Skip to content

chore(e2e): skip feature-level FixedBy assertions #2491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jvdm merged 1 commit into from
Dec 10, 2025
Merged

chore(e2e): skip feature-level FixedBy assertions #2491

jvdm merged 1 commit into from
Dec 10, 2025

Conversation

@jvdm
Copy link
Contributor

@jvdm jvdm commented Dec 9, 2025

Summary

  • Skip feature-level FixedBy assertions in E2E tests to eliminate frequent test failures when new advisories are published
  • Per-vulnerability FixedBy validation is preserved, which is more stable and meaningful

Context

Analysis of git history shows that ~74% of commits to testcase_test.go are updates to FixedBy values. This represents significant maintenance overhead with minimal test value since the feature-level FixedBy simply aggregates the max fix version across all vulnerabilities.

What is still tested:

  • Per-vulnerability FixedBy (stable, per-RHSA/CVE)
  • Vulnerability detection (correct CVEs/RHSAs found)
  • CVSS metadata (scores, vectors)
  • Feature identification (name, version, namespace, layer)

This change mirrors the approach already used in grpc_test.go (line 53) which clears FixedBy before comparison.

Test plan

  • E2E tests pass
  • Verify per-vulnerability FixedBy is still validated via checkMatch()/checkGRPCMatch()

@jvdm
chore(e2e): skip feature-level FixedBy assertions
dc1d1c1 
The feature-level FixedBy field changes every time a new advisory is
published for a package. This causes frequent E2E test failures that
require manual updates to the test assertions.

Analysis of git history shows that ~74% of commits to testcase_test.go
are updates to FixedBy values - maintenance overhead with minimal test
value since:

1. Per-vulnerability FixedBy is still validated (stable, per-RHSA)
2. Vulnerability detection (correct CVEs/RHSAs) is still tested
3. CVSS metadata (scores, vectors) is still tested
4. Feature identification (name, version, namespace) is still tested

This change mirrors the approach already used in grpc_test.go which
clears FixedBy before comparison.
@jvdm jvdm requested a review from a team as a code owner December 9, 2025 17:40
BradLugo
BradLugo approved these changes Dec 9, 2025
View reviewed changes
Copy link
Contributor

@BradLugo BradLugo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Is the plan to backport these changes to the release branches?

@jvdm
Copy link
Contributor Author

jvdm commented Dec 10, 2025

LGTM. Is the plan to backport these changes to the release branches?
Yes.

@jvdm jvdm merged commit 54ca2d2 into master Dec 10, 2025
39 checks passed
@jvdm jvdm deleted the jvdm/skip-fixedby-e2e-check branch December 10, 2025 03:02
This was referenced Dec 10, 2025
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BradLugo BradLugo BradLugo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jvdm @BradLugo