github.com/metasources/buildx@v0.0.0-20230418141019-7aa1459cedea/test/cli/spdx_tooling_validation_test.go

github.com/metasources/buildx@v0.0.0-20230418141019-7aa1459cedea/test/cli/spdx_tooling_validation_test.go (about)

     1  package cli
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  	"os/exec"
     7  	"path"
     8  	"path/filepath"
     9  	"strings"
    10  	"testing"
    11  
    12  	"github.com/stretchr/testify/require"
    13  
    14  	"github.com/anchore/stereoscope/pkg/imagetest"
    15  )
    16  
    17  func TestSpdxValidationTooling(t *testing.T) {
    18  	img := imagetest.GetFixtureImage(t, "docker-archive", "image-java-spdx-tools")
    19  	require.NotEmpty(t, img.Metadata.Tags)
    20  	imgTag := img.Metadata.Tags[0]
    21  
    22  	images := []string{
    23  		"alpine:3.17.3@sha256:b6ca290b6b4cdcca5b3db3ffa338ee0285c11744b4a6abaa9627746ee3291d8d",
    24  		"photon:3.0@sha256:888675e193418d924feea262cf639c46532b63c2027a39fd3ac75383b3c1130e",
    25  		"debian:stable@sha256:729c2433e196207749a86f1d86e0106822041bb280b4200cf7a4db97608f6d3a",
    26  	}
    27  
    28  	env := map[string]string{
    29  		"BUILDX_FILE_METADATA_CATALOGER_ENABLED": "true",
    30  		"BUILDX_FILE_CONTENTS_CATALOGER_ENABLED": "true",
    31  		"BUILDX_FILE_METADATA_DIGESTS":           "sha1",
    32  	}
    33  
    34  	tests := []struct {
    35  		name     string
    36  		buildxArgs []string
    37  		images   []string
    38  		setup    func(t *testing.T)
    39  		env      map[string]string
    40  	}{
    41  		{
    42  			name:     "spdx validation tooling tag value",
    43  			buildxArgs: []string{"packages", "-o", "spdx"},
    44  			images:   images,
    45  			env:      env,
    46  		},
    47  		{
    48  			name:     "spdx validation tooling json",
    49  			buildxArgs: []string{"packages", "-o", "spdx-json"},
    50  			images:   images,
    51  			env:      env,
    52  		},
    53  	}
    54  
    55  	for _, test := range tests {
    56  		for _, image := range test.images {
    57  			t.Run(test.name+"_"+image, func(t *testing.T) {
    58  
    59  				args := append(test.buildxArgs, image)
    60  
    61  				var suffix string
    62  				if strings.Contains(test.name, "json") {
    63  					suffix = ".json"
    64  				} else {
    65  					suffix = ".spdx"
    66  				}
    67  
    68  				dir := t.TempDir()
    69  				sbomPath := filepath.Join(dir, fmt.Sprintf("sbom%s", suffix))
    70  
    71  				args = append(args, "--file", sbomPath)
    72  
    73  				cmd, _, stderr := runBuildx(t, test.env, args...)
    74  				if cmd.ProcessState.ExitCode() != 0 {
    75  					t.Fatalf("failed to run buildx: %s", stderr)
    76  				}
    77  
    78  				cwd, err := os.Getwd()
    79  				require.NoError(t, err)
    80  
    81  				// validate against spdx java tooling
    82  				fileArg := fmt.Sprintf("DIR=%s", dir)
    83  				mountArg := fmt.Sprintf("BASE=%s", path.Base(sbomPath))
    84  				imageArg := fmt.Sprintf("IMAGE=%s", imgTag)
    85  
    86  				validateCmd := exec.Command("make", "validate", fileArg, mountArg, imageArg)
    87  				validateCmd.Dir = filepath.Join(cwd, "test-fixtures", "image-java-spdx-tools")
    88  				runAndShow(t, validateCmd)
    89  			})
    90  		}
    91  	}
    92  }