End to end integration testing #524
Comments
|
thanks for filing this @kushaldas - would this be using OpenQA? linking #16 which is related to this |
My idea is not to use OpenQA and skipping all the issues with nested-virt and performance. Instead, having our own testing framework. |
|
Keeping this in the near-term backlog because it's so important to discuss, but I think the next step here is to figure out a realistic scope and timeline, before we can add this to a future sprint. |
|
Leaving open - work is ongoing on automating provisioning of Qubes setups for test purposes, which aligns with the approach in this issue. |
|
As I understand, the setting up a CI groundwork is already done and what we're missing now actually creating the integration tests. |
|
I am planning on taking a peek at integrations tests with my Qubes-updater integration PR. What I am thinking is expanding tests to create some extra VMs as needed and tearing them down at the end, likely under |
|
Just some notes/thoughts from the hacking we did on this last week:
I think we should make an initial decision regarding framework soon-ish, so we can try writing basic tests and see what it looks like, and then make a more final decision on which direction to go and then write even more tests. |
|
We've been playing around with OpenQA and we've almost got a full SecureDrop Workstation installation test (respective PR here). Thanks to the Qubes team for letting up use their infrastructure. Here's a picture of a successful test run up to the launcher / updater:
Next StepsThese are some notes on potential next steps that @legoktm and I converged on. Which tests to create?
Which SecureDrop server do we useWe want a fresh dev server at the beginning of the test run. Easiest way is make dev-tor in the work:
Note: The Tor network may add some flakiness to the tests. At some point we may want to have some local server (without Tor) and then if the server connection fails on the test, we softfail it and use a localserver a a workaround. This way it can be clear in the test interface that not everything went alright, but we still get to see if the remaining of the test runs. Otherwise we won't have CI working for a while due to bad Tor weather Note2: We may also want to consider having different Running integrations tests in OpenQAThe Qubes team also does run integration tests in OpenQA and uploads the test results in a way that's easily visible in the user interface (using the JunitXML format), unlike our current solution where we need to visually parse the log. We agreed that this is a nice thing to have but not critical yet since we have a working alternative, which already has the "tigger on PR" part figured out. How are tests going to be triggered?Running nightlies for now is a good start. Later look into how we can make these triggered on PRs. |
FYI openQA supports multi-machine tests, with one use case being an extra "support server" for the test. It's documented at https://open.qa/docs/#mm-tests. I have never used this feature, so I don't know if that's a good fit here (and whether the extra complexity is worth it). |
|
That is pretty interesting. Thanks for bringing it up. We should definitely explore that. |
We currently have unit test cases for the different parts of the workstation
project, and the
securedrop-clientalso has some functional tests for theclient itself.
But, we have too many different moving sub-projects under workstation, having
an end to end integration test is really important for us. This will help us
to automate many of the steps/checks which take a lot of time for us (humans)
to do.
What is the plan?
The rough idea is to have one (at least) dedicated QubesOS system with stable
updates channel (we can later have another one with Qubes testing repositories
enabled) and
securedrop-workstationinstalled. Then based on the decidedtime (nightly or a few times daily) we have our own test framework (in dom0)
to click on the
securedrop-clientdesktop icon, and login (or the updatestory)and do all QA steps one by one. It can store the results in a local
directory, and also will keep taking screenshots on the way. It will copy the
over the results to a dedicated vm, and that vm will push and publish the
result (details we have to figure out).
The - points
It will take a lot of development time and new hardware cost to have this.
The + points
We can save enormous QA time if we let the computer do this testing. We are
not going to test in QubesOS works, except the features we are dependent on,
thus we can find any bug which will hit us in production in the coming days.
We will also have regular screenshots taken, which can be used in the
documentation and other demos.
For me one of the major reason to write this proposal is that I am a lazy
Python programmer, and I would love to get the computer do this work (which it
can do better than humans) and we can focus on other interesting problems in
the SecureDrop world.
Now, any proposal is too theoretical unless we have a PoC. So, here is one
super quick demo that we can click on the desktop icon, and login into the
client.
Oh, you have to trust me that I did not type or clicked in that video, it is
my code :D
The text was updated successfully, but these errors were encountered: