From 28fd9b589a38ed438b2100b38012715f956bf76c Mon Sep 17 00:00:00 2001 From: Tomasz Barwicki Date: Fri, 2 Feb 2024 12:43:37 +0100 Subject: [PATCH 1/3] test(baseImage check): add test unit for pure alpine base image --- .../container/allowed_base_image_check_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/release-automation/internal/container/allowed_base_image_check_test.go b/release-automation/internal/container/allowed_base_image_check_test.go index e847b9b1..0edc6101 100644 --- a/release-automation/internal/container/allowed_base_image_check_test.go +++ b/release-automation/internal/container/allowed_base_image_check_test.go @@ -104,6 +104,17 @@ func TestShouldFailIfAtLeastOneDockerfileWithUnallowedBaseImageIsFound(t *testin } } +func TestShouldPassAlpineAsPlainBaseImage(t *testing.T) { + tmpDir := t.TempDir() + file := dockerFileWithBaseImage("alpine:3.19.1") + _ = file.writeTo(tmpDir) + + result := NewAllowedBaseImage(tmpDir).Test() + if !result.Passed { + t.Errorf("Check should pass, pure alpine base image is allowed.") + } +} + func TestShouldAllowBaseImagesFromWhitelist(t *testing.T) { baseImageAllowList = []string{"my/baseimage", "my/other/baseimage"} @@ -184,3 +195,4 @@ func saveMetadataConfigToSkip(dockerfilePath string, dir string) { bytes, _ := yaml.Marshal(&metadata) _ = os.WriteFile(path.Join(dir, ".tractusx"), bytes, 0644) } + From 9a567f92da1f1a8617f24c809f2e202342751adc Mon Sep 17 00:00:00 2001 From: Tomasz Barwicki Date: Fri, 2 Feb 2024 12:44:20 +0100 Subject: [PATCH 2/3] test(baseImage check): add test unit for alpine based image --- .../container/allowed_base_image_check_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/release-automation/internal/container/allowed_base_image_check_test.go b/release-automation/internal/container/allowed_base_image_check_test.go index 0edc6101..a7f180f5 100644 --- a/release-automation/internal/container/allowed_base_image_check_test.go +++ b/release-automation/internal/container/allowed_base_image_check_test.go @@ -115,6 +115,17 @@ func TestShouldPassAlpineAsPlainBaseImage(t *testing.T) { } } +func TestShouldFailImageAlpineBased(t *testing.T) { + tmpDir := t.TempDir() + file := dockerFileWithBaseImage("postgres:15.4-alpine3.17") + _ = file.writeTo(tmpDir) + + result := NewAllowedBaseImage(tmpDir).Test() + if result.Passed { + t.Errorf("Check should fail, not approved base image (alpine based).") + } +} + func TestShouldAllowBaseImagesFromWhitelist(t *testing.T) { baseImageAllowList = []string{"my/baseimage", "my/other/baseimage"} From 917a81ce4a9de64318ef37193080e48465c939c1 Mon Sep 17 00:00:00 2001 From: Tomasz Barwicki Date: Mon, 5 Feb 2024 12:34:56 +0100 Subject: [PATCH 3/3] fix: amend base image check to alpine types --- .../internal/container/allowed_base_image_check.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/release-automation/internal/container/allowed_base_image_check.go b/release-automation/internal/container/allowed_base_image_check.go index 7e120d47..7006d07f 100644 --- a/release-automation/internal/container/allowed_base_image_check.go +++ b/release-automation/internal/container/allowed_base_image_check.go @@ -71,8 +71,7 @@ func (a *AllowedBaseImage) Test() *tractusx.QualityResult { fmt.Printf("Could not read dockerfile from Path %s\n", dockerfilePath) continue } - - if !isAllowedBaseImage(file.baseImage()) { + if !isAllowedBaseImage(strings.Split(file.baseImage(), ":")[0]) { checkPassed = false deniedBaseImages = append(deniedBaseImages, file.baseImage()) }