Run CI tests in docker instead of a machine. (hashicorp#8948)

Author: ncabatoff

.circleci/config.yml

@@ -3,4 +3,3 @@ version: 2.1
 
 orbs:
   slack: circleci/slack@3.2.0
-

.circleci/config/@config.yml

@@ -12,6 +12,12 @@ parameters:
   save_cache:
     type: boolean
     default: false
+  go_image:
+    type: string
+    default: "circleci/golang:1.14.7-stretch"
+  use_docker:
+    type: boolean
+    default: false
 steps:
   - run:
       name: Compute test cache key
@@ -27,7 +33,7 @@ steps:
         set -x
 
         case "<< parameters.extra_flags >>" in
-        *-race*) VAULT_CI_GO_TEST_RACE=1;;
+        *-race*) export VAULT_CI_GO_TEST_RACE=1;;
         esac
 
         # Install CircleCI CLI
@@ -37,39 +43,90 @@ steps:
             -C /usr/local/bin \
             "circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64/circleci"
 
-        # Split Go tests by prior test times
-        package_names=$(go list \
-            -tags "${GO_TAGS}" \
-            ./... \
-          | grep -v /integ \
-          | grep -v /vendor/ \
-          | sort \
-          | circleci tests split --split-by=timings --timings-type=classname)
+        USE_DOCKER=0
+        <<# parameters.use_docker >>
+        USE_DOCKER=1
+        <</ parameters.use_docker >>
 
-        # Install gotestsum
-        curl -sSL "https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_linux_amd64.tar.gz" \
-          | sudo tar --overwrite -xz -C /usr/local/bin gotestsum
+        # Split Go tests by prior test times.  If use_docker is true, only run
+        # tests that depend on docker, otherwise only those that don't.
+        if [ $USE_DOCKER == 1 ]; then
+          package_names=$(go list -test -json ./... |
+            jq -r 'select(.Deps != null) |
+              select(any(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker"))) |
+              .ForTest | select(. != null)' |
+              sort -u | circleci tests split --split-by=timings --timings-type=classname)
+        else
+          package_names=$(go list -test -json ./... |
+            jq -r 'select(.Deps != null) |
+              select(all(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker")|not)) |
+              .ForTest | select(. != null)' |
+              sort -u | circleci tests split --split-by=timings --timings-type=classname)
+        fi
+
+        # After running tests split step, we are now running the following steps
+        # in multiple different containers, each getting a different subset of
+        # the test packages in their package_names variable.  Each container
+        # has its own remote docker VM.
 
-        # Run tests
         make prep
         mkdir -p test-results/go-test
-        CGO_ENABLED= \
-          VAULT_ADDR= \
-          VAULT_TOKEN= \
-          VAULT_DEV_ROOT_TOKEN_ID= \
-          VAULT_ACC= \
+
+        # Create a docker network for our testcontainer
+        if [ $USE_DOCKER == 1 ]; then
+          export TEST_DOCKER_NETWORK_ID=$(docker network list -q -f 'name=vaulttest')
+          if [ -z $TEST_DOCKER_NETWORK_ID ]; then
+            TEST_DOCKER_NETWORK_ID=$(docker network create vaulttest)
+          fi
+
+          # Start a docker testcontainer to run the tests in
+          docker run -d -e TEST_DOCKER_NETWORK_ID \
+            -e DOCKER_CERT_PATH -e DOCKER_HOST -e DOCKER_MACHINE_NAME -e DOCKER_TLS_VERIFY -e NO_PROXY \
+            -e VAULT_TEST_LOG_DIR=<< parameters.log_dir >> \
+            --network vaulttest --name \
+            testcontainer << parameters.go_image >> \
+            tail -f /dev/null
+
+          # Run tests
+          docker cp << parameters.cache_dir >> testcontainer:/tmp/gocache
+          docker exec testcontainer sh -c 'mkdir -p /go/src/github.com/hashicorp/vault'
+          docker cp . testcontainer:/go/src/github.com/hashicorp/vault/
+          docker cp $DOCKER_CERT_PATH/ testcontainer:$DOCKER_CERT_PATH
+
+          docker exec -w /go/src/github.com/hashicorp/vault/ \
+            -e GO111MODULE -e CIRCLECI -e GOCACHE=/tmp/gocache -e VAULT_CI_GO_TEST_RACE \
+            testcontainer \
+            gotestsum --format=short-verbose \
+              --junitfile test-results/go-test/results.xml \
+              --jsonfile test-results/go-test/results.json \
+              -- \
+              -tags "${GO_TAGS}" \
+              -timeout=15m \
+              -parallel=20 \
+              << parameters.extra_flags >> \
+              ${package_names}
+        else
           GOCACHE=<< parameters.cache_dir >> \
-          VAULT_TEST_LOG_DIR=<< parameters.log_dir >> \
-          gotestsum --format=short-verbose \
-            --junitfile test-results/go-test/results.xml \
-            --jsonfile test-results/go-test/results.json \
-            -- \
-            -tags "${GO_TAGS}" \
-            -timeout=60m \
-            -parallel=20 \
-            << parameters.extra_flags >> \
-            ${package_names}
+            gotestsum --format=short-verbose \
+              --junitfile test-results/go-test/results.xml \
+              --jsonfile test-results/go-test/results.json \
+              -- \
+              -tags "${GO_TAGS}" \
+              -timeout=60m \
+              -parallel=20 \
+              << parameters.extra_flags >> \
+              ${package_names}
+        fi
 
+  - when:
+      condition: << parameters.use_docker >>
+      steps:
+        - run:
+            name: Copy test results
+            when: always
+            command: |
+              docker cp testcontainer:/go/src/github.com/hashicorp/vault/test-results .
+              docker cp testcontainer:/tmp/gocache << parameters.cache_dir >>
   - when:
       condition: << parameters.save_cache >>
       steps:

.circleci/config/commands/go_test.yml

@@ -23,3 +23,21 @@ alpine:
     - image: alpine:3.10.2
   shell: /bin/sh
   working_directory: /go/src/github.com/hashicorp/vault
+docker-env-large:
+  resource_class: large
+  docker:
+    - image: "circleci/golang:1.14.7-stretch"
+  environment:
+    GO111MODULE: "off"
+    CIRCLECI_CLI_VERSION: 0.1.5546  # Pin CircleCI CLI to patch version (ex: 1.2.3)
+    GO_TAGS: ""
+  working_directory: /go/src/github.com/hashicorp/vault
+docker-env-xlarge:
+  resource_class: xlarge
+  docker:
+    - image: "circleci/golang:1.14.7-stretch"
+  environment:
+    GO111MODULE: "off"
+    CIRCLECI_CLI_VERSION: 0.1.5546  # Pin CircleCI CLI to patch version (ex: 1.2.3)
+    GO_TAGS: ""
+  working_directory: /go/src/github.com/hashicorp/vault

.circleci/config/executors/@executors.yml

@@ -0,0 +1,18 @@
+executor: docker-env-xlarge
+parallelism: 8
+steps:
+  - check-branch-name
+  - checkout
+  - setup_remote_docker:
+      version: 18.09.3
+      docker_layer_caching: true
+  - go_test:
+      extra_flags: "-race"
+      log_dir: "/tmp/testlogs"
+      use_docker: true
+  - store_artifacts:
+      path: test-results
+  - store_test_results:
+      path: test-results
+  - store_artifacts:
+      path: "/tmp/testlogs"

.circleci/config/jobs/test-go-race-remote-docker.yml

@@ -1,6 +1,7 @@
-executor: go-machine
+executor: docker-env-xlarge
+parallelism: 8
 steps:
-  - setup-go
+  - check-branch-name
   - checkout
   - go_test:
       extra_flags: "-race"

.circleci/config/jobs/test-go-race.yml

@@ -0,0 +1,17 @@
+executor: docker-env-large
+parallelism: 8
+steps:
+  - check-branch-name
+  - checkout
+  - setup_remote_docker:
+      version: 18.09.3
+      docker_layer_caching: true
+  - go_test:
+      log_dir: "/tmp/testlogs"
+      use_docker: true
+  - store_artifacts:
+      path: test-results
+  - store_test_results:
+      path: test-results
+  - store_artifacts:
+      path: "/tmp/testlogs"

.circleci/config/jobs/test-go-remote-docker.yml

@@ -1,8 +1,7 @@
-executor: go-machine
-parallelism: 2
+executor: docker-env-large
+parallelism: 8
 steps:
   - check-branch-name
-  - setup-go
   - checkout
   - go_test:
       log_dir: "/tmp/testlogs"

.circleci/config/jobs/test-go.yml

@@ -20,10 +20,34 @@ jobs:
           ignore: /pull\/[0-9]+/
   - test-go:
       requires:
-        - build-go-dev
+        - pre-flight-checks
+      filters:
+        branches:
+          # UI and Docs-only branches should skip go tests
+          ignore:
+            - /^docs\/.*/
+            - /^ui\/.*/
+  - test-go-remote-docker:
+      requires:
+        - pre-flight-checks
+      filters:
+        branches:
+          # UI and Docs-only branches should skip go tests
+          ignore:
+            - /^docs\/.*/
+            - /^ui\/.*/
   - test-go-race:
       requires:
-        - build-go-dev
+        - pre-flight-checks
+      filters:
+        branches:
+          # UI and Docs-only branches should skip go tests
+          ignore:
+            - /^docs\/.*/
+            - /^ui\/.*/
+  - test-go-race-remote-docker:
+      requires:
+        - pre-flight-checks
       filters:
         branches:
           # UI and Docs-only branches should skip go tests

.circleci/config/workflows/ci.yml

@@ -18,6 +18,7 @@ import (
 )
 
 const amzHeaderPrefix = "X-Amz-"
+
 var defaultAllowedSTSRequestHeaders = []string{
 	"X-Amz-Date",
 	"X-Amz-Credential",