stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Refactor code structure and optimize performance across multiple modules

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-26 20:03:22 +02:00
parent c786faae84
commit b4fc66feb6
3353 changed files with 88254 additions and 1590657 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/CanonicalJsonTests.cs
View File

@@ -3,11 +3,13 @@ using FluentAssertions;
using StellaOps.Provenance.Attestation;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class CanonicalJsonTests
{
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Canonicalizes_property_order_and_omits_nulls()
{
var model = new BuildDefinition(

10
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/CosignAndKmsSignerTests.cs
View File

@@ -7,6 +7,7 @@ using FluentAssertions;
using StellaOps.Provenance.Attestation;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class CosignAndKmsSignerTests
@@ -38,7 +39,8 @@ public class CosignAndKmsSignerTests
public override DateTimeOffset GetUtcNow() => _now;
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task CosignSigner_enforces_required_claims_and_logs()
{
var client = new FakeCosignClient();
@@ -59,7 +61,8 @@ public class CosignAndKmsSignerTests
client.Calls.Should().ContainSingle(call => call.keyRef == "cosign-key" && call.contentType == "application/vnd.dsse");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task CosignSigner_throws_on_missing_required_claim()
{
var client = new FakeCosignClient();
@@ -77,7 +80,8 @@ public class CosignAndKmsSignerTests
audit.Missing.Should().ContainSingle(m => m.claim == "sub");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task KmsSigner_signs_with_current_key_and_logs()
{
var kms = new FakeKmsClient();

7
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/HexTests.cs
View File

@@ -3,17 +3,20 @@ using FluentAssertions;
using StellaOps.Provenance.Attestation;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class HexTests
{
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Parses_even_length_hex()
{
Hex.FromHex("0A0b").Should().BeEquivalentTo(new byte[] { 0x0A, 0x0B });
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Throws_on_odd_length()
{
Action act = () => Hex.FromHex("ABC");

7
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/MerkleTreeTests.cs
View File

@@ -5,13 +5,15 @@ using StellaOps.Cryptography;
using StellaOps.Provenance.Attestation;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class MerkleTreeTests
{
private readonly ICryptoHash _cryptoHash = DefaultCryptoHash.CreateForTests();
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Computes_deterministic_root_for_same_inputs()
{
var leaves = new[]
@@ -27,7 +29,8 @@ public class MerkleTreeTests
root1.Should().BeEquivalentTo(root2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Normalizes_non_hash_leaves()
{
var leaves = new[] { Encoding.UTF8.GetBytes("single") };

7
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/PromotionAttestationBuilderTests.cs
View File

@@ -6,11 +6,13 @@ using StellaOps.Provenance.Attestation;
using StellaOps.Cryptography;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class PromotionAttestationBuilderTests
{
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Produces_canonical_json_for_predicate()
{
var predicate = new PromotionPredicate(
@@ -28,7 +30,8 @@ public class PromotionAttestationBuilderTests
json.Should().Be("{\"ImageDigest\":\"sha256:img\",\"Metadata\":{\"env\":\"prod\",\"region\":\"us-east\"},\"PromotionId\":\"prom-1\",\"RekorEntry\":\"uuid\",\"SbomDigest\":\"sha256:sbom\",\"VexDigest\":\"sha256:vex\"}");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task BuildAsync_adds_predicate_claim_and_signs_payload()
{
var predicate = new PromotionPredicate(

2
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/RotatingSignerTests.cs
View File

@@ -7,6 +7,7 @@ using StellaOps.Provenance.Attestation;
using StellaOps.Cryptography;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public sealed class RotatingSignerTests
@@ -20,6 +21,7 @@ public sealed class RotatingSignerTests
}
#if TRUE
[Trait("Category", TestCategories.Unit)]
[Fact(Skip = "Rotation path covered in Signers unit tests; skipped to avoid predicateType claim enforcement noise")]
public async Task Rotates_to_newest_unexpired_key_and_logs_rotation()
{

7
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/SampleStatementDigestTests.cs
View File

@@ -57,7 +57,8 @@ public class SampleStatementDigestTests
}
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Hashes_match_expected_samples()
{
// Expected hashes using FIPS profile (SHA-256 for attestation purpose)
@@ -69,6 +70,7 @@ public class SampleStatementDigestTests
["orchestrator-statement.json"] = "d79467d03da33d0b8f848d7a340c8cde845802bad7dadcb553125e8553615b28"
};
using StellaOps.TestKit;
foreach (var (name, statement) in LoadSamples())
{
BuildStatementDigest.ComputeHashHex(_cryptoHash, statement)
@@ -77,7 +79,8 @@ public class SampleStatementDigestTests
}
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public void Merkle_root_is_stable_across_sample_set()
{
var statements = LoadSamples().Select(pair => pair.Statement).ToArray();

7
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/SignerTests.cs
View File

@@ -7,11 +7,13 @@ using StellaOps.Provenance.Attestation;
using StellaOps.Cryptography;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class SignerTests
{
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task HmacSigner_is_deterministic_for_same_input()
{
var key = new InMemoryKeyProvider("test-key", Encoding.UTF8.GetBytes("secret"));
@@ -28,7 +30,8 @@ public class SignerTests
audit.Signed.Should().HaveCount(2);
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task HmacSigner_enforces_required_claims()
{
var key = new InMemoryKeyProvider("test-key", Encoding.UTF8.GetBytes("secret"));

7
src/Provenance/__Tests/StellaOps.Provenance.Attestation.Tests/VerificationTests.cs
View File

@@ -5,6 +5,7 @@ using StellaOps.Provenance.Attestation;
using StellaOps.Cryptography;
using Xunit;
using StellaOps.TestKit;
namespace StellaOps.Provenance.Attestation.Tests;
public class VerificationTests
@@ -12,7 +13,8 @@ public class VerificationTests
private const string Payload = "{\"hello\":\"world\"}";
private const string ContentType = "application/json";
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Verifier_accepts_valid_signature()
{
var key = new InMemoryKeyProvider("test-key", Encoding.UTF8.GetBytes("secret"));
@@ -27,7 +29,8 @@ public class VerificationTests
result.Reason.Should().Be("verified");
}
[Fact]
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task Verifier_rejects_tampered_payload()
{
var key = new InMemoryKeyProvider("test-key", Encoding.UTF8.GetBytes("secret"));