Add Auth tests (#6)

Co-authored-by: Y0sh1dk <[email protected]>
Y0sh1dk · Dec 17, 2023 · 7c24503 · 7c24503
1 parent 07b7a39
commit 7c24503
Show file tree

Hide file tree

Showing 6 changed files with 181 additions and 5 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -50,7 +50,7 @@ jobs:
         if: github.event_name == 'pull_request'
         with:
           commit_message: "[skip ci] Update compiled binaries"
-          file_pattern: "bin/*"
+          file_pattern: "bin/* .task/checksum/build"
 
   test:
     name: Test

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -1,8 +1,14 @@
 name: gha-docker-image-exists Test
 on:
   workflow_dispatch:
+
+env:
+  REGISTRY_PORT: 5000
+  REGISTRY_USERNAME: "test-registry-username"
+  REGISTRY_PASSWORD: "test-registry-password"
+
 jobs:
-  success:
+  valid-image-no-auth:
     runs-on: ubuntu-latest
     steps:
       - name: GHA Docker Image Exists
@@ -18,7 +24,7 @@ jobs:
           else
             exit 1
           fi
-  fail:
+  invalid-image-no-auth:
     runs-on: ubuntu-latest
     steps:
       - name: GHA Docker Image Exists
@@ -29,7 +35,132 @@ jobs:
           image: nginx:invalid-tag
       - name: Check output
         run: |
-          if [ ${{ steps.gha-docker-image-exists.outcome == 'failure' }} ]; then
+          if ${{ steps.gha-docker-image-exists.outcome == 'failure' }}; then
+            exit 0
+          else
+            exit 1
+          fi
+  valid-image-auth:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install Task
+        uses: arduino/setup-task@v1
+
+      - name: Setup local registry
+        run: |
+          task local-registry-up
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: localhost:${{ env.REGISTRY_PORT }}
+          username: ${{ env.REGISTRY_USERNAME }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: Push image to local registry
+        run: |
+          docker pull nginx:latest
+          docker tag nginx:latest localhost:${{ env.REGISTRY_PORT }}/nginx:latest
+          docker push localhost:${{ env.REGISTRY_PORT }}/nginx:latest
+
+      - name: GHA Docker Image Exists
+        id: gha-docker-image-exists
+        continue-on-error: true
+        uses: Y0sh1dk/gha-docker-image-exists@main
+        with:
+          image: localhost:${{ env.REGISTRY_PORT }}/nginx:latest
+          username: ${{ env.REGISTRY_USERNAME }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          serverAddress: localhost:${{ env.REGISTRY_PORT }}
+
+      - name: Check output
+        run: |
+          if ${{ steps.gha-docker-image-exists.outcome == 'success' }}; then
+            exit 0
+          else
+            exit 1
+          fi
+
+  valid-image-invalid-auth:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install Task
+        uses: arduino/setup-task@v1
+
+      - name: Setup local registry
+        run: |
+          task local-registry-up
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: localhost:${{ env.REGISTRY_PORT }}
+          username: ${{ env.REGISTRY_USERNAME }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: Push image to local registry
+        run: |
+          docker pull nginx:latest
+          docker tag nginx:latest localhost:${{ env.REGISTRY_PORT }}/nginx:latest
+          docker push localhost:${{ env.REGISTRY_PORT }}/nginx:latest
+
+      - name: GHA Docker Image Exists
+        id: gha-docker-image-exists
+        continue-on-error: true
+        uses: Y0sh1dk/gha-docker-image-exists@main
+        with:
+          image: localhost:${{ env.REGISTRY_PORT }}/nginx:latest
+          username: ${{ env.REGISTRY_USERNAME }}-foo
+          password: ${{ env.REGISTRY_PASSWORD }}-foo
+          serverAddress: localhost:${{ env.REGISTRY_PORT }}
+
+      - name: Check output
+        run: |
+          if ${{ steps.gha-docker-image-exists.outcome == 'failure' }}; then
+            exit 0
+          else
+            exit 1
+          fi
+
+  invalid-image-auth:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install Task
+        uses: arduino/setup-task@v1
+
+      - name: Setup local registry
+        run: |
+          task local-registry-up
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: localhost:${{ env.REGISTRY_PORT }}
+          username: ${{ env.REGISTRY_USERNAME }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: GHA Docker Image Exists
+        id: gha-docker-image-exists
+        continue-on-error: true
+        uses: Y0sh1dk/gha-docker-image-exists@main
+        with:
+          image: localhost:${{ env.REGISTRY_PORT }}/nginx:invalid-tag
+          username: ${{ env.REGISTRY_USERNAME }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          serverAddress: localhost:${{ env.REGISTRY_PORT }}
+
+      - name: Check output
+        run: |
+          if ${{ steps.gha-docker-image-exists.outcome == 'failure' }}; then
             exit 0
           else
             exit 1

diff --git a/.task/checksum/build b/.task/checksum/build
@@ -1 +1 @@
-90d25729e1f7ca52ae1ce10d633ebc69
+96eb56bc8f152c8d3ccc22b4f5a223c5
diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -138,6 +138,26 @@ tasks:
           golangci/golangci-lint:{{ .GOLANG_CI_LINT_VERSION }} \
           golangci-lint run -v
 
+  local-registry-up:
+    desc: Start local registry
+    env:
+      REGISTRY_PORT: "{{ .REGISTRY_PORT | default 5000 }}"
+      REGISTRY_USERNAME: '{{ .REGISTRY_USERNAME | default "admin" }}'
+      REGISTRY_PASSWORD: '{{ .REGISTRY_PASSWORD | default "password" }}'
+    cmds:
+      - |
+        docker-compose -f test/docker-compose.yml up -d
+
+  local-registry-down:
+    desc: Step local registry
+    env:
+      REGISTRY_PORT: "{{ .REGISTRY_PORT | default 5000 }}"
+      REGISTRY_USERNAME: "{{ .REGISTRY_USERNAME | default admin }}"
+      REGISTRY_PASSWORD: "{{ .REGISTRY_PASSWORD | default password }}"
+    cmds:
+      - |
+        docker-compose -f test/docker-compose.yml down -v
+
   default:
     silent: true
     cmds:

diff --git a/bin/gha-docker-image-exists-darwin-arm64 b/bin/gha-docker-image-exists-darwin-arm64
diff --git a/test/docker-compose.yml b/test/docker-compose.yml
@@ -0,0 +1,25 @@
+version: "3"
+
+services:
+  registry:
+    image: registry:2
+    ports:
+      - "${REGISTRY_PORT?}:5000"
+    environment:
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_PATH: /httpasswd_storage/htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+    volumes:
+      - auth-volume:/httpasswd_storage
+    depends_on:
+      htpasswd-generator:
+        condition: service_completed_successfully
+
+  htpasswd-generator:
+    image: httpd:2.4-alpine
+    command: sh -c "htpasswd -Bbn ${REGISTRY_USERNAME?} ${REGISTRY_PASSWORD?} > /httpasswd_storage/htpasswd && cat /httpasswd_storage/htpasswd"
+    volumes:
+      - auth-volume:/httpasswd_storage
+
+volumes:
+  auth-volume: