Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/pact-foundation/pact-go/v2
Pact is the de-facto API contract testing tool. Replace expensive and brittle end-to-end integration tests with fast, reliable and easy to debug unit tests.
Why use Pact? Contract testing with Pact lets you:
Watch our series on the problems with end-to-end integrated tests, and how contract testing can help. |
This readme offers an basic introduction to the library. The full documentation for Pact Go and the rest of the framework is available at https://docs.pact.io/.
Learn everything in Pact Go in 60 minutes: https://github.com/pact-foundation/pact-workshop-go
# install pact-go as a dev dependency
go get github.com/pact-foundation/pact-go/v2
# install the `pact-go` CLI
go install github.com/pact-foundation/pact-go/v2
# pact-go will be installed into $GOPATH/bin, which is $HOME/go/bin by default.
# download and install the required libraries.
pact-go -l DEBUG install
# 🚀 now write some tests!
If the pact-go
command above is not found, make sure that $GOPATH/bin
is in your path. I.e.,
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
You can also keep the library versions up to date by running the version.CheckVersion()
function.
Set PACT_GO_LIB_DOWNLOAD_PATH
env var if you have installed the library in a non-standard location.
cgo
CGO_ENABLED=1
(check with go env
)gcc
packageBy default, pact-go install will attempt to install in /usr/local/lib
.
Note this is not user-writable, so pact-go install
must be run with sudo
.
An alternative is to install to /tmp
via pact-go -l DEBUG install --libDir /tmp
Install gcc
choco install mingw
scoop install mingw
Add location of the pact-go installed shared library to
PATH
CGO_LDFLAGS
$env:Path += ";$env:TMP"
$env:CGO_LDFLAGS = "-L$env:TMP"
Command Prompt
set PATH="%PATH%;%TMP%"
set CGO_LDFLAGS="-L%TMP%"
Download the latest Pact FFI Library
library for your OS, and install onto a standard library search path (we suggest: /usr/local/lib
on MacOS/Linux):
Ensure you have the correct extension for your OS:
.dylib
(For M1 users, you need the aarch64
version) - ( Called aarch64-apple-darwin
in version prior to v0.4.21 ).so
.dll
wget https://github.com/pact-foundation/pact-reference/releases/download/libpact_ffi-v0.4.21/libpact_ffi-macos-x86_64.dylib.gz
gunzip libpact_ffi-macos-x86_64.dylib.gz
mv libpact_ffi-macos-x86_64.dylib /usr/local/lib/libpact_ffi.dylib
Test the installation:
pact-go help
The consumer interface is in the package: github.com/pact-foundation/pact-go/v2/consumer
.
Pact is a consumer-driven contract testing tool, which is a fancy way of saying that the API Consumer
writes a test to set out its assumptions and needs of its API Provider
(s). By unit testing our API client with Pact, it will produce a contract
that we can share to our Provider
to confirm these assumptions and prevent breaking changes.
In this example, we are going to be testing our User API client, responsible for communicating with the UserAPI
over HTTP. It currently has a single method GetUser(id)
that will return a *User
.
Pact tests have a few key properties. We'll demonstrate a common example using the 3A Arrange/Act/Assert
pattern.
func TestUserAPIClient(t *testing.T) {
// Specify the two applications in the integration we are testing
// NOTE: this can usually be extracted out of the individual test for re-use)
mockProvider, err := NewV2Pact(MockHTTPProviderConfig{
Consumer: "UserAPIConsumer",
Provider: "UserAPI",
})
assert.NoError(t, err)
// Arrange: Setup our expected interactions
mockProvider.
AddInteraction().
Given("A user with ID 10 exists").
UponReceiving("A request for User 10").
WithRequest("GET", S("/user/10")).
WillRespondWith(200).
WithBodyMatch(&User{})
// Act: test our API client behaves correctly
err = mockProvider.ExecuteTest(t, func(config MockServerConfig) error {
// Initialise the API client and point it at the Pact mock server
// Pact spins up a dedicated mock server for each test
client := newClient(config.Host, config.Port)
// Execute the API client
user, err := client.GetUser("10")
// Assert: check the result
assert.NoError(t, err)
assert.Equal(t, 10, user.ID)
return err
})
assert.NoError(t, err)
}
You can see (and run) the full version of this in ./examples/basic_test.go
.
For a full example, see the Pactflow terraform provider pact tests.
The provider interface is in the package: github.com/pact-foundation/pact-go/v2/provider
A provider test takes one or more pact files (contracts) as input, and Pact verifies that your provider adheres to the contract. In the simplest case, you can verify a provider as per below.
func TestV3HTTPProvider(t *testing.T) {
// 1. Start your Provider API in the background
go startServer()
verifier := HTTPVerifier{}
// Verify the Provider with local Pact Files
// The console will display if the verification was successful or not, the
// assertions being made and any discrepancies with the contract
err := verifier.VerifyProvider(t, VerifyRequest{
ProviderBaseURL: "http://localhost:1234",
PactFiles: []string{
filepath.ToSlash("/path/to/SomeConsumer-SomeProvider.json"),
},
})
// Ensure the verification succeeded
assert.NoError(t, err)
}
Version | Stable | Spec Compatibility | Install |
---|---|---|---|
2.0.x | Yes | 2, 3, 4 | See installation |
1.0.x | Yes | 2, 3* | 1.x.x 1xx |
0.x.x | Yes | Up to v2 | 0.x.x stable |
* v3 support is limited to the subset of functionality required to enable language inter-operable Message support.
The roadmap for Pact and Pact Go is outlined on our main website. Detail on the native Go implementation can be found here.
See CONTRIBUTING.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.