move validation to test

marcoieni · marcoieni · commit 90f5f366575c · 2025-05-27T15:58:54.000+02:00
diff --git a/src/ci/citool/src/jobs.rs b/src/ci/citool/src/jobs.rs
@@ -2,13 +2,13 @@
 mod tests;
 
 use std::collections::BTreeMap;
-use std::path::Path;
+use std::vec;
 
 use anyhow::Context as _;
 use serde_yaml::Value;
 
-use crate::utils::{self, load_env_var};
-use crate::{DOCKER_DIRECTORY, GitHubContext};
+use crate::GitHubContext;
+use crate::utils::load_env_var;
 
 /// Representation of a job loaded from the `src/ci/github-actions/jobs.yml` file.
 #[derive(serde::Deserialize, Debug, Clone)]
@@ -47,47 +47,6 @@ impl Job {
     fn is_linux(&self) -> bool {
         self.os.contains("ubuntu")
     }
-
-    /// Validate that CodeBuild jobs use Docker images from ghcr.io registry.
-    /// This is needed because otherwise from CodeBuild we get rate limited by Docker Hub.
-    fn validate_codebuild_image(&self) -> anyhow::Result<()> {
-        let is_job_on_codebuild = self.codebuild.unwrap_or(false);
-        if !is_job_on_codebuild {
-            // Jobs in GitHub Actions don't get rate limited by Docker Hub.
-            return Ok(());
-        }
-
-        let image_name = self.image();
-        // we hardcode host-x86_64 here, because in codebuild we only run jobs for this architecture.
-        let dockerfile_path =
-            Path::new(DOCKER_DIRECTORY).join("host-x86_64").join(&image_name).join("Dockerfile");
-
-        if !dockerfile_path.exists() {
-            return Err(anyhow::anyhow!(
-                "Dockerfile not found for CodeBuild job '{}' at path: {}",
-                self.name,
-                dockerfile_path.display()
-            ));
-        }
-
-        let dockerfile_content = utils::read_to_string(&dockerfile_path)?;
-
-        // Check if all FROM statement uses ghcr.io registry
-        let has_ghcr_from = dockerfile_content
-            .lines()
-            .filter(|line| line.trim_start().to_lowercase().starts_with("from "))
-            .all(|line| line.contains("ghcr.io"));
-
-        if !has_ghcr_from {
-            return Err(anyhow::anyhow!(
-                "CodeBuild job '{}' must use ghcr.io registry in its Dockerfile FROM statement. \
-                Dockerfile path: {dockerfile_path:?}",
-                self.name,
-            ));
-        }
-
-        Ok(())
-    }
 }
 
 #[derive(serde::Deserialize, Debug)]
@@ -256,10 +215,6 @@ fn calculate_jobs(
     let jobs = substitute_github_vars(jobs.clone())
         .context("Failed to substitute GitHub context variables in jobs")?;
     let jobs = skip_jobs(jobs, channel);
-    for j in &jobs {
-        j.validate_codebuild_image()
-            .context(format!("Failed to validate CodeBuild job '{}'", j.name))?;
-    }
     let jobs = jobs
         .into_iter()
         .map(|job| {
diff --git a/src/ci/citool/src/jobs/tests.rs b/src/ci/citool/src/jobs/tests.rs
@@ -1,4 +1,12 @@
-use crate::jobs::{JobDatabase, load_job_db};
+use std::path::Path;
+
+use crate::{
+    DOCKER_DIRECTORY, JOBS_YML_PATH,
+    jobs::{JobDatabase, load_job_db},
+    utils,
+};
+
+use super::Job;
 
 #[test]
 fn lookup_job_pattern() {
@@ -62,3 +70,65 @@ fn check_pattern(db: &JobDatabase, pattern: &str, expected: &[&str]) {
 
     assert_eq!(jobs, expected);
 }
+
+/// Validate that CodeBuild jobs use Docker images from ghcr.io registry.
+/// This is needed because otherwise from CodeBuild we get rate limited by Docker Hub.
+fn validate_codebuild_image(job: &Job) -> anyhow::Result<()> {
+    let is_job_on_codebuild = job.codebuild.unwrap_or(false);
+    if !is_job_on_codebuild {
+        // Jobs in GitHub Actions don't get rate limited by Docker Hub.
+        return Ok(());
+    }
+
+    let image_name = job.image();
+    // we hardcode host-x86_64 here, because in codebuild we only run jobs for this architecture.
+    let dockerfile_path =
+        Path::new(DOCKER_DIRECTORY).join("host-x86_64").join(&image_name).join("Dockerfile");
+
+    if !dockerfile_path.exists() {
+        return Err(anyhow::anyhow!(
+            "Dockerfile not found for CodeBuild job '{}' at path: {}",
+            job.name,
+            dockerfile_path.display()
+        ));
+    }
+
+    let dockerfile_content = utils::read_to_string(&dockerfile_path)?;
+
+    // Check if all FROM statement uses ghcr.io registry
+    let has_ghcr_from = dockerfile_content
+        .lines()
+        .filter(|line| line.trim_start().to_lowercase().starts_with("from "))
+        .all(|line| line.contains("ghcr.io"));
+
+    if !has_ghcr_from {
+        return Err(anyhow::anyhow!(
+            "CodeBuild job '{}' must use ghcr.io registry in its Dockerfile FROM statement. \
+                Dockerfile path: {dockerfile_path:?}",
+            job.name,
+        ));
+    }
+
+    Ok(())
+}
+
+#[test]
+fn validate_jobs() {
+    let db = {
+        let default_jobs_file = Path::new(JOBS_YML_PATH);
+        let db_str = utils::read_to_string(default_jobs_file).unwrap();
+        load_job_db(&db_str).expect("Failed to load job database")
+    };
+
+    let all_jobs =
+        db.pr_jobs.iter().chain(db.try_jobs.iter()).chain(db.auto_jobs.iter()).collect::<Vec<_>>();
+
+    let errors: Vec<anyhow::Error> =
+        all_jobs.into_iter().filter_map(|job| validate_codebuild_image(job).err()).collect();
+
+    if !errors.is_empty() {
+        let error_messages =
+            errors.into_iter().map(|e| format!("- {e}")).collect::<Vec<_>>().join("\n");
+        panic!("Job validation failed:\n{error_messages}");
+    }
+}
