ci: replace docker with quay

stackrox · Dec 20, 2024 · c23ae5c · c23ae5c
1 parent 71cbd4b
commit c23ae5c
Showing 1 changed file with 92 additions and 55 deletions.
diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go
@@ -45,8 +45,10 @@ func init() {
 // Cases which rely on a disabled feature flag are filtered out.
 var testCases = []testCase{
 	{
-		image:                    "ubuntu:16.04",
-		registry:                 "https://registry-1.docker.io",
+		image:                    "quay.io/rhacs-eng/qa:ubuntu-16.04",
+		registry:                 "https://quay.io",
+		username:                 os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                 os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                   "NVD",
 		onlyCheckSpecifiedVulns:  true,
 		checkProvidedExecutables: true,
@@ -91,8 +93,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:     "docker.io/library/nginx:1.10",
-		registry:  "https://registry-1.docker.io",
+		image:     "quay.io/rhacs-eng/qa:nginx-1.10",
+		registry:  "https://quay.io",
+		username:  os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:  os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:    "NVD",
 		namespace: "debian:8",
 		expectedFeatures: []apiV1.Feature{
@@ -102,7 +106,7 @@ var testCases = []testCase{
 				VersionFormat:   "dpkg",
 				Version:         "1:3.3-1",
 				Vulnerabilities: nil,
-				AddedBy:         "sha256:6d827a3ef358f4fa21ef8251f95492e667da826653fd43641cef5a877dc03a70",
+				AddedBy:         "sha256:b87f0972440570029cb139e9ea513c3b9aad24cc0051d7c50226dd7f345af109",
 			},
 			{
 				Name:          "coreutils",
@@ -160,13 +164,15 @@ var testCases = []testCase{
 						},
 					},
 				},
-				AddedBy: "sha256:6d827a3ef358f4fa21ef8251f95492e667da826653fd43641cef5a877dc03a70",
+				AddedBy: "sha256:b87f0972440570029cb139e9ea513c3b9aad24cc0051d7c50226dd7f345af109",
 			},
 		},
 	},
 	{
-		image:                    "docker.io/kaizheh/apache-struts2-cve-2017-5638:latest",
-		registry:                 "https://registry-1.docker.io",
+		image:                    "quay.io/rhacs-eng/qa:kaizheh-apache-struts2-cve-2017-5638-latest",
+		registry:                 "https://quay.io",
+		username:                 os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                 os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                   "NVD",
 		checkProvidedExecutables: true,
 		namespace:                "debian:8",
@@ -530,14 +536,16 @@ var testCases = []testCase{
 						FixedBy: "1.0.9.8.6",
 					},
 				},
-				AddedBy: "sha256:9f0706ba7422412cd468804fee456786f88bed94bf9aea6dde2a47f770d19d27",
+				AddedBy: "sha256:a725810793221ffd6cc25a40bf9439d1bc10605735ca4da28af1e712ab8420de",
 				FixedBy: "1.0.9.8.6",
 			},
 		},
 	},
 	{
-		image:     "docker.io/anchore/anchore-engine:v0.5.0",
-		registry:  "https://registry-1.docker.io",
+		image:     "quay.io/rhacs-eng/qa:anchore-anchore-engine-v0.5.0",
+		registry:  "https://quay.io",
+		username:  os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:  os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:    "Red Hat",
 		namespace: "centos:7",
 		// This image is older than June 2020, so we need to explicitly request for an uncertified scan.
@@ -1004,7 +1012,7 @@ var testCases = []testCase{
 						},
 					},
 				},
-				AddedBy: "sha256:c8d67acdb2ffaebd638cf55a8fccc63693211060670aa7f0ea1d65b5d2c674dd",
+				AddedBy: "sha256:3a7df7a31d0379653de0a8eb812af69dbaa65e84e6dfa8da0162d23a2da5b26d",
 			},
 		},
 	},
@@ -2491,8 +2499,11 @@ var testCases = []testCase{
 	// Verify digest-based scanning and also a v1 versioned image
 	// This image result has two layers with the same digests, so it checks a duplicate layer case
 	{
-		image:           "docker.io/richxsl/rhel7@sha256:8f3aae325d2074d2dc328cb532d6e7aeb0c588e15ddf847347038fe0566364d6",
-		registry:        "https://registry-1.docker.io",
+		// quay.io/rhacs-eng/qa:richxsl-rhel7-sha256-8f3aae325d2074d2dc328cb532d6e7aeb0c588e15ddf847347038fe0566364d6
+		image:           "quay.io/rhacs-eng/qa@sha256:092233f7907ea86d4480a2b3fd82fb836f518b9bff48aa9a73463fab4af40f65",
+		registry:        "https://quay.io",
+		username:        os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:        os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:          "NVD",
 		uncertifiedRHEL: true,
 		namespace:       "centos:7",
@@ -2502,7 +2513,7 @@ var testCases = []testCase{
 				NamespaceName: "centos:7",
 				VersionFormat: "rpm",
 				Version:       "1.4.1-5.el7",
-				AddedBy:       "sha256:1de5db95c59529b8423a336fac27e0bf8a9f4fced0fcc32377c9170ab481a8e9",
+				AddedBy:       "sha256:17b2a618d73663dfbfc53ad5b0d74894ce659b6685d12301e13d2cebfa454b39",
 			},
 		},
 	},
@@ -2523,8 +2534,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:                    "alpine:3.13.0",
-		registry:                 "https://registry-1.docker.io",
+		image:                    "quay.io/rhacs-eng/qa:alpine-3.13.0",
+		registry:                 "https://quay.io",
+		username:                 os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                 os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                   "NVD",
 		onlyCheckSpecifiedVulns:  true,
 		namespace:                "alpine:v3.13",
@@ -2585,7 +2598,7 @@ var testCases = []testCase{
 						FixedBy: "2.12.6-r0",
 					},
 				},
-				AddedBy: "sha256:596ba82af5aaa3e2fd9d6f955b8b94f0744a2b60710e3c243ba3e4a467f051d1",
+				AddedBy: "sha256:9c4afaba1fb00d8f884dad50e7fd333196cbb2e03734c5b34bbcbfc5e38a9387",
 				FixedBy: "2.12.6-r0",
 				Executables: []*v1.Executable{
 					{
@@ -2639,7 +2652,7 @@ var testCases = []testCase{
 						FixedBy: "1.32.1-r4",
 					},
 				},
-				AddedBy: "sha256:596ba82af5aaa3e2fd9d6f955b8b94f0744a2b60710e3c243ba3e4a467f051d1",
+				AddedBy: "sha256:9c4afaba1fb00d8f884dad50e7fd333196cbb2e03734c5b34bbcbfc5e38a9387",
 				FixedBy: "1.32.1-r9",
 				Executables: []*v1.Executable{
 					{
@@ -2675,8 +2688,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:                   "alpine:3.14.0",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:alpine-3.14.0",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "alpine:v3.14",
@@ -2712,22 +2727,24 @@ var testCases = []testCase{
 						FixedBy: "2.12.6-r0",
 					},
 				},
-				AddedBy: "sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b",
+				AddedBy: "sha256:27d926d71d0bbab9c30ef1caf3f631514971f7c7c9435f6ac7967ea0d1705e22",
 				FixedBy: "2.12.6-r0",
 			},
 			{
 				Name:          "busybox",
 				NamespaceName: "alpine:v3.14",
 				VersionFormat: "apk",
 				Version:       "1.33.1-r2",
-				AddedBy:       "sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b",
+				AddedBy:       "sha256:27d926d71d0bbab9c30ef1caf3f631514971f7c7c9435f6ac7967ea0d1705e22",
 				FixedBy:       "1.33.1-r7",
 			},
 		},
 	},
 	{
-		image:                   "alpine:3.15.0",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:alpine-3.15.0",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "alpine:v3.15",
@@ -2737,21 +2754,23 @@ var testCases = []testCase{
 				NamespaceName: "alpine:v3.15",
 				VersionFormat: "apk",
 				Version:       "2.12.7-r3",
-				AddedBy:       "sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3",
+				AddedBy:       "sha256:f4a33864689e6fb2f052728abdf9e2ca75d28ee36cfafe0bda5b98efdea5772d",
 			},
 			{
 				Name:          "busybox",
 				NamespaceName: "alpine:v3.15",
 				VersionFormat: "apk",
 				Version:       "1.34.1-r3",
-				AddedBy:       "sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3",
+				AddedBy:       "sha256:f4a33864689e6fb2f052728abdf9e2ca75d28ee36cfafe0bda5b98efdea5772d",
 				FixedBy:       "1.34.1-r5",
 			},
 		},
 	},
 	{
-		image:                   "alpine:3.16.0",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:alpine-3.16.0",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "alpine:v3.16",
@@ -2834,8 +2853,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:                   "alpine:3.17.0",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:alpine-3.17.0",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "alpine:v3.17",
@@ -2845,7 +2866,7 @@ var testCases = []testCase{
 				NamespaceName: "alpine:v3.17",
 				VersionFormat: "apk",
 				Version:       "2.12.10-r1",
-				AddedBy:       "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715",
+				AddedBy:       "sha256:2815b02d45841c8d883e7b46b390e60fdfed11a471cccc85254595147e8e4588",
 			},
 		},
 	},
@@ -2917,8 +2938,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:     "docker.io/anchore/anchore-engine:v0.9.4",
-		registry:  "https://registry-1.docker.io",
+		image:     "quay.io/rhacs-eng/qa:anchore-anchore-engine-v0.9.4",
+		registry:  "https://quay.io",
+		username:  os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:  os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:    "NVD",
 		namespace: "rhel:8",
 		unexpectedFeatures: []apiV1.Feature{
@@ -2929,8 +2952,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:     "elastic/logstash:7.13.3",
-		registry:  "https://registry-1.docker.io",
+		image:     "quay.io/rhacs-eng/qa:elastic-logstash-7.13.3",
+		registry:  "https://quay.io",
+		username:  os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:  os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:    "NVD",
 		namespace: "centos:7",
 		expectedFeatures: []apiV1.Feature{
@@ -3055,7 +3080,7 @@ var testCases = []testCase{
 						FixedBy: "2.12.3",
 					},
 				},
-				AddedBy:  "sha256:c46de89b745ad8ba4400323d4ebc230a4b88cbbdbc92a862c92a743478abd617",
+				AddedBy:  "sha256:477d0b4ccc14566aec80c3360aba6c84208c9d337727434c3914bd87b023dab3",
 				Location: "usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-6.0.10-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.10/logstash-input-tcp-6.0.10.jar:log4j-core",
 				FixedBy:  "2.12.4",
 			},
@@ -3157,7 +3182,7 @@ var testCases = []testCase{
 						FixedBy: "2.17.0",
 					},
 				},
-				AddedBy:  "sha256:c46de89b745ad8ba4400323d4ebc230a4b88cbbdbc92a862c92a743478abd617",
+				AddedBy:  "sha256:477d0b4ccc14566aec80c3360aba6c84208c9d337727434c3914bd87b023dab3",
 				Location: "usr/share/logstash/logstash-core/lib/jars/log4j-core-2.14.0.jar",
 				FixedBy:  "2.17.1",
 			},
@@ -3253,8 +3278,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:     "docker.io/busybox:1.35.0",
-		registry:  "https://registry-1.docker.io",
+		image:     "quay.io/rhacs-eng/qa:busybox-1.35.0",
+		registry:  "https://quay.io",
+		username:  os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:  os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:    "NVD",
 		namespace: "busybox:1.35.0",
 	},
@@ -3391,8 +3418,10 @@ var testCases = []testCase{
 		},
 	},
 	{
-		image:                   "ubuntu:22.04@sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:ubuntu-22.04-sha256-cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "ubuntu:22.04",
@@ -3402,20 +3431,22 @@ var testCases = []testCase{
 				NamespaceName: "ubuntu:22.04",
 				VersionFormat: "dpkg",
 				Version:       "3.118ubuntu5",
-				AddedBy:       "sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0",
+				AddedBy:       "sha256:a0c79b13a593669e6152d94cfd64931dfe9fc897bc6507dfb4ae7fe57cd6e7ae",
 			},
 			{
 				Name:          "apt",
 				NamespaceName: "ubuntu:22.04",
 				VersionFormat: "dpkg",
 				Version:       "2.4.5",
-				AddedBy:       "sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0",
+				AddedBy:       "sha256:a0c79b13a593669e6152d94cfd64931dfe9fc897bc6507dfb4ae7fe57cd6e7ae",
 			},
 		},
 	},
 	{
-		image:                   "ubuntu:22.10@sha256:4f9ec2c0aa321966bfe625bc485aa1d6e96549679cfdf98bb404dfcb8e141a7f",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:ubuntu-22.10-sha256-4f9ec2c0aa321966bfe625bc485aa1d6e96549679cfdf98bb404dfcb8e141a7f",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "ubuntu:22.10",
@@ -4099,8 +4130,10 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 		},
 	},
 	{
-		image:                   "alpine:3.18.3",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:alpine-3.18.3",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "alpine:v3.18",
@@ -4110,13 +4143,15 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 				NamespaceName: "alpine:v3.18",
 				VersionFormat: "apk",
 				Version:       "2.14.0-r2",
-				AddedBy:       "sha256:7264a8db6415046d36d16ba98b79778e18accee6ffa71850405994cffa9be7de",
+				AddedBy:       "sha256:97d7b294855ea22919bd873ce14c0bde0ba6702a2324133153d589153d96bd93",
 			},
 		},
 	},
 	{
-		image:                   "debian:12.0",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:debian-12.0",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		onlyCheckSpecifiedVulns: true,
 		namespace:               "debian:12",
@@ -4167,8 +4202,10 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 		},
 	},
 	{
-		image:                   "nginx:1.25.0-alpine",
-		registry:                "https://registry-1.docker.io",
+		image:                   "quay.io/rhacs-eng/qa:nginx-1.25.0-alpine",
+		registry:                "https://quay.io",
+		username:                os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"),
+		password:                os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"),
 		source:                  "NVD",
 		namespace:               "alpine:v3.17",
 		onlyCheckSpecifiedVulns: true,
@@ -4205,7 +4242,7 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 					},
 				},
 				FixedBy: "1.8.7-r0",
-				AddedBy: "sha256:4aacde79cec42c8d0c5886185e70a16b107ae8c6b1a67d63d6efdb6d6978ed97",
+				AddedBy: "sha256:8ba39c19cf5d314e89905dfbfe4100fb747ecee0cba4a16104f4c3d904b22f21",
 			},
 			{
 				Name:          "nghttp2",
@@ -4239,7 +4276,7 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 					},
 				},
 				FixedBy: "1.51.0-r2",
-				AddedBy: "sha256:4aacde79cec42c8d0c5886185e70a16b107ae8c6b1a67d63d6efdb6d6978ed97",
+				AddedBy: "sha256:8ba39c19cf5d314e89905dfbfe4100fb747ecee0cba4a16104f4c3d904b22f21",
 			},
 		},
 	},