-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: save containerd
image into archive and use in tests
#7816
test: save containerd
image into archive and use in tests
#7816
Conversation
@DmitriyLewen Do you think we should change |
Yesterday after work I also thought about this. I still think that we shouldn't merge them. |
@@ -29,7 +29,7 @@ jobs: | |||
run: | | |||
source integration/testimages.ini | |||
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) | |||
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) | |||
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"]' | sha256sum | cut -d' ' -f1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I realized the order depends on the registry. I think we should sort the image list.
$ crane ls public.ecr.aws/aquasecurity/trivy-test-images
centos-6
almalinux-8
photon-30
sle-micro-rancher-5.4_ndb
alpine-310
alpine-distroless
fluentd-multiple-lockfiles
debian-stretch
centos-7
ubi-7
debian-buster
distroless-python27
opensuse-leap-151
spring4shell-jre8
ubuntu-1604
distroless-base
fedora-35
mariner-1.0
busybox-with-lockfile
alpine-39
ubuntu-1804
vulnimage
amazon-2
oraclelinux-8
rockylinux-8
amazon-1
suse-15.3_ndb
opensuse-tumbleweed
spring4shell-jre11
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch!
I also found, that skopeo list-tags
returns repository name:
# skopeo list-tags docker://ghcr.io/knqyf263/trivy-test-images
{
"Repository": "ghcr.io/knqyf263/trivy-test-images",
"Tags": [
"spring4shell-jre11",
"spring4shell-jre8",
"almalinux-8",
"alpine-39",
"alpine-310",
"alpine-distroless",
"busybox-with-lockfile",
"fluentd-multiple-lockfiles",
"amazon-1",
"amazon-2",
"centos-6",
"centos-7",
"debian-buster",
"debian-stretch",
"distroless-base",
"distroless-python27",
"mariner-1.0",
"opensuse-leap-151",
"photon-30",
"rockylinux-8",
"ubi-7",
"ubuntu-1604",
"ubuntu-1804",
"vulnimage",
"oraclelinux-8",
"suse-15.3_ndb",
"fedora-35",
"opensuse-tumbleweed",
"sle-micro-rancher-5.4_ndb"
]
}
Therefore, to calculate the digest I take only sorted tags
(see f478633):
root@73c3501e9402:/scripts# TEST_IMAGES=public.ecr.aws/aquasecurity/trivy-test-images ./script.sh
digest=d8b4d51584e5d09e38687eb50c7d6a2ff49d57c28ff14e3d04cd22d9c8175354
root@73c3501e9402:/scripts# TEST_IMAGES=ghcr.io/knqyf263/trivy-test-images ./script.sh
digest=d8b4d51584e5d09e38687eb50c7d6a2ff49d57c28ff14e3d04cd22d9c8175354
We most likely need to merge the main branch. |
Thanks. Merged. |
Description
To avoid downloading
containerd
image from remote registry for each containerd test, we need:mage test:FixtureContainerImages
command should downloadcontainerd
image as archive.containerd
image from archive forcontainerd
teststest run - https://github.com/aquasecurity/trivy/actions/runs/11572399371/job/32212304048?pr=7816#step:7:1716
Related issues
Checklist