From f24ed4443a7726c59b67fbedd625e00dcc64f01a Mon Sep 17 00:00:00 2001 From: Philippe Scorsolini Date: Fri, 15 Nov 2024 14:36:51 +0100 Subject: [PATCH] tests: ignore also image-configs manifests from renovate Signed-off-by: Philippe Scorsolini --- .github/renovate.json5 | 4 +++- test/e2e/pkg_test.go | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 57bdb5e885d..6c9bd6e00f7 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -22,8 +22,10 @@ 'design/**', // We test upgrades, so leave it on an older version on purpose. "test/e2e/manifests/pkg/provider/provider-initial.yaml", - // Manifests must remain unchanged to ensure the test scenario is not broken. + // We test dependencies' upgrades, manifests must remain unchanged to avoid breaking tests. "test/e2e/manifests/pkg/dependency-upgrade/**", + // We test packages signature verifications also on upgrades, manifests must remain unchanged to avoid breaking tests. + "test/e2e/manifests/pkg/image-config/signature-verification/**" ], postUpdateOptions: [ 'gomodTidy', diff --git a/test/e2e/pkg_test.go b/test/e2e/pkg_test.go index 652faaaeff9..bdd1e66503e 100644 --- a/test/e2e/pkg_test.go +++ b/test/e2e/pkg_test.go @@ -522,6 +522,11 @@ func TestNoDowngrade(t *testing.T) { ) } +// TestImageConfigAuth tests that we can install a private package as a dependency by providing registry pull +// credentials through ImageConfig API. +// The packages used in this test are built and pushed manually and the manifests must remain unchanged to ensure +// the test scenario is not broken. Corresponding meta file can be found at +// test/e2e/manifests/pkg/image-config/authentication/configuration-with-private-dependency/package. func TestImageConfigAuth(t *testing.T) { manifests := "test/e2e/manifests/pkg/image-config/authentication/configuration-with-private-dependency" @@ -562,6 +567,9 @@ func TestImageConfigAuth(t *testing.T) { ) } +// TestImageConfigVerificationWithKey tests that we can verify signature on a configuration when signed with a key. +// The providers used in this test are built and pushed manually with the necessary signatures and attestations, they +// are just a copy of the provider-nop package. func TestImageConfigVerificationWithKey(t *testing.T) { manifests := "test/e2e/manifests/pkg/image-config/signature-verification/with-key" @@ -595,6 +603,9 @@ func TestImageConfigVerificationWithKey(t *testing.T) { ) } +// TestImageConfigVerificationKeyless tests that we can verify signature on a provider when signed keyless. +// The providers used in this test are built and pushed manually with the necessary signatures and attestations, they +// are just a copy of the provider-nop package. func TestImageConfigVerificationKeyless(t *testing.T) { manifests := "test/e2e/manifests/pkg/image-config/signature-verification/keyless" @@ -632,6 +643,10 @@ func TestImageConfigVerificationKeyless(t *testing.T) { ) } +// TestImageConfigAttestationVerificationPrivateKeyless tests that we can verify signature and attestations on a private +// provider when signed keyless. +// The providers used in this test are built and pushed manually with the necessary signatures and attestations, they +// are just a copy of the provider-nop package. func TestImageConfigAttestationVerificationPrivateKeyless(t *testing.T) { manifests := "test/e2e/manifests/pkg/image-config/signature-verification/keyless-private-with-attestation"