ci: add hash tests

Signed-off-by: Ramkumar Chinchani <[email protected]>

Author: rchincha

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2019-2023 The zot project authors.
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -24,6 +24,8 @@ CRICTL := $(TOOLSDIR)/bin/crictl
 CRICTL_VERSION := v1.26.1
 ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator
 ACTION_VALIDATOR_VERSION := v0.5.3
+CRYPTO_TEST := $(TOOLSDIR)/bin/cryptotest
+CRYPTO_TEST_VERSION := 0.2.1
 ZUI_BUILD_PATH := ""
 ZUI_VERSION := commit-303dfb3
 ZUI_REPO_OWNER := project-zot
@@ -301,6 +303,13 @@ $(ACTION_VALIDATOR):
 	mv action-validator $(TOOLSDIR)/bin/action-validator
 	chmod +x $(TOOLSDIR)/bin/action-validator
 
+$(CRYPTO_TEST):
+	mkdir -p $(TOOLSDIR)/bin
+	curl -Lo registry-test.tar.gz https://github.com/shizhMSFT/registry-test/releases/download/v$(CRYPTO_TEST_VERSION)/registry-test_$(CRYPTO_TEST_VERSION)_linux_amd64.tar.gz
+	tar xvzf registry-test.tar.gz && rm registry-test.tar.gz
+	mv cryptotest $(TOOLSDIR)/bin/cryptotest
+	chmod +x $(TOOLSDIR)/bin/cryptotest
+
 .PHONY: check-gh-actions
 check-gh-actions: check-compatibility $(ACTION_VALIDATOR)
 	for i in $$(ls  .github/workflows/*); do $(ACTION_VALIDATOR) $$i; done
@@ -483,7 +492,7 @@ $(BATS):
 	rm -rf bats-core
 
 .PHONY: check-blackbox-prerequisites
-check-blackbox-prerequisites: check-linux check-skopeo $(BATS) $(REGCLIENT) $(ORAS) $(HELM) $(CRICTL) $(NOTATION) $(COSIGN) $(STACKER)
+check-blackbox-prerequisites: check-linux check-skopeo $(BATS) $(REGCLIENT) $(ORAS) $(HELM) $(CRICTL) $(NOTATION) $(COSIGN) $(STACKER) $(CRYPTO_TEST)
 	which skopeo && skopeo --version; \
 	which stacker && stacker --version; \
 	which regctl && regctl version; \

test/blackbox/hash.bats

@@ -0,0 +1,111 @@
+# Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci"
+#       Makefile target installs & checks all necessary tooling
+#       Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites()
+
+load helpers_zot
+
+function verify_prerequisites {
+    if [ ! $(command -v curl) ]; then
+        echo "you need to install curl as a prerequisite to running the tests" >&3
+        return 1
+    fi
+
+    if [ ! $(command -v jq) ]; then
+        echo "you need to install jq as a prerequisite to running the tests" >&3
+        return 1
+    fi
+
+    if [ ! $(command -v htpasswd) ]; then
+        echo "you need to install htpasswd as a prerequisite to running the tests" >&3
+        return 1
+    fi
+
+    return 0
+}
+
+function setup_file() {
+    # Verify prerequisites are available
+    if ! $(verify_prerequisites); then
+        exit 1
+    fi
+
+    # Download test data to folder common for the entire suite, not just this file
+    skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/test-images/busybox:1.36 oci:${TEST_DATA_DIR}/busybox:1.36
+
+    # Setup zot server
+    local zot_root_dir=${BATS_FILE_TMPDIR}/zot
+    local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
+    local oci_data_dir=${BATS_FILE_TMPDIR}/oci
+    local zot_htpasswd_file=${BATS_FILE_TMPDIR}/htpasswd
+    mkdir -p ${zot_root_dir}
+    mkdir -p ${oci_data_dir}
+    zot_port=$(get_free_port)
+    echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port
+    htpasswd -Bbn ${AUTH_USER} ${AUTH_PASS} >> ${zot_htpasswd_file}
+    cat > ${zot_config_file}<<EOF
+{
+    "distSpecVersion": "1.1.1",
+    "storage": {
+        "rootDirectory": "${zot_root_dir}"
+    },
+    "extensions": {
+        "search": {
+            "enable": true
+        },
+        "ui": {
+            "enable": true
+        }
+    },
+    "http": {
+        "address": "0.0.0.0",
+        "port": "${zot_port}",
+        "auth": {
+            "htpasswd": {
+                "path": "${zot_htpasswd_file}"
+            }
+        },
+        "accessControl": {
+            "repositories": {
+                "**": {
+                    "anonymousPolicy": ["read"],
+                    "policies": [
+                        {
+                            "users": [
+                                "${AUTH_USER}"
+                            ],
+                            "actions": [
+                                "read",
+                                "create",
+                                "update"
+                            ]
+                        }
+                    ]
+                }
+            }
+        }
+    },
+    "log": {
+        "level": "debug",
+        "output": "${BATS_FILE_TMPDIR}/zot.log"
+    }
+}
+EOF
+    git -C ${BATS_FILE_TMPDIR} clone https://github.com/project-zot/helm-charts.git
+    zot_serve ${ZOT_PATH} ${zot_config_file}
+    wait_zot_reachable ${zot_port}
+}
+
+function teardown() {
+    # conditionally printing on failure is possible from teardown but not from from teardown_file
+    cat ${BATS_FILE_TMPDIR}/zot.log
+}
+
+function teardown_file() {
+    zot_stop_all
+}
+
+@test "test various crypto hashes" {
+    zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
+    run cryptotest --plain-http --registry 127.0.0.1:${zot_port}
+    [ "$status" -eq 0 ]
+}