From 6b1568b52f70b5d52266a0a7abe85b86a2f46aac Mon Sep 17 00:00:00 2001 From: Rob Ramsay Date: Mon, 18 Mar 2024 17:37:37 +1300 Subject: [PATCH 1/3] Fix image_test.snap commit hash I was getting the following test failures: ``` $ ./scripts/run_tests.sh skipped building internal/image/fixtures/test-alpine.tar (already exists) skipped building internal/image/fixtures/test-node_modules-npm-empty.tar (already exists) skipped building internal/image/fixtures/test-node_modules-npm-full.tar (already exists) skipped building internal/image/fixtures/test-node_modules-pnpm-empty.tar (already exists) skipped building internal/image/fixtures/test-node_modules-pnpm-full.tar (already exists) skipped building internal/image/fixtures/test-node_modules-yarn-empty.tar (already exists) skipped building internal/image/fixtures/test-node_modules-yarn-full.tar (already exists) go: downloading github.com/google/go-containerregistry v0.19.1 ... ... ok github.com/google/osv-scanner/internal/customgitignore 1.526s coverage: 82.2% of statements in ./... --- FAIL: TestScanImage (0.00s) --- FAIL: TestScanImage/Alpine_3.10_image_tar_with_3.18_version_file (0.17s) image_test.go:88: - Snapshot - 1 + Received + 1 @@ -35,7 +35,7 @@ { "name": "ca-certificates-cacert", "version": "20191127-r2", - "commit": "9677580919b73ca6eff94d3d31b9a846b4e40612", + "commit": "f24637bad53762e9a2f847dd2e67bb91b1a615c2", "ecosystem": "Alpine:v3.18", "compareAs": "Alpine" }, at ../__snapshots__/image_test.snap:1205 FAIL coverage: 13.8% of statements in ./... FAIL github.com/google/osv-scanner/internal/image 4.042s ok github.com/google/osv-scanner/internal/local 1.858s coverage: 4.0% of statements in ./... ... ok github.com/google/osv-scanner/pkg/spdx 1.355s coverage: 100.0% of statements in ./... FAIL ``` I've tried reseting the fixtures dir: with, ``` $ rm internal/image/fixtures/* $ git checkout internal/image/fixtures/ ``` ... and then and restarting Docker Desktop (macos). But got the same result. --- internal/image/__snapshots__/image_test.snap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/image/__snapshots__/image_test.snap b/internal/image/__snapshots__/image_test.snap index 35a072e1f7..dcc88b7dfe 100755 --- a/internal/image/__snapshots__/image_test.snap +++ b/internal/image/__snapshots__/image_test.snap @@ -1240,7 +1240,7 @@ { "name": "ca-certificates-cacert", "version": "20191127-r2", - "commit": "9677580919b73ca6eff94d3d31b9a846b4e40612", + "commit": "f24637bad53762e9a2f847dd2e67bb91b1a615c2", "ecosystem": "Alpine:v3.18", "compareAs": "Alpine" }, From dffe54f3a0d76e1ba91cf00c75c056ece5b68ed9 Mon Sep 17 00:00:00 2001 From: Rob Ramsay Date: Tue, 19 Mar 2024 11:55:27 +1300 Subject: [PATCH 2/3] Pin alpine Dockerfile version becuase I was getting snapshot failures in TestScanImage/Alpine_3.10_image_tar_with_3.18_version_file such as: ``` @@ -35,7 +35,7 @@ { "name": "ca-certificates-cacert", "version": "20191127-r2", - "commit": "9677580919b73ca6eff94d3d31b9a846b4e40612", + "commit": "f24637bad53762e9a2f847dd2e67bb91b1a615c2", "ecosystem": "Alpine:v3.18", "compareAs": "Alpine" }, ``` --- internal/image/fixtures/test-alpine.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/image/fixtures/test-alpine.Dockerfile b/internal/image/fixtures/test-alpine.Dockerfile index 8fcf3132e4..aaa350add9 100644 --- a/internal/image/fixtures/test-alpine.Dockerfile +++ b/internal/image/fixtures/test-alpine.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.10 +FROM alpine:3.10sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98 # Switch the version to 3.19 to show the advisories published for the latest alpine versions COPY "alpine-3.19-alpine-release" "/etc/alpine-release" From 102826fe0725000ff2ca0746bd308d3bb466ed54 Mon Sep 17 00:00:00 2001 From: Rob Ramsay Date: Tue, 19 Mar 2024 12:07:41 +1300 Subject: [PATCH 3/3] Dockerfile: fix typo --- internal/image/fixtures/test-alpine.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/image/fixtures/test-alpine.Dockerfile b/internal/image/fixtures/test-alpine.Dockerfile index aaa350add9..5cf22e2812 100644 --- a/internal/image/fixtures/test-alpine.Dockerfile +++ b/internal/image/fixtures/test-alpine.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.10sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98 +FROM alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98 # Switch the version to 3.19 to show the advisories published for the latest alpine versions COPY "alpine-3.19-alpine-release" "/etc/alpine-release"