test: add plugin e2e tests (#391)

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
project-copacetic · Feb 6, 2024 · aa823e1 · aa823e1
1 parent cd1dbee
commit aa823e1
Show file tree

Hide file tree

Showing 5 changed files with 140 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -128,3 +128,47 @@ jobs:
           set -eu -o pipefail
           . .github/workflows/scripts/buildkitenvs/${{ matrix.buildkit_mode}}
           go test -v ./integration --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" -timeout 0
+
+  test-plugin:
+    needs: build
+    name: Test plugin
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions: read-all
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.3.1
+        with:
+          egress-policy: audit
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - name: Install scanner-plugin-template
+        shell: bash
+        run: |
+          go install github.com/project-copacetic/scanner-plugin-template@latest
+          mv $(go env GOPATH)/bin/scanner-plugin-template $(go env GOPATH)/bin/copa-fake
+          mv $(go env GOPATH)/bin/copa-fake /usr/local/bin
+      - name: Install required tools
+        shell: bash
+        run: .github/workflows/scripts/download-tooling.sh
+      - name: Download copa from build artifacts
+        uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
+        with:
+          name: copa_edge_linux_amd64.tar.gz
+      - name: Extract copa
+        shell: bash
+        run: |
+          tar xzf copa_edge_linux_amd64.tar.gz
+          ./copa --version
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+      - name: Run e2e tests
+        shell: bash
+        run: |
+          set -eu -o pipefail
+          . .github/workflows/scripts/buildkitenvs/direct/tcp
+          go test -v ./test/e2e --addr="${COPA_BUILDKIT_ADDR}" --copa="$(pwd)/copa" --scanner fake -timeout 0
diff --git a/test/e2e/main_test.go b/test/e2e/main_test.go
@@ -0,0 +1,27 @@
+package e2e
+
+import (
+	"flag"
+	"os"
+	"testing"
+)
+
+var (
+	buildkitAddr  string
+	copaPath      string
+	scannerPlugin string
+)
+
+func TestMain(m *testing.M) {
+	flag.StringVar(&buildkitAddr, "addr", "", "buildkit address to pass through to copa binary")
+	flag.StringVar(&copaPath, "copa", "./copa", "path to copa binary")
+	flag.StringVar(&scannerPlugin, "scanner", "trivy", "Scanner used to generate the report")
+	flag.Parse()
+
+	if copaPath == "" {
+		panic("missing --copa")
+	}
+
+	ec := m.Run()
+	os.Exit(ec)
+}
diff --git a/test/e2e/plugin_test.go b/test/e2e/plugin_test.go
@@ -0,0 +1,55 @@
+package e2e
+
+import (
+	"fmt"
+	"os/exec"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPlugins(t *testing.T) {
+	testCases := []struct {
+		image  string
+		report string
+		err    error
+	}{
+		{
+			image:  "docker.io/library/alpine:3.14.0",
+			report: "./testdata/invalid_report.json",
+			err:    fmt.Errorf("exit status 1"),
+		},
+		{
+			image:  "docker.io/library/alpine:3.7.3",
+			report: "./testdata/valid_report.json",
+			err:    nil,
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc // capture range variable
+		t.Run(tc.image, func(t *testing.T) {
+			t.Parallel()
+			_, err := runPatch(tc.image, tc.report)
+			if err != nil {
+				assert.Equal(t, tc.err, fmt.Errorf(err.Error()))
+			} else {
+				assert.Equal(t, tc.err, nil)
+			}
+		})
+	}
+}
+
+func runPatch(image, report string) ([]byte, error) {
+	//#nosec G204
+	cmd := exec.Command(
+		copaPath,
+		"patch",
+		"-i="+image,
+		"-r="+report,
+		"-s="+scannerPlugin,
+		"-a="+buildkitAddr,
+	)
+	out, err := cmd.CombinedOutput()
+	return out, err
+}
diff --git a/test/e2e/testdata/invalid_report.json b/test/e2e/testdata/invalid_report.json
@@ -0,0 +1 @@
+invalid
diff --git a/test/e2e/testdata/valid_report.json b/test/e2e/testdata/valid_report.json
@@ -0,0 +1,13 @@
+{
+    "OSType": "alpine",
+    "OSVersion": "3.7.3",
+    "Arch": "amd64",
+    "Packages": [
+        {
+            "Name": "musl",
+            "InstalledVersion": "1.1.18-r3",
+            "FixedVersion": "1.1.18-r4",
+            "VulnerabilityID": "CVE-2019-14697"
+        }
+    ]
+}