Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Use the ImageService to fetch docker dependencies in CI, dev
As a preamble to pinning the image versions we use this introduces `npm run fetch-images` as a way to pre-pull the images defined in docker_tags.ts which we will set to specific SHAs in future versions. This ensures CI and developers pull the images before attempting to run the code to avoid any surprise breakages. It also makes the presence of a GITHUB_TOKEN envvar a validation check in ImageService.pull to avoid confusing docker errors if it isn't present. Finally, it avoids passing any auth credentials to non-GitHub hosts when we run our tests Co-Authored by: Philip Harrison <philip@mailharrison.com>
- Loading branch information
Barry Gordon
authored and
Barry Gordon
committed
Feb 15, 2022
1 parent
c46e41a
commit 88dd91b
Showing
16 changed files
with
174 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import {UPDATER_IMAGE_NAME, PROXY_IMAGE_NAME} from '../src/docker-tags' | ||
|
||
describe('Docker tags', () => { | ||
test('UPDATER_IMAGE_NAME', () => { | ||
expect(UPDATER_IMAGE_NAME).toMatch( | ||
/^docker\.pkg\.github\.com\/dependabot\/dependabot-updater:v1$/ | ||
) | ||
}) | ||
|
||
test('PROXY_IMAGE_NAME', () => { | ||
expect(PROXY_IMAGE_NAME).toMatch( | ||
/^docker\.pkg\.github\.com\/github\/dependabot-update-job-proxy:v1$/ | ||
) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,49 @@ | ||
import {ImageService} from '../src/image-service' | ||
|
||
describe('ImageService', () => { | ||
test('pulls the image from docker hub', async () => { | ||
await ImageService.pull('hello-world') | ||
const originalEnv = process.env | ||
|
||
describe('when GITHUB_TOKEN is not set', () => { | ||
beforeEach(async () => { | ||
jest.resetModules() | ||
process.env = { | ||
...originalEnv, | ||
GITHUB_TOKEN: undefined | ||
} | ||
}) | ||
|
||
afterEach(async () => { | ||
process.env = originalEnv | ||
}) | ||
|
||
test('it raises an error', async () => { | ||
await expect( | ||
ImageService.pull('ghcr.io/dependabot/dependabot-core:latest') | ||
).rejects.toThrowError( | ||
new Error('No GITHUB_TOKEN set, unable to pull images.') | ||
) | ||
}) | ||
}) | ||
|
||
describe('when asked to fetch non-GitHub hosted images', () => { | ||
beforeEach(async () => { | ||
jest.resetModules() | ||
process.env = { | ||
...originalEnv, | ||
GITHUB_TOKEN: 'mock_token' | ||
} | ||
}) | ||
|
||
afterEach(async () => { | ||
process.env = originalEnv | ||
}) | ||
|
||
test('it raises an error', async () => { | ||
await expect(ImageService.pull('hello-world')).rejects.toThrowError( | ||
new Error( | ||
'Only images distributed via docker.pkg.github.com or ghcr.io can be fetched' | ||
) | ||
) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
export const UPDATER_IMAGE_NAME = | ||
'docker.pkg.github.com/dependabot/dependabot-updater:v1' | ||
export const PROXY_IMAGE_NAME = | ||
'docker.pkg.github.com/github/dependabot-update-job-proxy:v1' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
import {ImageService} from './image-service' | ||
import {UPDATER_IMAGE_NAME, PROXY_IMAGE_NAME} from './docker-tags' | ||
|
||
export async function run(): Promise<void> { | ||
await ImageService.pull(UPDATER_IMAGE_NAME) | ||
await ImageService.pull(PROXY_IMAGE_NAME) | ||
} | ||
|
||
run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters