grype: cleanup test skipping (be9fcbf7) · Commits · nix / nixpkgs

pkgs/by-name/gr/grype/0001-test_helpers-redact-support-nix.patch

0 → 100644

+35 −0

Original line number	Diff line number	Diff line
		diff --git a/grype/presenter/internal/test_helpers.go b/grype/presenter/internal/test_helpers.go
		index 2bfafbc2..6e70ed87 100644
		--- a/grype/presenter/internal/test_helpers.go
		+++ b/grype/presenter/internal/test_helpers.go
		@@ -1,6 +1,7 @@
		package internal

		import (
		+ "os"
		"regexp"
		"testing"

		@@ -92,8 +93,21 @@ func Redact(s []byte) []byte {
		cycloneDxBomRefPattern := regexp.MustCompile(`[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`)
		tempDirPattern := regexp.MustCompile(`/tmp/[^"]+`)
		macTempDirPattern := regexp.MustCompile(`/var/folders/[^"]+`)
		+ // nix build dir isn't always /build so we'll identify it by $TMP
		+ nixDir := os.Getenv("TMP")
		+ if nixDir == "" {
		+ panic("missing $TMP for identifying nix build dir")
		+ }
		+ end := regexp.QuoteMeta(nixDir)
		+ pattern := `[^"]+`
		+ // add slash prefix to pattern only if required
		+ // don't use strings lib to reduce chance of merge conflicts above
		+ if end[len(end)-1] != '/' {
		+ pattern = "/" + pattern
		+ }
		+ nixBuildDirPattern := regexp.MustCompile(end + pattern)

		- for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, refPattern, uuidPattern, cycloneDxBomRefPattern, tempDirPattern, macTempDirPattern} {
		+ for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, refPattern, uuidPattern, cycloneDxBomRefPattern, tempDirPattern, macTempDirPattern, nixBuildDirPattern} {
		s = pattern.ReplaceAll(s, []byte(""))
		}
		return s

pkgs/by-name/gr/grype/package.nix

+39 −45

Original line number	Diff line number	Diff line
		@@ -14,6 +14,9 @@ buildGoModule (finalAttrs: {
		pname = "grype";
		version = "0.111.1";

		# required for tests
		__darwinAllowLocalNetworking = true;

		src = fetchFromGitHub {
		owner = "anchore";
		repo = "grype";
		@@ -35,6 +38,12 @@ buildGoModule (finalAttrs: {

		vendorHash = "sha256-rsdZt+xKjIJpWS5pYx8A+ryY1D2WIKquKjsQBkxToUQ=";

		patches = [
		# several test golden files have unstable paths based on the platform
		# this patch adjusts the `Redact` helper to also work for builds by nix.
		./0001-test_helpers-redact-support-nix.patch
		];

		nativeBuildInputs = [ installShellFiles ];

		nativeCheckInputs = [
		@@ -73,53 +82,38 @@ buildGoModule (finalAttrs: {

		# patch utility script
		patchShebangs grype/db/v5/distribution/testdata/tls/generate-x509-cert-pair.sh

		# FIXME: these tests fail when building with Nix
		substituteInPlace test/cli/config_test.go \
		--replace-fail "Test_configLoading" "Skip_configLoading"
		substituteInPlace test/cli/db_providers_test.go \
		--replace-fail "TestDBProviders" "SkipDBProviders"
		substituteInPlace grype/presenter/cyclonedx/presenter_test.go \
		--replace-fail "TestCycloneDxPresenterDir" "SkipCycloneDxPresenterDir" \
		--replace-fail "Test_CycloneDX_Valid" "Skip_CycloneDX_Valid"

		# remove tests that depend on docker
		substituteInPlace test/cli/cmd_test.go \
		--replace-fail "TestCmd" "SkipCmd"
		substituteInPlace grype/pkg/provider_test.go \
		--replace-fail "TestSyftLocationExcludes" "SkipSyftLocationExcludes"
		substituteInPlace test/cli/cmd_test.go \
		--replace-fail "Test_descriptorNameAndVersionSet" "Skip_descriptorNameAndVersionSet"

		# remove tests that depend on git
		substituteInPlace test/cli/db_validations_test.go \
		--replace-fail "TestDBValidations" "SkipDBValidations"
		substituteInPlace test/cli/registry_auth_test.go \
		--replace-fail "TestRegistryAuth" "SkipRegistryAuth"
		substituteInPlace test/cli/sbom_input_test.go \
		--replace-fail "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \
		--replace-fail "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument"
		substituteInPlace test/cli/subprocess_test.go \
		--replace-fail "TestSubprocessStdin" "SkipSubprocessStdin"
		substituteInPlace grype/internal/packagemetadata/names_test.go \
		--replace-fail "TestAllNames" "SkipAllNames"
		substituteInPlace test/cli/version_cmd_test.go \
		--replace-fail "TestVersionCmdPrintsToStdout" "SkipVersionCmdPrintsToStdout"
		substituteInPlace grype/presenter/sarif/presenter_test.go \
		--replace-fail "Test_SarifIsValid" "SkipTest_SarifIsValid"
		substituteInPlace test/cli/config_test.go \
		--replace-fail "Test_dpkgUseCPEsForEOLEnvVar" "SkipTest_dpkgUseCPEsForEOLEnvVar" \
		--replace-fail "Test_rpmUseCPEsForEOLEnvVar" "SkipTest_rpmUseCPEsForEOLEnvVar"

		# May fail on NixOS, probably due bug in how syft handles tmpfs.
		# See https://github.com/anchore/grype/issues/1822
		substituteInPlace grype/distro/distro_test.go \
		--replace-fail "Test_NewDistroFromRelease_Coverage" "SkipTest_NewDistroFromRelease_Coverage"

		# segfault
		rm grype/db/v5/namespace/cpe/namespace_test.go
		'';

		checkFlags =
		let
		skippedTests = [
		# depend on docker
		"TestCmd"
		"TestSyftLocationExcludes"
		"Test_descriptorNameAndVersionSet"
		# depend on .git
		"Test_configLoading"
		"TestDBProviders"
		"TestDBValidations"
		"TestRegistryAuth"
		"TestRegistryAuthRedactions"
		"TestSBOMInput_FromStdin"
		"TestSBOMInput_AsArgument"
		"TestSubprocessStdin"
		"TestAllNames"
		"TestVersionCmdPrintsToStdout"
		"Test_SarifIsValid"
		"Test_dpkgUseCPEsForEOLEnvVar"
		"Test_rpmUseCPEsForEOLEnvVar"
		]
		++ lib.optionals stdenv.isDarwin [
		# fails to generate x509 certificate
		# cat: /etc/ssl/openssl.cnf: Operation not permitted
		"Test_defaultHTTPClientHasCert"
		];
		in
		[ "-skip=^${builtins.concatStringsSep "$\|^" skippedTests}$" ];

		postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
		installShellCompletion --cmd grype \
		--bash <($out/bin/grype completion bash) \