Tests against a local instance in the container

.circleci/config.yml

@@ -17,24 +17,24 @@ jobs:
       - run: TAG=${CIRCLE_SHA1} make ci-lint
 
   tests:
-    docker:
-      - image: gcr.io/cloud-builders/docker
-    working_directory: /build
+    machine:
+      enabled: true
     environment:
       DOCKER_API_VERSION=1.23
     parallelism: 3
     steps:
-      - run: apt-get install -y make
       - checkout
       - run:
           name: Rebase on-top of github target
           command: ./devops/scripts/rebase-ci.sh
-      - setup_remote_docker
+
+      - run:
+          name: Ensure cache dir exists and permissions are good
+          command: |
+            sudo mkdir -p /caches && sudo chown circleci: -R /caches
 
       - restore_cache:
-          keys:
-            - v1-sd-layers-{{ .Branch }}-
-            - v1-sd-layers-
+          key: v1-sd-layers-{{ checksum "securedrop/Dockerfile" }}
           paths:
             - /caches/layers.tar.gz
 
@@ -55,31 +55,25 @@ jobs:
       - run:
           name: Save Docker image layer cache
           command: |
-            mkdir -p /caches
             docker images
-            docker save -o /caches/layers.tar securedrop-test:${CIRCLE_SHA1}
+            docker save -o /caches/layers.tar securedrop-test:latest
 
       - save_cache:
-          key: v1-sd-layers-{{ .Branch }}-{{ epoch }}
+          key: v1-sd-layers-{{ checksum "securedrop/Dockerfile" }}
           paths:
             - /caches/layers.tar
 
       - run: mkdir -p ~/test-results
 
       - run:
           name: Run tests
+          no_output_timeout: 20m
           command: |
             export TESTFILES=$(cd securedrop; circleci tests glob 'tests/test*py' 'tests/**/test*py' |circleci tests split --split-by=timings |xargs echo)
             docker rm -f securedrop-test || true
             fromtag=$(docker images |grep securedrop-test |head -n1 |awk '{print $2}')
             cd securedrop && DOCKER_RUN_ARGUMENTS=$(bash <(curl -s https://codecov.io/env)) DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test:${fromtag:-latest}" make test
 
-      - run:
-          name: Report results
-          command: |
-            docker cp securedrop-test:/tmp/test-results ~/
-          when: always
-
       - store_test_results:
           path: ~/test-results
 

.gitignore

@@ -154,3 +154,7 @@ raw-test-output/
 #Ignore vagrant staging files
 *.box
 *.img
+
+#Functional test logs
+securedrop/tests/functional/firefox.log
+securedrop/geckodriver.log

devops/scripts/rebase-ci.sh

@@ -25,9 +25,7 @@ then
       git ls-remote --exit-code --quiet upstream 2>/dev/null || git remote add upstream https://github.com/freedomofpress/securedrop.git
 
       # Determine target branch via API
-      #
-      # (We are togglin' between two upstream containers here - the constant is both have python3)
-      target_branch="$(curl -s ${GITHUB_PR_URL} | python3 -c 'import sys, json; print(json.load(sys.stdin)["base"]["ref"])')"
+      target_branch="$(curl -s ${GITHUB_PR_URL} | python -c 'import sys, json; print(json.load(sys.stdin)["base"]["ref"])')"
 
       # Fetch and rebase onto the latest in develop
       git fetch upstream "${target_branch}"

install_files/ansible-base/roles/app-test/tasks/disable_mprotect_ff_plugin_container.yml

@@ -8,7 +8,6 @@
   # We'll catch that error and respond accordingly in the next task.
   failed_when: false
   register: paxctl_firefox_header_check
-  when: ansible_kernel.endswith('-grsec')
   with_items:
     - firefox
     - plugin-container

securedrop/Dockerfile

@@ -8,18 +8,20 @@ ENV USER_ID ${USER_ID:-0}
 RUN apt-get update && \
     apt-get install -y devscripts \
                        python-pip libpython2.7-dev libssl-dev secure-delete \
-                       gnupg2 ruby redis-server firefox git xvfb haveged curl \
+                       gnupg2 ruby redis-server git xvfb haveged curl \
                        gettext paxctl x11vnc enchant libffi-dev sqlite3 wget \
-                       libasound2 libdbus-glib-1-2 libgtk2.0-0 libfontconfig1 libxrender1
+                       libasound2 libdbus-glib-1-2 libgtk2.0-0 libfontconfig1 libxrender1 \
+                       libcairo-gobject2 libgtk-3-0 libstartup-notification0
 
 RUN gem install sass -v 3.4.23
 
-ENV FIREFOX_CHECKSUM=88d25053306d33658580973b063cd459a56e3596a3a298c1fb8ab1d52171d860
-RUN curl -LO https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa/+build/9727836/+files/firefox_46.0.1+build1-0ubuntu0.14.04.3_amd64.deb && \
+
+ENV FIREFOX_CHECKSUM=3524a6e27ff8098a5a59d13b60e89d79b87cae4c63d84ddd041052f17de2430f
+RUN curl -LO https://launchpad.net/~mozillateam/+archive/ubuntu/ppa/+files/firefox-esr_52.9.0esr+build2-0ubuntu0.14.04.1_amd64.deb && \
     shasum -a 256 firefox*deb && \
-    echo "${FIREFOX_CHECKSUM}  firefox_46.0.1+build1-0ubuntu0.14.04.3_amd64.deb" | shasum -a 256 -c - && \
+    echo "${FIREFOX_CHECKSUM}  firefox-esr_52.9.0esr+build2-0ubuntu0.14.04.1_amd64.deb" | shasum -a 256 -c - && \
     dpkg -i firefox*deb && apt-get install -f && \
-    paxctl -cm /usr/lib/firefox/firefox
+    paxctl -cm /usr/lib/firefox-esr/firefox-esr
 
 
 COPY ./tor_project_public.pub /opt/
@@ -56,6 +58,8 @@ RUN pip install -r requirements/securedrop-app-code-requirements.txt && \
     pip install -r requirements/test-requirements.txt
 
 RUN if test $USER_NAME != root ; then useradd --no-create-home --home-dir /tmp --uid $USER_ID $USER_NAME && echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ; fi
+RUN cp -r /root/.local /tmp/ && chmod +x /tmp/.local/tbb/tor-browser_en-US/Browser/firefox && chmod -R 777 /tmp/.local
+RUN chown -R $USER_NAME.$USER_NAME /tmp/.local/
 
 STOPSIGNAL SIGKILL
 

securedrop/bin/dev-shell

@@ -9,24 +9,6 @@ set -eu
 TOPLEVEL=$(git rev-parse --show-toplevel)
 source "${BASH_SOURCE%/*}/../../devops/scripts/ticker"
 
-function docker_image_circle() {
-    local out
-    out="$(mktemp)"
-    ( cat Dockerfile ; echo WORKDIR /app ; echo COPY . . ) > circle.docker
-    if ! docker build ${DOCKER_BUILD_ARGUMENTS:-} -t "securedrop-test:${CIRCLE_SHA1}" -f circle.docker . >& "${out}" ; then
-        cat "$out"
-        status=1
-    else
-        status=0
-    fi
-    rm circle.docker
-    return $status
-}
-
-function docker_run_circle() {
-    docker run -ti ${DOCKER_RUN_ARGUMENTS:-} --name securedrop-test "securedrop-test:${CIRCLE_SHA1}" "$@"
-}
-
 function docker_image() {
     docker build \
            ${DOCKER_BUILD_ARGUMENTS:-} \
@@ -46,9 +28,9 @@ function docker_run() {
 }
 
 if test -n "${CIRCLE_SHA1:-}" ; then
-   docker_image_circle
-   docker_run_circle "$@"
+   docker_image
 else
    ticker docker_image
-   docker_run "$@"
 fi
+
+docker_run "$@"

securedrop/bin/run-test

@@ -5,7 +5,6 @@ set -euo pipefail
 
 source "${BASH_SOURCE%/*}/dev-deps"
 
-run_xvfb &
 run_redis &
 urandom
 run_sass --force --update
@@ -24,6 +23,7 @@ mkdir -p "/tmp/test-results/logs"
 
 : "${PAGE_LAYOUT_LOCALES:=en_US,ar,fr_FR}"
 export PAGE_LAYOUT_LOCALES
+export TOR_FORCE_NET_CONFIG=0
 
 pytest \
   --page-layout \

securedrop/requirements/test-requirements.in

@@ -7,4 +7,6 @@ py
 pytest
 pytest-cov
 pytest-mock
-selenium < 3
+selenium
+tbselenium
+pyvirtualdisplay

securedrop/requirements/test-requirements.txt

@@ -9,6 +9,7 @@ beautifulsoup4==4.6.0
 blinker==1.4
 click==6.7                # via flask, pip-tools
 coverage==4.4.2           # via pytest-cov
+easyprocess==0.2.3        # via pyvirtualdisplay
 first==2.0.1              # via pip-tools
 flask-testing==0.7.1
 flask==0.12.2             # via flask-testing
@@ -24,6 +25,8 @@ py==1.5.2
 pytest-cov==2.5.1
 pytest-mock==1.7.1
 pytest==3.3.2
-selenium==2.53.6
+pyvirtualdisplay==0.2.1
+selenium==3.13.0
 six==1.11.0               # via mock, pip-tools, pytest
+tbselenium==0.3.3
 werkzeug==0.12.2          # via flask

securedrop/tests/functional/README.md

@@ -1,40 +1,19 @@
-### Install the Python dependencies
-
-
-```
-pip install tbselenium
-pip install PyVirtualDisplay==0.2.1
-```
-
-### Install Tor Browser 7.5
-
-Put it under `~/.local/tbb` directory.
-Steps are in `../../install_files/ansible-base/roles/app-test/tasks/install_tbb.yml` file.
-
-### Install geckodriver
-
-This is yet to be in the Ansible.
-[Download](https://github.com/mozilla/geckodriver/releases/download/v0.17.0/geckodriver-v0.17.0-linux64.tar.gz) 0.17.0 from
-the [release page](https://github.com/mozilla/geckodriver/releases/tag/v0.17.0). Move the binary to `/usr/bin/`.
-
 ### To test in prod vms
 
 - `sudo -u www-data bash`
 - `cd /var/wwww/securedrop/`
 - `./manage.py reset`    # This will clean the DB for testing
 - `./create-demo-user.py`  
 
-
-
-Update this information to the `functional/instance_infomration.json file.
+Update this information to the `tests/functional/instance_information.json file.
 
 The content of the file looks like below.
 
 ```
 {
-    "hidserv_token": "",
-    "journalist_location": "http://127.0.0.1:8081",
-    "source_location": "http://127.0.0.1:8080",
+    "hidserv_token": "asfjsdfag",
+    "journalist_location": "http://thejournalistfqb.onion",
+    "source_location": "http://thesourceadsfa.onion",
     "sleep_time": 10,
     "user": {
         "name": "journalist",
@@ -47,11 +26,8 @@ The content of the file looks like below.
 ### Run the tests
 
 ```
-$ pytest -v functional/test_source.py | less
+cd securedrop
+./bin/dev-shell ./bin/run-test -v tests/functional/
 ```
-
-Remember to use to pipe to less, or less in case of a failure, there will be too much output.
-
-- `functional/test_source_warnings.py`: THis will fail as we are actually using Tor Browser :)
-- `functional/test_submission_not_in_memory.py`: Not inside of the server, so does not make sense.
-- `functional/test_source_session_timeout.py`: Remember to change the session time in the server to 0.02 before testing this.
+You may wish to append a pipe to less (i.e. `| less`), as a failure may generate
+many pages of output, making it difficult to scroll back.

securedrop/tests/functional/download_content.py

@@ -2,6 +2,7 @@
 import json
 import urllib2
 
+
 def main():
     fpath = sys.argv[1]
     with open(fpath) as fobj:
@@ -16,5 +17,6 @@ def main():
     raw_content = urllib2.urlopen(submission_req).read()
     print(raw_content)
 
+
 if __name__ == '__main__':
     main()