New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker add TEST
command
#16993
Comments
Hi! Please read this important information about creating issues. If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information. This is an automated, informational response. Thank you. For more information about reporting issues, see https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues BUG REPORT INFORMATIONUse the commands below to provide key information from your environment:
Provide additional environment details (AWS, VirtualBox, physical, etc.): List the steps to reproduce the issue: Describe the results you received: Describe the results you expected: Provide additional info you think is important: ----------END REPORT --------- #ENEEDMOREINFO |
I think the best way to solve this would be to do a |
I agree with @duglin here, sounds like a cleaner approach for this. |
Clean or not, unfortunately, that does not resolve the problem I or others are having. Namely, building the image without tests means the image can end up being deployed without being properly tested. In particular, consider the case of automated builds on Docker Hub or any other strategy for automatic builds. Here is an article that cites this exact problem ( http://blog.wercker.com/2015/07/28/Dockerfiles-considered-harmful.html ) while I don't agree with all of their assertions. Insufficient testing is a serious issue IMHO. I am quoting the relevant section of the article below as I largely do not care or disagree with the rest.
|
But having a You can even make use of the feature coming in 1.9.0 which lets you inject arguments into the build to specify "this is my test run" and have it install different stuff based on that.... something like |
@jakirkham perhaps there's a misunderstanding. I wasn't suggesting that Dockerfiles are the best way to test your docker builds. Rather, it sounded like you wanted to use Dockerfiles for that purpose and I was suggesting a possible solution. If, as you and that article suggests, Dockerfiles aren't good for testing images then its probably because they're weren't designed for that. They were designed for building containers, not testing them. If someone can do some testing with it, more power to them, but I don't think its fair to claim they're harmful. To me this is similar to having a Makefile like:
and then claiming that make is broken because you can build the exe w/o testing it. Well, as @cpuguy83 said, this isn't an issue with make or your Makefile, its an issue with your process. You shouldn't deploy anything w/o testing it - how you test it is up to you. Docker is just providing some building blocks - its up to you to stack them in the desired order. |
Unfortunately, I have to disagree with you, @cpuguy83. If you can think of a better way, then I'm all ears. My interest here is stopping the image from being tagged and released in some standard and uniform way from using local
I believe this is was what @duglin was suggesting. As nice as this idea is it does address the problem here is the image has already been tagged and in the case of automated build system like Docker Hub this has already been released to the wild untested. Resolving the problem before this tagging is desirable.
This is a very useful feature and I am glad to see it. In fact, I will probably use it for a few things. However, I think it is orthogonal to this particular issue.
This is what the authors of that article state. I did not write the article. I agree with you and am generally quite happy with
Nor was I trying to imply you did.
That's the problem in my mind and why the issue was opened.
Unfortunately, it is not. Automated builds on Docker Hub or locally ones with
Sorry, I think this example is not accurate for the problem being discussed here. If you really want to know why I think this, I am happy to discuss it, but will defer as this has already gotten too long. |
Have you considered changing the process you use with DockerHub? I personally don't use it so I can't say whether this even makes sense, but I wonder if you could do this: |
@jakirkham If images aren't being tested, this is a process problem, adding new functionality doesn't really solve this as it still requires people to take an action. That said, I do think it's a cool idea. |
You are clearly a very clever dev, @duglin. Though you must admit this does sound a bit complex, no? I'd be a bit concerned about this breaking. That being said, Docker Hub does have webhooks, but I don't believe it has a way of issuing other commands. If I am wrong about this, feel free to point it out. I'm always interested in learning something new.
Ah, sorry, I think I missed that this was your, @cpuguy83, point. Currently, I do test by using the
Cool, I think it may open some options to test in-between layers, which could be nice. This would shorten the build time if the build was already problematic at an earlier stage and allow for one to inspect closer to the problem. |
At https://docs.docker.com/docker-hub/builds/ under the "Webhook chains" section it talks about having one build trigger other builds by sending POSTs. Then under "Remote Build triggers" it talks about sending a POST to a URL to force a build. I'm guessing you can send the webhooks POST to the remote build trigger URL. So, hopefully, you can force the build of your original image to kick off a "test" build that then tags/deploys/etc... if successful. a bit complex? yup :-) but it might work and once setup it might not be that bad. Adding a TEST command is, as @cpuguy83 said, is a cool idea, but I would prefer if we looked at it differently. Lots of people have asked for "nested builds" and I think your use case would fit nicely under that because they, I believe, want to have a Dockerfile build one image and then use that image in a secondary build. Something like:
where if anything under |
There are webhooks. They can trigger builds. This use case (of one Docker Hub build completion triggering another Docker Hub build) is common enough that you can actually just link Docker Hub builds. However, the triggering of specific tags I don't believe is implemented. ( docker/hub-feedback#363 ) That being said, maybe one could have a linear chain of three repos where the third simply has a
Hmm, interesting. Maybe a bit overpowered for this case, but it looks like it could work. Leaving an explicit tag is a nice touch. Not sure how that would be handled somewhere like Docker Hub. Would this depend on Do you have links for some of the other use cases? I'd be curious what they are?
Right. I am aware of this. I wanted to raise this point while I was thinking about it even if it will be blocked at present. |
See #7115 for one use case/issue. I wasn't thinking of nested builds using |
Thanks @duglin. |
going to close this since I don't think there's anything actionable at this time. |
Sounds good. Thanks again to everyone for there thoughts on this issue. |
So, I have given this more thought and really feel that what I proposed here is the simplest solution. I feel the syntax proposed in ( #7115 ) is a bit too complex to follow in general and adds unnecessary complexity to the use case described here. It would be nice to revisit this. |
Frequently, I want to test a container I built before I push it or if it is being built and pushed automatically I want to be able to fail the build if it doesn't hold up to testing.
Normally, this can be done with
RUN
, which works ok except for the following issues. It may commit some test dependencies or other irrelevant products of testing. Now, I can try to eliminate these before the end of theRUN
command, which I do. However, inevitably some are missed.In the best case, these test artifacts are small and have no effect (e.g. logs). In the worst case, they are some residual part of the testing apparatus that are left in some sort of broken state only to be discovered when someone uses the container.
However, if the test layer is merely run and never committed at all, one gets the best of both worlds. I have verified that the previous layer works as intended and was not tampered with in any way since it was verified. Further, I can verify during the build process that everything works as intended without accidentally distributing an untested image.
The text was updated successfully, but these errors were encountered: