chore: Add docker image tests - container-structure-test-config and dive-ci (#365)

2025-10-15 17:38:54 +02:00 · 2022-04-16 19:06:58 +03:00 · 2022-04-16 19:06:58 +03:00 · 4874cfe42e
commit 4874cfe42e
parent f1822ed810
4 changed files with 95 additions and 6 deletions
--- a/.github/.container-structure-test-config.yaml
+++ b/.github/.container-structure-test-config.yaml
@ -0,0 +1,58 @@
+schemaVersion: '2.0.0'
+commandTests:
+  - name: "pre-commit"
+    command: "pre-commit"
+    args: ["-V"]
+    expectedOutput: ["^pre-commit ([0-9]+\\.){2}[0-9]+\\n$"]
+
+  - name: "terraform"
+    command: "terraform"
+    args: ["-version"]
+    expectedOutput: ["^Terraform v([0-9]+\\.){2}[0-9]+\\non linux_amd64\\n$"]
+
+  - name: "checkov"
+    command: "checkov"
+    args: ["--version"]
+    expectedOutput: ["^([0-9]+\\.){2}[0-9]+\\n$"]
+
+  - name: "infracost"
+    command: "infracost"
+    args: ["--version"]
+    expectedOutput: ["^Infracost v([0-9]+\\.){2}[0-9]+\\n$"]
+
+  - name: "terraform-docs"
+    command: "terraform-docs"
+    args: ["--version"]
+    expectedOutput: ["^terraform-docs version v([0-9]+\\.){2}[0-9]+ [a-z0-9]+ linux/amd64\\n$"]
+
+  - name: "terragrunt"
+    command: "terragrunt"
+    args: ["--version"]
+    expectedOutput: ["^terragrunt version v([0-9]+\\.){2}[0-9]+\\n$"]
+
+  - name: "terrascan"
+    command: "terrascan"
+    args: [ "version" ]
+    expectedOutput: [ "^version: v([0-9]+\\.){2}[0-9]+\\n$" ]
+
+  - name: "tflint"
+    command: "tflint"
+    args: [ "--version" ]
+    expectedOutput: [ "TFLint version ([0-9]+\\.){2}[0-9]+\\n$" ]
+
+  - name: "tfsec"
+    command: "tfsec"
+    args: [ "--version" ]
+    expectedOutput: [ "([0-9]+\\.){2}[0-9]+\\n$" ]
+
+  - name: "tfupdate"
+    command: "tfupdate"
+    args: [ "--version" ]
+    expectedOutput: [ "([0-9]+\\.){2}[0-9]+\\n$" ]
+
+fileExistenceTests:
+  - name: 'terrascan init'
+    path: '/root/.terrascan/pkg/policies/opa/rego/github/github_repository/privateRepoEnabled.rego'
+    shouldExist: true
+    uid: 0
+    gid: 0
--- a/.github/.dive-ci.yaml
+++ b/.github/.dive-ci.yaml
@ -0,0 +1,13 @@
+rules:
+  # If the efficiency is measured below X%, mark as failed.
+  # Expressed as a ratio between 0-1.
+  lowestEfficiency: 0.99
+
+  # If the amount of wasted space is at least X or larger than X, mark as failed.
+  # Expressed in B, KB, MB, and GB.
+  highestWastedBytes: 12MB
+
+  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
+  # Note: the base image layer is NOT included in the total image size.
+  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
+  highestUserWastedPercent: 0.02
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -118,10 +118,11 @@ You can use [this PR](https://github.com/antonbabenko/pre-commit-terraform/pull/
    * `docker build -t pre-commit --build-arg INSTALL_ALL=true .`
    * `docker build -t pre-commit --build-arg <NEW_HOOK>_VERSION=latest .`
    * `docker build -t pre-commit --build-arg <NEW_HOOK>_VERSION=<1.2.3> .`
-2. Add new hook to [`.pre-commit-hooks.yaml`](../.pre-commit-hooks.yaml)
-3. Create hook file. Don't forget to make it executable via `chmod +x /path/to/hook/file`.
-4. Test hook. How to do it is described in [Run and debug hooks locally](#run-and-debug-hooks-locally) section.
-5. Test hook one more time.
+2. Add Docker structure tests to [`.github/.container-structure-test-config.yaml`](.container-structure-test-config.yaml)
+3. Add new hook to [`.pre-commit-hooks.yaml`](../.pre-commit-hooks.yaml)
+4. Create hook file. Don't forget to make it executable via `chmod +x /path/to/hook/file`.
+5. Test hook. How to do it is described in [Run and debug hooks locally](#run-and-debug-hooks-locally) section.
+6. Test hook one more time.
    1. Push commit with hook file to GitHub
    2. Grab SHA hash of the commit
    3. Test hook using `.pre-commit-config.yaml`:
--- a/.github/workflows/build-image-test.yaml
+++ b/.github/workflows/build-image-test.yaml
@ -2,10 +2,12 @@ name: "Build Dockerfile if changed and run smoke tests"

 on: [pull_request]

+env:
+  IMAGE_TAG: pr-test
+
 jobs:
  build:
    runs-on: ubuntu-latest
-    name: Test changed-files
    steps:
      - uses: actions/checkout@v2
        with:
@ -28,4 +30,19 @@ jobs:
          platforms: linux/amd64
          push: false
          tags: |
-            ghcr.io/${{ github.repository }}:pr-test
+            ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
+
+      - name: Run structure tests
+        if: steps.changed-files-specific.outputs.any_changed == 'true'
+        uses: plexsystems/container-structure-test-action@v0.1.0
+        with:
+          image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
+          config: .github/.container-structure-test-config.yaml
+
+      - name: Dive - check image for waste files
+        if: steps.changed-files-specific.outputs.any_changed == 'true'
+        uses: MaxymVlasov/dive-action@v0.1.0
+        with:
+          image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
+          config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
+          github-token: ${{ secrets.GITHUB_TOKEN }}