test: define constants for test images (#7739)

Signed-off-by: knqyf263 <[email protected]> Co-authored-by: DmitriyLewen <[email protected]>
aquasecurity · Oct 16, 2024 · c6414dd · c6414dd
1 parent 83e5b83
commit c6414dd
Show file tree

Hide file tree

Showing 9 changed files with 104 additions and 30 deletions.
diff --git a/.github/workflows/cache-test-images.yaml b/.github/workflows/cache-test-images.yaml
@@ -27,7 +27,8 @@ jobs:
  if: github.ref_name == 'main'
  id: image-digest
  run: |
- IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+ source integration/testimages.ini
+ IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
  DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
  echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
@@ -67,7 +68,8 @@ jobs:
  if: github.ref_name == 'main'
  id: image-digest
  run: |
- IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
+ source integration/testimages.ini
+ IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
  DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
  echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -90,7 +90,8 @@ jobs:
  - name: Generate image list digest
  id: image-digest
  run: |
- IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+ source integration/testimages.ini
+ IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
  DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
  echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
@@ -147,7 +148,8 @@ jobs:
  - name: Generate image list digest
  id: image-digest
  run: |
- IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+ source integration/testimages.ini
+ IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
  DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
  echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
@@ -185,7 +187,8 @@ jobs:
  - name: Generate image list digest
  id: image-digest
  run: |
- IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
+ source integration/testimages.ini
+ IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
  DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
  echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 

diff --git a/integration/testimages.ini b/integration/testimages.ini
@@ -0,0 +1,3 @@
+# Configuration file for both shell scripts and Go programs
+TEST_IMAGES=ghcr.io/aquasecurity/trivy-test-images
+TEST_VM_IMAGES=ghcr.io/aquasecurity/trivy-test-vm-images
diff --git a/internal/testutil/image.go b/internal/testutil/image.go
@@ -0,0 +1,67 @@
+package testutil
+
+import (
+ "bufio"
+ "fmt"
+ "os"
+ "path/filepath"
+ "runtime"
+ "strings"
+)
+
+var (
+ testImages string
+ testVMImages string
+)
+
+func init() {
+ _, b, _, _ := runtime.Caller(0)
+ currentDir := filepath.Dir(b)
+ f, err := os.Open(filepath.Join(currentDir, "..", "..", "integration", "testimages.ini"))
+ if err != nil {
+ panic(err)
+ }
+ defer f.Close()
+
+ scanner := bufio.NewScanner(f)
+ for scanner.Scan() {
+ if strings.HasPrefix(scanner.Text(), "#") {
+ continue
+ }
+ parts := strings.SplitN(scanner.Text(), "=", 2)
+ if len(parts) == 2 {
+ key := strings.TrimSpace(parts[0])
+ value := strings.TrimSpace(parts[1])
+ switch key {
+ case "TEST_IMAGES":
+ testImages = value
+ case "TEST_VM_IMAGES":
+ testVMImages = value
+ }
+ }
+ }
+ if err = scanner.Err(); err != nil {
+ panic(err)
+ }
+}
+
+func ImageName(subpath, tag, digest string) string {
+ return imageName(testImages, subpath, tag, digest)
+}
+
+func VMImageName(subpath, tag, digest string) string {
+ return imageName(testVMImages, subpath, tag, digest)
+}
+
+func imageName(img, subpath, tag, digest string) string {
+ if subpath != "" {
+ img = fmt.Sprintf("%s/%s", img, subpath)
+ }
+ if tag != "" {
+ img = fmt.Sprintf("%s:%s", img, tag)
+ }
+ if digest != "" {
+ img = fmt.Sprintf("%s@%s", img, digest)
+ }
+ return img
+}
diff --git a/magefiles/fixture.go b/magefiles/fixture.go
@@ -10,13 +10,13 @@ import (
  "github.com/google/go-containerregistry/pkg/crane"
  v1 "github.com/google/go-containerregistry/pkg/v1"
  "github.com/magefile/mage/sh"
+
+ "github.com/aquasecurity/trivy/internal/testutil"
 )
 
 func fixtureContainerImages() error {
- const (
- testImages = "ghcr.io/aquasecurity/trivy-test-images"
- dir = "integration/testdata/fixtures/images/"
- )
+ var testImages = testutil.ImageName("", "", "")
+ const dir = "integration/testdata/fixtures/images/"
  if err := os.MkdirAll(dir, 0750); err != nil {
  return err
  }
@@ -48,8 +48,8 @@ func fixtureContainerImages() error {
 }
 
 func fixtureVMImages() error {
+ var testVMImages = testutil.VMImageName("", "", "")
  const (
- testVMImages = "ghcr.io/aquasecurity/trivy-test-vm-images"
  titleAnnotation = "org.opencontainers.image.title"
  dir = "integration/testdata/fixtures/vm-images/"
  )

diff --git a/pkg/attestation/attestation_test.go b/pkg/attestation/attestation_test.go
@@ -9,6 +9,7 @@ import (
  slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
  "github.com/stretchr/testify/require"
 
+ "github.com/aquasecurity/trivy/internal/testutil"
  "github.com/aquasecurity/trivy/pkg/attestation"
 )
 
@@ -27,7 +28,7 @@ func TestStatement_UnmarshalJSON(t *testing.T) {
  PredicateType: "cosign.sigstore.dev/attestation/v1",
  Subject: []in_toto.Subject{
  {
- Name: "ghcr.io/aquasecurity/trivy-test-images",
+ Name: testutil.ImageName("", "", ""),
  Digest: slsa.DigestSet{
  "sha256": "72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb",
  },

diff --git a/pkg/fanal/analyzer/language/java/jar/jar_test.go b/pkg/fanal/analyzer/language/java/jar/jar_test.go
@@ -18,10 +18,6 @@ import (
  _ "modernc.org/sqlite"
 )
 
-const (
- defaultJavaDBRepository = "ghcr.io/aquasecurity/trivy-java-db"
-)
-
 func Test_javaLibraryAnalyzer_Analyze(t *testing.T) {
  tests := []struct {
  name string

diff --git a/pkg/fanal/test/integration/containerd_test.go b/pkg/fanal/test/integration/containerd_test.go
@@ -27,6 +27,7 @@ import (
  "github.com/testcontainers/testcontainers-go"
  "github.com/testcontainers/testcontainers-go/wait"
 
+ "github.com/aquasecurity/trivy/internal/testutil"
  "github.com/aquasecurity/trivy/pkg/cache"
  "github.com/aquasecurity/trivy/pkg/fanal/analyzer"
  "github.com/aquasecurity/trivy/pkg/fanal/applier"
@@ -77,7 +78,7 @@ func startContainerd(t *testing.T, ctx context.Context, hostPath string) {
  t.Setenv("TESTCONTAINERS_RYUK_DISABLED", "true")
  req := testcontainers.ContainerRequest{
  Name: "containerd",
- Image: "ghcr.io/aquasecurity/trivy-test-images/containerd:latest",
+ Image: testutil.ImageName("containerd", "latest", ""),
  Entrypoint: []string{
  "/bin/sh",
  "-c",
@@ -122,7 +123,7 @@ func TestContainerd_SearchLocalStoreByNameOrDigest(t *testing.T) {
  digest := "sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a"
  basename := "hello"
  tag := "world"
- importedImageOriginalName := "ghcr.io/aquasecurity/trivy-test-images:alpine-310"
+ importedImageOriginalName := testutil.ImageName("", "alpine-310", "")
 
  tests := []struct {
  name string
@@ -299,15 +300,15 @@ func localImageTestWithNamespace(t *testing.T, namespace string) {
  }{
  {
  name: "alpine 3.10",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+ imageName: testutil.ImageName("", "alpine-310", ""),
  tarArchive: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
  wantMetadata: artifact.ImageMetadata{
  ID: "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
  DiffIDs: []string{
  "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0",
  },
- RepoTags: []string{"ghcr.io/aquasecurity/trivy-test-images:alpine-310"},
- RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a"},
+ RepoTags: []string{testutil.ImageName("", "alpine-310", "")},
+ RepoDigests: []string{testutil.ImageName("", "", "sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a")},
  ConfigFile: v1.ConfigFile{
  Architecture: "amd64",
  Created: v1.Time{
@@ -347,7 +348,7 @@ func localImageTestWithNamespace(t *testing.T, namespace string) {
  },
  {
  name: "vulnimage",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:vulnimage",
+ imageName: testutil.ImageName("", "vulnimage", ""),
  tarArchive: "../../../../integration/testdata/fixtures/images/vulnimage.tar.gz",
  wantMetadata: artifact.ImageMetadata{
  ID: "sha256:c17083664da903e13e9092fa3a3a1aeee2431aa2728298e3dbcec72f26369c41",
@@ -373,8 +374,8 @@ func localImageTestWithNamespace(t *testing.T, namespace string) {
  "sha256:ba17950e91742d6ac7055ea3a053fe764486658ca1ce8188f1e427b1fe2bc4da",
  "sha256:6ef42db7800507577383edf1937cb203b9b85f619feed6046594208748ceb52c",
  },
- RepoTags: []string{"ghcr.io/aquasecurity/trivy-test-images:vulnimage"},
- RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:e74abbfd81e00baaf464cf9e09f8b24926e5255171e3150a60aa341ce064688f"},
+ RepoTags: []string{testutil.ImageName("", "vulnimage", "")},
+ RepoDigests: []string{testutil.ImageName("", "", "sha256:e74abbfd81e00baaf464cf9e09f8b24926e5255171e3150a60aa341ce064688f")},
  ConfigFile: v1.ConfigFile{
  Architecture: "amd64",
  Created: v1.Time{
@@ -750,14 +751,14 @@ func TestContainerd_PullImage(t *testing.T) {
  }{
  {
  name: "remote alpine 3.10",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+ imageName: testutil.ImageName("", "alpine-310", ""),
  wantMetadata: artifact.ImageMetadata{
  ID: "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
  DiffIDs: []string{
  "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0",
  },
- RepoTags: []string{"ghcr.io/aquasecurity/trivy-test-images:alpine-310"},
- RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb"},
+ RepoTags: []string{testutil.ImageName("", "alpine-310", "")},
+ RepoDigests: []string{testutil.ImageName("", "", "sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb")},
  ConfigFile: v1.ConfigFile{
  Architecture: "amd64",
  Created: v1.Time{

diff --git a/pkg/fanal/test/integration/registry_test.go b/pkg/fanal/test/integration/registry_test.go
@@ -20,6 +20,7 @@ import (
  testcontainers "github.com/testcontainers/testcontainers-go"
  "github.com/testcontainers/testcontainers-go/wait"
 
+ "github.com/aquasecurity/trivy/internal/testutil"
  "github.com/aquasecurity/trivy/pkg/cache"
  "github.com/aquasecurity/trivy/pkg/fanal/analyzer"
  _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
@@ -95,7 +96,7 @@ func TestTLSRegistry(t *testing.T) {
  }{
  {
  name: "happy path",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+ imageName: testutil.ImageName("", "alpine-310", ""),
  imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
  option: types.ImageOptions{
  RegistryOptions: types.RegistryOptions{
@@ -120,7 +121,7 @@ func TestTLSRegistry(t *testing.T) {
  },
  {
  name: "happy path with docker login",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+ imageName: testutil.ImageName("", "alpine-310", ""),
  imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
  option: types.ImageOptions{
  RegistryOptions: types.RegistryOptions{
@@ -140,7 +141,7 @@ func TestTLSRegistry(t *testing.T) {
  },
  {
  name: "sad path: tls verify",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+ imageName: testutil.ImageName("", "alpine-310", ""),
  imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
  option: types.ImageOptions{
  RegistryOptions: types.RegistryOptions{
@@ -156,7 +157,7 @@ func TestTLSRegistry(t *testing.T) {
  },
  {
  name: "sad path: no credential",
- imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+ imageName: testutil.ImageName("", "alpine-310", ""),
  imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
  option: types.ImageOptions{
  RegistryOptions: types.RegistryOptions{