ci(NODE-6728): test FLE on Alpine linux

.dockerignore

@@ -0,0 +1,6 @@
+node_modules
+lib
+.nyc_output
+docs
+*dylib
+*md

.evergreen/config.in.yml

@@ -734,6 +734,21 @@ functions:
         args:
           - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh
 
+  "build and test alpine FLE":
+    - command: subprocess.exec
+      type: test
+      params:
+        working_dir: "src"
+        env:
+          INSTALL_DIR: mongodb-client-encryption
+          PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+          DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+          NODE_VERSION: ${NODE_VERSION}
+          MONGODB_URI: ${MONGODB_URI}
+        binary: bash
+        args:
+          - .evergreen/docker/alpine.sh
+
 tasks:
   - name: 'test-atlas-data-lake'
     tags: ["datalake", "mongohouse"]
@@ -1272,3 +1287,10 @@ post:
 
 ignore:
   - "*.md"
+
+buildvariants:
+  - name: Alpine FLE Tests
+    display_name: Alpine FLE Test
+    run_on: ubuntu2204-small
+    tasks:
+      - .alpine-fle

.evergreen/config.yml

@@ -657,6 +657,20 @@ functions:
         binary: bash
         args:
           - ${PROJECT_DIRECTORY}/.evergreen/install-mongodb-client-encryption.sh
+  build and test alpine FLE:
+    - command: subprocess.exec
+      type: test
+      params:
+        working_dir: src
+        env:
+          INSTALL_DIR: mongodb-client-encryption
+          PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+          DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+          NODE_VERSION: ${NODE_VERSION}
+          MONGODB_URI: ${MONGODB_URI}
+        binary: bash
+        args:
+          - .evergreen/docker/alpine.sh
 tasks:
   - name: test-atlas-data-lake
     tags:
@@ -2300,6 +2314,25 @@ tasks:
         vars:
           PACKAGE: mongodb-client-encryption@6.0.0
       - func: run tests
+  - name: test-alpine-fle
+    tags:
+      - alpine-fle
+    commands:
+      - command: expansions.update
+        type: setup
+        params:
+          updates:
+            - {key: NODE_VERSION, value: 16.20.1}
+            - {key: VERSION, value: latest}
+            - {key: TOPOLOGY, value: replica_set}
+            - {key: CLIENT_ENCRYPTION, value: 'true'}
+            - {key: TEST_CSFLE, value: 'true'}
+            - {key: MONGODB_BINARIES, value: '${PROJECT_DIRECTORY}/mongodb/bin'}
+      - func: install dependencies
+      - func: bootstrap mongo-orchestration
+      - func: bootstrap kms servers
+      - func: assume secrets manager rule
+      - func: build and test alpine FLE
   - name: test-latest-server-noauth
     tags:
       - latest
@@ -3191,6 +3224,11 @@ post:
 ignore:
   - '*.md'
 buildvariants:
+  - name: Alpine FLE Tests
+    display_name: Alpine FLE Test
+    run_on: ubuntu2204-small
+    tasks:
+      - .alpine-fle
   - name: rhel80-large-gallium
     display_name: rhel8 Node16
     run_on: rhel80-large

.evergreen/docker/Dockerfile.musl

@@ -0,0 +1,21 @@
+ARG ARCH=arm64
+ARG NODE_VERSION=16.20.1
+
+FROM ${ARCH}/node:${NODE_VERSION}-alpine AS dependencies
+
+RUN apk --no-cache add make g++ libc-dev curl bash python3 py3-pip cmake git vim ranger
+
+# useful debugging output
+RUN <<EOF
+python3 --version
+git --version
+c++ --version
+g++ --version
+EOF
+
+# clone drivers evergreen tools into the same location that it lives on the host machine
+# this ensures any paths configured in variables by drivers-evergreen-tools work
+# in the container too.
+ARG DRIVERS_TOOLS=drivers-evergreen-tools
+WORKDIR ${DRIVERS_TOOLS}
+RUN git clone https://github.com/mongodb-labs/drivers-evergreen-tools.git .

.evergreen/docker/alpine.sh

@@ -0,0 +1,53 @@
+#! /bin/bash
+
+# script to aid in local testing of linux platforms
+# requires a running docker instance
+
+if [ -z ${NODE_VERSION+omitted} ]; then echo "NODE_VERSION is unset" && exit 1; fi
+if [ -z ${DRIVERS_TOOLS+omitted} ]; then echo "DRIVERS_TOOLS is unset" && exit 1; fi
+if [ -z ${MONGODB_URI+omitted} ]; then echo "MONGODB_URI is unset" && exit 1; fi
+
+# ubuntu2204 hosts in ci use amd64
+LINUX_ARCH=${LINUX_ARCH:-amd64}
+
+IMAGE_TAG=${IMAGE_TAG:-alpine-fle-image}
+
+build_alpine() {
+    docker buildx create --name builder --bootstrap --use
+
+    BASE_TAG=$LINUX_ARCH-alpine-base-node-$NODE_VERSION
+    docker --debug buildx build --load --progress=plain \
+        --platform linux/$LINUX_ARCH \
+        --build-arg="ARCH=$LINUX_ARCH" \
+        --build-arg="NODE_VERSION=$NODE_VERSION" \
+        --build-arg="DRIVERS_TOOLS=$DRIVERS_TOOLS" \
+        -f ./.evergreen/docker/Dockerfile.musl -t $IMAGE_TAG \
+        .
+}
+
+test_alpine() {
+    # # launch a mongocryptd on the host.
+    ./mongodb/bin/mongocryptd --fork --port 3000 --pidfilepath $(pwd)/pid.file --logpath $(pwd)/logpath
+    MONGOCRYPTD_URI='mongodb://localhost:3000'
+
+    # set up FLE creds on host.  don't download cryptd because we don't need it.
+    RUN_WITH_MONGOCRYPTD=true bash .evergreen/setup-fle.sh
+
+    # remove node_modules to remove any already downloaded prebuilds
+    rm -rf node_modules
+
+    # run FLE tests in container, using mongocryptd and replica set running on host.
+    # mount the current directory (the driver's root) as /node-mongodb-native and
+    # use that as the working directory for `run-alpine-fle-tests.sh`
+    docker --debug run \
+        --platform linux/$LINUX_ARCH \
+        -e MONGODB_URI=${MONGODB_URI} -e MONGOCRYPTD_URI=${MONGOCRYPTD_URI} \
+        --volume $(pwd):/node-mongodb-native -w /node-mongodb-native \
+        --network host \
+        --entrypoint bash \
+        $IMAGE_TAG \
+        '.evergreen/run-alpine-fle-tests.sh'
+}
+
+build_alpine
+test_alpine

.evergreen/generate_evergreen_tasks.js

@@ -729,6 +729,28 @@ const coverageTask = {
 SINGLETON_TASKS.push(coverageTask);
 SINGLETON_TASKS.push(...customDependencyTests);
 
+SINGLETON_TASKS.push(
+  {
+    name: `test-alpine-fle`,
+    tags: ['alpine-fle'],
+    commands: [
+      updateExpansions({
+        NODE_VERSION: '16.20.1',
+        VERSION: 'latest',
+        TOPOLOGY: 'replica_set',
+        CLIENT_ENCRYPTION: true,
+        TEST_CSFLE: true,
+        MONGODB_BINARIES: '${PROJECT_DIRECTORY}/mongodb/bin',
+      }),
+      { func: 'install dependencies' },
+      { func: 'bootstrap mongo-orchestration' },
+      { func: 'bootstrap kms servers' },
+      { func: 'assume secrets manager rule' },
+      { func: 'build and test alpine FLE' }
+    ]
+  }
+)
+
 function addPerformanceTasks() {
   const makePerfTask = (name, MONGODB_CLIENT_OPTIONS) => ({
     name,

.evergreen/run-alpine-fle-tests.sh

@@ -0,0 +1,13 @@
+#! /usr/bin/env bash
+
+set -o errexit
+source secrets-export.sh
+set -o xtrace
+
+# use local cache - otherwise npm tries to install to ~ in the docker container, which
+# fails when in a mounted volume
+export npm_config_cache=$(pwd)/.cache
+npm install
+
+ALPINE=true \
+    npm run check:csfle

.evergreen/run-kerberos-tests.sh

@@ -28,6 +28,7 @@ export MONGODB_URI="mongodb://${USER}@${SASL_HOST}/${GSSAPI_DB}?authMechanism=GS
 
 set -o xtrace
 
+npm i kerberos
 npm run check:kerberos
 
 set +o xtrace