csaf_distribution icon indicating copy to clipboard operation
csaf_distribution copied to clipboard

Published 20 hours ago verified publisher icon csaf-poc

Increase coverage to 75%

Open JanHoefelmeyer opened this issue 1 year ago • 6 comments

To allow for easier testing, we should evaluate the test coverage of the code, find a way to automate it and raise it to at least 75% if necessary.

JanHoefelmeyer avatar Feb 08 '24 14:02 JanHoefelmeyer 

go test -coverprofile=coverage.out ./...
go tool cover -func coverage.out | awk '/total:/ {print $3}'
5.6%

s-l-teichmann avatar Feb 16 '24 13:02 s-l-teichmann

An option could also be, to provide an external repo with test case / setups and test different scenarios.

tschmidtb51 avatar Feb 26 '24 21:02 tschmidtb51

If there is any interest in this, we put together a quick testing harness for a "mock" / test provider, which can be used in unit tests to simulate a trusted provider with different settings (so far only metadata, no "content" yet). See https://github.com/clouditor/clouditor/blob/0e197d424ef4219f5c0705b5cbdd91cf7713236f/service/discovery/extra/csaf/providertest/providertest.go

It can be used like this:

p := providertest.NewTrustedProvider(func(pmd *csaf.ProviderMetadata) {
	pmd.Publisher = &csaf.Publisher{
		Name:      util.Ref("Test Vendor"),
		Category:  util.Ref(csaf.CSAFCategoryVendor),
		Namespace: util.Ref("http://localhost"),
	}
})

loader := csaf.NewProviderMetadataLoader(p.Client())
metadata := loader.Load(p.Domain())

It uses httptest under the hood to create a local http server on a random port using a predefined TLS test certificate embedded in the Go runtime. Client() can be used to return an already configured TLS client with the necessary CA and Domain() returns the domain needed to find the PMD.

If there is any interest, I can open up a PR here and port these things upstream.

oxisto avatar Apr 19 '24 20:04 oxisto

Maybe you want for the test coverage something like codecov (see https://about.codecov.io/). Codecov is a coverage reporting solution which can be used to analyze the pull requests test coverage. It can be included in the Github workflow and comments an overview how a pull request affects the code coverage in the PR. We use it in Clouditor to ensure a minimum test coverage. You can find a codecov report example under https://github.com/clouditor/clouditor/pull/1427 or in an open PR under https://github.com/clouditor/clouditor/pulls.

anatheka avatar Apr 25 '24 09:04 anatheka

Maybe you want for the test coverage something like codecov (see https://about.codecov.io/). Codecov is a coverage reporting solution which can be used to analyze the pull requests test coverage. It can be included in the Github workflow and comments an overview how a pull request affects the code coverage in the PR. We use it in Clouditor to ensure a minimum test coverage. You can find a codecov report example under clouditor/clouditor#1427 or in an open PR under https://github.com/clouditor/clouditor/pulls.

This PR also includes an example how we are using the providertest package internally in the function Test_csafDiscovery_List https://github.com/clouditor/clouditor/blob/cec48bf310b93f4b2e3bd3771c9cd98768ee5617/service/discovery/extra/csaf/discovery_test.go#L139. We basically create a mock CSAF provider with this package and then test the expected outcome against the test provider.

oxisto avatar Apr 25 '24 10:04 oxisto

This is on the backburner for us currently, as an external set suite or external libraries could potentially replace part of the product's internal testing.

bernhardreiter avatar Apr 25 '24 12:04 bernhardreiter