. If you interrupt the test run you will need to log into AWS console and manually delete any orphaned infrastructure."
+	docker run $(TTY_ARG) --rm \
+	-v "${PWD}:/app" \
+	-v "${PWD}/.cache/go:/root/go" \
+	-v "${PWD}/.cache/go-build:/root/.cache/go-build" \
+	--workdir "/app/test/e2e" \
+	-e GOPATH=/root/go \
+	-e GOCACHE=/root/.cache/go-build \
+	-e REPO_URL \
+	-e GIT_BRANCH \
+	-e REGISTRY1_USERNAME \
+	-e REGISTRY1_PASSWORD \
+	-e GHCR_USERNAME \
+	-e GHCR_PASSWORD \
+	-e AWS_REGION \
+	-e AWS_DEFAULT_REGION \
+	-e AWS_ACCESS_KEY_ID \
+	-e AWS_SECRET_ACCESS_KEY \
+	-e AWS_SESSION_TOKEN \
+	-e AWS_SECURITY_TOKEN \
+	-e AWS_SESSION_EXPIRATION \
+	-e SKIP_SETUP -e SKIP_TEST \
+	-e SKIP_TEARDOWN \
+	-e AWS_AVAILABILITY_ZONE \
+	$(BUILD_HARNESS_REPO):$(BUILD_HARNESS_VERSION) \
+	bash -c 'asdf install && go test -v -timeout 2h -p 1 ./...'
+
+.PHONY: test-ssh
+test-ssh: ## Run this if you set SKIP_TEARDOWN=1 and want to SSH into the still-running test server. Don't forget to unset SKIP_TEARDOWN when you're done
+	cd test/tf/public-ec2-instance && terraform init
+	cd test/tf/public-ec2-instance/.test-data && cat Ec2KeyPair.json | jq -r .PrivateKey > privatekey.pem && chmod 600 privatekey.pem
+	cd test/tf/public-ec2-instance && ssh -i .test-data/privatekey.pem ubuntu@$$(terraform output public_instance_ip | tr -d '"')
+
+########################################################################
+# Cluster Section
+########################################################################
+
+cluster/full: cluster/destroy cluster/create build/all deploy/all ## This will destroy any existing cluster, create a new one, then build and deploy all
+
+cluster/create: ## Create a k3d cluster with metallb installed
+	k3d cluster create k3d-test-cluster --config utils/k3d/k3d-config.yaml -v /etc/machine-id:/etc/machine-id@server:*
+	k3d kubeconfig merge k3d-test-cluster -o /home/${USER}/cluster-kubeconfig.yaml
+	utils/metallb/install.sh
+	echo "Cluster is ready!"
+
+cluster/destroy: ## Destroy the k3d cluster
+	k3d cluster delete k3d-test-cluster
+
+########################################################################
+# Build Section
+########################################################################
+
+build/all: build build/zarf build/zarf-init.sha256 build/dubbd-pull-k3d.sha256 build/uds-capability-gitlab-runner ##
+
+build: ## Create build directory
+	mkdir -p build
+
+.PHONY: clean
+clean: ## Clean up build files
+	rm -rf ./build
+
+build/zarf: | build ## Download the Linux flavor of Zarf to the build dir
+	echo "Downloading zarf"
+	curl -sL https://github.com/defenseunicorns/zarf/releases/download/$(ZARF_VERSION)/zarf_$(ZARF_VERSION)_Linux_amd64 -o build/zarf
+	chmod +x build/zarf
+
+build/zarf-mac-intel: | build ## Download the Mac (Intel) flavor of Zarf to the build dir
+	echo "Downloading zarf-mac-intel"
+	curl -sL https://github.com/defenseunicorns/zarf/releases/download/$(ZARF_VERSION)/zarf_$(ZARF_VERSION)_Darwin_amd64 -o build/zarf-mac-intel
+	chmod +x build/zarf-mac-intel
+
+build/zarf-init.sha256: | build ## Download the init package
+	echo "Downloading zarf-init-amd64-$(ZARF_VERSION).tar.zst"
+	curl -sL https://github.com/defenseunicorns/zarf/releases/download/$(ZARF_VERSION)/zarf-init-amd64-$(ZARF_VERSION).tar.zst -o build/zarf-init-amd64-$(ZARF_VERSION).tar.zst
+	echo "Creating shasum of the init package"
+	shasum -a 256 build/zarf-init-amd64-$(ZARF_VERSION).tar.zst | awk '{print $$1}' > build/zarf-init.sha256
+
+build/dubbd-pull-k3d.sha256: | build ## Download dubbd k3d oci package
+	./build/zarf package pull oci://ghcr.io/defenseunicorns/packages/dubbd-k3d:$(DUBBD_K3D_VERSION)-amd64 --oci-concurrency 9 --output-directory build
+	echo "Creating shasum of the dubbd-k3d package"
+	shasum -a 256 build/zarf-package-dubbd-k3d-amd64-$(DUBBD_K3D_VERSION).tar.zst | awk '{print $$1}' > build/dubbd-pull-k3d.sha256
+
+build/uds-capability-gitlab-runner: | build ## Build the gitlab runner capability
+	build/zarf package create . --skip-sbom --confirm --output-directory build
+
+########################################################################
+# Deploy Section
+########################################################################
+
+deploy/all: deploy/init deploy/dubbd-k3d deploy/uds-capability-gitlab-runner ##
+
+deploy/init: ## Deploy the zarf init package
+	./build/zarf init --confirm --components=git-server
+
+deploy/dubbd-k3d: ## Deploy the k3d flavor of DUBBD
+	cd ./build && ./zarf package deploy zarf-package-dubbd-k3d-amd64-$(DUBBD_K3D_VERSION).tar.zst --confirm
+
+deploy/uds-capability-gitlab-runner: ## Deploy the gilab capability
+	cd ./build && ./zarf package deploy zarf-package-gitlab-runner-*.tar.zst --confirm

go.mod

@@ -0,0 +1,97 @@
+module github.com/defenseunicorns/uds-capability-gitlab-runner
+
+go 1.20
+
+require (
+	github.com/gruntwork-io/terratest v0.43.9
+	github.com/stretchr/testify v1.8.4
+)
+
+require (
+	cloud.google.com/go v0.105.0 // indirect
+	cloud.google.com/go/compute v1.12.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.1 // indirect
+	cloud.google.com/go/iam v0.7.0 // indirect
+	cloud.google.com/go/storage v1.27.0 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/aws/aws-sdk-go v1.44.122 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-sql-driver/mysql v1.4.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
+	github.com/gruntwork-io/go-commons v0.8.0 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-getter v1.7.1 // indirect
+	github.com/hashicorp/go-multierror v1.1.0 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.9.1 // indirect
+	github.com/hashicorp/terraform-json v0.13.0 // indirect
+	github.com/imdario/mergo v0.3.11 // indirect
+	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.15.11 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pquerna/otp v1.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/tmccombs/hcl2json v0.3.3 // indirect
+	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/urfave/cli v1.22.2 // indirect
+	github.com/zclconf/go-cty v1.9.1 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/oauth2 v0.1.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/api v0.103.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c // indirect
+	google.golang.org/grpc v1.51.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.27.2 // indirect
+	k8s.io/apimachinery v0.27.2 // indirect
+	k8s.io/client-go v0.27.2 // indirect
+	k8s.io/klog/v2 v2.90.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)