Skip to content

Commit a5d47a7

Browse files
committed
Auto merge of #11583 - ehuss:container-tests, r=epage
Add network container tests This adds some tests which use Docker containers to provide HTTPS and SSH servers. This should help with validating that Cargo's networking and security are working correctly. It can also potentially be used in the future for other tests that require more complex setups. These tests are only run on Linux in CI. macOS does not have Docker there, and the Windows Docker does not support Linux containers. The tests should work on macOS if you run them locally with Docker Desktop installed. The SSH tests do not work on Windows due to issues with ssh-agent, but the HTTPS tests should work with Docker Desktop. These tests require an opt-in environment variable to run: * `CARGO_PUBLIC_NETWORK_TESTS=1` — This is for tests that contact the public internet. * `CARGO_CONTAINER_TESTS=1` — This is for tests that use Docker.
2 parents 2a5ff4c + 4cb9ac3 commit a5d47a7

File tree

19 files changed

+1136
-2
lines changed

19 files changed

+1136
-2
lines changed

.github/workflows/main.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ jobs:
3434
CARGO_PROFILE_DEV_DEBUG: 1
3535
CARGO_PROFILE_TEST_DEBUG: 1
3636
CARGO_INCREMENTAL: 0
37+
CARGO_PUBLIC_NETWORK_TESTS: 1
3738
strategy:
3839
matrix:
3940
include:
@@ -77,6 +78,9 @@ jobs:
7778
- run: sudo apt update -y && sudo apt install gcc-multilib libsecret-1-0 libsecret-1-dev -y
7879
if: matrix.os == 'ubuntu-latest'
7980
- run: rustup component add rustfmt || echo "rustfmt not available"
81+
- name: Configure extra test environment
82+
run: echo CARGO_CONTAINER_TESTS=1 >> $GITHUB_ENV
83+
if: matrix.os == 'ubuntu-latest'
8084

8185
# Deny warnings on CI to avoid warnings getting into the codebase.
8286
- run: cargo test --features 'deny-warnings'

crates/cargo-test-macro/src/lib.rs

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,23 @@ pub fn cargo_test(attr: TokenStream, item: TokenStream) -> TokenStream {
5555
"does not work on windows-gnu"
5656
);
5757
}
58+
"container_test" => {
59+
// These tests must be opt-in because they require docker.
60+
set_ignore!(
61+
option_env!("CARGO_CONTAINER_TESTS").is_none(),
62+
"CARGO_CONTAINER_TESTS must be set"
63+
);
64+
}
65+
"public_network_test" => {
66+
// These tests must be opt-in because they touch the public
67+
// network. The use of these should be **EXTREMELY RARE**, and
68+
// should only touch things which would nearly certainly work
69+
// in CI (like github.com).
70+
set_ignore!(
71+
option_env!("CARGO_PUBLIC_NETWORK_TESTS").is_none(),
72+
"CARGO_PUBLIC_NETWORK_TESTS must be set"
73+
);
74+
}
5875
"nightly" => {
5976
requires_reason = true;
6077
set_ignore!(is_not_nightly, "requires nightly");

crates/cargo-test-support/build.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,5 @@ fn main() {
33
"cargo:rustc-env=NATIVE_ARCH={}",
44
std::env::var("TARGET").unwrap()
55
);
6+
println!("cargo:rerun-if-changed=build.rs");
67
}
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
FROM httpd:2.4-alpine
2+
3+
RUN apk add --no-cache git git-daemon openssl
4+
5+
COPY bar /repos/bar
6+
WORKDIR /repos/bar
7+
RUN git config --global user.email "testuser@example.com" &&\
8+
git config --global user.name "Test User" &&\
9+
git init -b master . &&\
10+
git add Cargo.toml src &&\
11+
git commit -m "Initial commit" &&\
12+
mv .git ../bar.git &&\
13+
cd ../bar.git &&\
14+
git config --bool core.bare true &&\
15+
rm -rf ../bar
16+
WORKDIR /
17+
18+
EXPOSE 443
19+
20+
WORKDIR /usr/local/apache2/conf
21+
COPY httpd-cargo.conf .
22+
RUN cat httpd-cargo.conf >> httpd.conf
23+
RUN openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
24+
-keyout server.key -out server.crt \
25+
-subj "/emailAddress=webmaster@example.com/C=US/ST=California/L=San Francisco/O=Rust/OU=Cargo/CN=127.0.0.1"
26+
WORKDIR /
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
[package]
2+
name = "bar"
3+
version = "1.0.0"
4+
edition = "2021"
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
// Intentionally blank.
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
SetEnv GIT_PROJECT_ROOT /repos
2+
SetEnv GIT_HTTP_EXPORT_ALL
3+
ScriptAlias /repos /usr/libexec/git-core/git-http-backend/
4+
LoadModule cgid_module modules/mod_cgid.so
5+
6+
<Files "git-http-backend">
7+
Require all granted
8+
</Files>
9+
10+
Include conf/extra/httpd-ssl.conf
11+
LoadModule ssl_module modules/mod_ssl.so
12+
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
FROM alpine:3.17
2+
3+
RUN apk add --no-cache openssh git
4+
RUN ssh-keygen -A
5+
6+
RUN addgroup -S testuser && adduser -S testuser -G testuser -s /bin/ash
7+
# NOTE: Ideally the password should be set to *, but I am uncertain how to do
8+
# that in alpine. It shouldn't matter since PermitEmptyPasswords is "no".
9+
RUN passwd -u testuser
10+
11+
RUN mkdir /repos && chown testuser /repos
12+
COPY --chown=testuser:testuser bar /repos/bar
13+
USER testuser
14+
WORKDIR /repos/bar
15+
RUN git config --global user.email "testuser@example.com" &&\
16+
git config --global user.name "Test User" &&\
17+
git init -b master . &&\
18+
git add Cargo.toml src &&\
19+
git commit -m "Initial commit" &&\
20+
mv .git ../bar.git &&\
21+
cd ../bar.git &&\
22+
git config --bool core.bare true &&\
23+
rm -rf ../bar
24+
WORKDIR /
25+
USER root
26+
27+
EXPOSE 22
28+
29+
ENTRYPOINT ["/usr/sbin/sshd", "-D", "-E", "/var/log/auth.log"]
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
[package]
2+
name = "bar"
3+
version = "1.0.0"
4+
edition = "2021"
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
// Intentionally blank.

0 commit comments

Comments
 (0)