diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index acb324534e667..6e220cf3e1e94 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -22,6 +22,21 @@ jobs: fail-fast: false matrix: gotags: [ 'GOTAGS=""', 'GOTAGS=release' ] + shard: + - name: pkg-helm + packages: ./pkg/helm/... + - name: pkg-other + packages: ./pkg/... + exclude-pattern: /helm/ + - name: central-1 + packages: ./central/... + exclude-pattern: /central/[o-z] + - name: central-2 + packages: ./central/... + exclude-pattern: /central/[a-n] + - name: rest + packages: ./... + exclude-pattern: /pkg/|/central/ runs-on: ubuntu-latest outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} @@ -31,16 +46,20 @@ jobs: env: BUILD_TAG: 0.0.0 SHORTCOMMIT: "0000000" - container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.3 - volumes: - - /usr:/mnt/usr - - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v6 + + - uses: actions/setup-go@v6 with: - fetch-depth: 0 + go-version-file: go.mod + cache: false + + # setup-go exports GOTOOLCHAIN matching the go.mod value, which + # prevents auto-downloading newer toolchains. Override to auto so + # sub-modules with newer go directives (e.g. tools/proto) work. + - name: Override GOTOOLCHAIN + run: echo "GOTOOLCHAIN=auto" >> "$GITHUB_ENV" - uses: ./.github/actions/job-preamble with: @@ -50,15 +69,25 @@ jobs: - name: Cache Go dependencies uses: ./.github/actions/cache-go-dependencies with: - key-suffix: ${{ matrix.gotags }} + key-suffix: ${{ matrix.gotags }}-${{ matrix.shard.name }} - name: Go Unit Tests - run: ${{ matrix.gotags }} make go-unit-tests - - - uses: codecov/codecov-action@v3 - with: - token: ${{ secrets.CODECOV_TOKEN }} - flags: go-unit-tests + run: | + mkdir -p bin test-output + set -o pipefail + # Build package list, filtering out packages that have their own dedicated jobs + EXCLUDE='sensor/tests|operator/tests|/scanner/e2etests' + if [[ -n '${{ matrix.shard.exclude-pattern }}' ]]; then + EXCLUDE="${EXCLUDE}|${{ matrix.shard.exclude-pattern }}" + fi + PACKAGES=$(go list ${{ matrix.shard.packages }} | grep -Ev "$EXCLUDE") + # shellcheck disable=SC2086 + GOTAGS="${GOTAGS:+$GOTAGS,}test" CGO_ENABLED=1 GOEXPERIMENT=cgocheck2 MUTEX_WATCHDOG_TIMEOUT_SECS=30 \ + scripts/go-test.sh -timeout 25m -race -cover \ + -coverprofile test-output/coverage.out -v \ + $PACKAGES \ + | tee test-output/test.log + shell: bash - name: Generate junit report if: always() @@ -70,14 +99,59 @@ jobs: with: paths: 'junit-reports/report.xml' - - name: Go Integration Unit Tests - run: ${{ matrix.gotags }} make integration-unit-tests + - name: Report test failures to Jira + if: (!cancelled()) + id: junit2jira + uses: ./.github/actions/junit2jira + with: + create-jiras: ${{ github.event_name == 'push' }} + jira-user: ${{ secrets.JIRA_USER }} + jira-token: ${{ secrets.JIRA_TOKEN }} + gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} + directory: 'junit-reports' - - name: Go Operator Integration Tests - run: ${{ matrix.gotags }} make -C operator/ test-integration + go-integration: + strategy: + fail-fast: false + matrix: + gotags: [ 'GOTAGS=""', 'GOTAGS=release' ] + runs-on: ubuntu-latest + env: + BUILD_TAG: 0.0.0 + SHORTCOMMIT: "0000000" + steps: + - name: Checkout + uses: actions/checkout@v6 - - name: Go Operator Helm Tests - run: ${{ matrix.gotags }} make -C operator/ test-helm + - uses: actions/setup-go@v6 + with: + go-version-file: go.mod + cache: false + + # setup-go exports GOTOOLCHAIN matching the go.mod value, which + # prevents auto-downloading newer toolchains. Override to auto so + # sub-modules with newer go directives (e.g. tools/proto) work. + - name: Override GOTOOLCHAIN + run: echo "GOTOOLCHAIN=auto" >> "$GITHUB_ENV" + + - uses: ./.github/actions/job-preamble + with: + gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} + + - name: Cache Go dependencies + uses: ./.github/actions/cache-go-dependencies + with: + key-suffix: ${{ matrix.gotags }}-integration + + - name: Go Integration Unit Tests + run: | + mkdir -p test-output + set -o pipefail + PACKAGES=$(go list ./... | grep -E 'registries|scanners|notifiers') + # shellcheck disable=SC2086 + ${{ matrix.gotags }} GOTAGS="${GOTAGS:+$GOTAGS,}test,integration" CGO_ENABLED=1 GOEXPERIMENT=cgocheck2 MUTEX_WATCHDOG_TIMEOUT_SECS=30 \ + scripts/go-test.sh -v $PACKAGES | tee test-output/test.log + shell: bash - name: Generate junit report if: always() @@ -89,16 +163,45 @@ jobs: with: paths: 'junit-reports/report.xml' - - name: Report test failures to Jira - if: (!cancelled()) - id: junit2jira - uses: ./.github/actions/junit2jira + go-operator-integration: + strategy: + fail-fast: false + matrix: + gotags: [ 'GOTAGS=""', 'GOTAGS=release' ] + runs-on: ubuntu-latest + env: + BUILD_TAG: 0.0.0 + SHORTCOMMIT: "0000000" + steps: + - name: Checkout + uses: actions/checkout@v6 + + - uses: actions/setup-go@v6 + with: + go-version-file: go.mod + cache: false + + # setup-go exports GOTOOLCHAIN matching the go.mod value, which + # prevents auto-downloading newer toolchains. Override to auto so + # sub-modules with newer go directives (e.g. tools/proto) work. + - name: Override GOTOOLCHAIN + run: echo "GOTOOLCHAIN=auto" >> "$GITHUB_ENV" + + - uses: ./.github/actions/job-preamble with: - create-jiras: ${{ github.event_name == 'push' }} - jira-user: ${{ secrets.JIRA_USER }} - jira-token: ${{ secrets.JIRA_TOKEN }} gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} - directory: 'junit-reports' + + - name: Cache Go dependencies + uses: ./.github/actions/cache-go-dependencies + + - name: Download scanner module for proto generation + run: go mod download github.com/stackrox/scanner + + - name: Go Operator Integration Tests + run: ${{ matrix.gotags }} make -C operator/ test-integration + + - name: Go Operator Helm Tests + run: ${{ matrix.gotags }} make -C operator/ test-helm go-postgres: strategy: @@ -106,6 +209,11 @@ jobs: matrix: gotags: [ 'GOTAGS=""', 'GOTAGS=release' ] pg: [ '15' ] + shard: + - name: main + make-target: go-postgres-unit-tests-main + - name: migrator + make-target: go-postgres-unit-tests-migrator runs-on: ubuntu-latest outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} @@ -115,40 +223,52 @@ jobs: env: BUILD_TAG: 0.0.0 SHORTCOMMIT: "0000000" - container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.3 - volumes: - - /usr:/mnt/usr - - /opt:/mnt/opt steps: - - name: Set Postgres version - run: | - echo "/usr/pgsql-${{ matrix.pg }}/bin" >> "${GITHUB_PATH}" - - name: Checkout uses: actions/checkout@v6 + + - uses: actions/setup-go@v6 with: - fetch-depth: 0 + go-version-file: go.mod + cache: false + + # setup-go exports GOTOOLCHAIN matching the go.mod value, which + # prevents auto-downloading newer toolchains. Override to auto so + # sub-modules with newer go directives (e.g. tools/proto) work. + - name: Override GOTOOLCHAIN + run: echo "GOTOOLCHAIN=auto" >> "$GITHUB_ENV" - uses: ./.github/actions/job-preamble with: gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} + # trust: allow passwordless TCP connections (replaces unix socket peer auth from CI container) + # locale=C: deterministic collation matching CI container's default - name: Run Postgres run: | - su postgres -c 'initdb -D /tmp/data' - su postgres -c 'pg_ctl -D /tmp/data start' + docker run --rm -d --name postgres \ + -e POSTGRES_HOST_AUTH_METHOD=trust \ + -e POSTGRES_INITDB_ARGS="--locale=C" \ + -p 5432:5432 \ + docker.io/library/postgres:${{ matrix.pg }} - name: Cache Go dependencies uses: ./.github/actions/cache-go-dependencies with: - key-suffix: ${{ matrix.gotags }} + key-suffix: ${{ matrix.gotags }}-${{ matrix.shard.name }} - name: Is Postgres ready - run: pg_isready -h 127.0.0.1 + run: | + for _ in $(seq 1 60); do + docker exec postgres pg_isready -h 127.0.0.1 && exit 0 + sleep 1 + done + echo "Postgres failed to become ready" + docker logs postgres + exit 1 - name: Go Unit Tests - run: ${{ matrix.gotags }} make go-postgres-unit-tests + run: SKIP_DEPS=1 ${{ matrix.gotags }} make ${{ matrix.shard.make-target }} - uses: codecov/codecov-action@v3 with: @@ -178,35 +298,49 @@ jobs: go-bench: runs-on: ubuntu-latest - container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.3 - volumes: - - /usr:/mnt/usr - - /opt:/mnt/opt steps: - - name: Set Postgres version - run: | - echo "/usr/pgsql-15/bin" >> "${GITHUB_PATH}" - - name: Checkout uses: actions/checkout@v6 with: fetch-depth: 0 + - uses: actions/setup-go@v6 + with: + go-version-file: go.mod + cache: false + + # setup-go exports GOTOOLCHAIN matching the go.mod value, which + # prevents auto-downloading newer toolchains. Override to auto so + # sub-modules with newer go directives (e.g. tools/proto) work. + - name: Override GOTOOLCHAIN + run: echo "GOTOOLCHAIN=auto" >> "$GITHUB_ENV" + - uses: ./.github/actions/job-preamble with: gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} + # trust: allow passwordless TCP connections (replaces unix socket peer auth from CI container) + # locale=C: deterministic collation matching CI container's default - name: Run Postgres run: | - su postgres -c 'initdb -D /tmp/data' - su postgres -c 'pg_ctl -D /tmp/data start' + docker run --rm -d --name postgres \ + -e POSTGRES_HOST_AUTH_METHOD=trust \ + -e POSTGRES_INITDB_ARGS="--locale=C" \ + -p 5432:5432 \ + docker.io/library/postgres:15 - name: Cache Go dependencies uses: ./.github/actions/cache-go-dependencies - name: Is Postgres ready - run: pg_isready -h 127.0.0.1 + run: | + for _ in $(seq 1 60); do + docker exec postgres pg_isready -h 127.0.0.1 && exit 0 + sleep 1 + done + echo "Postgres failed to become ready" + docker logs postgres + exit 1 - name: Go Bench Tests run: make go-postgres-bench-tests @@ -501,6 +635,8 @@ jobs: runs-on: ubuntu-latest needs: - go + - go-integration + - go-operator-integration - go-bench - go-postgres - local-roxctl-tests diff --git a/Makefile b/Makefile index 8688d068d80c4..dcdfc164799cc 100644 --- a/Makefile +++ b/Makefile @@ -342,9 +342,15 @@ config-controller-gen: .PHONY: generated-srcs generated-srcs: go-generated-srcs config-controller-gen +ifdef SKIP_DEPS +deps: + @echo "+ $@ (skipped via SKIP_DEPS)" + $(SILENT)touch deps +else deps: $(shell find $(BASE_DIR) -name "go.sum") @echo "+ $@" $(SILENT)touch deps +endif %/go.sum: %/go.mod $(SILENT)cd $* @@ -554,11 +560,17 @@ sensor-pipeline-benchmark: build-prep test-prep LOGLEVEL="panic" go test -bench=. -run=^# -benchtime=30s -count=5 ./sensor/tests/pipeline | tee $(CURDIR)/test-output/pipeline.results.txt .PHONY: go-postgres-unit-tests -go-postgres-unit-tests: build-prep test-prep +go-postgres-unit-tests: go-postgres-unit-tests-main go-postgres-unit-tests-migrator + +.PHONY: go-postgres-unit-tests-main +go-postgres-unit-tests-main: build-prep test-prep set -o pipefail ; \ CGO_ENABLED=1 GOEXPERIMENT=cgocheck2 MUTEX_WATCHDOG_TIMEOUT_SECS=30 GOTAGS=$(GOTAGS),test,sql_integration scripts/go-test.sh -timeout 15m -race -cover -coverprofile test-output/coverage.out -v \ $(shell git grep -rl "//go:build sql_integration" central pkg tools | sed -e 's@^@./@g' | xargs -n 1 dirname | sort | uniq | xargs go list -tags sql_integration | grep -v '^github.com/stackrox/rox/tests$$' | grep -Ev $(UNIT_TEST_IGNORE)) \ | tee $(GO_TEST_OUTPUT_PATH) + +.PHONY: go-postgres-unit-tests-migrator +go-postgres-unit-tests-migrator: build-prep test-prep @# The -p 1 passed to go test is required to ensure that tests of different packages are not run in parallel, so as to avoid conflicts when interacting with the DB. set -o pipefail ; \ CGO_ENABLED=1 GOEXPERIMENT=cgocheck2 MUTEX_WATCHDOG_TIMEOUT_SECS=30 GOTAGS=$(GOTAGS),test,sql_integration scripts/go-test.sh -p 1 -race -cover -coverprofile test-output/migrator-coverage.out -v \ @@ -602,7 +614,7 @@ test: go-unit-tests ui-test shell-unit-tests .PHONY: integration-unit-tests integration-unit-tests: build-prep test-prep set -o pipefail ; \ - GOTAGS=$(GOTAGS),test,integration scripts/go-test.sh -count=1 -v \ + GOTAGS=$(GOTAGS),test,integration scripts/go-test.sh -v \ $(shell go list ./... | grep "registries\|scanners\|notifiers") \ | tee $(GO_TEST_OUTPUT_PATH) diff --git a/pkg/containers/detection_test.go b/pkg/containers/detection_test.go deleted file mode 100644 index e268c63e2a9be..0000000000000 --- a/pkg/containers/detection_test.go +++ /dev/null @@ -1,18 +0,0 @@ -package containers - -import ( - "os" - "testing" - - "github.com/stretchr/testify/assert" -) - -// Assert that container detection is running correctly by checking if it returns true in CI. Expected to return -// false when run locally. -func TestContainerDetection(t *testing.T) { - if _, ok := os.LookupEnv("GITHUB_ACTIONS"); ok { - assert.True(t, IsRunningInContainer()) - } else { - assert.False(t, IsRunningInContainer()) - } -} diff --git a/pkg/logging/rate_limited_logger.go b/pkg/logging/rate_limited_logger.go index 34edaf1639483..35b54bef10b51 100644 --- a/pkg/logging/rate_limited_logger.go +++ b/pkg/logging/rate_limited_logger.go @@ -163,10 +163,11 @@ const ( localFilePathPrefix = "github.com/stackrox/stackrox/" filePathPrefix = "github.com/stackrox/rox/" githubPathPrefix = "/__w/stackrox/stackrox/" + githubHostPrefix = "/home/runner/work/stackrox/stackrox/" ) func getTrimmedFilePath(path string) string { - prefixes := []string{filePathPrefix, localFilePathPrefix, githubPathPrefix} + prefixes := []string{filePathPrefix, localFilePathPrefix, githubPathPrefix, githubHostPrefix} for _, prefix := range prefixes { prefixToCut := strings.Index(path, prefix) if prefixToCut >= 0 { diff --git a/roxctl/common/zipdownload/download_zip_test.go b/roxctl/common/zipdownload/download_zip_test.go index 305004110c356..e2d91e3e1308e 100644 --- a/roxctl/common/zipdownload/download_zip_test.go +++ b/roxctl/common/zipdownload/download_zip_test.go @@ -3,6 +3,7 @@ package zipdownload import ( "archive/zip" "bytes" + "errors" "io/fs" "os" "path/filepath" @@ -208,7 +209,9 @@ func TestExtractZipToFolder_PreventPathTraversal(t *testing.T) { for _, path := range checkPaths { _, err := os.Stat(path) - // Expect "no such file or directory" - meaning the file wasn't created - assert.ErrorIs(t, err, fs.ErrNotExist, "Malicious file should not exist at %s", path) + // File must not exist. On non-root runners, paths under /root/ return + // ErrPermission instead of ErrNotExist — both confirm the file wasn't written. + assert.True(t, errors.Is(err, fs.ErrNotExist) || errors.Is(err, fs.ErrPermission), + "Malicious file should not exist at %s, got: %v", path, err) } } diff --git a/scripts/ci/lib.sh b/scripts/ci/lib.sh index 431d6f970f69a..da211312c0f3f 100755 --- a/scripts/ci/lib.sh +++ b/scripts/ci/lib.sh @@ -2322,12 +2322,16 @@ _EO_SUITE_HEADER_ local result="${lines[1]}" local details="${lines[2]}" - # XML escape description - description="${description//&/&}" - description="${description//\"/"}" - description="${description//\'/'}" - description="${description///>}" + # XML escape description. + # \& is required: bash 5.2+ treats & in ${var//pat/repl} as the + # matched text (like sed), so without \& the & is replaced by the + # match itself. \& works on all bash versions (4.4–5.3 verified). + # CI container had bash 5.1 (UBI9); ubuntu-latest has bash 5.2+. + description="${description//&/\&}" + description="${description//\"/\"}" + description="${description//\'/\'}" + description="${description///\>}" cat << _EO_CASE_HEADER_ >> "${junit_file}" diff --git a/tests/roxctl/bats-tests/helpers.bash b/tests/roxctl/bats-tests/helpers.bash index 1a3940871a4eb..cce2ab0d31c7c 100644 --- a/tests/roxctl/bats-tests/helpers.bash +++ b/tests/roxctl/bats-tests/helpers.bash @@ -9,6 +9,14 @@ fi load "${bats_helpers_root}/bats-support/load.bash" load "${bats_helpers_root}/bats-assert/load.bash" +# yq_multidoc runs yq and strips --- document separators from output. +# yq 4.x adds separators between multi-doc results which shift assert_line indices. +yq_multidoc() { + local output + output=$(yq "$@") || return $? + sed '/^---$/d' <<< "$output" +} + # luname outputs uname in lowercase luname() { uname | tr '[:upper:]' '[:lower:]' diff --git a/tests/roxctl/bats-tests/local/roxctl-netpol-generate-development.bats b/tests/roxctl/bats-tests/local/roxctl-netpol-generate-development.bats index 5cfebca4c184e..119bcd2942bea 100755 --- a/tests/roxctl/bats-tests/local/roxctl-netpol-generate-development.bats +++ b/tests/roxctl/bats-tests/local/roxctl-netpol-generate-development.bats @@ -60,7 +60,7 @@ teardown() { assert_line '2' # Ensure that all yaml docs are of kind 'NetworkPolicy' - run yq e '.kind | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.kind | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: NetworkPolicy' assert_line --index 1 'doc: 0' assert_line --index 2 'match: NetworkPolicy' @@ -69,7 +69,7 @@ teardown() { assert_line --index 5 'doc: 2' # Ensure that all NetworkPolicies have the generated-by-stackrox label - run yq e '.metadata.labels | ({"match": ."network-policy-buildtime-generator.stackrox.io/generated", "doc": di})' "${ofile}" + run yq_multidoc e '.metadata.labels | ({"match": ."network-policy-buildtime-generator.stackrox.io/generated", "doc": di})' "${ofile}" assert_line --index 0 'match: "true"' assert_line --index 1 'doc: 0' assert_line --index 2 'match: "true"' @@ -99,7 +99,7 @@ teardown() { assert_line '2' # Ensure that all yaml docs are of kind 'NetworkPolicy' - run yq e '.kind | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.kind | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: NetworkPolicy' assert_line --index 1 'doc: 0' assert_line --index 2 'match: NetworkPolicy' @@ -108,7 +108,7 @@ teardown() { assert_line --index 5 'doc: 2' # Ensure that dns ports are properly set - run yq e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: null' assert_line --index 1 'doc: 0' assert_line --index 2 'match: '${dns_port} @@ -131,7 +131,7 @@ teardown() { yaml_valid "$ofile" # Ensure that dns ports are properly set - run yq e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: null' assert_line --index 1 'doc: 0' assert_line --index 2 'match: '${dns_port} diff --git a/tests/roxctl/bats-tests/local/roxctl-netpol-generate-release.bats b/tests/roxctl/bats-tests/local/roxctl-netpol-generate-release.bats index f205ccd875e76..1bb9d38114262 100755 --- a/tests/roxctl/bats-tests/local/roxctl-netpol-generate-release.bats +++ b/tests/roxctl/bats-tests/local/roxctl-netpol-generate-release.bats @@ -61,8 +61,7 @@ teardown() { assert_line '2' # Ensure that all yaml docs are of kind 'NetworkPolicy' - run yq e '.kind | ({"match": ., "doc": di})' "${ofile}" - # Github actions run yq v3 + run yq_multidoc e '.kind | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: NetworkPolicy' assert_line --index 1 'doc: 0' assert_line --index 2 'match: NetworkPolicy' @@ -70,34 +69,14 @@ teardown() { assert_line --index 4 'match: NetworkPolicy' assert_line --index 5 'doc: 2' - # yq v4 assertions - # assert_line --index 0 'match: NetworkPolicy' - # assert_line --index 1 'doc: 0' - # assert_line --index 2 '---' - # assert_line --index 3 'match: NetworkPolicy' - # assert_line --index 4 'doc: 1' - # assert_line --index 5 '---' - # assert_line --index 6 'match: NetworkPolicy' - # assert_line --index 7 'doc: 2' - # Ensure that all NetworkPolicies have the generated-by-stackrox label - run yq e '.metadata.labels | ({"match": ."network-policy-buildtime-generator.stackrox.io/generated", "doc": di})' "${ofile}" + run yq_multidoc e '.metadata.labels | ({"match": ."network-policy-buildtime-generator.stackrox.io/generated", "doc": di})' "${ofile}" assert_line --index 0 'match: "true"' assert_line --index 1 'doc: 0' assert_line --index 2 'match: "true"' assert_line --index 3 'doc: 1' assert_line --index 4 'match: "true"' assert_line --index 5 'doc: 2' - - # yq v4 assertions - # assert_line --index 0 'match: "true"' - # assert_line --index 1 'doc: 0' - # assert_line --index 2 '---' - # assert_line --index 3 'match: "true"' - # assert_line --index 4 'doc: 1' - # assert_line --index 5 '---' - # assert_line --index 6 'match: "true"' - # assert_line --index 7 'doc: 2' } @test "roxctl-release netpol generate generates network policies with custom dns port" { @@ -121,7 +100,7 @@ teardown() { assert_line '2' # Ensure that all yaml docs are of kind 'NetworkPolicy' - run yq e '.kind | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.kind | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: NetworkPolicy' assert_line --index 1 'doc: 0' assert_line --index 2 'match: NetworkPolicy' @@ -130,7 +109,7 @@ teardown() { assert_line --index 5 'doc: 2' # Ensure that dns ports are properly set - run yq e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: null' assert_line --index 1 'doc: 0' assert_line --index 2 'match: '${dns_port} @@ -153,7 +132,7 @@ teardown() { yaml_valid "$ofile" # Ensure that dns ports are properly set - run yq e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" + run yq_multidoc e '.spec.egress[1].ports[0].port | ({"match": ., "doc": di})' "${ofile}" assert_line --index 0 'match: null' assert_line --index 1 'doc: 0' assert_line --index 2 'match: '${dns_port}