Docs/Tools/Test Runner
Testing

test_runner.py

Runs 5 test stages in sequence — Dockerfile, Terraform, Helm, GitHub Actions, Integration. Each stage must pass before the next begins. Use --only to run a subset, --fail-fast to stop on first failure. Missing tools show as SKIPPED with install hints, not failures.

CLI Usage
bash
python3 tools/test_runner.py \
  --service payment-api \
  --repo-path ./my-app \
  --terraform-dir ./my-app/terraform \
  --helm-dir ./my-app/helm \
  --cloud aws

# Run a subset of stages:
python3 tools/test_runner.py ... --only dockerfile,terraform

# Stop on first failure:
python3 tools/test_runner.py ... --fail-fast
5 Test Stages
1Dockerfile

Lint, build, and scan the container image for HIGH/CRITICAL CVEs

hadolintdocker buildcontainer-structure-testtrivy
2Terraform

Format check, lint, security policy scan, syntax validation, and Go-based integration tests

terraform fmttflintcheckovterraform validateTerratest
3Helm

Strict lint, server-side dry-run manifest validation, and unit tests

helm lint --strictkubectl dry-runhelm-unittest
4GitHub Actions

Local workflow runner dry-run to catch syntax and step errors before pushing

act push --dry-run
5Integration

Spin up a local kind cluster, install the chart, and verify the /health endpoint responds

kindhelm installcurl /health
SKIPPED vs FAILED

If an optional tool is not installed on the host, the corresponding check is marked SKIPPED with an installation hint printed to stdout. The stage does not fail because of a missing tool — only because of a failing test.

Install Optional Tools
hadolintbrew install hadolint
trivybrew install trivy
tflintbrew install tflint
checkovpip install checkov
actbrew install act
helm-unittesthelm plugin install https://github.com/helm-unittest/helm-unittest
bash
# Quick install (macOS):
brew install hadolint trivy tflint act
pip install checkov
helm plugin install https://github.com/helm-unittest/helm-unittest
Gate rule

No step in the pipeline is declared "done" while test_runner.py reports failures. Fix failures before moving on — "it should work" is not a passing test.

← Back to Tools index