test: define constants for test images (#7739)

Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
2025-12-12 15:50:15 -08:00 · 2024-10-17 03:41:59 +04:00
parent 83e5b83acc
commit bcfc37bb16
9 changed files with 104 additions and 30 deletions
--- a/.github/workflows/cache-test-images.yaml
+++ b/.github/workflows/cache-test-images.yaml
@@ -27,7 +27,8 @@ jobs:
        if: github.ref_name == 'main'
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

@@ -67,7 +68,8 @@ jobs:
        if: github.ref_name == 'main'
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -90,7 +90,8 @@ jobs:
      - name: Generate image list digest
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

@@ -147,7 +148,8 @@ jobs:
      - name: Generate image list digest
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

@@ -185,7 +187,8 @@ jobs:
      - name: Generate image list digest
        id: image-digest
        run: |
-          IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
+          source integration/testimages.ini
+          IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
          DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

--- a/integration/testimages.ini
+++ b/integration/testimages.ini
@@ -0,0 +1,3 @@
+# Configuration file for both shell scripts and Go programs
+TEST_IMAGES=ghcr.io/aquasecurity/trivy-test-images
+TEST_VM_IMAGES=ghcr.io/aquasecurity/trivy-test-vm-images
--- a/internal/testutil/image.go
+++ b/internal/testutil/image.go
@@ -0,0 +1,67 @@
+package testutil
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+)
+
+var (
+	testImages   string
+	testVMImages string
+)
+
+func init() {
+	_, b, _, _ := runtime.Caller(0)
+	currentDir := filepath.Dir(b)
+	f, err := os.Open(filepath.Join(currentDir, "..", "..", "integration", "testimages.ini"))
+	if err != nil {
+		panic(err)
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		if strings.HasPrefix(scanner.Text(), "#") {
+			continue
+		}
+		parts := strings.SplitN(scanner.Text(), "=", 2)
+		if len(parts) == 2 {
+			key := strings.TrimSpace(parts[0])
+			value := strings.TrimSpace(parts[1])
+			switch key {
+			case "TEST_IMAGES":
+				testImages = value
+			case "TEST_VM_IMAGES":
+				testVMImages = value
+			}
+		}
+	}
+	if err = scanner.Err(); err != nil {
+		panic(err)
+	}
+}
+
+func ImageName(subpath, tag, digest string) string {
+	return imageName(testImages, subpath, tag, digest)
+}
+
+func VMImageName(subpath, tag, digest string) string {
+	return imageName(testVMImages, subpath, tag, digest)
+}
+
+func imageName(img, subpath, tag, digest string) string {
+	if subpath != "" {
+		img = fmt.Sprintf("%s/%s", img, subpath)
+	}
+	if tag != "" {
+		img = fmt.Sprintf("%s:%s", img, tag)
+	}
+	if digest != "" {
+		img = fmt.Sprintf("%s@%s", img, digest)
+	}
+	return img
+}
--- a/magefiles/fixture.go
+++ b/magefiles/fixture.go
@@ -10,13 +10,13 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/magefile/mage/sh"
+
+	"github.com/aquasecurity/trivy/internal/testutil"
 )

 func fixtureContainerImages() error {
-	const (
-		testImages = "ghcr.io/aquasecurity/trivy-test-images"
-		dir        = "integration/testdata/fixtures/images/"
-	)
+	var testImages = testutil.ImageName("", "", "")
+	const dir = "integration/testdata/fixtures/images/"
 	if err := os.MkdirAll(dir, 0750); err != nil {
 		return err
 	}
@@ -48,8 +48,8 @@ func fixtureContainerImages() error {
 }

 func fixtureVMImages() error {
+	var testVMImages = testutil.VMImageName("", "", "")
 	const (
-		testVMImages    = "ghcr.io/aquasecurity/trivy-test-vm-images"
 		titleAnnotation = "org.opencontainers.image.title"
 		dir             = "integration/testdata/fixtures/vm-images/"
 	)
--- a/pkg/attestation/attestation_test.go
+++ b/pkg/attestation/attestation_test.go
@@ -9,6 +9,7 @@ import (
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
 	"github.com/stretchr/testify/require"

+	"github.com/aquasecurity/trivy/internal/testutil"
 	"github.com/aquasecurity/trivy/pkg/attestation"
 )

@@ -27,7 +28,7 @@ func TestStatement_UnmarshalJSON(t *testing.T) {
 					PredicateType: "cosign.sigstore.dev/attestation/v1",
 					Subject: []in_toto.Subject{
 						{
-							Name: "ghcr.io/aquasecurity/trivy-test-images",
+							Name: testutil.ImageName("", "", ""),
 							Digest: slsa.DigestSet{
 								"sha256": "72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb",
 							},
--- a/pkg/fanal/analyzer/language/java/jar/jar_test.go
+++ b/pkg/fanal/analyzer/language/java/jar/jar_test.go
@@ -18,10 +18,6 @@ import (
 	_ "modernc.org/sqlite"
 )

-const (
-	defaultJavaDBRepository = "ghcr.io/aquasecurity/trivy-java-db"
-)
-
 func Test_javaLibraryAnalyzer_Analyze(t *testing.T) {
 	tests := []struct {
 		name            string
--- a/pkg/fanal/test/integration/containerd_test.go
+++ b/pkg/fanal/test/integration/containerd_test.go
@@ -27,6 +27,7 @@ import (
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"

+	"github.com/aquasecurity/trivy/internal/testutil"
 	"github.com/aquasecurity/trivy/pkg/cache"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/applier"
@@ -77,7 +78,7 @@ func startContainerd(t *testing.T, ctx context.Context, hostPath string) {
 	t.Setenv("TESTCONTAINERS_RYUK_DISABLED", "true")
 	req := testcontainers.ContainerRequest{
 		Name:  "containerd",
-		Image: "ghcr.io/aquasecurity/trivy-test-images/containerd:latest",
+		Image: testutil.ImageName("containerd", "latest", ""),
 		Entrypoint: []string{
 			"/bin/sh",
 			"-c",
@@ -122,7 +123,7 @@ func TestContainerd_SearchLocalStoreByNameOrDigest(t *testing.T) {
 	digest := "sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a"
 	basename := "hello"
 	tag := "world"
-	importedImageOriginalName := "ghcr.io/aquasecurity/trivy-test-images:alpine-310"
+	importedImageOriginalName := testutil.ImageName("", "alpine-310", "")

 	tests := []struct {
 		name       string
@@ -299,15 +300,15 @@ func localImageTestWithNamespace(t *testing.T, namespace string) {
 	}{
 		{
 			name:       "alpine 3.10",
-			imageName:  "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+			imageName:  testutil.ImageName("", "alpine-310", ""),
 			tarArchive: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
 			wantMetadata: artifact.ImageMetadata{
 				ID: "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
 				DiffIDs: []string{
 					"sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0",
 				},
-				RepoTags:    []string{"ghcr.io/aquasecurity/trivy-test-images:alpine-310"},
-				RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a"},
+				RepoTags:    []string{testutil.ImageName("", "alpine-310", "")},
+				RepoDigests: []string{testutil.ImageName("", "", "sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a")},
 				ConfigFile: v1.ConfigFile{
 					Architecture: "amd64",
 					Created: v1.Time{
@@ -347,7 +348,7 @@ func localImageTestWithNamespace(t *testing.T, namespace string) {
 		},
 		{
 			name:       "vulnimage",
-			imageName:  "ghcr.io/aquasecurity/trivy-test-images:vulnimage",
+			imageName:  testutil.ImageName("", "vulnimage", ""),
 			tarArchive: "../../../../integration/testdata/fixtures/images/vulnimage.tar.gz",
 			wantMetadata: artifact.ImageMetadata{
 				ID: "sha256:c17083664da903e13e9092fa3a3a1aeee2431aa2728298e3dbcec72f26369c41",
@@ -373,8 +374,8 @@ func localImageTestWithNamespace(t *testing.T, namespace string) {
 					"sha256:ba17950e91742d6ac7055ea3a053fe764486658ca1ce8188f1e427b1fe2bc4da",
 					"sha256:6ef42db7800507577383edf1937cb203b9b85f619feed6046594208748ceb52c",
 				},
-				RepoTags:    []string{"ghcr.io/aquasecurity/trivy-test-images:vulnimage"},
-				RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:e74abbfd81e00baaf464cf9e09f8b24926e5255171e3150a60aa341ce064688f"},
+				RepoTags:    []string{testutil.ImageName("", "vulnimage", "")},
+				RepoDigests: []string{testutil.ImageName("", "", "sha256:e74abbfd81e00baaf464cf9e09f8b24926e5255171e3150a60aa341ce064688f")},
 				ConfigFile: v1.ConfigFile{
 					Architecture: "amd64",
 					Created: v1.Time{
@@ -750,14 +751,14 @@ func TestContainerd_PullImage(t *testing.T) {
 	}{
 		{
 			name:      "remote alpine 3.10",
-			imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+			imageName: testutil.ImageName("", "alpine-310", ""),
 			wantMetadata: artifact.ImageMetadata{
 				ID: "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
 				DiffIDs: []string{
 					"sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0",
 				},
-				RepoTags:    []string{"ghcr.io/aquasecurity/trivy-test-images:alpine-310"},
-				RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb"},
+				RepoTags:    []string{testutil.ImageName("", "alpine-310", "")},
+				RepoDigests: []string{testutil.ImageName("", "", "sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb")},
 				ConfigFile: v1.ConfigFile{
 					Architecture: "amd64",
 					Created: v1.Time{
--- a/pkg/fanal/test/integration/registry_test.go
+++ b/pkg/fanal/test/integration/registry_test.go
@@ -20,6 +20,7 @@ import (
 	testcontainers "github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"

+	"github.com/aquasecurity/trivy/internal/testutil"
 	"github.com/aquasecurity/trivy/pkg/cache"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
@@ -95,7 +96,7 @@ func TestTLSRegistry(t *testing.T) {
 	}{
 		{
 			name:      "happy path",
-			imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+			imageName: testutil.ImageName("", "alpine-310", ""),
 			imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
 			option: types.ImageOptions{
 				RegistryOptions: types.RegistryOptions{
@@ -120,7 +121,7 @@ func TestTLSRegistry(t *testing.T) {
 		},
 		{
 			name:      "happy path with docker login",
-			imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+			imageName: testutil.ImageName("", "alpine-310", ""),
 			imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
 			option: types.ImageOptions{
 				RegistryOptions: types.RegistryOptions{
@@ -140,7 +141,7 @@ func TestTLSRegistry(t *testing.T) {
 		},
 		{
 			name:      "sad path: tls verify",
-			imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+			imageName: testutil.ImageName("", "alpine-310", ""),
 			imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
 			option: types.ImageOptions{
 				RegistryOptions: types.RegistryOptions{
@@ -156,7 +157,7 @@ func TestTLSRegistry(t *testing.T) {
 		},
 		{
 			name:      "sad path: no credential",
-			imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
+			imageName: testutil.ImageName("", "alpine-310", ""),
 			imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz",
 			option: types.ImageOptions{
 				RegistryOptions: types.RegistryOptions{