tgolsson · tgolsson · May 30, 2023 · Jun 4, 2023 · Jun 18, 2023 · Jul 18, 2023
diff --git a/examples/oci/BUILD b/examples/oci/BUILD
@@ -1,3 +1,5 @@
+file(name="files", source="test.txt")
+
 oci_pull_images(
     name="python3-d11",
     repository="gcr.io/distroless/python3-debian11",
@@ -29,7 +31,6 @@ oci_image_build(
     tag="latest",
 )
 
-
 oci_image_build(
     name="with_empty_base",
     base=["//:empty"],
@@ -38,3 +39,32 @@ oci_image_build(
     ],
     tag="latest",
 )
+
+oci_structure_test(
+    name="structure_test",
+    base=["//:empty"],
+    expected_digest="e0039d9a394788147eb854e5efe5429723352c288faa47de3bb1abbd53a7f7bb",
+)
+
+oci_structure_test(
+    name="structure_test_2",
+    base=[":with_empty_base"],
+    expected_digest="325c5377ca16b7a5ae737e2bb581f618540e967b1d0af4a410410bbf57b4834a",
+)
+
+oci_image_build(
+    name="with_file",
+    base=["//:empty"],
+    packages=[
+        ":example2",
+        ":files",
+    ],
+    tag="latest",
+)
+
+
+oci_structure_test(
+    name="structure_test_3",
+    base=[":with_file"],
+    expected_digest="c55e7c3fd6257e99aa041268974b4b6ecbd3d54bdda2254e858a2e6a7890b8c",
+)
diff --git a/examples/oci/test.txt b/examples/oci/test.txt
@@ -0,0 +1 @@
+foobar
diff --git a/pants-plugins/oci/CHANGELOG.md b/pants-plugins/oci/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+- Add new `oci_structure_test` target. As a start, it allows validating the digest of the image.
+
 ## 0.4.0 - 2023-06-18
 
 - Improved support for very large layers > 2GB. A lot of layers will now be compressed in

diff --git a/pants-plugins/oci/pants_backend_oci/goals/__init__.py b/pants-plugins/oci/pants_backend_oci/goals/__init__.py
@@ -1,4 +1,4 @@
-from pants_backend_oci.goals import package, package_build_step, publish, run
+from pants_backend_oci.goals import package, package_build_step, publish, run, test
 
 
 def rules():
@@ -7,4 +7,5 @@ def rules():
         *package.rules(),
         *package_build_step.rules(),
         *run.rules(),
+        *test.rules(),
     ]
diff --git a/pants-plugins/oci/pants_backend_oci/goals/test.py b/pants-plugins/oci/pants_backend_oci/goals/test.py
@@ -0,0 +1,135 @@
+from dataclasses import dataclass
+from typing import Any
+
+from pants.core.goals.test import (
+    TestDebugAdapterRequest,
+    TestDebugRequest,
+    TestFieldSet,
+    TestRequest,
+    TestResult,
+    TestSubsystem,
+)
+from pants.engine.addresses import Addresses, UnparsedAddressInputs
+from pants.engine.fs import EMPTY_FILE_DIGEST
+from pants.engine.rules import Get, collect_rules, rule
+from pants.engine.target import WrappedTarget, WrappedTargetRequest
+from pants.engine.unions import UnionRule
+from pants.util.logging import LogLevel
+from pants.version import PANTS_SEMVER, Version
+
+from pants_backend_oci.subsystems.test import OciTestSubsystem
+from pants_backend_oci.targets import DummySource, ExpectedImageDigest, ImageBase
+from pants_backend_oci.util_rules.image_bundle import (
+    FallibleImageBundle,
+    FallibleImageBundleRequest,
+    FallibleImageBundleRequestWrap,
+    ImageBundleRequest,
+)
+
+
+@dataclass(frozen=True)
+class StructureTestFieldSet(TestFieldSet):
+    if PANTS_SEMVER >= Version("2.16.0dev0"):
+        required_fields = (
+            ExpectedImageDigest,
+            ImageBase,
+        )
+    else:
+        required_fields = (
+            ExpectedImageDigest,
+            ImageBase,
+            DummySource,
+        )
+
+    digest: ExpectedImageDigest
+    base: ImageBase
+
+
+@dataclass(frozen=True)
+class StructureTestRequest(TestRequest):
+    tool_subsystem = OciTestSubsystem
+    field_set_type = StructureTestFieldSet
+
+
+@rule(desc="Executing structure test", level=LogLevel.DEBUG)
+async def run_oci_structure_test(
+    batch: StructureTestRequest.Batch[StructureTestFieldSet, Any],
+    test_subsystem: TestSubsystem,
+    oci_test_subsystem: OciTestSubsystem,
+) -> TestResult:
+    field_set = batch.single_element
+
+    base = await Get(
+        Addresses,
+        UnparsedAddressInputs,
+        field_set.base.to_unparsed_address_inputs(),
+    )
+
+    wrapped_target = await Get(
+        WrappedTarget,
+        WrappedTargetRequest(base[0], description_of_origin="<OCI Structure Test>"),
+    )
+
+    target = wrapped_target.target
+    bundle_request = await Get(FallibleImageBundleRequestWrap, ImageBundleRequest(target))
+    image = await Get(FallibleImageBundle, FallibleImageBundleRequest, bundle_request.request)
+
+    if image.exit_code != 0:
+        return TestResult(
+            exit_code=image.exit_code,
+            stdout=image.stdout,
+            stderr=image.stderr,
+            stdout_digest=EMPTY_FILE_DIGEST,
+            stderr_digest=EMPTY_FILE_DIGEST,
+            addresses=(field_set.address,),
+            output_setting=test_subsystem.output,
+            result_metadata=None,
+        )
+
+    output = image.output
+    digest = output.image_sha.lstrip("sha256:")
+    if digest != field_set.digest.value:
+        return TestResult(
+            exit_code=1,
+            stdout=f"Expected digest {field_set.digest.value} but got {digest}",
+            stderr="",
+            stdout_digest=EMPTY_FILE_DIGEST,
+            stderr_digest=EMPTY_FILE_DIGEST,
+            addresses=(field_set.address,),
+            output_setting=test_subsystem.output,
+            result_metadata=None,
+        )
+
+    return TestResult(
+        exit_code=0,
+        stdout="",
+        stderr="",
+        stdout_digest=EMPTY_FILE_DIGEST,
+        stderr_digest=EMPTY_FILE_DIGEST,
+        addresses=(field_set.address,),
+        output_setting=test_subsystem.output,
+        result_metadata=None,
+    )
+
+
+if not PANTS_SEMVER >= Version("2.16.0dev0"):
+
+    @rule
+    async def setup_example_debug_test(
+        batch: StructureTestRequest.Batch[StructureTestFieldSet, Any],
+    ) -> TestDebugRequest:
+        raise NotImplementedError()
+
+    @rule
+    async def setup_example_debug_adapter_test(
+        batch: StructureTestRequest.Batch[StructureTestFieldSet, Any],
+    ) -> TestDebugAdapterRequest:
+        raise NotImplementedError()
+
+
+def rules():
+    return [
+        UnionRule(TestFieldSet, StructureTestFieldSet),
+        *StructureTestRequest.rules(),
+        *collect_rules(),
+    ]
diff --git a/pants-plugins/oci/pants_backend_oci/goals/test_integration_test.py b/pants-plugins/oci/pants_backend_oci/goals/test_integration_test.py
@@ -0,0 +1,153 @@
+from __future__ import annotations
+
+import os
+from textwrap import dedent
+
+from pants.testutil.pants_integration_test import run_pants, setup_tmpdir
+from pants.version import PANTS_SEMVER, Version
+
+VERSION = "215"
+if PANTS_SEMVER > Version("2.17.0dev0"):
+    VERSION = "217"
+elif PANTS_SEMVER > Version("2.16.0dev0"):
+    VERSION = "216"
+
+SIMPLE_EXPECTED_DIGEST = {
+    "215": "e90e0558571ea8aebe5546e951fef0a5319063e3c8e8006a1bf894cc14e845b",
+    "216": "cb0e4a9d23544283b90cfbaf976d7384a6397216973cb9b0a6c79538409ffa1b",
+    "217": "1b2bbbd6a2cd86d45ed94daa6403fa418d48967383d8f688ec41406d25781b2",
+}[VERSION]
+
+
+def test_test_oci_container() -> None:
+    build_inputs = {
+        "BUILD_ROOT": "",
+        "../oci/BUILD": dedent(
+            f"""\
+                python_sources(name="examples")
+
+                oci_pull_images(
+                    name="python3-d11",
+                    repository="gcr.io/distroless/python3-debian11",
+                    variants=dict(latest="62da909329b74929181b2eac28da3be52b816c7d3d3f676bda04887c98c41593"),
+                )
+
+                pex_binary(name="example", entry_point="example.py", shebang="#!/usr/bin/python", layout="packed")
+
+                oci_image_build(
+                    name="oci",
+                    base=[":python3-d11#latest"],
+                    packages=[
+                        ":example",
+                    ],
+                )
+
+                oci_structure_test(
+                    name="oci-test",
+                    base=[":oci"],
+                    expected_digest="{SIMPLE_EXPECTED_DIGEST}",
+                )
+            """
+        ),
+        "../oci/example.py": dedent(
+            """\
+            print("Hello world!")
+            """
+        ),
+    }
+
+    uid = os.getuid()
+    gid = os.getgid()
+
+    with setup_tmpdir(build_inputs) as _:
+        result = run_pants(
+            [
+                "--backend-packages=pants_backend_oci",
+                "--backend-packages=pants.backend.python",
+                "--pants-ignore=['.python-build-standalone', '.*/', '/dist/', '__pycache__']",
+                f"--oci-uid-map=['0:{uid}:1']",
+                "--oci-uid-map=1:100000:65536",
+                f"--oci-gid-map=['0:{gid}:1']",
+                "--oci-gid-map=1:100000:65536",
+                "--no-local-cache",
+                "--keep-sandboxes=always",
+                "test",
+                "oci:oci-test",
+            ],
+            extra_env={"PANTS_PYTHON_INTERPRETER_CONSTRAINTS": "['CPython==3.9.*']"},
+        )
+
+    result.assert_success()
+
+
+FILE_EXPECTED_DIGEST = {
+    "215": "405fb07fc971eb02248e0488226cc7ada6282dfd6392ec52fbe2a9915815dfc",
+    "216": "03733c67e62860782d5bd7312f1fd2c0edab2b2ad64b5cc16f0eeb92e09c4eac",
+    "217": "3a9f9b854c3d676f00167102b8eb6f8929ea3240cf8fe36bed3d1a73ace9d21c",
+}[VERSION]
+
+
+def test_test_oci_container_file() -> None:
+    build_inputs = {
+        "BUILD_ROOT": "",
+        "../oci/BUILD": dedent(
+            f"""\
+                python_sources(name="examples")
+
+                oci_pull_images(
+                    name="python3-d11",
+                    repository="gcr.io/distroless/python3-debian11",
+                    variants=dict(latest="62da909329b74929181b2eac28da3be52b816c7d3d3f676bda04887c98c41593"),
+                )
+
+                file(name="files", source="file.txt")
+
+                pex_binary(name="example", entry_point="example.py", shebang="#!/usr/bin/python", layout="packed")
+
+                oci_image_build(
+                    name="oci",
+                    base=[":python3-d11#latest"],
+                    packages=[
+                        ":example",
+                        ":files",
+                    ],
+                )
+
+                oci_structure_test(
+                    name="oci-test",
+                    base=[":oci"],
+                    expected_digest="{FILE_EXPECTED_DIGEST}",
+                )
+                """
+        ),
+        "../oci/file.txt": "Hello from a file!\n",
+        "../oci/resource.txt": "Hello from a file!\n",
+        "../oci/example.py": dedent(
+            """
+            print("Hello world!")
+            """
+        ),
+    }
+
+    uid = os.getuid()
+    gid = os.getgid()
+
+    with setup_tmpdir(build_inputs):
+        result = run_pants(
+            [
+                "--backend-packages=pants_backend_oci",
+                "--backend-packages=pants.backend.python",
+                "--keep-sandboxes=always",
+                "--pants-ignore=['.python-build-standalone', '.*/', '/dist/', '__pycache__']",
+                f"--oci-uid-map=['0:{uid}:1']",
+                "--oci-uid-map=1:100000:65536",
+                f"--oci-gid-map=['0:{gid}:1']",
+                "--oci-gid-map=1:100000:65536",
+                "--no-local-cache",
+                "test",
+                "oci:oci-test",
+            ],
+            extra_env={"PANTS_PYTHON_INTERPRETER_CONSTRAINTS": "['CPython==3.9.*']"},
+        )
+
+    result.assert_success()
diff --git a/pants-plugins/oci/pants_backend_oci/subsystem.py b/pants-plugins/oci/pants_backend_oci/subsystem.py
@@ -5,6 +5,8 @@
 from pants.option.option_types import BoolOption, StrListOption, StrOption
 from pants.option.subsystem import Subsystem
 
+from pants_backend_oci.subsystems import test
+
 
 class OciSubsystem(Subsystem):
     options_scope = "oci"
@@ -136,4 +138,5 @@ def rules():
         *RuncTool.rules(),
         *UmociTool.rules(),
         *OciSubsystem.rules(),
+        *test.OciTestSubsystem.rules(),
     ]
diff --git a/pants-plugins/oci/pants_backend_oci/subsystems/BUILD b/pants-plugins/oci/pants_backend_oci/subsystems/BUILD
@@ -0,0 +1,3 @@
+python_sources(
+    sources=["*.py"]
+)
diff --git a/pants-plugins/oci/pants_backend_oci/subsystems/test.py b/pants-plugins/oci/pants_backend_oci/subsystems/test.py
@@ -0,0 +1,13 @@
+from __future__ import annotations
+
+from pants.option.option_types import SkipOption
+from pants.option.subsystem import Subsystem
+
+
+class OciTestSubsystem(Subsystem):
+    options_scope = "oci-test"
+    name = "OCI test subsystem"
+
+    help = "Options for OCI container tests."
+
+    skip = SkipOption("test")