chore: fix integration tests and improve check tree display in the HTML report

tromai · tromai · commit 1e6c61d08149 · 2024-02-11T16:19:01.000+10:00
diff --git a/scripts/dev_scripts/integration_tests.sh b/scripts/dev_scripts/integration_tests.sh
@@ -289,6 +289,18 @@ do
     check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT_DIR/$i $JSON_EXPECT_DIR/$i || log_fail
 done
 
+echo -e "\n----------------------------------------------------------------------------------"
+echo "micronaut-projects/micronaut-test: Analyzing the repo path when automatic dependency resolution is skipped"
+echo "and all provenance checks are excluded."
+echo -e "----------------------------------------------------------------------------------\n"
+JSON_RESULT=$WORKSPACE/output/reports/github_com/micronaut-projects/micronaut-test/micronaut-test.json
+JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/micronaut-test/micronaut-test_provenance_checks_excluded.json
+DEFAULTS_FILE=$WORKSPACE/tests/e2e/configurations/exclude_provenance_checks.ini
+
+$RUN_MACARON -dp $DEFAULTS_FILE analyze -rp https://github.com/micronaut-projects/micronaut-test/ -d 7679d10b4073a3b842b6c56877c35fa8cd10acff --skip-deps || log_fail
+
+check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
+
 # TODO: uncomment the test below after resolving https://github.com/oracle/macaron/issues/60.
 # echo -e "\n----------------------------------------------------------------------------------"
 # echo "micronaut-projects/micronaut-test: Check the resolved dependency output with config for cyclonedx gradle plugin (default)."
@@ -569,7 +581,7 @@ rm -rf "$SOURCE_REPO"
 rm -rf "$TARGET_REPO"
 
 echo -e "\n----------------------------------------------------------------------------------"
-echo "Test running the analysis with all checks excluded."
+echo "Running the analysis with all checks excluded should returns an error code."
 echo -e "----------------------------------------------------------------------------------\n"
 $RUN_MACARON -dp tests/e2e/configurations/exclude_all_checks.ini analyze -rp https://github.com/apache/maven --skip-deps
 
@@ -626,18 +638,6 @@ then
     log_fail
 fi
 
-echo -e "\n----------------------------------------------------------------------------------"
-echo "slsa-framework/slsa-verifier: Analyzing the repo path when automatic dependency resolution is skipped"
-echo "and provenance checks are excluded."
-echo -e "----------------------------------------------------------------------------------\n"
-JSON_RESULT=$WORKSPACE/output/reports/github_com/slsa-framework/slsa-verifier/slsa-verifier.json
-JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_provenance_checks_excluded.json
-DEFAULTS_FILE=$WORKSPACE/tests/e2e/configurations/exclude_provenance_checks.ini
-
-$RUN_MACARON -dp $DEFAULTS_FILE analyze -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail
-
-check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
-
 # Testing the CUE provenance expectation verifier.
 echo -e "\n----------------------------------------------------------------------------------"
 echo "Test verifying CUE provenance expectation."
diff --git a/src/macaron/output_reporter/templates/base_template.html b/src/macaron/output_reporter/templates/base_template.html
@@ -293,18 +293,6 @@
             display: inline-block;
             margin-right: 6px;
         }
-
-        .check-tree-node-excluded {
-            text-decoration-line: line-through;
-        }
-
-        .check-tree-node-excluded::before {
-            content: "\2514";
-            color: black;
-            display: inline-block;
-            margin-right: 6px;
-        }
-
     </style>
 </head>
 
diff --git a/src/macaron/output_reporter/templates/macaron.html b/src/macaron/output_reporter/templates/macaron.html
@@ -164,24 +164,24 @@
 {% endcall %}
 {% endmacro %}
 
+{#
+    The `check-tree-node` class will add a small symbol before the check ID
+    indicating a non-root node. Therefore, we don't apply it for the checks without
+    parent (i.e the first level checks).
+#}
 {% macro render_run_checks(check_tree, run_checks) %}
 <ul class="tree-view-nested-list">
-    {% for key, first_level in check_tree.items() %}
+    {% for key, next_level in check_tree.items() recursive %}
     <li>
-        <div>{{ key }}</div>
+        <div
+            class="{% if loop.depth0 != 0 %}check-tree-node{% endif %}"
+            {% if key not in run_checks %}
+            style="text-decoration-line: line-through;"
+            {% endif %}>
+        {{ key }}
+        </div>
         <ul>
-            {% for key, next_level in first_level.items() recursive %}
-            <li>
-                {% if key not in run_checks %}
-                <div class="check-tree-node-excluded">{{ key }}</div>
-                {% else %}
-                <div class="check-tree-node">{{ key }}</div>
-                {% endif %}
-                <ul>
-                {{ loop(next_level.items()) | indent(2 * 4) }}
-                </ul>
-            </li>
-            {% endfor %}
+        {{ loop(next_level.items()) | indent(2 * 4) }}
         </ul>
     </li>
     {% endfor %}
diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test_provenance_checks_excluded.json b/tests/e2e/expected_results/micronaut-test/micronaut-test_provenance_checks_excluded.json
@@ -1,14 +1,14 @@
 {
     "metadata": {
-        "timestamps": "2024-02-10 12:49:17",
+        "timestamps": "2024-02-11 15:51:21",
         "has_passing_check": true,
         "run_checks": [
             "mcn_infer_artifact_pipeline_1",
-            "mcn_trusted_builder_level_three_1",
+            "mcn_build_as_code_1",
             "mcn_version_control_system_1",
             "mcn_build_service_1",
             "mcn_build_script_1",
-            "mcn_build_as_code_1"
+            "mcn_trusted_builder_level_three_1"
         ],
         "check_tree": {
             "mcn_version_control_system_1": {
@@ -30,12 +30,12 @@
     },
     "target": {
         "info": {
-            "full_name": "pkg:github.com/slsa-framework/slsa-verifier@fc50b662fcfeeeb0e97243554b47d9b20b14efac",
-            "local_cloned_path": "git_repos/github_com/slsa-framework/slsa-verifier",
-            "remote_path": "https://github.com/slsa-framework/slsa-verifier",
-            "branch": "main",
-            "commit_hash": "fc50b662fcfeeeb0e97243554b47d9b20b14efac",
-            "commit_date": "2022-10-04T01:00:02+00:00"
+            "full_name": "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff",
+            "local_cloned_path": "git_repos/github_com/micronaut-projects/micronaut-test",
+            "remote_path": "https://github.com/micronaut-projects/micronaut-test",
+            "branch": null,
+            "commit_hash": "7679d10b4073a3b842b6c56877c35fa8cd10acff",
+            "commit_date": "2023-11-07T06:43:31+01:00"
         },
         "provenances": {
             "is_inferred": true,
@@ -47,23 +47,23 @@
                         "predicateType": "https://slsa.dev/provenance/v0.2",
                         "predicate": {
                             "builder": {
-                                "id": "slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0"
+                                "id": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml"
                             },
-                            "buildType": "Trusted github_actions",
+                            "buildType": "Custom github_actions",
                             "invocation": {
                                 "configSource": {
-                                    "uri": "https://github.com/slsa-framework/slsa-verifier@refs/heads/main",
+                                    "uri": "https://github.com/micronaut-projects/micronaut-test@refs/heads/None",
                                     "digest": {
-                                        "sha1": "fc50b662fcfeeeb0e97243554b47d9b20b14efac"
+                                        "sha1": "7679d10b4073a3b842b6c56877c35fa8cd10acff"
                                     },
-                                    "entryPoint": "https://github.com/slsa-framework/slsa-verifier/blob/fc50b662fcfeeeb0e97243554b47d9b20b14efac/.github/workflows/release.yml"
+                                    "entryPoint": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml"
                                 },
                                 "parameters": {},
                                 "environment": {}
                             },
                             "buildConfig": {
-                                "jobID": "<STRING>",
-                                "stepID": "<STRING>"
+                                "jobID": "build",
+                                "stepID": "\ud83d\udce6 Publish to Sonatype Snapshots"
                             },
                             "metadata": {
                                 "buildInvocationId": "",
@@ -85,14 +85,14 @@
                         }
                     }
                 ],
-                "npm Registry": []
+                "Maven Central Registry": []
             }
         },
         "checks": {
             "summary": {
                 "DISABLED": 0,
-                "FAILED": 1,
-                "PASSED": 5,
+                "FAILED": 2,
+                "PASSED": 4,
                 "SKIPPED": 0,
                 "UNKNOWN": 0
             },
@@ -104,7 +104,12 @@
                         "Build as code - SLSA Level 3"
                     ],
                     "justification": [
-                        "Check mcn_build_as_code_1 is set to PASSED because mcn_trusted_builder_level_three_1 PASSED."
+                        {
+                            "The target repository uses build tool gradle to deploy": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml",
+                            "The build is triggered by": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml"
+                        },
+                        "Deploy command: ['./gradlew', 'publishToSonatype', 'docs', '--no-daemon']",
+                        "However, could not find a passing workflow run."
                     ],
                     "result_type": "PASSED"
                 },
@@ -130,23 +135,6 @@
                     ],
                     "result_type": "PASSED"
                 },
-                {
-                    "check_id": "mcn_trusted_builder_level_three_1",
-                    "check_description": "Check whether the target uses a trusted SLSA level 3 builder.",
-                    "slsa_requirements": [
-                        "Hermetic - SLSA Level 4",
-                        "Isolated - SLSA Level 3",
-                        "Parameterless - SLSA Level 4",
-                        "Ephemeral environment - SLSA Level 3"
-                    ],
-                    "justification": [
-                        {
-                            "Found trusted builder GitHub Actions: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0 triggered by": "https://github.com/slsa-framework/slsa-verifier/blob/fc50b662fcfeeeb0e97243554b47d9b20b14efac/.github/workflows/release.yml"
-                        },
-                        "However, could not find a passing workflow run."
-                    ],
-                    "result_type": "PASSED"
-                },
                 {
                     "check_id": "mcn_version_control_system_1",
                     "check_description": "Check whether the target repo uses a version control system.",
@@ -155,7 +143,7 @@
                     ],
                     "justification": [
                         {
-                            "This is a Git repository": "https://github.com/slsa-framework/slsa-verifier"
+                            "This is a Git repository": "https://github.com/micronaut-projects/micronaut-test"
                         }
                     ],
                     "result_type": "PASSED"
@@ -170,6 +158,20 @@
                         "Unable to find a publishing timestamp for the artifact."
                     ],
                     "result_type": "FAILED"
+                },
+                {
+                    "check_id": "mcn_trusted_builder_level_three_1",
+                    "check_description": "Check whether the target uses a trusted SLSA level 3 builder.",
+                    "slsa_requirements": [
+                        "Hermetic - SLSA Level 4",
+                        "Isolated - SLSA Level 3",
+                        "Parameterless - SLSA Level 4",
+                        "Ephemeral environment - SLSA Level 3"
+                    ],
+                    "justification": [
+                        "Could not find a trusted level 3 builder as a GitHub Actions workflow."
+                    ],
+                    "result_type": "FAILED"
                 }
             ]
         }
