From 5df5556452213ea9982ab899cc09f00bb31179b1 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 1 Apr 2025 14:54:05 -0400 Subject: [PATCH 1/9] feat: update package.json and grype version Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- GrypeVersion.js | 2 +- dist/index.js | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/GrypeVersion.js b/GrypeVersion.js index f03ce3dd..5726b1a1 100644 --- a/GrypeVersion.js +++ b/GrypeVersion.js @@ -1 +1 @@ -exports.GRYPE_VERSION = "v0.87.0"; +exports.GRYPE_VERSION = "v0.91.0"; diff --git a/dist/index.js b/dist/index.js index 7c1f287b..0bd009fb 100644 --- a/dist/index.js +++ b/dist/index.js @@ -4,7 +4,7 @@ /***/ 4739: /***/ ((__unused_webpack_module, exports) => { -exports.GRYPE_VERSION = "v0.87.0"; +exports.GRYPE_VERSION = "v0.91.0"; /***/ }), diff --git a/package.json b/package.json index 774376d6..9dbeb073 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "lint": "eslint index.js", "test": "eslint index.js && npm run download-pinned-grype-db && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand", "test:update-snapshots": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", - "download-pinned-grype-db": "mkdir -p grype-db/5 && curl -sL https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2022-10-17T08:14:57Z_b50a86ce07d268101316.tar.gz | tar zxf - -C grype-db/5", + "download-pinned-grype-db": "mkdir -p grype-db/6 && curl -sL https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst | tar zxf - -C grype-db/6", "build": "ncc build ./index.js && node dos2unix.js dist/index.js", "precommit": "npm run prettier && npm run build && git add dist/", "prepare": "husky install", From 78ce3906ee723caee35879e1e4a2050415a54655 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 1 Apr 2025 15:02:33 -0400 Subject: [PATCH 2/9] chore: update to use zstd for v6 Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9dbeb073..bf406a9f 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "lint": "eslint index.js", "test": "eslint index.js && npm run download-pinned-grype-db && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand", "test:update-snapshots": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", - "download-pinned-grype-db": "mkdir -p grype-db/6 && curl -sL https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst | tar zxf - -C grype-db/6", + "download-pinned-grype-db": "mkdir -p grype-db/6 && curl -sL https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst | zstd -d -o grype-db/6/vulnerability.db", "build": "ncc build ./index.js && node dos2unix.js dist/index.js", "precommit": "npm run prettier && npm run build && git add dist/", "prepare": "husky install", From b9b1ea2354c16acf3620beb94a395242f996aec0 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Fri, 25 Apr 2025 10:15:10 -0400 Subject: [PATCH 3/9] chore: remove old mocks Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- GrypeVersion.js | 2 +- dist/index.js | 5 ++- index.js | 3 +- package.json | 2 +- tests/action.test.js | 92 -------------------------------------------- tests/db_server.js | 68 -------------------------------- 6 files changed, 7 insertions(+), 165 deletions(-) delete mode 100644 tests/db_server.js diff --git a/GrypeVersion.js b/GrypeVersion.js index 5726b1a1..b5bf4e24 100644 --- a/GrypeVersion.js +++ b/GrypeVersion.js @@ -1 +1 @@ -exports.GRYPE_VERSION = "v0.91.0"; +exports.GRYPE_VERSION = "v0.91.1"; diff --git a/dist/index.js b/dist/index.js index 0bd009fb..1d8c6588 100644 --- a/dist/index.js +++ b/dist/index.js @@ -4,7 +4,7 @@ /***/ 4739: /***/ ((__unused_webpack_module, exports) => { -exports.GRYPE_VERSION = "v0.91.0"; +exports.GRYPE_VERSION = "v0.91.1"; /***/ }), @@ -298,6 +298,7 @@ async function runCommand(cmd, cmdArgs, env) { }); core.debug(stdout); + core.debug(stderr); return { stdout, stderr, exitCode }; } @@ -404,6 +405,7 @@ async function runScan({ core.debug("Add Missing CPEs: " + addCpesIfNone); core.debug("Orient by CVE: " + byCve); core.debug("Output Format: " + outputFormat); + core.debug("Cache DB: " + cacheDb); core.debug("Creating options for GRYPE analyzer"); @@ -458,7 +460,6 @@ async function runScan({ ); } } - return out; } diff --git a/index.js b/index.js index 6589ac1e..0798348b 100644 --- a/index.js +++ b/index.js @@ -284,6 +284,7 @@ async function runCommand(cmd, cmdArgs, env) { }); core.debug(stdout); + core.debug(stderr); return { stdout, stderr, exitCode }; } @@ -390,6 +391,7 @@ async function runScan({ core.debug("Add Missing CPEs: " + addCpesIfNone); core.debug("Orient by CVE: " + byCve); core.debug("Output Format: " + outputFormat); + core.debug("Cache DB: " + cacheDb); core.debug("Creating options for GRYPE analyzer"); @@ -444,7 +446,6 @@ async function runScan({ ); } } - return out; } diff --git a/package.json b/package.json index bf406a9f..4c66ae44 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "lint": "eslint index.js", "test": "eslint index.js && npm run download-pinned-grype-db && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand", "test:update-snapshots": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", - "download-pinned-grype-db": "mkdir -p grype-db/6 && curl -sL https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst | zstd -d -o grype-db/6/vulnerability.db", + "download-pinned-grype-db": "if [ -d \"grype-db/6\" ] && [ -f \"grype-db/6/vulnerability.db\" ]; then echo \"Directory exists and vulnerability.db is present.\"; else mkdir -p grype-db/6 && curl -sL https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst | zstd -d -o grype-db/6/vulnerability.db; fi", "build": "ncc build ./index.js && node dos2unix.js dist/index.js", "precommit": "npm run prettier && npm run build && git add dist/", "prepare": "husky install", diff --git a/tests/action.test.js b/tests/action.test.js index 8384f762..70f5a699 100644 --- a/tests/action.test.js +++ b/tests/action.test.js @@ -2,13 +2,6 @@ const githubActionsCore = require("@actions/core"); const githubActionsCache = require("@actions/cache"); const githubActionsExec = require("@actions/exec"); const { cleanup, mock, mockIO, setEnv, tmpdir, runAction } = require("./mocks"); -const { - sha256, - tarGzDir, - dbServer, - listing, - writeMetadata, -} = require("./db_server"); const { run } = require("../index"); jest.setTimeout(90000); // 90 seconds; tests were timing out in CI. https://github.com/anchore/scan-action/pull/249 @@ -198,89 +191,4 @@ describe("Github action", () => { expect(failure).toContain("Failed minimum severity level."); }); - - it("uses db cache", async () => { - const dbCacheRoot = tmpdir(); - - mockIO({ - image: "localhost:5000/match-coverage/debian:latest", // scan with vulns - path: "", - "fail-build": "true", - "output-format": "json", - "severity-cutoff": "medium", - "add-cpes-if-none": "true", - "cache-db": "true", - }); - - let restoreCacheDir; - let saveCacheDir; - - mock(githubActionsCache, { - async isFeatureAvailable() { - return true; - }, - async restoreCache(...args) { - restoreCacheDir = args[0][0]; - }, - async saveCache(...args) { - saveCacheDir = args[0][0]; - }, - }); - - const dbContents = await tarGzDir("grype-db/5"); - const dbChecksum = sha256(dbContents); - const listings = []; - - // mock a listings file - const listingResponse = { - available: { - 5: listings, - }, - }; - - // mock the db update server - const serverUrl = dbServer(listingResponse, dbContents); - const listingUrl = serverUrl + "/listings.json"; - - // set listing to have update - listings.push(listing(new Date(), serverUrl + "/db.tar.gz", dbChecksum)); - - setEnv({ - GRYPE_DB_CACHE_DIR: dbCacheRoot, - GRYPE_DB_UPDATE_URL: listingUrl, - }); - await run(); - - expect(restoreCacheDir).toBe(dbCacheRoot); - expect(saveCacheDir).toBe(dbCacheRoot); - - // with a current, fresh db, we should not have saveCache called - restoreCacheDir = undefined; - saveCacheDir = undefined; - - // update the db metadata to be fresh and not require an update - const fresh = new Date(); - writeMetadata(dbCacheRoot, fresh); - - // env is already set to the tmpdir, with a fresh db - await run(); - - expect(restoreCacheDir).toBe(dbCacheRoot); - expect(saveCacheDir).toBeUndefined(); - - // update the db metadata to be > 24 hours - const yesterday = new Date(); - yesterday.setHours(yesterday.getHours() - 24); - writeMetadata(dbCacheRoot, yesterday); - - // reset call tracking - restoreCacheDir = undefined; - saveCacheDir = undefined; - - // env is already set to the tmpdir, but db is old and should be downloaded and cached - await run(); - - expect(restoreCacheDir).toBe(dbCacheRoot); - expect(saveCacheDir).toBe(dbCacheRoot); - }); }); diff --git a/tests/db_server.js b/tests/db_server.js deleted file mode 100644 index a3e8008d..00000000 --- a/tests/db_server.js +++ /dev/null @@ -1,68 +0,0 @@ -const fs = require("fs"); -const path = require("path"); -const { createHash } = require("crypto"); -const http = require("http"); -const tar = require("tar"); -const { onCleanup, tmpdir } = require("./mocks"); - -module.exports = { - listing(date, dbUrl, dbChecksum) { - return { - built: date.toISOString(), - url: dbUrl, - checksum: "sha256:" + dbChecksum, - version: 5, - }; - }, - - writeMetadata(tmpdir, date) { - fs.writeFileSync( - path.join(tmpdir, "5", "metadata.json"), - JSON.stringify({ - built: date.toISOString(), - version: 5, - checksum: - "sha256:6957b5a1b93346f9a2b54aaf636a6448a7cd70dc977fa6b3a47d9cbf56289410", - }), - ); - }, - - sha256(contents) { - return createHash("sha256").update(contents).digest("hex"); - }, - - dbServer(listings, tarGzDb) { - const server = http.createServer(function (req, res) { - if (req.url.endsWith(".json")) { - res.writeHead(200, { "Content-Type": "application/json" }); - res.end(JSON.stringify(listings)); - } else if (req.url.endsWith(".tar.gz")) { - res.writeHead(200, { "Content-Type": "application/octet-stream" }); - res.end(tarGzDb); - } else { - res.writeHead(404); - } - }); - - server.listen(); - - onCleanup(async () => { - await server.close(); - }); - - return `http://127.0.0.1:${server.address().port}`; - }, - - async tarGzDir(dir) { - const tarFile = path.join(tmpdir(), "db.tar.gz"); - await tar.create( - { - gzip: true, - file: tarFile, - C: dir, - }, - ["."], - ); - return fs.readFileSync(tarFile); - }, -}; From 6778eeae5cdb327e9e79d0fd0fc7a395c42df39e Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 29 Apr 2025 10:40:54 -0400 Subject: [PATCH 4/9] tests: update scripts for tests to download gdbv6 Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- .gitignore | 1 + package.json | 6 +++--- scripts/install-and-update-grype.js | 23 +++++++++++++++++++++ scripts/start-registry-and-push-images.fish | 10 +++++++++ scripts/start-registry-and-push-images.sh | 9 ++++++++ tests/dist.test.js | 2 +- tests/mocks.js | 2 +- 7 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 scripts/install-and-update-grype.js create mode 100755 scripts/start-registry-and-push-images.fish create mode 100755 scripts/start-registry-and-push-images.sh diff --git a/.gitignore b/.gitignore index 4e311d06..a53d6cd2 100644 --- a/.gitignore +++ b/.gitignore @@ -117,6 +117,7 @@ typings/ # grype db for tests /grype-db +/grype # Action temporary files /results.* diff --git a/package.json b/package.json index 4c66ae44..c47b1338 100644 --- a/package.json +++ b/package.json @@ -8,11 +8,11 @@ "test": "tests" }, "scripts": { + "install-and-update-grype": "RUNNER_TOOL_CACHE='grype' RUNNER_TEMP='grype' node ./scripts/install-and-update-grype.js", "audit": "better-npm-audit audit --production", "lint": "eslint index.js", - "test": "eslint index.js && npm run download-pinned-grype-db && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand", - "test:update-snapshots": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", - "download-pinned-grype-db": "if [ -d \"grype-db/6\" ] && [ -f \"grype-db/6/vulnerability.db\" ]; then echo \"Directory exists and vulnerability.db is present.\"; else mkdir -p grype-db/6 && curl -sL https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst | zstd -d -o grype-db/6/vulnerability.db; fi", + "test": "eslint index.js && npm run install-and-update-grype && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand", + "test:update-snapshots": "eslint index.js && npm run install-and-update-grype && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", "build": "ncc build ./index.js && node dos2unix.js dist/index.js", "precommit": "npm run prettier && npm run build && git add dist/", "prepare": "husky install", diff --git a/scripts/install-and-update-grype.js b/scripts/install-and-update-grype.js new file mode 100644 index 00000000..48305ccc --- /dev/null +++ b/scripts/install-and-update-grype.js @@ -0,0 +1,23 @@ +const { execFile } = require("child_process"); +const { installGrype } = require("../index"); + +(async () => { + try { + const pinnedDB = + "https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst"; + const path = await installGrype(process.argv[2] || "latest"); + console.log("Installed to:", path); + + execFile(path, ["db", "import", pinnedDB], (error, stdout, stderr) => { + console.log("Importing db from: ", pinnedDB); + if (error) { + console.error("Error running db update:", stderr); + process.exit(1); + } + console.log(stdout); + }); + } catch (e) { + console.error("Failed to install or update Grype DB:", e); + process.exit(1); + } +})(); diff --git a/scripts/start-registry-and-push-images.fish b/scripts/start-registry-and-push-images.fish new file mode 100755 index 00000000..393ff545 --- /dev/null +++ b/scripts/start-registry-and-push-images.fish @@ -0,0 +1,10 @@ +#!/usr/bin/env fish + +# Start the Docker registry +docker run -d -p 5000:5000 --name registry registry:2 + +# Loop over the distros and build/push images +for distro in alpine centos debian + docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage + docker push localhost:5000/match-coverage/$distro:latest +end diff --git a/scripts/start-registry-and-push-images.sh b/scripts/start-registry-and-push-images.sh new file mode 100755 index 00000000..1eae8a6d --- /dev/null +++ b/scripts/start-registry-and-push-images.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +set -euo pipefail + +docker run -d -p 5000:5000 --name registry registry:2 + +for distro in alpine centos debian; do + docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage + docker push localhost:5000/match-coverage/$distro:latest +done diff --git a/tests/dist.test.js b/tests/dist.test.js index b6ed844d..3d182b90 100644 --- a/tests/dist.test.js +++ b/tests/dist.test.js @@ -40,7 +40,7 @@ function runDistBuild(inputs) { RUNNER_TOOL_CACHE: process.env.RUNNER_TOOL_CACHE, GRYPE_DB_AUTO_UPDATE: "false", GRYPE_DB_VALIDATE_AGE: "false", - GRYPE_DB_CACHE_DIR: path.join(repoRootDir, "grype-db"), + GRYPE_DB_CACHE_DIR: path.join(repoRootDir, "grype/db"), }; // this is brittle and may need to be updated, but is currently how input are passed to the process: // reverse core.js: const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || ''; diff --git a/tests/mocks.js b/tests/mocks.js index 9e7b002b..c04d6931 100644 --- a/tests/mocks.js +++ b/tests/mocks.js @@ -87,7 +87,7 @@ module.exports = { module.exports.setEnv({ GRYPE_DB_AUTO_UPDATE: "false", GRYPE_DB_VALIDATE_AGE: "false", - GRYPE_DB_CACHE_DIR: path.join(path.dirname(__dirname), "grype-db"), + GRYPE_DB_CACHE_DIR: path.join(path.dirname(__dirname), "grype/db"), }); module.exports.mock(githubActionsCore, { From 07354a82f86ceaf1ac82eca771e52204839736db Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 29 Apr 2025 10:58:17 -0400 Subject: [PATCH 5/9] test: remove old cache dir in favor of single import run Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- scripts/install-and-update-grype.js | 2 +- tests/dist.test.js | 1 - tests/mocks.js | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/scripts/install-and-update-grype.js b/scripts/install-and-update-grype.js index 48305ccc..fab1b72f 100644 --- a/scripts/install-and-update-grype.js +++ b/scripts/install-and-update-grype.js @@ -5,7 +5,7 @@ const { installGrype } = require("../index"); try { const pinnedDB = "https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst"; - const path = await installGrype(process.argv[2] || "latest"); + const path = await installGrype(process.argv[2] || "v0.91.1"); console.log("Installed to:", path); execFile(path, ["db", "import", pinnedDB], (error, stdout, stderr) => { diff --git a/tests/dist.test.js b/tests/dist.test.js index 3d182b90..66ebcca1 100644 --- a/tests/dist.test.js +++ b/tests/dist.test.js @@ -40,7 +40,6 @@ function runDistBuild(inputs) { RUNNER_TOOL_CACHE: process.env.RUNNER_TOOL_CACHE, GRYPE_DB_AUTO_UPDATE: "false", GRYPE_DB_VALIDATE_AGE: "false", - GRYPE_DB_CACHE_DIR: path.join(repoRootDir, "grype/db"), }; // this is brittle and may need to be updated, but is currently how input are passed to the process: // reverse core.js: const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || ''; diff --git a/tests/mocks.js b/tests/mocks.js index c04d6931..66062f63 100644 --- a/tests/mocks.js +++ b/tests/mocks.js @@ -87,7 +87,6 @@ module.exports = { module.exports.setEnv({ GRYPE_DB_AUTO_UPDATE: "false", GRYPE_DB_VALIDATE_AGE: "false", - GRYPE_DB_CACHE_DIR: path.join(path.dirname(__dirname), "grype/db"), }); module.exports.mock(githubActionsCore, { From a5effe4531874fe27bc095b38d93357d60a7b44d Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 29 Apr 2025 11:04:43 -0400 Subject: [PATCH 6/9] feat: use correct grype version Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- scripts/install-and-update-grype.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/install-and-update-grype.js b/scripts/install-and-update-grype.js index fab1b72f..ff910cf3 100644 --- a/scripts/install-and-update-grype.js +++ b/scripts/install-and-update-grype.js @@ -1,11 +1,12 @@ const { execFile } = require("child_process"); const { installGrype } = require("../index"); +const { GRYPE_VERSION } = require("../GrypeVersion"); (async () => { try { const pinnedDB = "https://grype.anchore.io/databases/v6/vulnerability-db_v6.0.2_2025-04-01T01:31:39Z_1743480497.tar.zst"; - const path = await installGrype(process.argv[2] || "v0.91.1"); + const path = await installGrype(process.argv[2] || GRYPE_VERSION); console.log("Installed to:", path); execFile(path, ["db", "import", pinnedDB], (error, stdout, stderr) => { From 3f7057eb45c6b5b08a13b8b5ad99dd53b44171c6 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 29 Apr 2025 11:39:37 -0400 Subject: [PATCH 7/9] chore: remove stderr from debug Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- dist/index.js | 1 - index.js | 1 - 2 files changed, 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 1d8c6588..5b49a613 100644 --- a/dist/index.js +++ b/dist/index.js @@ -298,7 +298,6 @@ async function runCommand(cmd, cmdArgs, env) { }); core.debug(stdout); - core.debug(stderr); return { stdout, stderr, exitCode }; } diff --git a/index.js b/index.js index 0798348b..d8ac913a 100644 --- a/index.js +++ b/index.js @@ -284,7 +284,6 @@ async function runCommand(cmd, cmdArgs, env) { }); core.debug(stdout); - core.debug(stderr); return { stdout, stderr, exitCode }; } From 398cc22451a70c2096d7d7c4a3d187525cc8d73e Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 29 Apr 2025 12:04:02 -0400 Subject: [PATCH 8/9] test: modify package scripts to include registry and image build Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- package.json | 2 +- scripts/start-registry-and-push-images.fish | 10 ---------- ...ush-images.sh => start_registry_and_push_images.sh} | 8 ++++++++ 3 files changed, 9 insertions(+), 11 deletions(-) delete mode 100755 scripts/start-registry-and-push-images.fish rename scripts/{start-registry-and-push-images.sh => start_registry_and_push_images.sh} (53%) diff --git a/package.json b/package.json index c47b1338..5a5db749 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "install-and-update-grype": "RUNNER_TOOL_CACHE='grype' RUNNER_TEMP='grype' node ./scripts/install-and-update-grype.js", "audit": "better-npm-audit audit --production", "lint": "eslint index.js", - "test": "eslint index.js && npm run install-and-update-grype && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand", + "test": "eslint index.js && sh ./scripts/start_registry_and_push_images.sh && npm run install-and-update-grype && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand", "test:update-snapshots": "eslint index.js && npm run install-and-update-grype && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", "build": "ncc build ./index.js && node dos2unix.js dist/index.js", "precommit": "npm run prettier && npm run build && git add dist/", diff --git a/scripts/start-registry-and-push-images.fish b/scripts/start-registry-and-push-images.fish deleted file mode 100755 index 393ff545..00000000 --- a/scripts/start-registry-and-push-images.fish +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env fish - -# Start the Docker registry -docker run -d -p 5000:5000 --name registry registry:2 - -# Loop over the distros and build/push images -for distro in alpine centos debian - docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage - docker push localhost:5000/match-coverage/$distro:latest -end diff --git a/scripts/start-registry-and-push-images.sh b/scripts/start_registry_and_push_images.sh similarity index 53% rename from scripts/start-registry-and-push-images.sh rename to scripts/start_registry_and_push_images.sh index 1eae8a6d..a42cb7f6 100755 --- a/scripts/start-registry-and-push-images.sh +++ b/scripts/start_registry_and_push_images.sh @@ -1,8 +1,16 @@ #!/usr/bin/env bash set -euo pipefail +# Remove existing container named 'registry' if it exists +if docker ps -a --format '{{.Names}}' | grep -Eq '^registry$'; then + echo "Removing existing 'registry' container..." + docker rm -f registry +fi + +# Start a new registry container docker run -d -p 5000:5000 --name registry registry:2 +# Build and push images for distro in alpine centos debian; do docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage docker push localhost:5000/match-coverage/$distro:latest From 6a797336c8ed722ef3f3ec6b671de434c57a52d5 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Tue, 29 Apr 2025 12:11:57 -0400 Subject: [PATCH 9/9] chore: divide package-json scripts into composable parts Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- .github/workflows/test.yml | 2 +- package.json | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2cb9ff1c..d9e77978 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -45,7 +45,7 @@ jobs: done - run: npm ci - run: npm run audit - - run: npm test + - run: npm run test-ci test-download-action: runs-on: ubuntu-latest diff --git a/package.json b/package.json index 5a5db749..e66a3b25 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,10 @@ "install-and-update-grype": "RUNNER_TOOL_CACHE='grype' RUNNER_TEMP='grype' node ./scripts/install-and-update-grype.js", "audit": "better-npm-audit audit --production", "lint": "eslint index.js", - "test": "eslint index.js && sh ./scripts/start_registry_and_push_images.sh && npm run install-and-update-grype && npm run build && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand", + "test": "npm run lint && npm run start-registry && npm run install-and-update-grype && npm run build && npm run run-tests", + "test-ci": "npm run lint && npm run install-and-update-grype && npm run build && npm run run-tests", + "start-registry": "sh ./scripts/start_registry_and_push_images.sh", + "run-tests": "GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand", "test:update-snapshots": "eslint index.js && npm run install-and-update-grype && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_VALIDATE_AGE=false jest --runInBand --updateSnapshot", "build": "ncc build ./index.js && node dos2unix.js dist/index.js", "precommit": "npm run prettier && npm run build && git add dist/",