Test SCA passes

Open imjasonh opened this issue 2 years ago • 2 comments

https://github.com/chainguard-dev/melange/pull/788 adds SCA checks to generate runtime deps based on filesystem properties. We have a handful of these. What we don't have are tests that any of this works the way we expect.

Let's add test infra to make testing this SCA behavior easier, and use it to bolster our tests.

Oct 25 '23 21:10 imjasonh

I have already been thinking about this for some time.

I think the SCA engine should be moved into its own package, and the actual dependency generators refactored to take a filesystem as input, alongside a config.Dependencies as output.

I can queue up some PRs to do this.

Oct 25 '23 21:10 kaniini

Is this a dupe of #684?

Oct 30 '23 19:10 Elizafox