Skip to content

Commit f87dcd7

Browse files
dacoburndacoburn
committed
fix: smoke test passes only when trivy is not available (temporary removal assessment)
1 parent f13ad16 commit f87dcd7

File tree

1 file changed

+25
-2
lines changed

1 file changed

+25
-2
lines changed

scripts/smoke-test-docker.sh

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,18 +13,22 @@ BUILD_PROGRESS="${SMOKE_TEST_BUILD_PROGRESS:-}"
1313
MAIN_TOOLS=(
1414
"socket-basics -h"
1515
"command -v socket"
16-
"trivy --version"
1716
"trufflehog --version"
1817
"opengrep --version"
1918
)
2019

2120
APP_TESTS_TOOLS=(
22-
"trivy --version"
2321
"trufflehog --version"
2422
"opengrep --version"
2523
"command -v socket"
2624
)
2725

26+
# TEMPORARY: trivy is being removed to assess impact. These checks FAIL if the
27+
# tool is still present in the image — ensures removal is complete.
28+
MUST_NOT_EXIST_TOOLS=(
29+
"trivy"
30+
)
31+
2832
usage() {
2933
echo "Usage: $0 [--image-tag TAG] [--app-tests] [--skip-build] [--check-set main|app-tests] [--build-progress MODE]"
3034
echo " --skip-build: skip docker build; verify tools in a pre-built image"
@@ -104,6 +108,22 @@ run_checks() {
104108
done
105109
}
106110

111+
# TEMPORARY: verify tools have been fully removed from the image.
112+
# Fails if any tool in the list is still present.
113+
run_must_not_exist_checks() {
114+
local tag="$1"
115+
shift
116+
local tools=("$@")
117+
for tool in "${tools[@]}"; do
118+
if docker run --rm --entrypoint /bin/sh "$tag" -c "command -v $tool" > /dev/null 2>&1; then
119+
echo " FAIL: $tool is still present in the image (expected removal)"
120+
return 1
121+
else
122+
echo " OK: $tool not found (removal confirmed)"
123+
fi
124+
done
125+
}
126+
107127
cd "$REPO_ROOT"
108128

109129
if $SKIP_BUILD; then
@@ -116,6 +136,7 @@ if $SKIP_BUILD; then
116136
else
117137
run_checks "$IMAGE_TAG" "${MAIN_TOOLS[@]}"
118138
fi
139+
run_must_not_exist_checks "$IMAGE_TAG" "${MUST_NOT_EXIST_TOOLS[@]}"
119140
else
120141
# ── Normal mode: build then verify ────────────────────────────────────────
121142
echo "==> Build main image"
@@ -129,6 +150,7 @@ else
129150

130151
echo "==> Verify tools in main image"
131152
run_checks "$IMAGE_TAG" "${MAIN_TOOLS[@]}"
153+
run_must_not_exist_checks "$IMAGE_TAG" "${MUST_NOT_EXIST_TOOLS[@]}"
132154

133155
if $RUN_APP_TESTS; then
134156
echo "==> Build app_tests image"
@@ -141,6 +163,7 @@ else
141163

142164
echo "==> Verify tools in app_tests image"
143165
run_checks "$APP_TESTS_IMAGE_TAG" "${APP_TESTS_TOOLS[@]}"
166+
run_must_not_exist_checks "$APP_TESTS_IMAGE_TAG" "${MUST_NOT_EXIST_TOOLS[@]}"
144167
fi
145168
fi
146169

0 commit comments

Comments
 (0)