dev: Add make test-xenial makefile target for application tests

As evidenced by the test failures we've discovered, we'll need to make some changes that ideally work under both Trusty and Xenial. This means that we need to run the application tests in both environments. This PR adds a $BASE_OS env var that can be either "trusty" or "xenial". It uses this env var for docker builds, and modifies the docker build logic to point to a Dockerfile outside of the build context [1]. We make a new directory in the securedrop/ directory called Dockerfiles that contains the Dockerfiles for both environments. By default, the other Makefile targets will use Trusty. Once trusty is EOL, we can delete the Trusty Dockerfile, though it would be prudent to leave the BASE_OS logic in place for the next major OS transition. [1] docker/cli#886
freedomofpress · Sep 25, 2019 · 44daf59 · 44daf59
1 parent 0fc6bf2
commit 44daf59
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 6 deletions.
diff --git a/securedrop/Makefile b/securedrop/Makefile
@@ -17,9 +17,13 @@ lint-full:  ## Run the python linter with nothing disabled
 	find . -name '*.py' | xargs pylint
 
 .PHONY: test
-test: ## Run the test suite in a dockerized environment
+test: ## Run the test suite in a Ubuntu 14.04 (Trusty) dockerized environment
 	./bin/dev-shell ./bin/run-test -v $${TESTFILES:-tests}
 
+.PHONY: test-xenial
+test-xenial: ## Run the test suite in a Ubuntu 16.04 (Xenial) dockerized environment
+	BASE_OS=xenial ./bin/dev-shell ./bin/run-test -v $${TESTFILES:-tests}
+
 .PHONY: dev
 dev: ## Run the dev server
 	 DOCKER_RUN_ARGUMENTS='-p127.0.0.1:8080:8080 -p127.0.0.1:8081:8081 -p127.0.0.1:5901:5901' ./bin/dev-shell ./bin/run

diff --git a/securedrop/bin/dev-shell b/securedrop/bin/dev-shell
@@ -9,28 +9,48 @@ set -eu
 TOPLEVEL=$(git rev-parse --show-toplevel)
 source "${BASH_SOURCE%/*}/../../devops/scripts/ticker"
 
+if ! test -n "${BASE_OS:-}" ; then
+    # If no base OS was specified, then we use Trusty
+    BASE_OS=trusty
+fi
+
+function exit_if_not_supported_base_image() {
+    # Currently we only support Xenial or Trusty.
+    if [[ "$1" != "xenial" && "$1" != "trusty" ]]
+    then
+        echo "BASE_OS must be trusty or xenial"
+        exit 1
+    fi
+}
+
 function docker_image() {
+    exit_if_not_supported_base_image $1
+
     docker build \
            ${DOCKER_BUILD_ARGUMENTS:-} \
 	   --build-arg=USER_ID="$(id -u)" \
 	   --build-arg=USER_NAME="${USER:-root}" \
-           -t securedrop-test "${TOPLEVEL}/securedrop"
+           -t "securedrop-test-${1}" \
+       --file "${TOPLEVEL}/securedrop/dockerfiles/${1}/Dockerfile" \
+       "${TOPLEVEL}/securedrop"
 }
 
 function docker_run() {
+    exit_if_not_supported_base_image $1
+
     find . \( -name '*.pyc' -o -name __pycache__ \) -delete
     docker run \
 	   --rm \
 	   --user "${USER:-root}" \
 	   --volume "${TOPLEVEL}:${TOPLEVEL}" \
 	   --workdir "${TOPLEVEL}/securedrop" \
-	   -ti ${DOCKER_RUN_ARGUMENTS:-} securedrop-test "$@"
+	   -ti ${DOCKER_RUN_ARGUMENTS:-} "securedrop-test-${1}" "${@:2}"
 }
 
 if test -n "${CIRCLE_SHA1:-}" ; then
-   docker_image
+   docker_image $BASE_OS
 else
-   ticker docker_image
+   ticker docker_image $BASE_OS
 fi
 
-docker_run "$@"
+docker_run $BASE_OS "$@"
diff --git a/securedrop/dockerfiles/trusty/Dockerfile b/securedrop/dockerfiles/trusty/Dockerfile
@@ -0,0 +1,40 @@
+# ubuntu:14.04 as of 2018-06-19
+FROM ubuntu@sha256:885bb6705b01d99544ddb98cbe4e4555d1efe1d052cef90832e72a0688ac6b37
+ARG USER_NAME
+ENV USER_NAME ${USER_NAME:-root}
+ARG USER_ID
+ENV USER_ID ${USER_ID:-0}
+
+RUN apt-get update && \
+    apt-get install -y devscripts \
+                       python-pip libpython2.7-dev libssl-dev secure-delete \
+                       gnupg2 ruby redis-server firefox git xvfb haveged curl \
+                       gettext paxctl x11vnc enchant libffi-dev sqlite3
+
+RUN gem install sass -v 3.4.23
+
+ENV FIREFOX_CHECKSUM=88d25053306d33658580973b063cd459a56e3596a3a298c1fb8ab1d52171d860
+RUN curl -LO https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa/+build/9727836/+files/firefox_46.0.1+build1-0ubuntu0.14.04.3_amd64.deb && \
+    shasum -a 256 firefox*deb && \
+    echo "${FIREFOX_CHECKSUM}  firefox_46.0.1+build1-0ubuntu0.14.04.3_amd64.deb" | shasum -a 256 -c - && \
+    dpkg -i firefox*deb && apt-get install -f && \
+    paxctl -cm /usr/lib/firefox/firefox
+
+#
+# This can be removed when upgrading to something more recent than trusty
+#
+RUN echo deb http://archive.ubuntu.com/ubuntu/ xenial main > /etc/apt/sources.list.d/xenial.list && \
+    apt-get update && \
+    apt-get install -y gettext && \
+    rm /etc/apt/sources.list.d/xenial.list && \
+    apt-get update
+
+COPY requirements requirements
+RUN pip install -r requirements/securedrop-app-code-requirements.txt && \
+    pip install -r requirements/test-requirements.txt
+
+RUN if test $USER_NAME != root ; then useradd --no-create-home --home-dir /tmp --uid $USER_ID $USER_NAME && echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ; fi
+
+STOPSIGNAL SIGKILL
+
+EXPOSE 8080 8081 5901
diff --git a/securedrop/Dockerfile → securedrop/dockerfiles/xenial/Dockerfile b/securedrop/Dockerfile → securedrop/dockerfiles/xenial/Dockerfile