test: save containerd image into archive and use in tests (#7816)

aquasecurity · Nov 4, 2024 · a6a45b3 · a6a45b3
1 parent a9b557d
commit a6a45b3
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 23 deletions.
diff --git a/.github/workflows/cache-test-images.yaml b/.github/workflows/cache-test-images.yaml
@@ -29,7 +29,7 @@ jobs:
         run: |
           source integration/testimages.ini
           IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       ## We need to work with test image cache only for main branch
@@ -70,7 +70,7 @@ jobs:
         run: |
           source integration/testimages.ini
           IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       ## We need to work with test VM image cache only for main branch

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -93,7 +93,7 @@ jobs:
         run: |
           source integration/testimages.ini
           IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       - name: Restore test images from cache
@@ -151,7 +151,7 @@ jobs:
         run: |
           source integration/testimages.ini
           IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       - name: Restore test images from cache
@@ -190,7 +190,7 @@ jobs:
         run: |
           source integration/testimages.ini
           IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
           echo "digest=$DIGEST" >> $GITHUB_OUTPUT
 
       - name: Restore test VM images from cache

diff --git a/magefiles/fixture.go b/magefiles/fixture.go
@@ -14,36 +14,57 @@ import (
 	"github.com/aquasecurity/trivy/internal/testutil"
 )
 
+const dir = "integration/testdata/fixtures/images/"
+
 func fixtureContainerImages() error {
 	var testImages = testutil.ImageName("", "", "")
-	const dir = "integration/testdata/fixtures/images/"
+
 	if err := os.MkdirAll(dir, 0750); err != nil {
 		return err
 	}
 	tags, err := crane.ListTags(testImages)
 	if err != nil {
 		return err
 	}
+	// Save all tags for trivy-test-images
 	for _, tag := range tags {
-		fileName := tag + ".tar.gz"
-		filePath := filepath.Join(dir, fileName)
-		if exists(filePath) {
-			continue
-		}
-		fmt.Printf("Downloading %s...\n", tag)
-		imgName := fmt.Sprintf("%s:%s", testImages, tag)
-		img, err := crane.Pull(imgName)
-		if err != nil {
-			return err
-		}
-		tarPath := strings.TrimSuffix(filePath, ".gz")
-		if err = crane.Save(img, imgName, tarPath); err != nil {
-			return err
-		}
-		if err = sh.Run("gzip", tarPath); err != nil {
+		if err := saveImage("", tag); err != nil {
 			return err
 		}
 	}
+
+	// Save trivy-test-images/containerd image
+	if err := saveImage("containerd", "latest"); err != nil {
+		return err
+	}
+	return nil
+}
+
+func saveImage(subpath, tag string) error {
+	fileName := tag + ".tar.gz"
+	imgName := testutil.ImageName("", tag, "")
+	if subpath != "" {
+		fileName = subpath + ".tar.gz"
+		imgName = testutil.ImageName(subpath, "", "")
+	}
+	filePath := filepath.Join(dir, fileName)
+	if exists(filePath) {
+		return nil
+	}
+	fmt.Printf("Downloading %s...\n", imgName)
+
+	img, err := crane.Pull(imgName)
+	if err != nil {
+		return err
+	}
+	tarPath := strings.TrimSuffix(filePath, ".gz")
+	if err = crane.Save(img, imgName, tarPath); err != nil {
+		return err
+	}
+	if err = sh.Run("gzip", tarPath); err != nil {
+		return err
+	}
+
 	return nil
 }
 

diff --git a/pkg/fanal/test/integration/containerd_test.go b/pkg/fanal/test/integration/containerd_test.go
@@ -76,9 +76,14 @@ func setupContainerd(t *testing.T, ctx context.Context, namespace string) *conta
 func startContainerd(t *testing.T, ctx context.Context, hostPath string) {
 	t.Helper()
 	t.Setenv("TESTCONTAINERS_RYUK_DISABLED", "true")
+
+	// Load `containerd` image from tar file to avoid fetching it from remote registry
+	cli := testutil.NewDockerClient(t)
+	loadedImage := cli.ImageLoad(t, ctx, "../../../../integration/testdata/fixtures/images/containerd.tar.gz")
+
 	req := testcontainers.ContainerRequest{
 		Name:  "containerd",
-		Image: testutil.ImageName("containerd", "latest", ""),
+		Image: loadedImage,
 		Entrypoint: []string{
 			"/bin/sh",
 			"-c",