diff --git a/.github/workflows/cache-test-images.yaml b/.github/workflows/cache-test-images.yaml index a03dc683e3ae..4b73cc2fb5bc 100644 --- a/.github/workflows/cache-test-images.yaml +++ b/.github/workflows/cache-test-images.yaml @@ -27,7 +27,8 @@ jobs: if: github.ref_name == 'main' id: image-digest run: | - IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images) + source integration/testimages.ini + IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT @@ -67,7 +68,8 @@ jobs: if: github.ref_name == 'main' id: image-digest run: | - IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images) + source integration/testimages.ini + IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES) DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 74b0933c6ef6..8932a683c5bc 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -90,7 +90,8 @@ jobs: - name: Generate image list digest id: image-digest run: | - IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images) + source integration/testimages.ini + IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT @@ -147,7 +148,8 @@ jobs: - name: Generate image list digest id: image-digest run: | - IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images) + source integration/testimages.ini + IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES) DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT @@ -185,7 +187,8 @@ jobs: - name: Generate image list digest id: image-digest run: | - IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images) + source integration/testimages.ini + IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES) DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1) echo "digest=$DIGEST" >> $GITHUB_OUTPUT diff --git a/integration/testimages.ini b/integration/testimages.ini new file mode 100644 index 000000000000..1a7b8ef1a0c0 --- /dev/null +++ b/integration/testimages.ini @@ -0,0 +1,3 @@ +# Configuration file for both shell scripts and Go programs +TEST_IMAGES=ghcr.io/aquasecurity/trivy-test-images +TEST_VM_IMAGES=ghcr.io/aquasecurity/trivy-test-vm-images diff --git a/internal/testutil/image.go b/internal/testutil/image.go new file mode 100644 index 000000000000..dba54bc23dff --- /dev/null +++ b/internal/testutil/image.go @@ -0,0 +1,67 @@ +package testutil + +import ( + "bufio" + "fmt" + "os" + "path/filepath" + "runtime" + "strings" +) + +var ( + testImages string + testVMImages string +) + +func init() { + _, b, _, _ := runtime.Caller(0) + currentDir := filepath.Dir(b) + f, err := os.Open(filepath.Join(currentDir, "..", "..", "integration", "testimages.ini")) + if err != nil { + panic(err) + } + defer f.Close() + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + if strings.HasPrefix(scanner.Text(), "#") { + continue + } + parts := strings.SplitN(scanner.Text(), "=", 2) + if len(parts) == 2 { + key := strings.TrimSpace(parts[0]) + value := strings.TrimSpace(parts[1]) + switch key { + case "TEST_IMAGES": + testImages = value + case "TEST_VM_IMAGES": + testVMImages = value + } + } + } + if err = scanner.Err(); err != nil { + panic(err) + } +} + +func ImageName(subpath, tag, digest string) string { + return imageName(testImages, subpath, tag, digest) +} + +func VMImageName(subpath, tag, digest string) string { + return imageName(testVMImages, subpath, tag, digest) +} + +func imageName(img, subpath, tag, digest string) string { + if subpath != "" { + img = fmt.Sprintf("%s/%s", img, subpath) + } + if tag != "" { + img = fmt.Sprintf("%s:%s", img, tag) + } + if digest != "" { + img = fmt.Sprintf("%s@%s", img, digest) + } + return img +} diff --git a/magefiles/fixture.go b/magefiles/fixture.go index 0ed9ae8d4217..0112a8421133 100644 --- a/magefiles/fixture.go +++ b/magefiles/fixture.go @@ -10,13 +10,13 @@ import ( "github.com/google/go-containerregistry/pkg/crane" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/magefile/mage/sh" + + "github.com/aquasecurity/trivy/internal/testutil" ) func fixtureContainerImages() error { - const ( - testImages = "ghcr.io/aquasecurity/trivy-test-images" - dir = "integration/testdata/fixtures/images/" - ) + var testImages = testutil.ImageName("", "", "") + const dir = "integration/testdata/fixtures/images/" if err := os.MkdirAll(dir, 0750); err != nil { return err } @@ -48,8 +48,8 @@ func fixtureContainerImages() error { } func fixtureVMImages() error { + var testVMImages = testutil.VMImageName("", "", "") const ( - testVMImages = "ghcr.io/aquasecurity/trivy-test-vm-images" titleAnnotation = "org.opencontainers.image.title" dir = "integration/testdata/fixtures/vm-images/" ) diff --git a/pkg/attestation/attestation_test.go b/pkg/attestation/attestation_test.go index 763878f4ae41..de75b5676692 100644 --- a/pkg/attestation/attestation_test.go +++ b/pkg/attestation/attestation_test.go @@ -9,6 +9,7 @@ import ( slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/attestation" ) @@ -27,7 +28,7 @@ func TestStatement_UnmarshalJSON(t *testing.T) { PredicateType: "cosign.sigstore.dev/attestation/v1", Subject: []in_toto.Subject{ { - Name: "ghcr.io/aquasecurity/trivy-test-images", + Name: testutil.ImageName("", "", ""), Digest: slsa.DigestSet{ "sha256": "72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb", }, diff --git a/pkg/fanal/analyzer/language/java/jar/jar_test.go b/pkg/fanal/analyzer/language/java/jar/jar_test.go index 146b60c1bbd6..58e7221066ac 100644 --- a/pkg/fanal/analyzer/language/java/jar/jar_test.go +++ b/pkg/fanal/analyzer/language/java/jar/jar_test.go @@ -18,10 +18,6 @@ import ( _ "modernc.org/sqlite" ) -const ( - defaultJavaDBRepository = "ghcr.io/aquasecurity/trivy-java-db" -) - func Test_javaLibraryAnalyzer_Analyze(t *testing.T) { tests := []struct { name string diff --git a/pkg/fanal/test/integration/containerd_test.go b/pkg/fanal/test/integration/containerd_test.go index d16ad3dac059..568af60528ea 100644 --- a/pkg/fanal/test/integration/containerd_test.go +++ b/pkg/fanal/test/integration/containerd_test.go @@ -27,6 +27,7 @@ import ( "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/wait" + "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/applier" @@ -77,7 +78,7 @@ func startContainerd(t *testing.T, ctx context.Context, hostPath string) { t.Setenv("TESTCONTAINERS_RYUK_DISABLED", "true") req := testcontainers.ContainerRequest{ Name: "containerd", - Image: "ghcr.io/aquasecurity/trivy-test-images/containerd:latest", + Image: testutil.ImageName("containerd", "latest", ""), Entrypoint: []string{ "/bin/sh", "-c", @@ -122,7 +123,7 @@ func TestContainerd_SearchLocalStoreByNameOrDigest(t *testing.T) { digest := "sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a" basename := "hello" tag := "world" - importedImageOriginalName := "ghcr.io/aquasecurity/trivy-test-images:alpine-310" + importedImageOriginalName := testutil.ImageName("", "alpine-310", "") tests := []struct { name string @@ -299,15 +300,15 @@ func localImageTestWithNamespace(t *testing.T, namespace string) { }{ { name: "alpine 3.10", - imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310", + imageName: testutil.ImageName("", "alpine-310", ""), tarArchive: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz", wantMetadata: artifact.ImageMetadata{ ID: "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", DiffIDs: []string{ "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0", }, - RepoTags: []string{"ghcr.io/aquasecurity/trivy-test-images:alpine-310"}, - RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a"}, + RepoTags: []string{testutil.ImageName("", "alpine-310", "")}, + RepoDigests: []string{testutil.ImageName("", "", "sha256:f12582b2f2190f350e3904462c1c23aaf366b4f76705e97b199f9bbded1d816a")}, ConfigFile: v1.ConfigFile{ Architecture: "amd64", Created: v1.Time{ @@ -347,7 +348,7 @@ func localImageTestWithNamespace(t *testing.T, namespace string) { }, { name: "vulnimage", - imageName: "ghcr.io/aquasecurity/trivy-test-images:vulnimage", + imageName: testutil.ImageName("", "vulnimage", ""), tarArchive: "../../../../integration/testdata/fixtures/images/vulnimage.tar.gz", wantMetadata: artifact.ImageMetadata{ ID: "sha256:c17083664da903e13e9092fa3a3a1aeee2431aa2728298e3dbcec72f26369c41", @@ -373,8 +374,8 @@ func localImageTestWithNamespace(t *testing.T, namespace string) { "sha256:ba17950e91742d6ac7055ea3a053fe764486658ca1ce8188f1e427b1fe2bc4da", "sha256:6ef42db7800507577383edf1937cb203b9b85f619feed6046594208748ceb52c", }, - RepoTags: []string{"ghcr.io/aquasecurity/trivy-test-images:vulnimage"}, - RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:e74abbfd81e00baaf464cf9e09f8b24926e5255171e3150a60aa341ce064688f"}, + RepoTags: []string{testutil.ImageName("", "vulnimage", "")}, + RepoDigests: []string{testutil.ImageName("", "", "sha256:e74abbfd81e00baaf464cf9e09f8b24926e5255171e3150a60aa341ce064688f")}, ConfigFile: v1.ConfigFile{ Architecture: "amd64", Created: v1.Time{ @@ -750,14 +751,14 @@ func TestContainerd_PullImage(t *testing.T) { }{ { name: "remote alpine 3.10", - imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310", + imageName: testutil.ImageName("", "alpine-310", ""), wantMetadata: artifact.ImageMetadata{ ID: "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", DiffIDs: []string{ "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0", }, - RepoTags: []string{"ghcr.io/aquasecurity/trivy-test-images:alpine-310"}, - RepoDigests: []string{"ghcr.io/aquasecurity/trivy-test-images@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb"}, + RepoTags: []string{testutil.ImageName("", "alpine-310", "")}, + RepoDigests: []string{testutil.ImageName("", "", "sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb")}, ConfigFile: v1.ConfigFile{ Architecture: "amd64", Created: v1.Time{ diff --git a/pkg/fanal/test/integration/registry_test.go b/pkg/fanal/test/integration/registry_test.go index 5b062e425729..4bca93f0ccba 100644 --- a/pkg/fanal/test/integration/registry_test.go +++ b/pkg/fanal/test/integration/registry_test.go @@ -20,6 +20,7 @@ import ( testcontainers "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/wait" + "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all" @@ -95,7 +96,7 @@ func TestTLSRegistry(t *testing.T) { }{ { name: "happy path", - imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310", + imageName: testutil.ImageName("", "alpine-310", ""), imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz", option: types.ImageOptions{ RegistryOptions: types.RegistryOptions{ @@ -120,7 +121,7 @@ func TestTLSRegistry(t *testing.T) { }, { name: "happy path with docker login", - imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310", + imageName: testutil.ImageName("", "alpine-310", ""), imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz", option: types.ImageOptions{ RegistryOptions: types.RegistryOptions{ @@ -140,7 +141,7 @@ func TestTLSRegistry(t *testing.T) { }, { name: "sad path: tls verify", - imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310", + imageName: testutil.ImageName("", "alpine-310", ""), imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz", option: types.ImageOptions{ RegistryOptions: types.RegistryOptions{ @@ -156,7 +157,7 @@ func TestTLSRegistry(t *testing.T) { }, { name: "sad path: no credential", - imageName: "ghcr.io/aquasecurity/trivy-test-images:alpine-310", + imageName: testutil.ImageName("", "alpine-310", ""), imageFile: "../../../../integration/testdata/fixtures/images/alpine-310.tar.gz", option: types.ImageOptions{ RegistryOptions: types.RegistryOptions{