tests: adds E2E test to ensure functionality (#2)

* tests: adds E2E test.

* tests: fixes envoy config.

* tests: fixes wasm filter location.

* chore: fixes cache.

* chore: changes cache version.

* fix: fixes cache by not using a container in build step.

This is to mitigate the problem where cache action does not mount the cache folder as per in https://stackoverflow.com/questions/66653352/github-action-cache-question-with-containers.

* fix: attempts to use env var rightly.

* fix: git installation.

* chore: uses sudo for dpkg.

* chore: removes usage of scheduler.

* chore: attempts to parse wasm-tools as suggested by @mathetake

* chore: attempts to fix build.

* chore: validate and parse wasm generated.

* chore: drops scheduler.

* chore: attempts to fix build removing logging.

* feat: get extension working.

* chore: adds label in docker image.

* fix: checks out the code for using the Dockerfile.

* fix: ls -la build folder.

* chore: removes ls and adds very basic dockerignore.

Author: jcchavezs

.dockerignore

@@ -0,0 +1,3 @@
+.git
+*.md
+LICENSE

.dockerignore.Dockerfile.server-test

@@ -0,0 +1,3 @@
+build
+LICENSE
+**/.git

.github/workflows/ci.yaml

@@ -0,0 +1,159 @@
+name: CI
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "**/*.md"
+      - "LICENSE"
+  pull_request:
+
+env:
+  GO_VERSION: 1.18
+  TINYGO_VERSION: 0.23.0
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    steps:
+      # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
+      - name: Check out code
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Install Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Run tests
+        shell: bash
+        run: make test
+
+  build:
+    runs-on: ubuntu-20.04
+    needs: test
+    steps:
+      # submodule needs .git folder, which is missing without installing a newer git command
+      # https://github.com/actions/checkout/issues/335
+      - name: "Install latest `git`"
+        run: |
+          sudo apt purge git -y
+          sudo apt-get update && sudo apt-get install -y software-properties-common make
+          sudo add-apt-repository ppa:git-core/ppa -y
+          # apt update fails to fetch some repo due to cert failure. Skip them.
+          sudo apt update || true; sudo apt install -y --no-install-recommends git
+
+      - name: Check out code
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install TinyGo
+        run: |
+          wget https://github.com/tinygo-org/tinygo/releases/download/v${TINYGO_VERSION}/tinygo_${TINYGO_VERSION}_amd64.deb
+          sudo dpkg -i tinygo_${TINYGO_VERSION}_amd64.deb
+          export PATH=$PATH:/usr/local/bin
+
+      - name: "Cache generated .wasm file"
+        uses: actions/cache@v2
+        with:
+          path: |
+            build/main.wasm
+          key: ${{ runner.os }}-cache-build-${{ github.sha }}
+
+      - name: Build WASM filter
+        shell: bash
+        run: make build
+
+      - name: Install WASM
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Install Cargo
+        uses: actions-rs/cargo@v1
+        with:
+          command: install
+          args: wasm-tools
+
+      - name: Validate WASM output
+        shell: bash
+        run: wasm-tools validate build/main.wasm
+
+  e2e-test:
+    runs-on: ubuntu-20.04
+    needs: build
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: "Install func-e"
+        shell: bash
+        run: curl https://func-e.io/install.sh | bash -s -- -b /usr/local/bin
+
+      - name: "Restore the wasm files cache"
+        uses: actions/cache@v2
+        with:
+          path: |
+            build/main.wasm
+          key: ${{ runner.os }}-cache-build-${{ github.sha }}
+
+      - name: "Verify build"
+        shell: bash
+        run: test -f build/main.wasm
+
+      - name: "Spin up server and envoy"
+        shell: bash
+        run: |
+          func-e run -c e2e/envoy-config.yaml --log-level info --component-log-level wasm:debug &
+
+      - name: "Run tests"
+        shell: bash
+        run: |
+          ./e2e/tests.sh
+
+  package:
+    runs-on: ubuntu-20.04
+    needs: e2e-test
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: "Restore the wasm files cache"
+        uses: actions/cache@v2
+        with:
+          path: |
+            build/main.wasm
+          key: ${{ runner.os }}-cache-build-${{ github.sha }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: ${{ github.event_name == 'push' }}
+          tags: jcchavezs/coraza-wasm-filter:latest

.github/workflows/test.yaml

@@ -1 +1,2 @@
-build
+.vscode
+build

.gitignore

@@ -0,0 +1,5 @@
+FROM scratch
+
+LABEL org.opencontainers.image.source=https://github.com/jcchavezs/coraza-wasm-filter
+
+COPY build/main.wasm /plugin.wasm

Dockerfile

@@ -0,0 +1,38 @@
+FROM ubuntu as func-e-downloader
+
+RUN apt update && apt -y install curl
+
+RUN curl https://func-e.io/install.sh | bash -s -- -b /usr/local/bin
+
+FROM tinygo/tinygo as build-stage
+
+RUN apt-get install -y build-essential curl
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
+
+RUN ~/.cargo/bin/cargo install wasm-tools
+
+WORKDIR /usr/src/wasm-filter
+
+COPY coraza coraza
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+RUN go mod download
+
+COPY main.go main.go
+COPY Makefile Makefile
+
+RUN make build
+
+RUN ~/.cargo/bin/wasm-tools validate build/main.wasm
+RUN ~/.cargo/bin/wasm-tools dump build/main.wasm > build/main.wasm.dump
+
+FROM func-e-downloader as run-stage
+
+WORKDIR /usr/bin/wasm-filter
+
+COPY --from=build-stage /usr/src/wasm-filter/build ./build
+COPY e2e/envoy-config.yaml envoy-config.yaml
+
+ENTRYPOINT ["/usr/local/bin/func-e", "run", "-c envoy-config.yaml", "--log-level info", "--component-log-level wasm:debug"]

Dockerfile.server-test

@@ -1,7 +1,23 @@
+ARTIFACT_NAME="coraza-wasm-filter"
+IMAGE_NAME=$(ARTIFACT_NAME):latest
+CONTAINER_NAME=$(ARTIFACT_NAME)-build
+
 .PHONY: build
 build:
 	mkdir -p ./build
-	tinygo build -o build/main.wasm -scheduler=asyncify -target=wasi ./main.go
+	tinygo build -o build/main.wasm -scheduler=none -target=wasi ./main.go
 
 test:
-	go test -tags=proxytest ./...
+	go test -tags="proxytest tinygo" ./...
+
+server-test-build:
+	docker build --progress=plain -t $(IMAGE_NAME) -f Dockerfile.server-test .
+
+server-test-wasm-dump: server-test-build
+	@docker rm -f $(CONTAINER_NAME) || true
+	@docker create -ti --name $(CONTAINER_NAME) $(IMAGE_NAME) bash
+	docker cp $(CONTAINER_NAME):/usr/bin/wasm-filter/build ./
+	@docker rm -f $(CONTAINER_NAME)
+
+server-test-run: server-test-build
+	docker run -p 8001:8001 $(IMAGE_NAME)

Makefile

@@ -0,0 +1,44 @@
+static_resources:
+  listeners:
+    - address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 8001
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                codec_type: auto
+                route_config:
+                  virtual_hosts:
+                    - name: local_route
+                      domains:
+                        - "*"
+                      routes:
+                        - match: { prefix: "/" }
+                          direct_response:
+                            status: 200
+                http_filters:
+                  - name: envoy.filters.http.wasm
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
+                      config:
+                        name: "coraza-filter"
+                        root_id: ""
+                        configuration:
+                          "@type": "type.googleapis.com/google.protobuf.StringValue"
+                          value: |
+                            {
+                              "rules":"SecDebugLogLevel 5 \nSecDebugLog modsec.log \nSecRuleEngine On \nSecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\""
+                            }
+                        vm_config:
+                          runtime: "envoy.wasm.runtime.v8"
+                          vm_id: "my_vm_id"
+                          code:
+                            local:
+                              filename: "build/main.wasm"
+                  - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router