.github/workfkows,Dockerfile,Dockerfile.base: add a test for base image (#18180)

Test that the base image builds and has the right iptables binary linked. Updates #17854 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2025-12-26 20:38:40 +00:00 · 2025-12-12 18:10:00 +00:00
parent 3ef9787379
commit cb5fa35f57
3 changed files with 39 additions and 5 deletions
--- a/.github/workflows/docker-base.yml
+++ b/.github/workflows/docker-base.yml
@@ -0,0 +1,29 @@
+name: "Validate Docker base image"
+on: 
+  workflow_dispatch:
+  pull_request:
+    paths:
+    - "Dockerfile.base"
+    - ".github/workflows/docker-base.yml"
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: "build and test"
+      run: |
+        set -e
+        IMG="test-base:$(head -c 8 /dev/urandom | xxd -p)"
+        docker build -t "$IMG" -f Dockerfile.base .
+
+        iptables_version=$(docker run --rm "$IMG" iptables --version)
+        if [[ "$iptables_version" != *"(legacy)"* ]]; then
+            echo "ERROR: Docker base image should contain legacy iptables; found ${iptables_version}"
+            exit 1
+        fi
+
+        ip6tables_version=$(docker run --rm "$IMG" ip6tables --version)
+        if [[ "$ip6tables_version" != *"(legacy)"* ]]; then
+            echo "ERROR: Docker base image should contain legacy ip6tables; found ${ip6tables_version}"
+            exit 1
+        fi