stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

work

Browse Source
This commit is contained in:
StellaOps Bot
2025-11-23 23:40:10 +02:00
parent c13355923f
commit 029002ad05
93 changed files with 2160 additions and 285 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
ops/devops/export/trivy-smoke.sh Normal file
View File

@@ -0,0 +1,51 @@
#!/usr/bin/env bash
set -euo pipefail
# Smoke tests for Trivy compatibility and OCI distribution for Export Center.
ROOT=${ROOT:-$(cd "$(dirname "$0")/../.." && pwd)}
ARTifacts=${ARTifacts:-$ROOT/out/export-smoke}
mkdir -p "$ARTifacts"
# 1) Trivy DB import compatibility
TRIVY_VERSION="0.52.2"
TRIVY_BIN="$ARTifacts/trivy"
if [[ ! -x "$TRIVY_BIN" ]]; then
curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -o "$ARTifacts/trivy.tgz"
tar -xzf "$ARTifacts/trivy.tgz" -C "$ARTifacts" trivy
fi
"$TRIVY_BIN" module db import --help > "$ARTifacts/trivy-import-help.txt"
# 2) OCI distribution check (local registry)
REGISTRY_PORT=${REGISTRY_PORT:-5005}
REGISTRY_DIR="$ARTifacts/registry"
mkdir -p "$REGISTRY_DIR"
podman run --rm -d -p "${REGISTRY_PORT}:5000" --name export-registry -v "$REGISTRY_DIR":/var/lib/registry registry:2
trap 'podman rm -f export-registry >/dev/null 2>&1 || true' EXIT
sleep 2
echo '{"schemaVersion":2,"manifests":[]}' > "$ARTifacts/empty-index.json"
DIGEST=$(sha256sum "$ARTifacts/empty-index.json" | awk '{print $1}')
mkdir -p "$ARTifacts/blobs/sha256"
cp "$ARTifacts/empty-index.json" "$ARTifacts/blobs/sha256/$DIGEST"
# Push blob and manifest via curl
cat > "$ARTifacts/manifest.json" <<JSON
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"size": 2,
"digest": "sha256:d4735e3a265e16eee03f59718b9b5d03d68c8ffa19c2f8f71b66e08d6c6f2c1a"
},
"layers": []
}
JSON
MAN_DIGEST=$(sha256sum "$ARTifacts/manifest.json" | awk '{print $1}')
curl -sSf -X PUT "http://localhost:${REGISTRY_PORT}/v2/export-smoke/blobs/uploads/" -H 'Content-Length: 0' -o "$ARTifacts/upload-location.txt"
UPLOAD_URL=$(cat "$ARTifacts/upload-location.txt" | tr -d '\r\n')
curl -sSf -X PUT "${UPLOAD_URL}?digest=sha256:${MAN_DIGEST}" --data-binary "@$ARTifacts/manifest.json"
curl -sSf "http://localhost:${REGISTRY_PORT}/v2/export-smoke/manifests/sha256:${MAN_DIGEST}" -o "$ARTifacts/manifest.pull.json"
echo "trivy smoke + oci registry ok" > "$ARTifacts/result.txt"