[v3,15/20] testsuite: refactor sbom tests to avoid overhead

Message ID	20260123082501.240751-16-wzh@ilbers.de
State	Under Review
Headers	show Return-Path: <isar-users+bncBD7ZZZNM2YPRBZXAZTFQMGQE6PAMXEI@googlegroups.com> Sender: isar-users@googlegroups.com Received-SPF: pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; From: Zhihang Wei <wzh@ilbers.de> To: isar-users@googlegroups.com, felix.moessbauer@siemens.com, amikan@ilbers.de Cc: wzh@ilbers.de, cedric.hombourger@siemens.com Subject: [PATCH v3 15/20] testsuite: refactor sbom tests to avoid overhead Date: Fri, 23 Jan 2026 09:24:56 +0100 Message-Id: <20260123082501.240751-16-wzh@ilbers.de> In-Reply-To: <20260123082501.240751-1-wzh@ilbers.de> References: <20260123082501.240751-1-wzh@ilbers.de> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
Series	Various improvements to the testsuite \| expand [v3,00/20] Various improvements to the testsuite [v3,01/20] testsuite: move targets with custom kernel to separate test [v3,02/20] testsuite: enable ccache on kernel tests [v3,03/20] testsuite: make prebuilt container a feature test [v3,04/20] testsuite: make compat test standalone test [v3,05/20] testsuite: handle IMAGE_INSTALL solely in cibuilder.py [v3,06/20] testsuite: limit cross_debsrc test to subset of packages [v3,07/20] testsuite: forward SSTATE_MIRRORS into CI env on sstate [v3,08/20] ci: add support for sstate cache [v3,09/20] testsuite: make test_cross_deps more specific [v3,10/20] testsuite: fix typo in log message in perform_signature_lint [v3,11/20] testsuite: fix SignatureTest by avoiding absolute path in bblayers [v3,12/20] testsuite: use more recent distros in SignatureTest [v3,13/20] testsuite: make SignatureTest idempotent [v3,14/20] testsuite: add rootfs target for rootfs only tests [v3,15/20] testsuite: refactor sbom tests to avoid overhead [v3,16/20] testsuite: make sbuild-flavor test standalone [v3,17/20] testsuite: skip VM tests if images are not available [v3,18/20] testsuite: Group prebuilt_containers related test cases together [v3,19/20] testsuite: Execute startvm testcases after building [v3,20/20] testsuite: Remove SstateTest from full testsuite

Message ID

20260123082501.240751-16-wzh@ilbers.de

State

Under Review

Headers

Sender: isar-users@googlegroups.com
Received-SPF: pass (google.com: domain of wzh@ilbers.de designates
 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
From: Zhihang Wei <wzh@ilbers.de>
To: isar-users@googlegroups.com, felix.moessbauer@siemens.com,
        amikan@ilbers.de
Cc: wzh@ilbers.de, cedric.hombourger@siemens.com
Subject: [PATCH v3 15/20] testsuite: refactor sbom tests to avoid overhead
Date: Fri, 23 Jan 2026 09:24:56 +0100
Message-Id: <20260123082501.240751-16-wzh@ilbers.de>
In-Reply-To: <20260123082501.240751-1-wzh@ilbers.de>
References: <20260123082501.240751-1-wzh@ilbers.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com

Series

Various improvements to the testsuite | expand

Commit Message

Zhihang Wei Jan. 23, 2026, 8:24 a.m. UTC

From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>

We currently test the SBOM infrastructure in all image builds, which
adds a significant overhead. We now change this to not generate SBOMs in
general (and by that avoid building the dependencies). To not have a
testing gap, we add a dedicated SBOM test that checks the SBOM creation
for various targets. In addition, we now also check the content of the
SBOM for plausibility.

In the future, the SBOM test can be extended without slowing down the
overall test execution.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 testsuite/cibase.py    | 26 ++++++++++++++++++++++++++
 testsuite/cibuilder.py |  4 ++++
 testsuite/citest.py    | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)

diff --git a/testsuite/cibase.py b/testsuite/cibase.py
index 5ef1a5b5..fd6a3df9 100755
--- a/testsuite/cibase.py
+++ b/testsuite/cibase.py
@@ -140,6 +140,32 @@  class CIBaseTest(CIBuilder):
         self.delete_from_build_dir('ccache')
         self.unconfigure()
 
+    def perform_sbom_test(self, targets, **kwargs):
+        """
+        Build a rootfs containing a needle package and check if that package
+        is added to the sbom.
+        """
+        import json
+
+        needle_pkg = 'cowsay'
+        self.perform_build_test(
+            targets, image_install=needle_pkg,
+            generate_sbom=True
+        )
+
+        for t in targets:
+            ds, pn, distro, machine = \
+                CIUtils.getVars('DEPLOY_DIR_SBOM', 'PN', 'DISTRO', 'MACHINE',
+                                target=t)
+            for t in ["cdx", "spdx"]:
+                sbom_path = os.path.join(ds, f'{pn}-{distro}-{machine}.{t}.json')
+                self.log.info(f"Check {t} SBOM in {sbom_path}")
+                with open(sbom_path) as f:
+                    sbom = json.load(f)
+                pkg_key = 'components' if t == 'cdx' else 'packages'
+                if not any(c for c in sbom[pkg_key] if c['name'] == needle_pkg):
+                    self.fail(f'{needle_pkg} package not found in SBOM {sbom_path}')
+
     def perform_sstate_populate(self, image_target, **kwargs):
         # Use a different isar root for populating sstate cache
         isar_sstate = f"{isar_root}/isar-sstate"
diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 9c97115b..7538ade2 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -126,6 +126,7 @@  class CIBuilder(Test):
         installer_distro=None,
         installer_device=None,
         customizations=None,
+        generate_sbom=False,
         lines=None,
         **kwargs,
     ):
@@ -176,6 +177,7 @@  class CIBuilder(Test):
             f"  image_install = {image_install}\n"
             f"  installer_image = {installer_image}\n"
             f"  customizations = {customizations}\n"
+            f"  generate_sbom = {generate_sbom}\n"
             f"  lines = {strlines}\n"
             f"==================================================="
         )
@@ -275,6 +277,8 @@  class CIBuilder(Test):
                     'CUSTOMIZATION_FOR_IMAGES:append = " isar-image-ci"\n'
                     'HOSTNAME:isar-image-ci = "isar-ci"\n'
                 )
+            if generate_sbom is False:
+                f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n')
             if lines is not None:
                 f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines)
 
diff --git a/testsuite/citest.py b/testsuite/citest.py
index eaa4c440..d908f9bc 100755
--- a/testsuite/citest.py
+++ b/testsuite/citest.py
@@ -694,6 +694,39 @@  class CustomizationsTest(CIBaseTest):
         )
 
 
+class SbomTest(CIBaseTest):
+    """
+    Test to check if sbom is generated and contains expected packages.
+    Most tests are rootfs tests to avoid costly initrd build and imaging.
+
+    :avocado: tags=sbom,fast
+    """
+
+    def test_sbom_rootfs_generate(self):
+        targets = [
+            'mc:qemuamd64-bookworm:isar-rootfs-ci',
+            'mc:qemuarm64-bookworm:isar-rootfs-ci',
+            'mc:qemuamd64-trixie:isar-rootfs-ci',
+            'mc:qemuarm64-trixie:isar-rootfs-ci',
+            'mc:qemuamd64-noble:isar-rootfs-ci',
+        ]
+
+        self.init()
+        self.perform_sbom_test(targets)
+
+    def test_sbom_unsupported(self):
+        targets = [
+            'mc:qemuamd64-bullseye:isar-rootfs-ci',
+            'mc:qemuamd64-focal:isar-rootfs-ci',
+        ]
+
+        self.init()
+        self.perform_build_test(
+            targets, bitbake_cmd='do_rootfs', image_install='cowsay',
+            generate_sbom=True
+        )
+
+
 class SignatureTest(CIBaseTest):
 
     """

[v3,15/20] testsuite: refactor sbom tests to avoid overhead

Commit Message

Patch