#!/usr/bin/env bash set -euo pipefail # Smoke tests for Trivy compatibility and OCI distribution for Export Center. ROOT=${ROOT:-$(cd "$(dirname "$0")/../.." && pwd)} ARTifacts=${ARTifacts:-$ROOT/out/export-smoke} mkdir -p "$ARTifacts" # 1) Trivy DB import compatibility TRIVY_VERSION="0.52.2" TRIVY_BIN="$ARTifacts/trivy" if [[ ! -x "$TRIVY_BIN" ]]; then curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" -o "$ARTifacts/trivy.tgz" tar -xzf "$ARTifacts/trivy.tgz" -C "$ARTifacts" trivy fi "$TRIVY_BIN" module db import --help > "$ARTifacts/trivy-import-help.txt" # 2) OCI distribution check (local registry) REGISTRY_PORT=${REGISTRY_PORT:-5005} REGISTRY_DIR="$ARTifacts/registry" mkdir -p "$REGISTRY_DIR" podman run --rm -d -p "${REGISTRY_PORT}:5000" --name export-registry -v "$REGISTRY_DIR":/var/lib/registry registry:2 trap 'podman rm -f export-registry >/dev/null 2>&1 || true' EXIT sleep 2 echo '{"schemaVersion":2,"manifests":[]}' > "$ARTifacts/empty-index.json" DIGEST=$(sha256sum "$ARTifacts/empty-index.json" | awk '{print $1}') mkdir -p "$ARTifacts/blobs/sha256" cp "$ARTifacts/empty-index.json" "$ARTifacts/blobs/sha256/$DIGEST" # Push blob and manifest via curl cat > "$ARTifacts/manifest.json" < "$ARTifacts/result.txt"