Container Structure Test

No Change
adopt
First Added:March 3, 2023 Updated: June 12, 2026

Container Structure Test (Google Container Tools) validates built container images before push or deploy: command output, filesystem paths, file contents, and image metadata. We adopt it under Code / Test Framework for any pipeline that produces Containerization artifacts, run after docker build (or equivalent) in GitHub Actions or CI.

Blurb

Container Structure Tests are a powerful framework to validate the structure of a container image.

Summary

Role: image acceptance tests defined in YAML, executed against a tag or tarball:

1
container-structure-test test --image <image> --config <testfile>

Test types:

TypeValidates
CommandRun a command in the image; check exit code and output
File existencePath present or absent
File contentExpected or forbidden substrings in a file
MetadataEnv, exposed ports, entrypoint, user, etc.

When to use: golden images, minimal distroless/runtime images, and charts that bake config into the image; catch “wrong binary missing” before Kubernetes ever sees the tag.

When to skip: application integration tests that need live Postgres/Kafka (use TestContainer, assess). Helm template output (use Helm Unittest, adopt).

Pairs with: Unit Testing for app code; Docker or compatible builders; Open Container Initiative image layout expectations.

Details

TopicNotes
ConfigOne or more YAML test files; version schema in project docs
CIFail the job on any test failure; pin the CST binary version
SpeedFaster than booting a cluster; slower than pure unit tests
ScopeImage contract only, not runtime policy or network behavior

References