diff --git a/.github/workflows/cache-test-images.yaml b/.github/workflows/cache-test-images.yaml index 4b73cc2fb5bc..dd3a76d10638 100644 --- a/.github/workflows/cache-test-images.yaml +++ b/.github/workflows/cache-test-images.yaml @@ -29,7 +29,7 @@ jobs: run: | source integration/testimages.ini IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) - DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) + DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT ## We need to work with test image cache only for main branch @@ -70,7 +70,7 @@ jobs: run: | source integration/testimages.ini IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES) - DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) + DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT ## We need to work with test VM image cache only for main branch diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1113a6a3a894..9c6c2f10ffba 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -93,7 +93,7 @@ jobs: run: | source integration/testimages.ini IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) - DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) + DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT - name: Restore test images from cache @@ -151,7 +151,7 @@ jobs: run: | source integration/testimages.ini IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) - DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) + DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT - name: Restore test images from cache @@ -190,7 +190,7 @@ jobs: run: | source integration/testimages.ini IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES) - DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) + DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT - name: Restore test VM images from cache diff --git a/magefiles/fixture.go b/magefiles/fixture.go index 0112a8421133..e7a2c395157e 100644 --- a/magefiles/fixture.go +++ b/magefiles/fixture.go @@ -14,9 +14,11 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" ) +const dir = "integration/testdata/fixtures/images/" + func fixtureContainerImages() error { var testImages = testutil.ImageName("", "", "") - const dir = "integration/testdata/fixtures/images/" + if err := os.MkdirAll(dir, 0750); err != nil { return err } @@ -24,26 +26,45 @@ func fixtureContainerImages() error { if err != nil { return err } + // Save all tags for trivy-test-images for _, tag := range tags { - fileName := tag + ".tar.gz" - filePath := filepath.Join(dir, fileName) - if exists(filePath) { - continue - } - fmt.Printf("Downloading %s...\n", tag) - imgName := fmt.Sprintf("%s:%s", testImages, tag) - img, err := crane.Pull(imgName) - if err != nil { - return err - } - tarPath := strings.TrimSuffix(filePath, ".gz") - if err = crane.Save(img, imgName, tarPath); err != nil { - return err - } - if err = sh.Run("gzip", tarPath); err != nil { + if err := saveImage("", tag); err != nil { return err } } + + // Save trivy-test-images/containerd image + if err := saveImage("containerd", "latest"); err != nil { + return err + } + return nil +} + +func saveImage(subpath, tag string) error { + fileName := tag + ".tar.gz" + imgName := testutil.ImageName("", tag, "") + if subpath != "" { + fileName = subpath + ".tar.gz" + imgName = testutil.ImageName(subpath, "", "") + } + filePath := filepath.Join(dir, fileName) + if exists(filePath) { + return nil + } + fmt.Printf("Downloading %s...\n", imgName) + + img, err := crane.Pull(imgName) + if err != nil { + return err + } + tarPath := strings.TrimSuffix(filePath, ".gz") + if err = crane.Save(img, imgName, tarPath); err != nil { + return err + } + if err = sh.Run("gzip", tarPath); err != nil { + return err + } + return nil } diff --git a/pkg/fanal/test/integration/containerd_test.go b/pkg/fanal/test/integration/containerd_test.go index 568af60528ea..420949cd42d3 100644 --- a/pkg/fanal/test/integration/containerd_test.go +++ b/pkg/fanal/test/integration/containerd_test.go @@ -76,9 +76,14 @@ func setupContainerd(t *testing.T, ctx context.Context, namespace string) *conta func startContainerd(t *testing.T, ctx context.Context, hostPath string) { t.Helper() t.Setenv("TESTCONTAINERS_RYUK_DISABLED", "true") + + // Load `containerd` image from tar file to avoid fetching it from remote registry + cli := testutil.NewDockerClient(t) + loadedImage := cli.ImageLoad(t, ctx, "../../../../integration/testdata/fixtures/images/containerd.tar.gz") + req := testcontainers.ContainerRequest{ Name: "containerd", - Image: testutil.ImageName("containerd", "latest", ""), + Image: loadedImage, Entrypoint: []string{ "/bin/sh", "-c",