Draft
Conversation
Add smoke tests that run against real StackRox Central deployment. Tests verify end-to-end functionality including connection, authentication, and CVE detection with actual scanning. - Add smoke/smoke_test.go with table-driven tests - Add smoke/testdata/vulnerable-deployment.yaml with CVE-2023-32697 - Extract shared test helpers to test_helpers.go for reuse - Update integration_helpers.go to use shared helpers Tests read ROX_ENDPOINT and ROX_PASSWORD from environment variables. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add workflow that runs smoke tests against real StackRox Central on kind. Follows stackrox/jenkins-plugin deployment approach. Workflow: - Creates kind cluster - Deploys StackRox Central via stackrox/deploy/k8s/deploy-local.sh - Waits for Scanner readiness - Deploys vulnerable workload - Runs smoke tests with JUnit output - Uploads results and coverage to Codecov Runs on every PR and push to main. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
❌ 2 Tests Failed:
View the top 2 failed test(s) by shortest run time
To view more test analytics, go to the Test Analytics Dashboard |
E2E Test ResultsCommit: 807a4c3 |
Set CPU and memory requests to 0 to avoid scheduling issues in CI. Add comprehensive log collection on workflow completion for debugging. Logs collected: - All pods status - All events sorted by time - Vulnerable app logs - Central logs - Scanner logs - Pod descriptions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace unavailable custom image with nginx:1.14 which is publicly accessible and has known CVEs for testing. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add blank identifier for ignored Close error in cleanup - Split long function signature across multiple lines Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Generate proper API token via StackRox Central REST API instead of using admin password directly. This fixes authentication failures where the password was incorrectly used as an API token. Changes: - Add API token generation step using curl to /v1/apitokens endpoint - Use basic auth (admin:password) to authenticate token generation - Pass generated token to tests via ROX_API_TOKEN env var - Update smoke test to read ROX_API_TOKEN instead of ROX_PASSWORD - Fix shellcheck SC2086 warning by quoting variables Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace fixed sleep timers with active polling and reorder steps for faster feedback. Deploy vulnerable workload immediately so scanning starts while Central initializes. Changes: - Move vulnerable workload deployment before Central wait (parallel) - Replace sleep 120s with kubectl wait for Central pods ready - Remove sleep 60s for deployment scan - Add waitForImageScan() using assert.Eventually for smart polling - Poll every 5s with 3min timeout for scan completion Expected improvement: ~5-8 minutes faster workflow execution. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The workflow was creating manual port-forwards to localhost:8443 and killing them prematurely, causing race conditions. The deploy-local.sh script already sets up port-forwarding to localhost:8000, so we now use that instead. Added comprehensive validation with exponential backoff polling, HTTP status checking, and JSON validation to prevent null token issues that were causing authentication failures. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The correct endpoint is /v1/apitokens/generate, not /v1/apitokens. This was causing 501 "Method Not Allowed" errors. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The deploy-local.sh script creates a password file that should be used for authentication. Reading from the kubernetes secret was causing authentication failures with "failed to identify user with username admin". Following the same approach as jenkins-plugin workflow. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Moves token generation from bash/curl in the GitHub Actions workflow to Go code in the smoke test. This provides: - Better error handling with typed responses - Reusable code that works locally and in CI - Simpler CI workflow (just passes password) - Easier debugging and testing Changes: - Add smoke/token_helper.go with GenerateAPIToken and WaitForCentralReady - Update smoke_test.go to generate token from password if needed - Simplify workflow to pass ROX_PASSWORD instead of generating token - Maintains backwards compatibility with ROX_API_TOKEN Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…ct CVE Changes: 1. Add sensor pod readiness wait in workflow 2. Add cluster health status check - waits for HEALTHY status before tests 3. Change CVE from CVE-2019-11043 (PHP-FPM) to CVE-2019-9511 (nginx HTTP/2) 4. Increase image scan timeout from 3 to 5 minutes Fixes: - Empty cluster list issue: Now waits for sensors to register and cluster to be healthy - CVE not found issue: CVE-2019-9511 actually exists in nginx:1.14 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sensors can take longer than 3 minutes to become ready. This change: - Increases timeout from 180s to 300s (5 minutes) - Makes the wait non-blocking (|| echo) so workflow continues - Relies on cluster health check as the real gate If sensors aren't ready, the cluster health check will fail anyway, providing a clearer indication of the actual issue. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Add smoke tests that run against real StackRox Central deployment.
Tests verify end-to-end functionality including connection, authentication,
and CVE detection with actual scanning.
Tests read ROX_ENDPOINT and ROX_PASSWORD from environment variables.
Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com
Validation