Background
PR #846 adds three tests in `cmd/kosli/fingerprint_capture_test.go` that pin the customer-facing contract for `kosli fingerprint`: stdout = fingerprint, stderr = empty, so that `FP=$(kosli fingerprint ... 2>&1)` works in CI. These tests cover `--artifact-type=file`, `--artifact-type=dir`, and (in a follow-up commit on the same PR) `--artifact-type=docker`.
`--artifact-type=oci` was deferred because there is no OCI-fingerprint test scaffolding in the repo today — `fingerprint_test.go` only covers `file`, `dir`, and `docker`. Adding an OCI test needs either a fake registry or a stable public OCI image.
This issue tracks adding the OCI variant so the contract is fully covered.
Why it matters
The `--artifact-type=oci` code path (`internal/server` → registry HTTP calls) is entirely separate from the file/dir/docker paths and could legitimately introduce stderr output (HTTP debug, registry authentication warnings, etc.) without anyone noticing — exactly the regression class server#5564 was about.
Suggested approach
Two reasonable options:
- Use the existing `cli_registry` container in `docker-compose.yml`. Push a small known image to the local registry in a SetupSuite, then fingerprint it via OCI and assert capture cleanliness.
- Use a stable public OCI image — e.g. `ghcr.io/distroless/static` — pinned by digest. Simpler, but introduces a network dep on test runs.
Option 1 matches the existing CI infrastructure better and is the recommended path.
Acceptance criteria
- A test in `cmd/kosli/fingerprint_capture_test.go` (or a new `fingerprint_capture_oci_test.go` if cleaner) that:
- Stubs the version-check via `version.SetCheckForUpdateOverride`
- Runs `kosli fingerprint --artifact-type=oci`
- Asserts `stdout == "\n"`, `stderr == ""`
- Asserts the `combined` (stdout+stderr) buffer parses as a fingerprint — the `2>&1` capture pattern
- Same shape as `TestFingerprintFile_CaptureCleanliness` for consistency
Context
Background
PR #846 adds three tests in `cmd/kosli/fingerprint_capture_test.go` that pin the customer-facing contract for `kosli fingerprint`: stdout = fingerprint, stderr = empty, so that `FP=$(kosli fingerprint ... 2>&1)` works in CI. These tests cover `--artifact-type=file`, `--artifact-type=dir`, and (in a follow-up commit on the same PR) `--artifact-type=docker`.
`--artifact-type=oci` was deferred because there is no OCI-fingerprint test scaffolding in the repo today — `fingerprint_test.go` only covers `file`, `dir`, and `docker`. Adding an OCI test needs either a fake registry or a stable public OCI image.
This issue tracks adding the OCI variant so the contract is fully covered.
Why it matters
The `--artifact-type=oci` code path (`internal/server` → registry HTTP calls) is entirely separate from the file/dir/docker paths and could legitimately introduce stderr output (HTTP debug, registry authentication warnings, etc.) without anyone noticing — exactly the regression class server#5564 was about.
Suggested approach
Two reasonable options:
Option 1 matches the existing CI infrastructure better and is the recommended path.
Acceptance criteria
Context