테스트 개선 및 프로덕션 배포준비

2026-06-19 09:33:07 +09:00
parent 016d783482
commit 62d8563836
16 changed files with 840 additions and 276 deletions
--- a/scripts/test_docker_image_archive_verify.sh
+++ b/scripts/test_docker_image_archive_verify.sh
@@ -0,0 +1,80 @@
+#!/usr/bin/env sh
+set -eu
+
+repo_root="$(cd "$(dirname "$0")/.." && pwd)"
+verify_script="$repo_root/scripts/docker-image/verify_archive.sh"
+tmp_root="$(mktemp -d)"
+
+cleanup() {
+  rm -rf "$tmp_root"
+}
+trap cleanup EXIT INT TERM
+
+require_command() {
+  command -v "$1" >/dev/null 2>&1 || {
+    echo "required command not found: $1" >&2
+    exit 1
+  }
+}
+
+assert_fails() {
+  if "$@" >/dev/null 2>&1; then
+    echo "expected command to fail: $*" >&2
+    exit 1
+  fi
+}
+
+require_command jq
+require_command sha256sum
+require_command zstd
+
+artifact_dir="$tmp_root/baron_sso/backend/v1.2606.ab12"
+mkdir -p "$artifact_dir"
+
+printf 'docker image archive smoke\n' >"$artifact_dir/image.tar"
+zstd -q -f -o "$artifact_dir/image.tar.zst" "$artifact_dir/image.tar"
+rm -f "$artifact_dir/image.tar"
+
+archive_sha256="$(sha256sum "$artifact_dir/image.tar.zst" | awk '{print $1}')"
+archive_size="$(wc -c <"$artifact_dir/image.tar.zst" | tr -d ' ')"
+printf '%s  image.tar.zst\n' "$archive_sha256" >"$artifact_dir/image.tar.zst.sha256"
+
+jq -n \
+  --arg remotePath "docker-build-image/baron_sso/backend/v1.2606.ab12" \
+  --arg archiveSha256 "$archive_sha256" \
+  --argjson archiveSize "$archive_size" \
+  '{
+    schema_version: 1,
+    format: "docker-save-zstd",
+    image_ref: "reg.hmac.kr/baron_sso/backend:v1.2606.ab12",
+    repository: "baron_sso/backend",
+    tag: "v1.2606.ab12",
+    remote_path: $remotePath,
+    archive: {
+      file_name: "image.tar.zst",
+      size_bytes: $archiveSize,
+      sha256: $archiveSha256
+    }
+  }' >"$artifact_dir/manifest.json"
+
+"$verify_script" "$artifact_dir" >/dev/null
+
+bad_checksum_dir="$tmp_root/bad-checksum"
+cp -R "$artifact_dir" "$bad_checksum_dir"
+printf '0000000000000000000000000000000000000000000000000000000000000000  image.tar.zst\n' >"$bad_checksum_dir/image.tar.zst.sha256"
+assert_fails "$verify_script" "$bad_checksum_dir"
+
+bad_manifest_dir="$tmp_root/bad-manifest"
+cp -R "$artifact_dir" "$bad_manifest_dir"
+jq '.archive.sha256 = "1111111111111111111111111111111111111111111111111111111111111111"' \
+  "$bad_manifest_dir/manifest.json" >"$bad_manifest_dir/manifest.json.tmp"
+mv "$bad_manifest_dir/manifest.json.tmp" "$bad_manifest_dir/manifest.json"
+assert_fails "$verify_script" "$bad_manifest_dir"
+
+bad_archive_dir="$tmp_root/bad-archive"
+cp -R "$artifact_dir" "$bad_archive_dir"
+printf 'not a zstd stream\n' >"$bad_archive_dir/image.tar.zst"
+sha256sum "$bad_archive_dir/image.tar.zst" | awk '{print $1 "  image.tar.zst"}' >"$bad_archive_dir/image.tar.zst.sha256"
+assert_fails "$verify_script" "$bad_archive_dir"
+
+echo "docker image archive verification checks passed"