bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci(testing): treat optional supply-chain as non-blocking

Browse Source
This commit is contained in:
jenkins 2026-05-19 19:51:10 -03:00
parent e8fb92a44f
commit 887023eaeb
3 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ci/scripts/publish_test_metrics.py
View File

@ -287,7 +287,11 @@ def main() -> int:
source_lines_over_500 = _infer_source_lines_over_500(summary)
sonarqube_report = _load_optional_json(os.getenv("QUALITY_GATE_SONARQUBE_REPORT", "build/sonarqube-quality-gate.json"))
supply_chain_report = _load_optional_json(os.getenv("QUALITY_GATE_IRONBANK_REPORT", "build/ironbank-compliance.json"))
supply_chain_required = os.getenv("QUALITY_GATE_IRONBANK_REQUIRED", "0").strip().lower() in {"1", "true", "yes", "on"}
truthy = {"1", "true", "yes", "on"}
supply_chain_required = (
os.getenv("QUALITY_GATE_IRONBANK_REQUIRED", "0").strip().lower() in truthy
or os.getenv("PUBLISH_IMAGES", "false").strip().lower() in truthy
)
check_statuses = _build_check_statuses(
summary=summary,
tests=tests,

6
ci/scripts/publish_test_metrics_quality.py
View File

@ -121,11 +121,15 @@ def _infer_supply_chain_status(report: dict, required: bool) -> str:
return "failed" if required else "not_applicable"
compliant = report.get("compliant")
if isinstance(compliant, bool):
return "ok" if compliant else "failed"
if compliant:
return "ok"
return "failed" if required else "not_applicable"
status = report.get("status")
if status is None:
return "failed" if required else "not_applicable"
normalized = _normalize_result_status(str(status), default="failed")
if normalized == "failed" and not required:
return "not_applicable"
if normalized == "not_applicable" and required:
return "failed"
return normalized

30
testing/tests/test_publish_test_metrics.py
View File

@ -166,6 +166,8 @@ def test_status_normalization_and_optional_reports(tmp_path: Path):
assert publish_test_metrics._combine_statuses(["unknown"]) == "failed"
assert publish_test_metrics._infer_supply_chain_status({"compliant": False}, required=True) == "failed"
assert publish_test_metrics._infer_supply_chain_status({"compliant": False}, required=False) == "not_applicable"
assert publish_test_metrics._infer_supply_chain_status({"status": "failed"}, required=False) == "not_applicable"
assert publish_test_metrics._infer_supply_chain_status({"status": None}, required=False) == "not_applicable"
assert publish_test_metrics._infer_supply_chain_status({"status": "not_applicable"}, required=True) == "failed"
@ -429,3 +431,31 @@ def test_main_marks_successful_run(tmp_path: Path, monkeypatch, capsys):
assert rc == 0
assert summary["status"] == "ok"
assert summary["checks_recorded"] == 7
def test_main_requires_supply_chain_when_images_are_published(tmp_path: Path, monkeypatch):
build_dir = tmp_path / "build"
build_dir.mkdir()
(build_dir / "junit.xml").write_text(
'<testsuite tests="1" failures="0" errors="0" skipped="0" />',
encoding="utf-8",
)
(build_dir / "quality-gate.rc").write_text("0\n", encoding="utf-8")
(build_dir / "ironbank-compliance.json").write_text(
json.dumps({"compliant": False}),
encoding="utf-8",
)
posted = {}
monkeypatch.setenv("JUNIT_GLOB", str(build_dir / "*.xml"))
monkeypatch.setenv("QUALITY_GATE_EXIT_CODE_PATH", str(build_dir / "quality-gate.rc"))
monkeypatch.setenv("QUALITY_GATE_SUMMARY_PATH", str(build_dir / "missing-summary.json"))
monkeypatch.setenv("QUALITY_GATE_IRONBANK_REPORT", str(build_dir / "ironbank-compliance.json"))
monkeypatch.setenv("QUALITY_GATE_IRONBANK_REQUIRED", "0")
monkeypatch.setenv("PUBLISH_IMAGES", "true")
monkeypatch.setattr(publish_test_metrics, "_fetch_existing_counter", lambda *args, **kwargs: 0)
monkeypatch.setattr(publish_test_metrics, "_post_text", lambda url, payload: posted.update({"payload": payload}))
assert publish_test_metrics.main() == 0
assert 'titan_iac_quality_gate_checks_total{suite="titan_iac",check="supply_chain",result="failed"} 1' in posted["payload"]