Tests

docs: Add contributing notes and OSSF badge (#77) #362

Summary
Jobs
- build
- test
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Tests
	on: # rebuild any PRs and main branch changes
	pull_request:
	push:
	branches:
	- main

	permissions:
	contents: read

	jobs:
	build: # make sure build/ci work properly
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- run: npm install
	- run: npm run all

	test: # make sure the action works on a clean machine without building
	runs-on: ubuntu-latest
	env:
	TEST_IMAGE: ghcr.io/joschi/dive:latest
	WASTED_IMAGE: python:3.13-slim-bookworm

	permissions:
	# 'Params: always-comment with github-token' step to push a comment to PR
	pull-requests: write

	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Pre-setup
	id: pre-setup
	run: \|
	# Verify test image existence
	docker pull ${{ env.TEST_IMAGE }} \|\| {
	echo "Test image ${{ env.TEST_IMAGE }} not found" >&2
	exit 1
	}

	- name: 'Params: required only with no defaults'
	if: always() && steps.pre-setup.outcome == 'success'
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}

	- name: 'Params: config-file'
	if: always() && steps.pre-setup.outcome == 'success'
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}
	config-file: ${{ github.workspace }}/.github/.dive-ci.yaml

	- name: 'Params: github-token'
	if: always() && steps.pre-setup.outcome == 'success'
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: 'Params: dive-image-registry, dive-image-version'
	if: always() && steps.pre-setup.outcome == 'success'
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}
	dive-image-registry: ghcr.io/joschi/dive
	dive-image-version: >-
	0.14.0

	- name: 'Params: highest-wasted-bytes, highest-user-wasted-ratio, lowest-efficiency-ratio'
	if: always() && steps.pre-setup.outcome == 'success'
	uses: ./
	with:
	image: ${{ env.WASTED_IMAGE }}
	highest-wasted-bytes: 100MB
	highest-user-wasted-ratio: 0.5
	lowest-efficiency-ratio: 0.9

	- name: >-
	Params: highest-wasted-bytes, highest-user-wasted-ratio,
	lowest-efficiency-ratio redefine config-file
	if: always() && steps.pre-setup.outcome == 'success'
	uses: ./
	with:
	image: ${{ env.WASTED_IMAGE }}
	config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
	highest-wasted-bytes: 100MB
	highest-user-wasted-ratio: 0.5
	lowest-efficiency-ratio: 0.9

	# Verifies that the action properly handles and reports errors
	# when trying to analyze a non-existent Docker image
	- name: '[Run] Negative test: Invalid image name'
	id: invalid-image
	if: always() && steps.pre-setup.outcome == 'success'
	continue-on-error: true
	uses: ./
	with:
	image: invalid/image:latest

	- name: '[Verification] Negative test: Invalid image name'
	if: always() && steps.pre-setup.outcome == 'success'
	shell: bash
	run: \|
	error_message="${{ steps.invalid-image.outputs.error }}"
	expected_message="Scan failed (exit code: 1)."

	if [[ ! "$error_message" =~ "$expected_message" ]]; then
	echo "Expected error message to contain: $expected_message"
	echo "Got: $error_message"
	exit 1
	fi
	if [[ "${{ steps.invalid-image.outcome }}" != "failure" ]]; then
	echo "Expected step to fail"
	exit 1
	fi
	# Tests error handling when the specified dive configuration file doesn't exist
	- name: '[Run] Negative test: Non-existent config file'
	id: invalid-config
	if: always() && steps.pre-setup.outcome == 'success'
	continue-on-error: true
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}
	config-file: /non/existent/path.yaml

	- name: '[Verification] Negative test: Non-existent config file'
	if: always() && steps.pre-setup.outcome == 'success'
	shell: bash
	run: \|
	error_message="${{ steps.invalid-config.outputs.error }}"
	expected_message="Config file not found in the specified path '/non/existent/path.yaml'
	github.workspace value is: '${{ github.workspace }}'"

	if [[ ! "$error_message" =~ "$expected_message" ]]; then
	echo "Expected error message to contain: $expected_message"
	echo "Got: $error_message"
	exit 1
	fi
	if [[ "${{ steps.invalid-config.outcome }}" != "failure" ]]; then
	echo "Expected step to fail"
	exit 1
	fi

	# Validates that the action correctly enforces the required image
	# input parameter. Note, that it has no access to post a comment
	- name: '[Run] Negative test: Missing required image parameter'
	id: missing-required
	if: always() && steps.pre-setup.outcome == 'success'
	continue-on-error: true
	uses: ./
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: '[Verification] Negative test: Missing required image parameter'
	# It will not be able to create comment outside PR. result in main branch:
	# Not Found - https://docs.github.com/rest
	if: always() && steps.pre-setup.outcome == 'success' && github.ref !=
	'refs/heads/main'
	shell: bash
	run: \|
	error_message="${{ steps.missing-required.outputs.error }}"
	expected_message="Missing required parameter: image"

	if [[ ! "$error_message" =~ "$expected_message" ]]; then
	echo "Expected error message to contain: $expected_message"
	echo "Got: $error_message"
	exit 1
	fi
	if [[ "${{ steps.missing-required.outcome }}" != "failure" ]]; then
	echo "Expected step to fail"
	exit 1
	fi

	# Verifies that the action properly handles missing GitHub token when
	# always-comment is true. Expected to fail as posting comments requires
	# GitHub token authentication
	- name: '[Run] Negative test: always-comment w/o github-token'
	id: always-comment-missing-github-token
	if: always() && steps.pre-setup.outcome == 'success'
	continue-on-error: true
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}
	always-comment: true

	- name: '[Verification] Negative test: always-comment w/o github-token'
	# It will not be able to create comment outside PR. result in main branch:
	# Not Found - https://docs.github.com/rest
	if: always() && steps.pre-setup.outcome == 'success' && github.ref !=
	'refs/heads/main'
	shell: bash
	run: \|
	error_message="${{ steps.always-comment-missing-github-token.outputs.error }}"
	expected_message='always-comment parameter requires github-token to be set.'

	if [[ ! "$error_message" =~ "$expected_message" ]]; then
	echo "Expected error message to contain: $expected_message"
	echo "Got: $error_message"
	exit 1
	fi
	if [[ "${{ steps.always-comment-missing-github-token.outcome }}" != "failure" ]]; then
	echo "Expected step to fail"
	exit 1
	fi

	# Runs at the end and only when all other tests pass, as it posts the
	# results as a comment on the PR
	- name: 'Params: always-comment with github-token'
	# It will not be able to create comment outside PR. result in main branch:
	# Not Found - https://docs.github.com/rest
	if: github.ref != 'refs/heads/main'
	uses: ./
	with:
	image: ${{ env.TEST_IMAGE }}
	always-comment: true
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: '[Verification] Params: always-comment with github-token'
	if: github.ref != 'refs/heads/main'
	shell: bash
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	# Get the PR number
	pr_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
	echo "PR number: $pr_number"

	# Check if the comment exists and get the latest comment ID
	comment_id=$(gh api "repos/${{ github.repository }}/issues/${pr_number}/comments" --jq \
	'sort_by(.created_at) \| reverse \| .[0] \| select(.body \| contains("Dive Summary")) \| .id')
	echo "Comment ID: $comment_id"

	if [ -z "$comment_id" ]; then
	echo "Expected comment not found in PR"
	exit 1
	fi

	# Delete the comment after verification
	gh api -X DELETE "repos/${{ github.repository }}/issues/comments/${comment_id}"
	echo "Comment deleted"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: Add contributing notes and OSSF badge (#77) #362

Workflow file

docs: Add contributing notes and OSSF badge (#77) #362

Jobs

Run details

Workflow file for this run