Skip to content

Commit

Permalink
Replace live OCI image pull with crane export (chainguard-dev#438)
Browse files Browse the repository at this point in the history
* Replace live OCI image pull with crane export

Signed-off-by: egibs <[email protected]>

* Use .tar.xz; add Makefile target + update test data

Signed-off-by: egibs <[email protected]>

* Install Crane locally; use static digest for image

Signed-off-by: egibs <[email protected]>

* Address PR comments; update refresh script to account for new pattern

Signed-off-by: egibs <[email protected]>

* Update export target name; update binary name to match installation target name

Signed-off-by: egibs <[email protected]>

---------

Signed-off-by: egibs <[email protected]>
  • Loading branch information
egibs authored Sep 11, 2024
1 parent 565ab8a commit 62f3e7b
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 8 deletions.
12 changes: 12 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -123,3 +123,15 @@ clone-samples:
tar -xJvf samples/linux/clean/$$file -C samples/linux/clean; \
done
tar -xJvf samples/macOS/clean/bincapz.xz -C samples/macOS/clean

ARCH ?= $(shell uname -m)
CRANE_VERSION=v0.20.2
out/crane-$(ARCH)-$(CRANE_VERSION):
mkdir -p out
GOBIN=$(CURDIR)/out go install github.com/google/go-containerregistry/cmd/crane@$(CRANE_VERSION)
mv out/crane out/crane-$(ARCH)-$(CRANE_VERSION)

export-image: out/crane-$(ARCH)-$(CRANE_VERSION)
./out/crane-$(ARCH)-$(CRANE_VERSION) \
export \
cgr.dev/chainguard/static:latest@sha256:bde549df44d5158013856a778b34d8972cf52bb2038ec886475d857ec7c365ed - | xz > pkg/action/testdata/static.tar.xz
3 changes: 1 addition & 2 deletions pkg/action/oci_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,9 @@ func TestOCI(t *testing.T) {
IgnoreSelf: false,
MinFileRisk: 0,
MinRisk: 0,
OCI: true,
Renderer: simple,
Rules: yrs,
ScanPaths: []string{"cgr.dev/chainguard/static@sha256:791657dd88dea8c1f9d3779815429f9c681a9a2778fc66dac3fbf550e1f1d9c8"},
ScanPaths: []string{"testdata/static.tar.xz"},
}
res, err := Scan(ctx, bc)
if err != nil {
Expand Down
8 changes: 4 additions & 4 deletions pkg/action/testdata/scan_oci
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# cgr.dev/chainguard/static@sha256:791657dd88dea8c1f9d3779815429f9c681a9a2778fc66dac3fbf550e1f1d9c8 ∴ /etc/profile
# testdata/static.tar.xz ∴ /etc/profile
fs/file/permission/mask/set
persist/bash
persist/shell/init_files
ref/path/etc
ref/path/usr
ref/path/usr/local
# cgr.dev/chainguard/static@sha256:791657dd88dea8c1f9d3779815429f9c681a9a2778fc66dac3fbf550e1f1d9c8 ∴ /var/lib/db/sbom/ca-certificates-bundle-20240705-r0.spdx.json
# testdata/static.tar.xz ∴ /var/lib/db/sbom/ca-certificates-bundle-20240705-r0.spdx.json
net/download
ref/site/url
# cgr.dev/chainguard/static@sha256:791657dd88dea8c1f9d3779815429f9c681a9a2778fc66dac3fbf550e1f1d9c8 ∴ /var/lib/db/sbom/tzdata-2024a-r3.spdx.json
# testdata/static.tar.xz ∴ /var/lib/db/sbom/tzdata-2024b-r0.spdx.json
net/download
ref/site/url
time/tzinfo
# cgr.dev/chainguard/static@sha256:791657dd88dea8c1f9d3779815429f9c681a9a2778fc66dac3fbf550e1f1d9c8 ∴ /var/lib/db/sbom/wolfi-baselayout-20230201-r15.spdx.json
# testdata/static.tar.xz ∴ /var/lib/db/sbom/wolfi-baselayout-20230201-r15.spdx.json
net/download
ref/site/url
Binary file added pkg/action/testdata/static.tar.xz
Binary file not shown.
3 changes: 1 addition & 2 deletions test_data/refresh-testdata.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,8 @@ fi
${bincapz} --format=simple \
--min-risk any \
--min-file-risk any \
--oci \
-o ../pkg/action/testdata/scan_oci \
cgr.dev/chainguard/static@sha256:791657dd88dea8c1f9d3779815429f9c681a9a2778fc66dac3fbf550e1f1d9c8 &
../pkg/action/testdata/static.tar.xz; sed -i.bak 's|\.\.\/pkg\/action\/||g' ../pkg/action/testdata/scan_oci && rm ../pkg/action/testdata/scan_oci.bak &

# diffs don't follow an easy rule
${bincapz} --format=markdown \
Expand Down

0 comments on commit 62f3e7b

Please sign in to comment.