private string BuildTestAppImage(string stageTarget, string contextDir, params string[] customBuildArgs)
{
string tag = _imageData.GetIdentifier(stageTarget);
List <string> buildArgs = new List <string>();
buildArgs.Add($"sdk_image={_imageData.GetImage(DotNetImageType.SDK, _dockerHelper)}");
DotNetImageType runtimeImageType = _isWeb ? DotNetImageType.AspNetCore_Runtime : DotNetImageType.Runtime;
buildArgs.Add($"runtime_image={_imageData.GetImage(runtimeImageType, _dockerHelper)}");
if (DockerHelper.IsLinuxContainerModeEnabled)
{
buildArgs.Add($"runtime_deps_image={_imageData.GetImage(DotNetImageType.Runtime_Deps, _dockerHelper)}");
}
if (customBuildArgs != null)
{
buildArgs.AddRange(customBuildArgs);
}
_dockerHelper.Build(
tag: tag,
target: stageTarget,
contextDir: contextDir,
buildArgs: buildArgs.ToArray());
return(tag);
}
public void VerifySdkImage_PackageCache(ImageData imageData)
{
string verifyCacheCommand = null;
if (imageData.Version.Major == 2)
{
if (DockerHelper.IsLinuxContainerModeEnabled)
{
verifyCacheCommand = "test -d /usr/share/dotnet/sdk/NuGetFallbackFolder";
}
else
{
verifyCacheCommand = "CMD /S /C PUSHD \"C:\\Program Files\\dotnet\\sdk\\NuGetFallbackFolder\"";
}
}
else
{
_outputHelper.WriteLine(".NET Core SDK images >= 3.0 don't include a package cache.");
}
if (verifyCacheCommand != null)
{
// Simple check to verify the NuGet package cache was created
_dockerHelper.Run(
image: imageData.GetImage(DotNetImageType.SDK, _dockerHelper),
command: verifyCacheCommand,
name: imageData.GetIdentifier("PackageCache"));
}
}
public void VerifyImage_InsecureFilesCheck(ImageData imageData)
{
if (imageData.Version < new Version("3.1") || !DockerHelper.IsLinuxContainerModeEnabled ||
(imageData.OS.Contains("alpine") && imageData.IsArm))
{
return;
}
string worldWritableDirectoriesWithoutStickyBitCmd = @"find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \)";
string worldWritableFilesCmd = "find / -xdev -type f -perm -o+w";
string noUserOrGroupFilesCmd;
if (imageData.OS.Contains("alpine"))
{
// BusyBox in Alpine doesn't support the more convenient -nouser and -nogroup options for the find command
noUserOrGroupFilesCmd = @"find / -xdev -exec stat -c %U-%n {} \+ | { grep ^UNKNOWN || true; }";
}
else
{
noUserOrGroupFilesCmd = @"find / -xdev \( -nouser -o -nogroup \)";
}
string command = $"/bin/sh -c \"{worldWritableDirectoriesWithoutStickyBitCmd} && {worldWritableFilesCmd} && {noUserOrGroupFilesCmd}\"";
foreach (DotNetImageType imageType in Enum.GetValues(typeof(DotNetImageType)))
{
string output = _dockerHelper.Run(
image: imageData.GetImage(imageType, _dockerHelper),
name: imageData.GetIdentifier($"InsecureFiles-{imageType}"),
command: command
);
Assert.Empty(output);
}
}
public static void Validate(
IEnumerable <EnvironmentVariableInfo> variables,
DotNetImageType imageType,
ImageData imageData,
DockerHelper dockerHelper)
{
const char delimiter = '|';
IEnumerable <string> echoParts;
string invokeCommand;
char delimiterEscape;
if (DockerHelper.IsLinuxContainerModeEnabled)
{
echoParts = variables.Select(envVar => $"${envVar.Name}");
invokeCommand = $"/bin/sh -c";
delimiterEscape = '\\';
}
else
{
echoParts = variables.Select(envVar => $"%{envVar.Name}%");
invokeCommand = $"CMD /S /C";
delimiterEscape = '^';
}
string combinedValues = dockerHelper.Run(
image: imageData.GetImage(imageType, dockerHelper),
name: imageData.GetIdentifier($"env"),
command: $"{invokeCommand} \"echo {String.Join($"{delimiterEscape}{delimiter}", echoParts)}\"");
string[] values = combinedValues.Split(delimiter);
Assert.Equal(variables.Count(), values.Count());
for (int i = 0; i < values.Count(); i++)
{
EnvironmentVariableInfo variable = variables.ElementAt(i);
string actualValue;
// Process unset variables in Windows
if (!DockerHelper.IsLinuxContainerModeEnabled &&
string.Equals(values[i], $"%{variable.Name}%", StringComparison.Ordinal))
{
actualValue = string.Empty;
}
else
{
actualValue = values[i];
}
if (variable.AllowAnyValue)
{
Assert.NotEmpty(actualValue);
}
else
{
Assert.Equal(variable.ExpectedValue, actualValue);
}
}
}
public void VerifySDKImage_PowerShellScenario(ImageData imageData)
{
if (imageData.Version.Major < 3)
{
_outputHelper.WriteLine("PowerShell does not exist in pre-3.0 images, skip testing");
return;
}
// A basic test which executes an arbitrary command to validate PS is functional
string output = _dockerHelper.Run(
image: imageData.GetImage(DotNetImageType.SDK, _dockerHelper),
name: imageData.GetIdentifier($"pwsh"),
command: $"pwsh -c (Get-Childitem env:DOTNET_RUNNING_IN_CONTAINER).Value"
);
Assert.Equal(output, bool.TrueString, ignoreCase: true);
}
