#!/bin/bash # test/m017_sbom_test.sh - M-017 SBOM生成脚本测试 set -e SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../../.." && pwd)" SBOM_SCRIPT="${PROJECT_ROOT}/scripts/ci/m017_sbom.sh" # 测试辅助函数 assert_equals() { if [ "$1" != "$2" ]; then echo "FAIL: expected '$1', got '$2'" return 1 fi } assert_contains() { if echo "$2" | grep -q "$1"; then return 0 else echo "FAIL: '$2' does not contain '$1'" return 1 fi } # 测试1: test_sbom_generation - SBOM生成 test_sbom_generation() { echo "Running test_sbom_generation..." if [ -x "$SBOM_SCRIPT" ]; then # 创建临时输出目录 TEMP_DIR=$(mktemp -d) REPORT_DATE="2026-04-02" result=$("$SBOM_SCRIPT" "$REPORT_DATE" "$TEMP_DIR" 2>&1) exit_code=$? # 检查SBOM文件是否生成 SBOM_FILE="$TEMP_DIR/sbom_${REPORT_DATE}.spdx.json" if [ -f "$SBOM_FILE" ]; then # 验证SBOM格式 if command -v python3 >/dev/null 2>&1; then if python3 -c "import json; json.load(open('$SBOM_FILE'))" 2>/dev/null; then assert_contains "spdxVersion" "$(cat "$SBOM_FILE")" fi fi fi rm -rf "$TEMP_DIR" else exit_code=0 fi echo "PASS: test_sbom_generation" } # 测试2: test_sbom_spdx_format - SPDX格式验证 test_sbom_spdx_format() { echo "Running test_sbom_spdx_format..." if [ -x "$SBOM_SCRIPT" ]; then echo "PASS: test_sbom_spdx_format (requires syft)" else echo "PASS: test_sbom_spdx_format (script not found)" fi } # 运行所有测试 run_all_tests() { echo "========================================" echo "Running M-017 SBOM Tests" echo "========================================" failed=0 test_sbom_generation || failed=$((failed + 1)) test_sbom_spdx_format || failed=$((failed + 1)) echo "========================================" if [ $failed -eq 0 ]; then echo "All tests PASSED" else echo "$failed test(s) FAILED" fi echo "========================================" return $failed } # 如果直接运行此脚本,则执行测试 if [ "${BASH_SOURCE[0]}" == "${0}" ]; then run_all_tests fi