Add CI tests against registries

Signed-off-by: Brandon Mitchell <git@bmitch.net>

.github/workflows/ci-registry.yml

@@ -0,0 +1,39 @@
+name: CI - Registry
+
+on:
+  push:
+    branches:
+      - '**'
+    tags:
+      - 'v*.*.*'
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    env:
+      RELEASE_GO_VER: "1.20"
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: "Set up Go ${{ env.RELEASE_GO_VER }}"
+      uses: actions/setup-go@v4
+      with:
+        go-version: "${{ env.RELEASE_GO_VER }}"
+        check-latest: true
+      id: go
+
+    - name: Build
+      run: make
+
+    - name: Registry - Distribution
+      run: make ci-distribution
+
+    - name: Registry - Zot
+      run: make ci-zot

.gitignore

@@ -1,6 +1,5 @@
-hack
-/regctl
 artifacts/
 bin/
 output/
 vendor/
+.regctl_conf_ci.json

Makefile

@@ -37,61 +37,93 @@ ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)"
 endif
 STATICCHECK_VER?=v0.4.3
 
-.PHONY: all fmt vet test lint lint-go lint-md vendor binaries docker artifacts artifact-pre plugin-user plugin-host .FORCE
-
+.PHONY: .FORCE
 .FORCE:
 
+.PHONY: all
 all: fmt vet test lint binaries ## Full build of Go binaries (including fmt, vet, test, and lint)
 
+.PHONY: fmt
 fmt: ## go fmt
 	go fmt ./...
 
+.PHONY: vet
 vet: ## go vet
 	go vet ./...
 
+.PHONY: test
 test: ## go test
 	go test -cover -race ./...
 
+.PHONY: lint
 lint: lint-go lint-md ## Run all linting
 
+.PHONY: lint-go
 lint-go: $(GOPATH)/bin/staticcheck .FORCE ## Run linting for Go
 	$(GOPATH)/bin/staticcheck -checks all ./...
 
+.PHONY: lint-md
 lint-md: .FORCE ## Run linting for markdown
 	docker run --rm -v "$(PWD):/workdir:ro" ghcr.io/igorshubovych/markdownlint-cli:$(MARKDOWN_LINT_VER) \
 	  --ignore vendor .
 
+.PHONY: vulncheck-go
 vulncheck-go: $(GOPATH)/bin/govulncheck .FORCE ## Run vulnerability scan for Go
 	$(GOPATH)/bin/govulncheck ./...
 
+.PHONY: vendor
 vendor: ## Vendor Go modules
 	go mod vendor
 
+.PHONY: binaries
 binaries: vendor $(BINARIES) ## Build Go binaries
 
 bin/%: .FORCE
 	CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} -o bin/$* ./cmd/$*
 
+.PHONY: docker
 docker: $(IMAGES) ## Build Docker images
 
 docker-%: .FORCE
 	docker build -t regclient/$* -f build/Dockerfile.$*$(DOCKERFILE_EXT) $(DOCKER_ARGS) .
 	docker build -t regclient/$*:alpine -f build/Dockerfile.$*$(DOCKERFILE_EXT) --target release-alpine $(DOCKER_ARGS) .
 
+.PHONY: oci-image
 oci-image: $(addprefix oci-image-,$(COMMANDS)) ## Build reproducible images to an OCI Layout
 
 oci-image-%: bin/regctl .FORCE
 	build/oci-image.sh -r scratch -i "$*" -p "$(TEST_PLATFORMS)"
 	build/oci-image.sh -r alpine  -i "$*" -p "$(TEST_PLATFORMS)" -b "alpine:3"
 
+.PHONY: test-docker
 test-docker: $(addprefix test-docker-,$(COMMANDS)) ## Build multi-platform docker images (but do not tag)
 
 test-docker-%:
 	docker buildx build --platform="$(TEST_PLATFORMS)" -f build/Dockerfile.$*.buildkit .
 	docker buildx build --platform="$(TEST_PLATFORMS)" -f build/Dockerfile.$*.buildkit --target release-alpine .
 
+.PHONY: ci-distribution
+ci-distribution:
+	docker run --rm -d -p 5000 \
+		--label regclient-ci=true --name regclient-ci-distribution \
+		-e "REGISTRY_STORAGE_DELETE_ENABLED=true" \
+		docker.io/registry:2.8.2
+	./build/ci-test.sh -t localhost:$$(docker port regclient-ci-distribution 5000 | head -1 | cut -f2 -d:)/test-ci
+	docker stop regclient-ci-distribution
+
+.PHONY: ci-zot
+ci-zot:
+	docker run --rm -d -p 5000 \
+		--label regclient-ci=true --name regclient-ci-zot \
+		-v "$$(pwd)/build/zot-config.json:/etc/zot/config.json:ro" \
+		ghcr.io/project-zot/zot-linux-amd64:v2.0.0-rc5
+	./build/ci-test.sh -t localhost:$$(docker port regclient-ci-zot 5000 | head -1 | cut -f2 -d:)/test-ci
+	docker stop regclient-ci-zot
+
+.PHONY: artifacts
 artifacts: $(ARTIFACTS) ## Generate artifacts
 
+.PHONY: artifact-pre
 artifact-pre:
 	mkdir -p artifacts
 
@@ -110,22 +142,27 @@ artifacts/%: artifact-pre .FORCE
 	$(SYFT) packages -q "file:$@" --source-name "$${command}" -o cyclonedx-json >"artifacts/$${command}-$${platform}.cyclonedx.json"; \
 	$(SYFT) packages -q "file:$@" --source-name "$${command}" -o spdx-json >"artifacts/$${command}-$${platform}.spdx.json"
 
+.PHONY: plugin-user
 plugin-user:
 	mkdir -p ${HOME}/.docker/cli-plugins/
 	cp docker-plugin/docker-regclient ${HOME}/.docker/cli-plugins/docker-regctl
 
+.PHONY: plugin-host
 plugin-host:
 	sudo cp docker-plugin/docker-regclient /usr/libexec/docker/cli-plugins/docker-regctl
 
-util-golang-update:
+.PHONY: util-golang-update
+util-golang-update: ## update go module versions
 	go get -u
 	go mod tidy
 	go mod vendor
 	
-util-version-check:
+.PHONY: util-version-check
+util-version-check: ## check all dependencies for updates
 	$(VER_BUMP) check
 
-util-version-update:
+.PHONY: util-version-update
+util-version-update: ## update versions on all dependencies
 	$(VER_BUMP) update
 
 $(GOPATH)/bin/staticcheck: .FORCE
@@ -137,5 +174,6 @@ $(GOPATH)/bin/govulncheck: .FORCE
 	# for now, keep installing the latest until they start releasing versions
 	go install "golang.org/x/vuln/cmd/govulncheck@latest"
 
+.PHONY: help
 help: # Display help
 	@awk -F ':|##' '/^[^\t].+?:.*?##/ { printf "\033[36m%-30s\033[0m %s\n", $$1, $$NF }' $(MAKEFILE_LIST)

build/ci-test.sh

@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -e
+
+# CLI options for source/target ref
+opt_s=ocidir://testdata/testrepo
+opt_t=localhost:5000/ci-test
+opt_h=0
+while getopts 'hs:t:' option; do
+  case $option in
+    h) opt_h=1;;
+    s) opt_s="$OPTARG";;
+    t) opt_t="$OPTARG";;
+  esac
+done
+set +e
+shift $(expr $OPTIND - 1)
+if [ $# -gt 0 -o "$opt_h" = "1" ]; then
+  echo "Usage: $0 [opts]"
+  echo " -h: this help message"
+  echo " -s ref: source reference (default: $opt_s)"
+  echo " -t ref: target reference"
+  exit 1
+fi
+set -e
+
+# cd to repo root, gather details from git, and build images
+git_root="$(git rev-parse --show-toplevel)"
+cd "${git_root}"
+export PATH="$PATH:${git_root}/bin"
+
+export REGCTL_CONFIG="${git_root}/.regctl_conf_ci.json"
+
+# disable TLS for tests
+if [ "${opt_s}" = "${opt_s#*://}" ]; then
+  regctl registry set --tls=disabled "${opt_s%%/*}"
+fi
+if [ "${opt_t}" = "${opt_t#*://}" ]; then
+  regctl registry set --tls=disabled "${opt_t%%/*}"
+fi
+
+regctl image copy --digest-tags --referrers "${opt_s}:v1" "${opt_t}:v1"
+regctl image copy --digest-tags --referrers "${opt_s}:v2" "${opt_t}:v2"
+regctl image copy --digest-tags --referrers "${opt_s}:v3" "${opt_t}:v3"
+
+regctl image copy --digest-tags --referrers "${opt_t}:v2" "${opt_t}:v2.1-rc1"
+regctl image copy --digest-tags --referrers "${opt_t}:v2" "${opt_t}:v2.1"
+
+tags="$(regctl tag ls "${opt_t}")"
+for tag in v1 v2 v3 v2.1-rc1 v2.1; do
+  if ! echo "$tags" | grep -q "^$tag\$"; then
+    echo "tag not found: $tag" >&2
+    exit 1
+  fi
+done
+
+regctl tag rm "${opt_t}:v2.1-rc1"
+if regctl manifest head "${opt_t}:v2.1-rc1" >/dev/null 2>&1; then
+  echo "tag not deleted: ${opt_t}:v2.1-rc1" >&2
+  exit 1
+fi
+
+arm="$(regctl artifact get --platform linux/amd64 --subject "${opt_t}:v2" --filter-artifact-type application/example.arms)"
+if [ "$arm" != "no arms" ]; then
+  echo "failed to get artifact, expected no arms, received $arm"
+fi
+
+# TODO:
+# - run other commands (manifest get, tag rm, image mod, index create, artifact put)
+# - compare to testdata
+# - get output from various commands, compare to expected
+
+rm "${REGCTL_CONFIG}"

build/zot-config.json

@@ -0,0 +1,15 @@
+{
+  "distSpecVersion": "1.1.0-dev",
+  "storage": {
+    "rootDirectory": "/tmp/zot",
+    "gc": false,
+    "dedupe": false
+  },
+  "http": {
+    "address": "0.0.0.0",
+    "port": "5000"
+  },
+  "log": {
+    "level": "debug"
+  }
+}