From 09e2ac39124616cb7bdcab33dad3b217c9195d33 Mon Sep 17 00:00:00 2001 From: medhdj Date: Mon, 15 Jun 2026 14:45:02 +0200 Subject: [PATCH 1/2] fix(docker): install git for repository scans Signed-off-by: medhdj --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index fb16531..592e2ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,10 @@ RUN .venv/bin/pip install --no-cache-dir . FROM python:3.12-slim-bookworm +RUN apt-get update \ + && apt-get install --no-install-recommends -y git ca-certificates \ + && rm -rf /var/lib/apt/lists/* + COPY --from=builder /app/.venv /app/.venv ENV PATH="/app/.venv/bin:$PATH" From 39dab6eaaa48eaefeee91fd29a59e2c4064fcda1 Mon Sep 17 00:00:00 2001 From: keshprad Date: Mon, 15 Jun 2026 18:19:33 -0700 Subject: [PATCH 2/2] test: add Docker smoke suite --- Makefile | 6 ++++- tests/docker/smoke.sh | 60 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100755 tests/docker/smoke.sh diff --git a/Makefile b/Makefile index b426cbc..9661880 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: help install install-dev langgraph-dev test test-unit test-integration test-cov test-ci lint lint-fix format format-check clean build docker-build +.PHONY: help install install-dev langgraph-dev test test-unit test-integration test-cov test-ci lint lint-fix format format-check clean build docker-build docker-smoke # Prefer uv if available, else use pip (set when Makefile is parsed) UV := $(shell command -v uv 2>/dev/null) @@ -25,6 +25,7 @@ help: @echo " make clean - Remove build artifacts and cache files" @echo " make build - Build the package" @echo " make docker-build - Build the Docker image" + @echo " make docker-smoke - Build and smoke test the Docker image" install: @if [ -n "$(UV)" ]; then uv sync; else pip install -e .; fi @@ -99,3 +100,6 @@ build: clean docker-build: docker build -t skillspector . +# Build and smoke test the Docker image +docker-smoke: docker-build + tests/docker/smoke.sh diff --git a/tests/docker/smoke.sh b/tests/docker/smoke.sh new file mode 100755 index 0000000..b3b4b46 --- /dev/null +++ b/tests/docker/smoke.sh @@ -0,0 +1,60 @@ +#!/bin/sh +set -eu + +IMAGE="${SKILLSPECTOR_DOCKER_IMAGE:-skillspector}" +REPO_DIR="${SKILLSPECTOR_REPO_DIR:-$(pwd)}" +LOCAL_REPORT="${SKILLSPECTOR_DOCKER_LOCAL_REPORT:-.skillspector-docker-smoke.json}" +GITHUB_REPORT="${SKILLSPECTOR_DOCKER_GITHUB_REPORT:-.skillspector-docker-github-smoke.json}" +GITHUB_URL="${SKILLSPECTOR_DOCKER_GITHUB_URL:-https://github.com/octocat/Hello-World}" +GITHUB_EXPECTED_COMPONENT="${SKILLSPECTOR_DOCKER_GITHUB_EXPECTED_COMPONENT:-README}" + +run() { + printf "\n>> %s\n" "$*" + "$@" +} + +validate_json_report() { + report_path="$1" + + test -s "${REPO_DIR}/${report_path}" + run docker run --rm --entrypoint python -v "${REPO_DIR}:/scan" "${IMAGE}" \ + -m json.tool "/scan/${report_path}" >/dev/null +} + +assert_report_contains_component() { + report_path="$1" + expected_component="$2" + + run docker run --rm --entrypoint python -v "${REPO_DIR}:/scan" "${IMAGE}" \ + -c 'import json, sys; data = json.load(open("/scan/" + sys.argv[1])); expected = sys.argv[2]; assert any(c.get("path") == expected for c in data.get("components", [])), f"missing component: {expected}"' \ + "${report_path}" "${expected_component}" +} + +scan_github_url() { + printf "\n>> docker run --rm -v %s:/scan %s scan %s --no-llm --format json --output /scan/%s\n" \ + "${REPO_DIR}" "${IMAGE}" "${GITHUB_URL}" "${GITHUB_REPORT}" + + set +e + docker run --rm -v "${REPO_DIR}:/scan" "${IMAGE}" scan "${GITHUB_URL}" \ + --no-llm --format json --output "/scan/${GITHUB_REPORT}" + github_scan_status="$?" + set -e + + if [ "${github_scan_status}" -ne 0 ] && [ "${github_scan_status}" -ne 1 ]; then + echo "GitHub URL scan failed with exit code ${github_scan_status}" + exit "${github_scan_status}" + fi + + validate_json_report "${GITHUB_REPORT}" + assert_report_contains_component "${GITHUB_REPORT}" "${GITHUB_EXPECTED_COMPONENT}" + echo "GitHub URL scan completed with accepted exit code ${github_scan_status}" +} + +run docker run --rm "${IMAGE}" --version +run docker run --rm --entrypoint git "${IMAGE}" --version + +run docker run --rm -v "${REPO_DIR}:/scan" "${IMAGE}" scan tests/fixtures/safe_skill \ + --no-llm --format json --output "/scan/${LOCAL_REPORT}" +validate_json_report "${LOCAL_REPORT}" + +scan_github_url