From 543493534a11a0cfc3a6cfb4d1fdf15108a59522 Mon Sep 17 00:00:00 2001 From: Will Rollason Date: Fri, 10 Apr 2026 13:36:36 +0100 Subject: [PATCH 1/5] test: add Windows unmanaged pre-prod acceptance coverage Add a dedicated unmanaged acceptance suite and CircleCI job that pins the Windows run to the pre-prod unmanaged environment. This lets the CLI team rerun the Windows path against unmanaged-lookup before rolling the migration forward again. Made-with: Cursor --- .circleci/config.yml | 33 ++++++++++- .../snyk-test/unmanaged-pre-prod.spec.ts | 55 +++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts diff --git a/.circleci/config.yml b/.circleci/config.yml index f97a8f9e7a..e1f964a477 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -931,6 +931,34 @@ workflows: pre_test_cmds: | if (Test-Path '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>') { . '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>' } + - acceptance-tests: + name: acceptance-tests windows unmanaged pre-prod + go_target_os: windows + go_os: windows + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + context: + - nodejs-install + - team_hammerhead-cli + filters: + branches: + ignore: + - main + - '/release.*/' + requires: + - build windows amd64 + executor: win-server2022-amd64 + test_snyk_command: binary-releases\\snyk-win.exe + install_deps_extension: windows-native-build + dont_skip_tests: 0 + shards: 1 + test_command: npm run test:acceptance -- --selectProjects coreCli --runTestsByPath test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts + pre_test_cmds: | + if (Test-Path '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>') { . '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>' } + $env:TEST_SNYK_API = $env:TEST_SNYK_API_DEV + $env:TEST_SNYK_TOKEN = $env:TEST_SNYK_TOKEN_DEV + $env:TEST_SNYK_TOKEN_2 = $env:TEST_SNYK_TOKEN_DEV + - sign: name: sign windows amd64 context: snyk-windows-signing @@ -1559,6 +1587,9 @@ jobs: pre_test_cmds: type: string default: 'echo Running tests' + test_command: + type: string + default: npm run test:acceptance -- --selectProjects coreCli --shard=<< parameters.shard_calc_cmd >>/<< parameters.shards >> shards: type: integer default: 4 @@ -1593,7 +1624,7 @@ jobs: no_output_timeout: 30m command: | << parameters.pre_test_cmds >> - npm run test:acceptance -- --selectProjects coreCli --shard=<< parameters.shard_calc_cmd >>/<< parameters.shards >> + << parameters.test_command >> environment: TEST_SNYK_FIPS: << parameters.fips >> TEST_SNYK_COMMAND: << parameters.test_snyk_command >> diff --git a/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts b/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts new file mode 100644 index 0000000000..64ddc5a19a --- /dev/null +++ b/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts @@ -0,0 +1,55 @@ +import { describeIf } from '../../../utils'; +import { createProjectFromWorkspace } from '../../util/createProject'; +import { runSnykCLI } from '../../util/runSnykCLI'; + +jest.setTimeout(1000 * 60 * 5); + +const hasPreProdCredentials = Boolean( + process.env.TEST_SNYK_API_DEV && process.env.TEST_SNYK_TOKEN_DEV, +); + +const env = { + ...process.env, + SNYK_API: process.env.TEST_SNYK_API_DEV, + SNYK_TOKEN: process.env.TEST_SNYK_TOKEN_DEV, +}; + +describeIf(hasPreProdCredentials)('unmanaged pre-prod user journey', () => { + test('runs `snyk test --unmanaged` against pre-prod', async () => { + const project = await createProjectFromWorkspace('unmanaged'); + const { code, stdout, stderr } = await runSnykCLI('test --unmanaged -d', { + cwd: project.path(), + env, + }); + + if (code !== 1) { + console.debug(stderr); + console.debug('---------------------------'); + console.debug(stdout); + } + + expect(code).toEqual(1); + expect(stdout).toContain('pkg:generic/zlib@'); + }); + + test('runs `snyk test --unmanaged --json` against pre-prod', async () => { + const project = await createProjectFromWorkspace('unmanaged'); + const { code, stdout, stderr } = await runSnykCLI( + 'test --unmanaged -d --json', + { + cwd: project.path(), + env, + }, + ); + + if (code !== 1) { + console.debug(stderr); + console.debug('---------------------------'); + console.debug(stdout); + } + + expect(code).toEqual(1); + expect(JSON.parse(stdout)).toEqual(expect.any(Array)); + expect(stdout).toContain('"purl": "pkg:generic/zlib@'); + }); +}); From eee27c51e393221f724649be4ddcde935548b36a Mon Sep 17 00:00:00 2001 From: Will Rollason Date: Fri, 10 Apr 2026 13:56:42 +0100 Subject: [PATCH 2/5] remove unused steps --- .circleci/config.yml | 393 +++---------------------------------------- 1 file changed, 24 insertions(+), 369 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e1f964a477..4b48d3223e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -544,196 +544,21 @@ workflows: ignore: - '/release.*/' - - test-node: - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - requires: - - prepare-build - filters: - branches: - ignore: - - main - - '/release.*/' - - - test-go: - go_target_os: linux - go_os: linux - go_arch: amd64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - requires: - - prepare-build - filters: - branches: - ignore: - - main - - '/release.*/' - - - test-legacy-tap: - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - requires: - - prepare-build - filters: - branches: - ignore: - - main - - '/release.*/' - - - build-special-artifacts: - name: build fix & protect - context: devex_cli_docker_hub - requires: - - prepare-build - - - build-artifact: - name: build linux amd64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: linux - go_os: linux - go_arch: amd64 - static_binary: false # TODO: set to true when we have confidence for v1.1304.0 release - go_download_base_url: << pipeline.parameters.go_download_base_url >> - executor: docker-amd64-xl - requires: - - prepare-build - - - build-artifact: - name: build linux static amd64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: linux - go_os: linux - go_arch: amd64 - static_binary: true - go_download_base_url: << pipeline.parameters.go_download_base_url >> - make_target: build-experimental - executor: docker-amd64-xl - requires: - - prepare-build - - - build-artifact: - name: build linux fips amd64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: linux - go_os: linux - go_arch: amd64 - go_download_base_url: << pipeline.parameters.fips_go_download_base_url >> - make_target: build-fips - executor: docker-amd64-xl - requires: - - prepare-build - - - build-artifact: - name: build linux arm64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: linux - go_os: linux - go_arch: arm64 - static_binary: false # TODO: set to true when we have confidence for v1.1304.0 release - go_download_base_url: << pipeline.parameters.go_download_base_url >> - executor: docker-arm64-xl - requires: - - prepare-build - - - build-artifact: - name: build linux static arm64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: linux - go_os: linux - go_arch: arm64 - static_binary: true - go_download_base_url: << pipeline.parameters.go_download_base_url >> - make_target: build-experimental - executor: docker-arm64-xl - requires: - - prepare-build - - - build-artifact: - name: build linux fips arm64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: linux - go_os: linux - go_arch: arm64 - go_download_base_url: << pipeline.parameters.fips_go_download_base_url >> - make_target: build-fips - executor: docker-arm64-xl - requires: - - prepare-build - - - build-artifact: - name: build alpine amd64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: alpine - go_os: linux - go_arch: amd64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - executor: docker-amd64-xl - c_compiler: /usr/bin/musl-gcc - requires: - - prepare-build - - - build-artifact: - name: build alpine arm64 - context: - - iac-cli - - devex_cli_docker_hub - go_target_os: alpine - go_os: linux - go_arch: arm64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - executor: docker-arm64-xl - c_compiler: /usr/bin/musl-gcc - requires: - - prepare-build - - - build-artifact: - name: build macOS amd64 - go_target_os: darwin - go_os: darwin - go_arch: amd64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - executor: macos-arm64-large - install_deps_extension: macos-build - context: - - snyk-macos-signing - - iac-cli - requires: - - prepare-build - - - build-artifact: - name: build macOS arm64 - go_target_os: darwin - go_os: darwin - go_arch: arm64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - executor: macos-arm64-large - install_deps_extension: macos-build - context: - - snyk-macos-signing - - iac-cli - requires: - - prepare-build + # Temporarily disabled while validating unmanaged pre-prod on Windows: + # - test-node + # - test-go + # - test-legacy-tap + # - build fix & protect + # - build linux amd64 + # - build linux static amd64 + # - build linux fips amd64 + # - build linux arm64 + # - build linux static arm64 + # - build linux fips arm64 + # - build alpine amd64 + # - build alpine arm64 + # - build macOS amd64 + # - build macOS arm64 - build-artifact: name: build windows amd64 @@ -751,185 +576,15 @@ workflows: requires: - prepare-build - - acceptance-tests: - name: acceptance-tests linux static arm64 - go_target_os: linux - go_os: linux - go_arch: arm64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - shards: 6 - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - filters: - branches: - ignore: - - main - - '/release.*/' - pre_test_cmds: export BROWSER="curl -L" - requires: - - build linux static arm64 - executor: docker-arm64-xl - test_snyk_command: ./binary-releases/experimental/snyk-linux-arm64 - - - acceptance-tests: - name: acceptance-tests linux amd64 - go_target_os: linux - go_os: linux - go_arch: amd64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - shards: 6 - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - filters: - branches: - ignore: - - main - - '/release.*/' - pre_test_cmds: export BROWSER="curl -L" - requires: - - build linux amd64 - executor: docker-amd64-xl - test_snyk_command: ./binary-releases/snyk-linux - - - acceptance-tests: - name: acceptance-tests linux arm64 - go_target_os: linux - go_os: linux - go_arch: arm64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - shards: 6 - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - filters: - branches: - ignore: - - main - - '/release.*/' - pre_test_cmds: export BROWSER="curl -L" - requires: - - build linux arm64 - executor: docker-arm64 - test_snyk_command: ./binary-releases/snyk-linux-arm64 - - - acceptance-tests: - name: acceptance-tests fips linux arm64 - go_target_os: linux - go_os: linux - go_arch: arm64 - go_download_base_url: << pipeline.parameters.fips_go_download_base_url >> - shards: 6 - executor: docker-arm64 - test_snyk_command: ./binary-releases/fips/snyk-linux-arm64 - fips: 1 - context: - - nodejs-install - - team_hammerhead-cli - - devex_cli_docker_hub - filters: - branches: - ignore: - - main - - '/release.*/' - pre_test_cmds: export BROWSER="curl -L" - requires: - - build linux fips arm64 - - - acceptance-tests: - name: acceptance-tests alpine amd64 - go_target_os: alpine - go_os: linux - go_arch: amd64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - shards: 6 - context: - - nodejs-install - - team_hammerhead-cli - filters: - branches: - ignore: - - main - - '/release.*/' - requires: - - build alpine amd64 - executor: alpine - test_snyk_command: ./binary-releases/snyk-alpine - install_deps_extension: alpine-full - dont_skip_tests: 0 - pre_test_cmds: export BROWSER="wget -O -" - - - acceptance-tests: - name: acceptance-tests alpine arm64 - go_target_os: alpine - go_os: linux - go_arch: arm64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - shards: 6 - context: - - nodejs-install - - team_hammerhead-cli - filters: - branches: - ignore: - - main - - '/release.*/' - requires: - - build alpine arm64 - executor: alpine-arm64 - test_snyk_command: ./binary-releases/snyk-alpine-arm64 - install_deps_extension: alpine-full - dont_skip_tests: 0 - pre_test_cmds: export BROWSER="wget -O -" - - - acceptance-tests: - name: acceptance-tests macOS arm64 - go_target_os: darwin - go_os: darwin - go_arch: arm64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - context: - - nodejs-install - - team_hammerhead-cli - filters: - branches: - ignore: - - main - - '/release.*/' - requires: - - build macOS arm64 - executor: macos-arm64 - test_snyk_command: ./binary-releases/snyk-macos-arm64 - install_deps_extension: macos-full - - - acceptance-tests: - name: acceptance-tests windows amd64 - go_target_os: windows - go_os: windows - go_arch: amd64 - go_download_base_url: << pipeline.parameters.go_download_base_url >> - context: - - nodejs-install - - team_hammerhead-cli - filters: - branches: - ignore: - - main - - '/release.*/' - requires: - - build windows amd64 - executor: win-server2022-amd64 - test_snyk_command: binary-releases\\snyk-win.exe - install_deps_extension: windows-native-build - dont_skip_tests: 0 - shards: 8 - shard_calc_cmd: '$([int]$env:CIRCLE_NODE_INDEX + 1)' - pre_test_cmds: | - if (Test-Path '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>') { . '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>' } + # Temporarily disabled while validating unmanaged pre-prod on Windows: + # - acceptance-tests linux static arm64 + # - acceptance-tests linux amd64 + # - acceptance-tests linux arm64 + # - acceptance-tests fips linux arm64 + # - acceptance-tests alpine amd64 + # - acceptance-tests alpine arm64 + # - acceptance-tests macOS arm64 + # - acceptance-tests windows amd64 - acceptance-tests: name: acceptance-tests windows unmanaged pre-prod From 7b7e1f380730deff0e9167e092d648c7b636a739 Mon Sep 17 00:00:00 2001 From: Will Rollason Date: Fri, 10 Apr 2026 14:09:50 +0100 Subject: [PATCH 3/5] wip: add back + new test --- .circleci/config.yml | 393 ++++++++++++++++-- .../snyk-test/unmanaged-pre-prod.spec.ts | 35 +- 2 files changed, 403 insertions(+), 25 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4b48d3223e..e1f964a477 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -544,21 +544,196 @@ workflows: ignore: - '/release.*/' - # Temporarily disabled while validating unmanaged pre-prod on Windows: - # - test-node - # - test-go - # - test-legacy-tap - # - build fix & protect - # - build linux amd64 - # - build linux static amd64 - # - build linux fips amd64 - # - build linux arm64 - # - build linux static arm64 - # - build linux fips arm64 - # - build alpine amd64 - # - build alpine arm64 - # - build macOS amd64 - # - build macOS arm64 + - test-node: + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + requires: + - prepare-build + filters: + branches: + ignore: + - main + - '/release.*/' + + - test-go: + go_target_os: linux + go_os: linux + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + requires: + - prepare-build + filters: + branches: + ignore: + - main + - '/release.*/' + + - test-legacy-tap: + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + requires: + - prepare-build + filters: + branches: + ignore: + - main + - '/release.*/' + + - build-special-artifacts: + name: build fix & protect + context: devex_cli_docker_hub + requires: + - prepare-build + + - build-artifact: + name: build linux amd64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: linux + go_os: linux + go_arch: amd64 + static_binary: false # TODO: set to true when we have confidence for v1.1304.0 release + go_download_base_url: << pipeline.parameters.go_download_base_url >> + executor: docker-amd64-xl + requires: + - prepare-build + + - build-artifact: + name: build linux static amd64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: linux + go_os: linux + go_arch: amd64 + static_binary: true + go_download_base_url: << pipeline.parameters.go_download_base_url >> + make_target: build-experimental + executor: docker-amd64-xl + requires: + - prepare-build + + - build-artifact: + name: build linux fips amd64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: linux + go_os: linux + go_arch: amd64 + go_download_base_url: << pipeline.parameters.fips_go_download_base_url >> + make_target: build-fips + executor: docker-amd64-xl + requires: + - prepare-build + + - build-artifact: + name: build linux arm64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: linux + go_os: linux + go_arch: arm64 + static_binary: false # TODO: set to true when we have confidence for v1.1304.0 release + go_download_base_url: << pipeline.parameters.go_download_base_url >> + executor: docker-arm64-xl + requires: + - prepare-build + + - build-artifact: + name: build linux static arm64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: linux + go_os: linux + go_arch: arm64 + static_binary: true + go_download_base_url: << pipeline.parameters.go_download_base_url >> + make_target: build-experimental + executor: docker-arm64-xl + requires: + - prepare-build + + - build-artifact: + name: build linux fips arm64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: linux + go_os: linux + go_arch: arm64 + go_download_base_url: << pipeline.parameters.fips_go_download_base_url >> + make_target: build-fips + executor: docker-arm64-xl + requires: + - prepare-build + + - build-artifact: + name: build alpine amd64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: alpine + go_os: linux + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + executor: docker-amd64-xl + c_compiler: /usr/bin/musl-gcc + requires: + - prepare-build + + - build-artifact: + name: build alpine arm64 + context: + - iac-cli + - devex_cli_docker_hub + go_target_os: alpine + go_os: linux + go_arch: arm64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + executor: docker-arm64-xl + c_compiler: /usr/bin/musl-gcc + requires: + - prepare-build + + - build-artifact: + name: build macOS amd64 + go_target_os: darwin + go_os: darwin + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + executor: macos-arm64-large + install_deps_extension: macos-build + context: + - snyk-macos-signing + - iac-cli + requires: + - prepare-build + + - build-artifact: + name: build macOS arm64 + go_target_os: darwin + go_os: darwin + go_arch: arm64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + executor: macos-arm64-large + install_deps_extension: macos-build + context: + - snyk-macos-signing + - iac-cli + requires: + - prepare-build - build-artifact: name: build windows amd64 @@ -576,15 +751,185 @@ workflows: requires: - prepare-build - # Temporarily disabled while validating unmanaged pre-prod on Windows: - # - acceptance-tests linux static arm64 - # - acceptance-tests linux amd64 - # - acceptance-tests linux arm64 - # - acceptance-tests fips linux arm64 - # - acceptance-tests alpine amd64 - # - acceptance-tests alpine arm64 - # - acceptance-tests macOS arm64 - # - acceptance-tests windows amd64 + - acceptance-tests: + name: acceptance-tests linux static arm64 + go_target_os: linux + go_os: linux + go_arch: arm64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + shards: 6 + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + filters: + branches: + ignore: + - main + - '/release.*/' + pre_test_cmds: export BROWSER="curl -L" + requires: + - build linux static arm64 + executor: docker-arm64-xl + test_snyk_command: ./binary-releases/experimental/snyk-linux-arm64 + + - acceptance-tests: + name: acceptance-tests linux amd64 + go_target_os: linux + go_os: linux + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + shards: 6 + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + filters: + branches: + ignore: + - main + - '/release.*/' + pre_test_cmds: export BROWSER="curl -L" + requires: + - build linux amd64 + executor: docker-amd64-xl + test_snyk_command: ./binary-releases/snyk-linux + + - acceptance-tests: + name: acceptance-tests linux arm64 + go_target_os: linux + go_os: linux + go_arch: arm64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + shards: 6 + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + filters: + branches: + ignore: + - main + - '/release.*/' + pre_test_cmds: export BROWSER="curl -L" + requires: + - build linux arm64 + executor: docker-arm64 + test_snyk_command: ./binary-releases/snyk-linux-arm64 + + - acceptance-tests: + name: acceptance-tests fips linux arm64 + go_target_os: linux + go_os: linux + go_arch: arm64 + go_download_base_url: << pipeline.parameters.fips_go_download_base_url >> + shards: 6 + executor: docker-arm64 + test_snyk_command: ./binary-releases/fips/snyk-linux-arm64 + fips: 1 + context: + - nodejs-install + - team_hammerhead-cli + - devex_cli_docker_hub + filters: + branches: + ignore: + - main + - '/release.*/' + pre_test_cmds: export BROWSER="curl -L" + requires: + - build linux fips arm64 + + - acceptance-tests: + name: acceptance-tests alpine amd64 + go_target_os: alpine + go_os: linux + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + shards: 6 + context: + - nodejs-install + - team_hammerhead-cli + filters: + branches: + ignore: + - main + - '/release.*/' + requires: + - build alpine amd64 + executor: alpine + test_snyk_command: ./binary-releases/snyk-alpine + install_deps_extension: alpine-full + dont_skip_tests: 0 + pre_test_cmds: export BROWSER="wget -O -" + + - acceptance-tests: + name: acceptance-tests alpine arm64 + go_target_os: alpine + go_os: linux + go_arch: arm64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + shards: 6 + context: + - nodejs-install + - team_hammerhead-cli + filters: + branches: + ignore: + - main + - '/release.*/' + requires: + - build alpine arm64 + executor: alpine-arm64 + test_snyk_command: ./binary-releases/snyk-alpine-arm64 + install_deps_extension: alpine-full + dont_skip_tests: 0 + pre_test_cmds: export BROWSER="wget -O -" + + - acceptance-tests: + name: acceptance-tests macOS arm64 + go_target_os: darwin + go_os: darwin + go_arch: arm64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + context: + - nodejs-install + - team_hammerhead-cli + filters: + branches: + ignore: + - main + - '/release.*/' + requires: + - build macOS arm64 + executor: macos-arm64 + test_snyk_command: ./binary-releases/snyk-macos-arm64 + install_deps_extension: macos-full + + - acceptance-tests: + name: acceptance-tests windows amd64 + go_target_os: windows + go_os: windows + go_arch: amd64 + go_download_base_url: << pipeline.parameters.go_download_base_url >> + context: + - nodejs-install + - team_hammerhead-cli + filters: + branches: + ignore: + - main + - '/release.*/' + requires: + - build windows amd64 + executor: win-server2022-amd64 + test_snyk_command: binary-releases\\snyk-win.exe + install_deps_extension: windows-native-build + dont_skip_tests: 0 + shards: 8 + shard_calc_cmd: '$([int]$env:CIRCLE_NODE_INDEX + 1)' + pre_test_cmds: | + if (Test-Path '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>') { . '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>' } - acceptance-tests: name: acceptance-tests windows unmanaged pre-prod diff --git a/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts b/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts index 64ddc5a19a..11d1133110 100644 --- a/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts +++ b/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts @@ -1,6 +1,10 @@ import { describeIf } from '../../../utils'; -import { createProjectFromWorkspace } from '../../util/createProject'; +import { + createProjectFromFixture, + createProjectFromWorkspace, +} from '../../util/createProject'; import { runSnykCLI } from '../../util/runSnykCLI'; +import * as path from 'path'; jest.setTimeout(1000 * 60 * 5); @@ -52,4 +56,33 @@ describeIf(hasPreProdCredentials)('unmanaged pre-prod user journey', () => { expect(JSON.parse(stdout)).toEqual(expect.any(Array)); expect(stdout).toContain('"purl": "pkg:generic/zlib@'); }); + + test('runs `snyk sbom --unmanaged --max-depth=1` against pre-prod', async () => { + const project = await createProjectFromFixture( + path.join('unmanaged', 'extraction'), + ); + const { code, stdout, stderr } = await runSnykCLI( + `sbom --unmanaged --max-depth=1 --format=cyclonedx1.4+json --org=${process.env.TEST_SNYK_ORG_SLUGNAME} --debug`, + { + cwd: project.path(), + env, + }, + ); + + if (code !== 0) { + console.debug(stderr); + console.debug('---------------------------'); + console.debug(stdout); + } + + expect(code).toEqual(0); + + let sbom; + expect(() => { + sbom = JSON.parse(stdout); + }).not.toThrow(); + + expect(sbom.metadata.component.name).toEqual('root-node'); + expect(sbom.components.length).toBeGreaterThanOrEqual(1); + }); }); From 3f3168165f551806d253d070a4f75b3dbbb97971 Mon Sep 17 00:00:00 2001 From: Will Rollason Date: Fri, 10 Apr 2026 14:24:41 +0100 Subject: [PATCH 4/5] wip: fix tests --- .circleci/config.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e1f964a477..55370e21f5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -952,7 +952,8 @@ workflows: install_deps_extension: windows-native-build dont_skip_tests: 0 shards: 1 - test_command: npm run test:acceptance -- --selectProjects coreCli --runTestsByPath test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts + shard_calc_cmd: '$([int]$env:CIRCLE_NODE_INDEX + 1)' + additional_test_args: --runTestsByPath test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts pre_test_cmds: | if (Test-Path '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>') { . '<< pipeline.parameters.windows_cache_dir >>/<< pipeline.parameters.windows_env_script >>' } $env:TEST_SNYK_API = $env:TEST_SNYK_API_DEV @@ -1587,9 +1588,9 @@ jobs: pre_test_cmds: type: string default: 'echo Running tests' - test_command: + additional_test_args: type: string - default: npm run test:acceptance -- --selectProjects coreCli --shard=<< parameters.shard_calc_cmd >>/<< parameters.shards >> + default: '' shards: type: integer default: 4 @@ -1624,7 +1625,7 @@ jobs: no_output_timeout: 30m command: | << parameters.pre_test_cmds >> - << parameters.test_command >> + npm run test:acceptance -- --selectProjects coreCli << parameters.additional_test_args >> --shard=<< parameters.shard_calc_cmd >>/<< parameters.shards >> environment: TEST_SNYK_FIPS: << parameters.fips >> TEST_SNYK_COMMAND: << parameters.test_snyk_command >> From 2ae413723c0e653483128e93b945c29b563b5f87 Mon Sep 17 00:00:00 2001 From: Will Rollason Date: Mon, 13 Apr 2026 12:12:31 +0100 Subject: [PATCH 5/5] extend test --- .../snyk-test/unmanaged-pre-prod.spec.ts | 25 +++++++++++++------ 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts b/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts index 11d1133110..24aa37da23 100644 --- a/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts +++ b/test/jest/acceptance/snyk-test/unmanaged-pre-prod.spec.ts @@ -33,7 +33,10 @@ describeIf(hasPreProdCredentials)('unmanaged pre-prod user journey', () => { } expect(code).toEqual(1); - expect(stdout).toContain('pkg:generic/zlib@'); + expect(stdout).toContain('madler/zlib@1.2.11'); + expect(stdout).toContain( + 'Tested 1 dependency for known issues, found 2 issues.', + ); }); test('runs `snyk test --unmanaged --json` against pre-prod', async () => { @@ -46,15 +49,21 @@ describeIf(hasPreProdCredentials)('unmanaged pre-prod user journey', () => { }, ); - if (code !== 1) { - console.debug(stderr); - console.debug('---------------------------'); - console.debug(stdout); - } + console.debug(stderr); + console.debug('---------------------------'); + console.debug(stdout); - expect(code).toEqual(1); - expect(JSON.parse(stdout)).toEqual(expect.any(Array)); + const parsed = JSON.parse(stdout); + expect(parsed).toEqual(expect.any(Array)); + expect(parsed.length).toBeGreaterThanOrEqual(1); + expect(parsed[0].vulnerabilities.length).toBeGreaterThanOrEqual(1); expect(stdout).toContain('"purl": "pkg:generic/zlib@'); + + // Verify file paths are present in the response to confirm the + // backend correctly handles OS-specific path separators (e.g. Windows backslashes). + expect(parsed[0].depsFilePaths).toBeDefined(); + const filePaths = Object.values(parsed[0].depsFilePaths).flat() as string[]; + expect(filePaths.length).toBeGreaterThanOrEqual(1); }); test('runs `snyk sbom --unmanaged --max-depth=1` against pre-prod', async () => {