test: gomod git auth: remove need for custom buildx instance#938
Merged
cpuguy83 merged 6 commits intoproject-dalec:mainfrom Feb 24, 2026
Merged
test: gomod git auth: remove need for custom buildx instance#938cpuguy83 merged 6 commits intoproject-dalec:mainfrom
cpuguy83 merged 6 commits intoproject-dalec:mainfrom
Conversation
cpuguy83
force-pushed
the
test_no_custom_buildx
branch
2 times, most recently
from
e1fe15c to
2f4e9ff
Compare
cpuguy83
force-pushed
the
test_no_custom_buildx
branch
from
2f4e9ff to
c4de3a2
Compare
This should speed up the test since we don't have to re-cache everything in the new buildx instance. It also means we don't need to setup any listeners in the host network namespace. It accomplishes this by connecting directly to the git server's container IP address which we detect when we start the server. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
cpuguy83
force-pushed
the
test_no_custom_buildx
branch
2 times, most recently
from
243ccec to
3b900af
Compare
Still more to do here, but trying to consolidate things, remove some abstractions that aren't really needed, and make the flow more clear. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
cpuguy83
force-pushed
the
test_no_custom_buildx
branch
from
3b900af to
e28fb18
Compare
Our go.mod requires 1.25 now, so update the one in the test so it can pass. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the gomod_git_auth integration test setup to avoid creating a custom Buildx instance with host networking by discovering the git server container’s IP and wiring it into BuildKit via extra host entries.
Changes:
- Removes the dedicated “network=host” Buildx builder helper and related test runner wrapper.
- Refactors
TestGomodGitAuthto start HTTP/SSH git servers in BuildKit containers and use their container IPs for connectivity. - Introduces a small git server helper binary and a JSON event protocol for readiness/IP reporting.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| test/testenv/buildx.go | Removes helpers related to host-networked custom buildx instances. |
| test/gomod_git_auth_test.go | Switches tests to use server container IPs and standard RunTest opts (secrets/ssh socket). |
| test/git_services/teststate.go | Refactors git server startup to emit/read readiness events and build/mount helper server binary. |
| test/git_services/protocol.go | Adds event structs/constants for newline-delimited JSON server events. |
| test/git_services/cmd/server/main.go | Adds helper server supporting serve and getip commands. |
| test/git_services/attributes.go | Removes old GitRemoteAddr and per-test tag regeneration helper. |
| test/cmd/git_repo/passwd/passwd.go | Deletes obsolete password helper package. |
| test/cmd/git_repo/host.go | Deletes obsolete HTTP git server host program. |
| test/cmd/git_repo/build/build.go | Deletes obsolete build helper for the old HTTP server. |
Comment on lines
106
to
108
| testEnv.RunTest(ctx, t, func(ctx context.Context, client gwclient.Client) { | ||
| testState := gitservices.NewTestState(t, client, &attr) | ||
|
|
There was a problem hiding this comment.
attr is shared across parallel subtests and NewTestState mutates attr.tag when it’s empty. This introduces a data race and also reintroduces the earlier caching problem where HTTP/SSH can reuse the same git tag, potentially causing false positives. Make attr a per-subtest copy (e.g., shadow attr := attr inside each subtest) so each run gets its own tag (or explicitly generate a unique tag per subtest).
Comment on lines
163
to
165
| testEnv.RunTest(ctx, t, func(ctx context.Context, client gwclient.Client) { | ||
| testState := gitservices.NewTestState(t, client, &attr) | ||
|
|
There was a problem hiding this comment.
Same issue as the HTTP subtest: this parallel subtest shares &attr and NewTestState may mutate attr.tag, causing a race. Also, reusing the same tag across subtests can allow the go module cache to satisfy the second test without actually exercising auth. Use a per-subtest copy / unique tag.
invidian
approved these changes
Feb 23, 2026
Contributor
invidian
left a comment
invidian
left a comment
There was a problem hiding this comment.
Minor comments, overall LGTM
emitError was writing to stderr where the event consumer couldn't see it. Move it to use the shared eventOut encoder (stdout) so error events are properly decoded and handled by waitForReady, consistent with the SSH server script. Also clean up variable names for clarity. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Add container cleanup via t.Cleanup to prevent resource leaks, add signal trapping in the SSH server script for clean shutdown, use the container IP instead of 127.0.0.1 for readiness checks, and propagate context errors through CloseWithError for better timeout diagnostics. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Each parallel subtest needs its own copy of the Attributes struct since NewTestState mutates the tag field via the shared pointer. Without the copy, both HTTP and SSH subtests would race on writing attr.tag. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
invidian
approved these changes
Feb 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This should speed up the test since we don't have to re-cache everything in the new buildx instance.
It also means we don't need to setup any listeners in the host network namespace.
It accomplishes this by connecting directly to the git server's container IP address which we detect when we start the server.
There are likely some other improvements we can do here but the goal was to remove the custom buildx instance for this change.