Add tests for SBOM generation determinism across multiple formats

- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 18:56:12 +02:00
parent 7ac70ece71
commit 5590a99a1a
381 changed files with 21071 additions and 14678 deletions
--- a/src/Scheduler/__Tests/StellaOps.Scheduler.WebService.Tests/GraphJobServiceTests.cs
+++ b/src/Scheduler/__Tests/StellaOps.Scheduler.WebService.Tests/GraphJobServiceTests.cs
@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Threading;
 using System.Threading.Tasks;
 using StellaOps.Scheduler.Models;
@@ -130,6 +131,47 @@ public sealed class GraphJobServiceTests
        Assert.Equal("oras://cartographer/bundle-v2", resultUri);
    }

+    [Fact]
+    public async Task CreateBuildJob_NormalizesSbomDigest()
+    {
+        var store = new TrackingGraphJobStore();
+        var clock = new FixedClock(FixedTime);
+        var publisher = new RecordingPublisher();
+        var webhook = new RecordingWebhookClient();
+        var service = new GraphJobService(store, clock, publisher, webhook);
+
+        var request = new GraphBuildJobRequest
+        {
+            SbomId = "sbom-alpha",
+            SbomVersionId = "sbom-alpha-v1",
+            SbomDigest = "  SHA256:" + new string('A', 64) + "  ",
+        };
+
+        var created = await service.CreateBuildJobAsync("tenant-alpha", request, CancellationToken.None);
+        Assert.Equal("sha256:" + new string('a', 64), created.SbomDigest);
+    }
+
+    [Fact]
+    public async Task CreateBuildJob_RejectsDigestWithoutPrefix()
+    {
+        var store = new TrackingGraphJobStore();
+        var clock = new FixedClock(FixedTime);
+        var publisher = new RecordingPublisher();
+        var webhook = new RecordingWebhookClient();
+        var service = new GraphJobService(store, clock, publisher, webhook);
+
+        var request = new GraphBuildJobRequest
+        {
+            SbomId = "sbom-alpha",
+            SbomVersionId = "sbom-alpha-v1",
+            SbomDigest = new string('a', 64),
+        };
+
+        var ex = await Assert.ThrowsAsync<ValidationException>(
+            async () => await service.CreateBuildJobAsync("tenant-alpha", request, CancellationToken.None));
+        Assert.Contains("sha256:", ex.Message, StringComparison.Ordinal);
+    }
+
    private static GraphBuildJob CreateBuildJob()
    {
        var digest = "sha256:" + new string('a', 64);