Skip to content

Remove obsolete rekor entry acceptance test steps#3068

Merged
simonbaird merged 1 commit intoconforma:mainfrom
simonbaird:fix-acceptance-test-rekor
Dec 16, 2025
Merged

Remove obsolete rekor entry acceptance test steps#3068
simonbaird merged 1 commit intoconforma:mainfrom
simonbaird:fix-acceptance-test-rekor

Conversation

@simonbaird
Copy link
Member

@simonbaird simonbaird commented Dec 16, 2025
edited by qodo-code-review bot
Loading

User description

After PR #2948 was merged, we don't need these steps any more. IIUC the rekor entries get created automatically in a more realistic way.

The PR for EC-1210 was accidentally left unmerged for a long time, which explains why the new VSA feature testing still had the obsolete step.

Related to...
Ref: https://issues.redhat.com/browse/EC-1210

PR Type

Tests

Description

  • Remove obsolete Rekor entry creation steps from VSA acceptance tests

  • Rekor entries now created automatically after PR Refactor image signature in acceptance tests #2948 merge

  • Simplifies test setup by removing manual entry creation

  • Affects four VSA test scenarios with signature and attestation steps

Diagram Walkthrough

flowchart LR
  A["VSA Acceptance Tests"] -->|Remove obsolete steps| B["Rekor entry creation"]
  B -->|Auto-created now| C["Simplified test setup"]
  A -->|Affects 4 scenarios| D["VSA expiration, existing VSA, no upload, upload failure"]
Loading

File Walkthrough
Relevant files
Tests
vsa.feature
Remove manual Rekor entry creation from VSA tests               

features/vsa.feature

  • Removed 8 obsolete Rekor entry creation steps across 4 test scenarios
  • Deleted "Given a valid Rekor entry for image signature" steps
  • Deleted "Given a valid Rekor entry for attestation" steps
  • Rekor entries now created automatically by the system
 +0/-8     

@simonbaird
Remove obsolete rekor entry acceptance test steps
793c419 
After PR conforma#2948 was merged, we don't need these steps any more. IIUC
the rekor entries get created automatically in a more realistic way.

The PR for EC-1210 was accidentally left unmerged for a long time,
which explains why the new VSA feature testing still had the
obsolete step.

Related to...
Ref: https://issues.redhat.com/browse/EC-1210
@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 16, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 16, 2025

PR Code Suggestions ✨

No code suggestions found for the PR.

@codecov
Copy link

codecov bot commented Dec 16, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag Coverage Δ
acceptance 55.80% <ø> (+1.06%) ⬆️
generative 18.97% <ø> (ø)
integration 28.48% <ø> (ø)
unit 67.73% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 4 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@simonbaird simonbaird merged commit e64009c into conforma:main Dec 16, 2025
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 1/5 size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@simonbaird