Improve test setup for triage process (#1)

Containerfile

@@ -1,4 +1,4 @@
-FROM debian:trixie
+FROM docker.io/library/debian:trixie
 
 ENV PGHOST glvd
 ENV PGPORT 5432

README.md

@@ -4,7 +4,7 @@ Utility to add CVE context information to GLVD.
 
 Data is maintained [here](https://github.com/gardenlinux/glvd-triage-data) in yaml files.
 
-## usage:
+## usage
 
 Download the [glvd-triage.sh script](https://raw.githubusercontent.com/gardenlinux/glvd-triage-cli/refs/heads/main/glvd-triage.sh), for example like this:
 
@@ -13,3 +13,14 @@ mkdir -p ~/bin
 wget --output-document ~/bin/glvd-triage https://raw.githubusercontent.com/gardenlinux/glvd-triage-cli/refs/heads/main/glvd-triage.sh
 chmod +x ~/bin/glvd-triage
 ```
+
+## tests
+
+This repo contains tets as a [compose file](https://compose-spec.io).
+This setup allows to quickly iterate based on defined data.
+
+To run the tests:
+
+* Setup podman compose to use the `docker-compose` binary
+* Create a (gitignored) `github-pat.txt` file in this directory and put your own PAT there
+* Run `test.sh`

asserts-entrypoint.sh

@@ -5,11 +5,28 @@ chmod 0600 ~/.pgpass
 
 # todo(fwilhe): better assertions, more stable and useful test data
 
-psql -c "select * from public.cve_context where create_date > now() - interval '1 day';" glvd > /tmp/results.txt
+if [ "pre" == "$1" ]; then
+    psql -c "select * from public.cve_context where create_date > now() - interval '1 day';" glvd > /tmp/results.txt
+    cat /tmp/results.txt
+    wc -l /tmp/results.txt
+    # Assert CVEs are not triaged
+    if grep -q -E 'CVE-2024-53142|CVE-2024-53141|CVE-2024-50106|CVE-2024-56201' /tmp/results.txt; then
+        echo fail
+        exit 1
+    else
+        echo "ok"
+    fi
+fi
 
-if grep -q -E 'CVE-2024-10979|CVE-2024-10977|CVE-2024-10978|CVE-2024-53051' /tmp/results.txt; then
-    echo "ok"
-else
-    echo fail
-    exit 1
+if [ "post" == "$1" ]; then
+    psql -c "select * from public.cve_context where create_date > now() - interval '1 day';" glvd > /tmp/results.txt
+    cat /tmp/results.txt
+    wc -l /tmp/results.txt
+    # Assert CVEs are triaged
+    if grep -q -E 'CVE-2024-53142|CVE-2024-53141|CVE-2024-50106|CVE-2024-56201' /tmp/results.txt; then
+        echo "ok"
+    else
+        echo fail
+        exit 1
+    fi
 fi

asserts.Containerfile

@@ -1,4 +1,4 @@
-FROM debian:trixie
+FROM docker.io/library/debian:trixie
 
 ENV PGHOST glvd
 ENV PGPORT 5432

compose.yaml

@@ -30,17 +30,31 @@ services:
     environment:
       PGHOST: glvd-postgres
 
+  glvd-triage-assert-pre:
+    build:
+      dockerfile: ./asserts.Containerfile
+    networks:
+      - glvd-triage-IT
+    depends_on:
+      glvd-init:
+        condition: service_completed_successfully
+        restart: false
+    environment:
+      PGHOST: glvd-postgres
+    command: pre
+
   glvd-triage:
     build:
       dockerfile: ./Containerfile
     networks:
       - glvd-triage-IT
     depends_on:
-      glvd-init:
+      glvd-triage-assert-pre:
         condition: service_completed_successfully
         restart: false
     environment:
       PGHOST: glvd-postgres
+      GLVD_TRIAGE_FILE: 2025-01-10.yaml
     secrets:
       - github_pat
 
@@ -55,6 +69,7 @@ services:
         restart: false
     environment:
       PGHOST: glvd-postgres
+    command: post
 
 networks:
   glvd-triage-IT: {}

entrypoint.sh

@@ -12,7 +12,6 @@ if [[ $PAT == "NOT_SET" ]]; then
     fi
 fi
 
-
 git clone --depth=1 https://"$PAT"@github.com/gardenlinux/glvd-triage-data /data/
 
 python3 /cli.py > /triage.sql

test.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+podman compose up --build --force-recreate