docker-compose.test.yml

services:
  server:
    image: localhost:5000/sut
    build:
      context: .
      dockerfile: Dockerfile
    volumes:
      # enable send-client-subnet example configuration file
      - ./rootfs_overlay/etc/unbound/custom.conf.d/send-client-subnet.conf.example:/etc/unbound/custom.conf.d/send-client-subnet.conf:ro
      # enable custom-port example configuration file
      - ./rootfs_overlay/etc/unbound/custom.conf.d/custom-port.conf.example:/etc/unbound/custom.conf.d/custom-port.conf:ro
      # enable remote-control example configuration file
      - ./rootfs_overlay/etc/unbound/custom.conf.d/remote-control.conf.example:/etc/unbound/custom.conf.d/remote-control.conf:ro
    command: -v -v

  sut:
    image: alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
    depends_on:
      - server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    working_dir: /test
    entrypoint:
      - /bin/sh
      - -c
    command:
      - |
        set -ex
        apk add --no-cache bind-tools docker-cli

        server_ip="$$(dig +short server | tail -n 1)"
        while read id
        do
          if docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $${id} | grep -q "$${server_ip}"
          then
            server_id="$${id}"
            break
          fi
        done < <(docker ps --format '{{.ID}}')

        docker exec $${server_id} unbound -V
        docker exec $${server_id} unbound-checkconf
        docker exec $${server_id} unbound-anchor -v
        docker exec $${server_id} drill -v

        sleep 5

        docker exec $${server_id} drill-hc -p 5353 dnssec.works @127.0.0.1 | tee /dev/stderr | grep NOERROR
        ! docker exec $${server_id} drill-hc -p 5353 foo.local @127.0.0.1 | tee /dev/stderr | grep NOERROR
        ! docker exec $${server_id} drill-hc -p 5353 bar.local @127.0.0.1 | tee /dev/stderr | grep NOERROR

        dig @server -p 5353 dnssec.works +dnssec +multi | tee /dev/stderr | grep NOERROR
        ! dig @server -p 5353 fail01.dnssec.works +dnssec +multi | tee /dev/stderr | grep NOERROR
        ! dig @server -p 5353 fail02.dnssec.works +dnssec +multi | tee /dev/stderr | grep NOERROR
        ! dig @server -p 5353 fail03.dnssec.works +dnssec +multi | tee /dev/stderr | grep NOERROR
        ! dig @server -p 5353 fail04.dnssec.works +dnssec +multi | tee /dev/stderr | grep NOERROR

        # test ECS
        dig @server -p 5353 TXT o-o.myaddr.l.google.com +short | tee /dev/stderr | grep edns0-client-subnet