how to run test against the built image before pushing to container's registry?

Asked 27/8, 2020 at 9:46 Answered 2/9 at 15:31

From the gitlab documentation this is how to create a docker image using kaniko:

build:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
  only:
    - tags

but I want to run the test first(pytest) before pushing it to the container registry. Any help is greatly appreciated. Thanks!

Binky answered 27/8, 2020 at 9:46 Comment(1)

You can simply add a test job before the build, which would use the correct python image, install and run pytest, and even optionally store the coverage. Some good examples in this blog post or the official doc. If the tests fail, the build stage won't be run and your image not created. – Tremann 27/8, 2020 at 10:51

I assume you want to run the tests inside the Docker container you are building the image for.

The best solution I came up with so far is

add the tests as another stage in a multi-stage Dockerfile
in your test-image job, run Kaniko without pushing the image at the end (this will run your tests during the build of the image)
in the build-image job, run Kaniko with pushing the image and specify the stage/layer of the image you want to push using the --target directive

Here is an example:

.gitlab-ci.yml

build:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - mkdir -p /kaniko/.docker
    - >-
     echo "{\"auths...}" > /kaniko/.docker/config.json
  script:
    - >-
      /kaniko/executor
      --context $KANIKO_BUILD_CONTEXT
      --dockerfile $DOCKERFILE_PATH
      --destination $IMAGE_TAG
      --target image

Dockerfile

FROM ubuntu as image

RUN apt update -y && \
    apt upgrade -y
    
RUN apt install -y git



FROM devimage as test

# smoke test to see whether git was installed as expected
RUN git --version

# you can add further tests here...

This will run the tests in a second stage within the Docker build. This would be the place where you can also install test frameworks and other test-only resources that shouldn't make it into the image pushed to the container registry.

Kaniko won't push the image, if the tests fail.

Slating answered 13/2, 2023 at 9:11 Comment(0)

@michael-lihs's solution requires double image building (which takes a lot of time). --target is implemented in kaniko like in docker where: The builder skips commands after the target stage.

It is possible that such a solution would work well:

FROM ubuntu as baseimage

RUN apt update -y && \
    apt upgrade -y
    
RUN apt install -y git

FROM devimage as test

# smoke test to see whether git was installed as expected
RUN git --version

# you can add further tests here..

FROM baseimage as image # kaniko stops building here

.gitlab-ci.yml same as @michael-lihs posted. But didn't test it yet

Dwain answered 2/9 at 15:31 Comment(0)

Recommended topics

Hot tags