qa/qa/specs/features/browser_ui/4_verify/pipeline/pipeline_with_image_pull_policy_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

# frozen_string_literal: true

module QA
  RSpec.describe 'Verify', :runner, product_group: :pipeline_authoring do
    describe 'Pipeline with image:pull_policy' do
      let(:runner_name) { "qa-runner-#{Faker::Alphanumeric.alphanumeric(number: 8)}" }
      let(:job_name) { "test-job-#{pull_policies.join('-')}" }

      let(:project) do
        Resource::Project.fabricate_via_api! do |project|
          project.name = 'pipeline-with-image-pull-policy'
        end
      end

      let!(:runner) do
        Resource::ProjectRunner.fabricate! do |runner|
          runner.project = project
          runner.name = runner_name
          runner.tags = [runner_name]
          runner.executor = :docker
        end
      end

      before do
        update_runner_policy(allowed_policies)
        add_ci_file
        Flow::Login.sign_in
        project.visit!
        Flow::Pipeline.visit_latest_pipeline
      end

      after do
        runner.remove_via_api!
      end

      context 'when policy is allowed' do
        let(:allowed_policies) { %w[if-not-present always never] }

        where do
          {
            'with [always] policy' => {
              pull_policies: %w[always],
              pull_image: true,
              message: 'Pulling docker image ruby:2.6',
              testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/367154'
            },
            'with [always if-not-present] policies' => {
              pull_policies: %w[always if-not-present],
              pull_image: true,
              message: 'Pulling docker image ruby:2.6',
              testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/368857'
            },
            'with [if-not-present] policy' => {
              pull_policies: %w[if-not-present],
              pull_image: true,
              message: 'Using locally found image version due to "if-not-present" pull policy',
              testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/368858'
            },
            'with [never] policy' => {
              pull_policies: %w[never],
              pull_image: false,
              message: 'Pulling docker image',
              testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/368859'
            }
          }
        end

        with_them do
          it 'applies pull policy in job correctly', testcase: params[:testcase] do
            visit_job

            if pull_image
              expect(job_log).to have_content(message),
                                 "Expected to find #{message} in #{job_log}, but didn't."
            else
              expect(job_log).not_to have_content(message),
                                 "Found #{message} in #{job_log}, but didn't expect to."
            end
          end
        end
      end

      context 'when policy is not allowed' do
        let(:allowed_policies) { %w[never] }
        let(:pull_policies) { %w[always] }

        # The sentence seems differ from time to time,
        # only checking portions of the sentence that matter
        let(:text1) { 'pull_policy ([always])' }
        let(:text2) { 'is not one of the allowed_pull_policies ([never])' }

        it(
          'fails job with policy not allowed message',
          testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/368853'
        ) do
          visit_job

          expect(job_log).to include(text1, text2),
                             "Expected to find contents #{text1} and #{text2} in #{job_log}, but didn't."
        end
      end

      private

      def update_runner_policy(allowed_policies)
        Runtime::Logger.info('Updating runner config to allow pull policies...')

        # Copy config.toml file from docker to local
        # Update local file with allowed_pull_policies config
        # Copy file with new content back to docker
        tempdir = Tempfile.new('config.toml')
        QA::Service::Shellout.shell("docker cp #{runner_name}:/etc/gitlab-runner/config.toml #{tempdir.path}")

        File.open(tempdir.path, 'a') do |f|
          f << %Q[    allowed_pull_policies = #{allowed_policies}\n]
        end

        QA::Service::Shellout.shell("docker cp #{tempdir.path} #{runner_name}:/etc/gitlab-runner/config.toml")

        tempdir.close!

        runner.restart
      end

      def add_ci_file
        Resource::Repository::Commit.fabricate_via_api! do |commit|
          commit.project = project
          commit.commit_message = 'Add .gitlab-ci.yml'
          commit.add_files(
            [
              {
                file_path: '.gitlab-ci.yml',
                content: <<~YAML
                  default:
                    image: ruby:2.6
                    tags: [#{runner_name}]

                  #{job_name}:
                    script: echo "Using pull policies #{pull_policies}"
                    image:
                      name: ruby:2.6
                      pull_policy: #{pull_policies}
                YAML
              }
            ]
          )
        end
      end

      def visit_job
        Page::Project::Pipeline::Show.perform do |show|
          Support::Waiter.wait_until(max_duration: 90) { show.completed? }

          show.click_job(job_name)
        end
      end

      def job_log
        Page::Project::Job::Show.perform(&:output)
      end
    end
  end
end