Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: run integration tests across multiple Trivy versions #343

Merged
merged 3 commits into from
Mar 3, 2025
Merged

test: run integration tests across multiple Trivy versions #343

merged 3 commits into from
Mar 3, 2025

Conversation

nikpivkin
Copy link
Contributor

This PR replaces the use of the Trivy package with testcontainers to run Trivy in integration tests, making it easier to work with different versions of Trivy.

  • Trivy now uses a bundle from the registry instead of a manually created cache, eliminating the dependency on internal caching implementations.
  • Removed the verify-bundle.go file, as the bundle is now built and used by Trivy directly in integration tests.
  • Integration tests now run on multiple versions of Trivy (now 0.57.1, 0.58.1, latest and canary).

@nikpivkin nikpivkin marked this pull request as ready for review February 27, 2025 11:34
@nikpivkin nikpivkin requested a review from simar7 as a code owner February 27, 2025 11:34
@simar7
Copy link
Member

simar7 commented Feb 28, 2025

Hmm for some reason the tests timeout on my machine

go test -v -timeout 5m -tags=integration ./integration/...
?       github.com/aquasecurity/trivy-checks/integration/testcontainer  [no test files]
=== RUN   TestScanCheckExamples
2025/02/27 22:40:56 github.com/testcontainers/testcontainers-go - Connected to docker: 
  Server Version: 5.3.2
  API Version: 1.41
  Operating System: fedora
  Total Memory: 3617 MB
  Testcontainers for Go Version: v0.35.0
  Resolved Docker Host: unix:///var/run/docker.sock
  Resolved Docker Socket Path: /var/run/docker.sock
  Test SessionID: 1b2ce7470404b79a36787e87e237904d10f28eb06f5a3daa5e4069b4bcc00ad7
  Test ProcessID: 217aa8dd-c6d8-4cbe-b0f8-f4924bbe28ac
2025/02/27 22:40:56 🐳 Creating container for image registry:2
2025/02/27 22:40:56 ✅ Container created: 22054f45774f
2025/02/27 22:40:56 🐳 Starting container: 22054f45774f
2025/02/27 22:40:56 ✅ Container started: 22054f45774f
2025/02/27 22:40:56 ⏳ Waiting for container id 22054f45774f image: registry:2. Waiting for: &{timeout:0x140033e90e0 Port:5000/tcp Path:/ StatusCodeMatcher:0x1046f4710 ResponseMatcher:0x104781170 UseTLS:false AllowInsecure:false TLSConfig:<nil> Method:GET Body:<nil> Headers:map[] ResponseHeadersMatcher:0x104781180 PollInterval:100ms UserInfo: ForceIPv4LocalHost:false}
2025/02/27 22:40:56 🔔 Container is ready: 22054f45774f
2025/02/27 22:40:58 🐳 Creating container for image bitnami/oras:latest
2025/02/27 22:40:58 ✅ Container created: 6d45f00f2d75
2025/02/27 22:40:58 🐳 Starting container: 6d45f00f2d75
2025/02/27 22:40:58 ✅ Container started: 6d45f00f2d75
2025/02/27 22:40:58 ⏳ Waiting for container id 6d45f00f2d75 image: bitnami/oras:latest. Waiting for: &{timeout:<nil> PollInterval:100ms}
2025/02/27 22:40:59 🔔 Container is ready: 6d45f00f2d75
2025/02/27 22:40:59 🐳 Stopping container: 6d45f00f2d75
2025/02/27 22:40:59 ✅ Container stopped: 6d45f00f2d75
2025/02/27 22:40:59 🐳 Terminating container: 6d45f00f2d75
2025/02/27 22:40:59 🚫 Container terminated: 6d45f00f2d75
=== RUN   TestScanCheckExamples/0.57.1
=== PAUSE TestScanCheckExamples/0.57.1
=== RUN   TestScanCheckExamples/0.58.1
=== PAUSE TestScanCheckExamples/0.58.1
=== RUN   TestScanCheckExamples/latest
=== PAUSE TestScanCheckExamples/latest
=== RUN   TestScanCheckExamples/canary
=== PAUSE TestScanCheckExamples/canary
=== CONT  TestScanCheckExamples/0.57.1
=== CONT  TestScanCheckExamples/latest
=== CONT  TestScanCheckExamples/canary
=== CONT  TestScanCheckExamples/0.58.1
2025/02/27 22:40:59 Failed to get image auth for . Setting empty credentials for the image: aquasec/trivy:canary. Error is: credentials not found in native keychain
2025/02/27 22:40:59 Failed to get image auth for . Setting empty credentials for the image: aquasec/trivy:0.57.1. Error is: credentials not found in native keychain
2025/02/27 22:40:59 Failed to get image auth for . Setting empty credentials for the image: aquasec/trivy:0.58.1. Error is: credentials not found in native keychain
2025/02/27 22:40:59 Failed to get image auth for . Setting empty credentials for the image: aquasec/trivy:latest. Error is: credentials not found in native keychain
2025/02/27 22:41:03 🐳 Creating container for image aquasec/trivy:0.57.1
2025/02/27 22:41:03 🐳 Creating container for image aquasec/trivy:0.58.1
2025/02/27 22:41:03 🐳 Creating container for image aquasec/trivy:latest
2025/02/27 22:41:03 ✅ Container created: 6b48666f3a17
2025/02/27 22:41:03 🐳 Starting container: 6b48666f3a17
2025/02/27 22:41:03 ✅ Container created: a106dfd147dc
2025/02/27 22:41:03 🐳 Starting container: a106dfd147dc
2025/02/27 22:41:03 ✅ Container created: aa628cd78e08
2025/02/27 22:41:03 🐳 Starting container: aa628cd78e08
2025/02/27 22:41:03 ✅ Container started: a106dfd147dc
2025/02/27 22:41:03 ✅ Container started: 6b48666f3a17
2025/02/27 22:41:03 ✅ Container started: aa628cd78e08
2025/02/27 22:41:03 ⏳ Waiting for container id 6b48666f3a17 image: aquasec/trivy:0.58.1. Waiting for: &{timeout:<nil> PollInterval:100ms}
2025/02/27 22:41:03 ⏳ Waiting for container id aa628cd78e08 image: aquasec/trivy:latest. Waiting for: &{timeout:<nil> PollInterval:100ms}
2025/02/27 22:41:03 ⏳ Waiting for container id a106dfd147dc image: aquasec/trivy:0.57.1. Waiting for: &{timeout:<nil> PollInterval:100ms}
2025/02/27 22:41:14 🐳 Creating container for image aquasec/trivy:canary
2025/02/27 22:41:14 ✅ Container created: 15ab365825d1
2025/02/27 22:41:14 🐳 Starting container: 15ab365825d1
2025/02/27 22:41:14 ✅ Container started: 15ab365825d1
2025/02/27 22:41:14 ⏳ Waiting for container id 15ab365825d1 image: aquasec/trivy:canary. Waiting for: &{timeout:<nil> PollInterval:100ms}
panic: test timed out after 5m0s
        running tests:
                TestScanCheckExamples/0.57.1 (4m56s)
                TestScanCheckExamples/0.58.1 (4m56s)
                TestScanCheckExamples/canary (4m56s)
                TestScanCheckExamples/latest (4m56s)

@nikpivkin
Copy link
Contributor Author

@simar7 On my machine, the tests run in 2 minutes. Would increasing timeout help? If not, the problem must be related to something else.

@nikpivkin
Copy link
Contributor Author

@simar7 Another option is to use trivy binary and run tests in matrix for 3 versions: 0.57.1 (the version in which bundle v1 support was added), latest and canary.

@nikpivkin nikpivkin force-pushed the test/it-testcontainers branch from a03633f to 3ad7a55 Compare February 28, 2025 09:34
@simar7
Copy link
Member

simar7 commented Mar 1, 2025

@simar7 On my machine, the tests run in 2 minutes. Would increasing timeout help? If not, the problem must be related to something else.

I think running in parallel has to do something. After I removed it, it seems to be stable for me.

simar7
simar7 reviewed Mar 1, 2025
View reviewed changes
integration/check_examples_test.go
"/testdata/examples",
}

trivy, err := testcontainer.RunTrivy(ctx, "aquasec/trivy:"+version, args,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to call Terminate() on the testcontainers that we create to properly clean them up?

@nikpivkin
terminate trivy container
61da914 
Signed-off-by: Nikita Pivkin <[email protected]>
@simar7 simar7 self-requested a review March 3, 2025 23:54
@simar7 simar7 added this pull request to the merge queue Mar 3, 2025
Merged via the queue into aquasecurity:main with commit 8e8ab66 Mar 3, 2025
5 checks passed
@nikpivkin nikpivkin deleted the test/it-testcontainers branch March 4, 2025 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikpivkin @simar7