kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-08 18:35:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor container deploy pipeline:

Browse Source 
- Replace inline shell scripts with Python-driven orchestration
- Introduce inner dockerd started via detached docker run
- Add docker exec–based inventory creation and dedicated deploy execution
- Add automatic vault password generation for CI
- Update GitHub Actions workflow to use new container deploy wrapper
- Add complete unit test suite for container deploy behavior
- Fix CLI argument forwarding and ensure single docker run call

Conversation reference:
https://chatgpt.com/share/6931c45d-4e40-800f-852f-6c9b1f7dc281
This commit is contained in:
Kevin Veen-Birkenbach
2025-12-04 18:27:15 +01:00
parent 8c64f91a6d
commit f2ace362bc
3 changed files with 446 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
tests/unit/cli/deploy/test_container.py Normal file
View File

@@ -0,0 +1,177 @@
# tests/unit/cli/deploy/test_container.py
import subprocess
import sys
import unittest
from typing import List
from unittest import mock
from cli.deploy import container as deploy_container
class TestEnsureImage(unittest.TestCase):
@mock.patch("subprocess.run")
def test_ensure_image_skips_build_when_image_exists(self, mock_run):
# docker image inspect → returncode 0 means "image exists"
mock_run.return_value = subprocess.CompletedProcess(
["docker", "image", "inspect", "infinito:latest"],
0,
stdout=b"",
stderr=b"",
)
deploy_container.ensure_image("infinito:latest")
# Only one call: docker image inspect
self.assertEqual(mock_run.call_count, 1)
cmd = mock_run.call_args_list[0].args[0]
self.assertEqual(cmd[:3], ["docker", "image", "inspect"])
# No docker build command
self.assertFalse(
any(
call.args[0][:2] == ["docker", "build"]
for call in mock_run.call_args_list
),
"docker build should not run when the image already exists",
)
@mock.patch("subprocess.run")
def test_ensure_image_builds_when_missing(self, mock_run):
calls: List[List[str]] = []
def _side_effect(cmd, *args, **kwargs):
calls.append(cmd)
# First inspect fails → triggers build
if cmd[:3] == ["docker", "image", "inspect"]:
return subprocess.CompletedProcess(cmd, 1, b"", b"missing")
# Build succeeds
if cmd[:2] == ["docker", "build"]:
return subprocess.CompletedProcess(cmd, 0, b"", b"")
return subprocess.CompletedProcess(cmd, 0, b"", b"")
mock_run.side_effect = _side_effect
deploy_container.ensure_image("infinito:latest")
self.assertTrue(
any(c[:3] == ["docker", "image", "inspect"] for c in calls),
"Expected docker image inspect to be called",
)
self.assertTrue(
any(c[:2] == ["docker", "build"] for c in calls),
"Expected docker build to run when image is missing",
)
class TestRunInContainer(unittest.TestCase):
@mock.patch("subprocess.run")
def test_run_in_container_calls_single_docker_run(self, mock_run):
"""
Current container.py starts exactly one Docker container via
'docker run' to launch the inner dockerd daemon. All further work
(inventory creation + dedicated deploy) happens via docker exec.
"""
calls: List[List[str]] = []
def _side_effect(cmd, *args, **kwargs):
calls.append(cmd)
return subprocess.CompletedProcess(cmd, 0, b"", b"")
mock_run.side_effect = _side_effect
image = "infinito:latest"
exclude = "foo,bar"
forwarded = ["-T", "server", "--debug", "--skip-tests"]
deploy_container.run_in_container(
image=image,
exclude=exclude,
forwarded_args=forwarded,
build=False,
)
# We expect at least one subprocess.run call
self.assertGreaterEqual(len(calls), 1)
# Only count *docker run* invocations, not docker exec / image / build
docker_run_calls = [
c
for c in calls
if isinstance(c, list)
and len(c) >= 2
and c[0] == "docker"
and c[1] == "run"
]
self.assertEqual(
len(docker_run_calls),
1,
"Expected exactly one 'docker run' call",
)
cmd = docker_run_calls[0]
# Basic structure of the docker run call
self.assertEqual(cmd[0], "docker")
self.assertEqual(cmd[1], "run")
# New behavior: container runs dockerd in detached mode
self.assertIn("-d", cmd)
self.assertIn("--name", cmd)
self.assertIn("--network=host", cmd)
self.assertIn("--privileged", cmd)
self.assertIn("--cgroupns=host", cmd)
self.assertIn(image, cmd)
self.assertIn("dockerd", cmd)
# We *no longer* expect '--rm', '/bin/sh', or '-lc' here,
# because all higher-level logic is executed by docker exec.
class TestMain(unittest.TestCase):
@mock.patch("cli.deploy.container.run_in_container")
def test_main_requires_forwarded_args(self, mock_run_in_container):
"""
If no arguments follow '--', main() must return exit code 1 and not call run_in_container().
"""
argv = ["cli.deploy.container"] # realistic argv from `python -m ...`
with mock.patch.object(sys, "argv", argv):
rc = deploy_container.main()
self.assertEqual(rc, 1)
mock_run_in_container.assert_not_called()
@mock.patch("cli.deploy.container.run_in_container")
def test_main_passes_arguments_to_run_in_container(self, mock_run_in_container):
"""
Ensure CLI args are parsed and forwarded correctly.
"""
argv = [
"cli.deploy.container",
"--image", "myimage:latest",
"--exclude", "foo,bar",
"--build",
"--",
"-T", "server",
"--debug",
]
with mock.patch.object(sys, "argv", argv):
rc = deploy_container.main()
self.assertEqual(rc, 0)
mock_run_in_container.assert_called_once()
# access kwargs passed to run_in_container
kwargs = mock_run_in_container.call_args.kwargs
self.assertEqual(kwargs["image"], "myimage:latest")
self.assertEqual(kwargs["exclude"], "foo,bar") # <-- fixed key
self.assertTrue(kwargs["build"])
self.assertEqual(
kwargs["forwarded_args"],
["-T", "server", "--debug"],
)
if __name__ == "__main__":
unittest.main()