fix(rocky): fix failed tests

rocky/rocky.go

@@ -187,9 +187,16 @@ func (c Config) update(majorVer string, releases map[string][]string, repo, arch
 		return xerrors.Errorf("failed to mkdir: %w", err)
 	}
 
+	// ["pub", "vault"] => ["vault", "pub"]
+	statuses := []string{}
+	for status := range releases {
+		statuses = append(statuses, status)
+	}
+	sort.Slice(statuses, func(i, j int) bool { return statuses[i] > statuses[j] })
+
 	advisories := map[string]Advisory{}
-	for status, rels := range releases {
-		for _, rel := range rels {
+	for _, status := range statuses {
+		for _, rel := range releases[status] {
 			u, err := url.Parse(fmt.Sprintf(c.url, status, rel, repo, arch))
 			if err != nil {
 				return xerrors.Errorf("failed to parse root url: %w", err)

rocky/rocky_test.go

@@ -2,6 +2,7 @@ package rocky_test
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -15,6 +16,7 @@ import (
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/xerrors"
 )
 
 func Test_Update(t *testing.T) {
@@ -32,20 +34,20 @@ func Test_Update(t *testing.T) {
 			repository:    []string{"BaseOS", "AppStream"},
 			expectedError: nil,
 		},
-		// {
-		// 	name:          "not module in modules.yaml",
-		// 	rootDir:       "testdata/fixtures/not_module_in_yaml",
-		// 	releases:      map[string]map[string][]string{"8": {"pub": {"8.5"}}},
-		// 	repository:    []string{"AppStream"},
-		// 	expectedError: nil,
-		// },
-		// {
-		// 	name:          "bad updateInfo response",
-		// 	rootDir:       "testdata/fixtures/updateinfo_invalid",
-		// 	releases:      map[string]map[string][]string{"8": {"pub": {"8.5"}}},
-		// 	repository:    []string{"BaseOS"},
-		// 	expectedError: xerrors.Errorf("failed to update security advisories of Rocky Linux 8 BaseOS x86_64: %w", errors.New("failed to fetch updateInfo")),
-		// },
+		{
+			name:          "not module in modules.yaml",
+			rootDir:       "testdata/fixtures/not_module_in_yaml",
+			releases:      map[string]map[string][]string{"8": {"pub": {"8.5"}}},
+			repository:    []string{"AppStream"},
+			expectedError: nil,
+		},
+		{
+			name:          "bad updateInfo response",
+			rootDir:       "testdata/fixtures/updateinfo_invalid",
+			releases:      map[string]map[string][]string{"8": {"pub": {"8.5"}}},
+			repository:    []string{"BaseOS"},
+			expectedError: xerrors.Errorf("failed to update security advisories of Rocky Linux 8 BaseOS x86_64: %w", errors.New("failed to fetch updateInfo")),
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

rocky/testdata/fixtures/not_module_in_yaml/pub/rocky/8.5/AppStream/x86_64/os/repodata/repodata

@@ -0,0 +1,10 @@
+<html>
+<head><title>Index of /pub/rocky/8.5/AppStream/x86_64/os/repodata/</title></head>
+<body bgcolor="white">
+<h1>Index of /pub/rocky/8.5/AppStream/x86_64/os/repodata/</h1><hr><pre><a href="../">../</a>
+<a href="1-updateinfo.xml.gz">0c11bf32680996cf227bba2496573626142ab58de0bdacd..&gt;</a> 27-Jan-2022 21:37               26010
+<a href="1-modules.yaml.xz">67f7e4dea4a7468c1017a362af42bdd7254a92bf6dcb3b5..&gt;</a> 27-Jan-2022 19:50               63260
+<a href="repomd.xml">repomd.xml</a>                                         27-Jan-2022 23:09                4876
+<a href="repomd.xml.asc">repomd.xml.asc</a>                                     27-Jan-2022 23:09                 833
+</pre><hr></body>
+</html>

rocky/testdata/fixtures/updateinfo_invalid/pub/rocky/8.5/BaseOS/x86_64/os/repodata/1-updateinfo.xml

@@ -0,0 +1,50 @@
+<updates
+  <update from="[email protected]" status="final" type="security" version="2">
+    <id>RLSA-2021:4511</id>
+    <title>Moderate: curl security and bug fix update</title>
+    <issued date="2021-11-15 07:26:41"></issued>
+    <updated date="2021-11-09 00:00:00"></updated>
+    <rights>Copyright (C) 2021 Rocky Enterprise Software Foundation</rights>
+    <release>Rocky Linux 8</release>
+    <pushcount>1</pushcount>
+    <severity>Moderate</severity>
+    <summary>An update for curl is now available for Rocky Linux 8.&#xA;Rocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.</summary>
+    <description>For more information visit https://errata.rockylinux.org/RLSA-2021:4511</description>
+    <references>
+      <reference href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json" id="CVE-2021-22925" type="cve" title="Update information for CVE-2021-22925 is retrieved from Red Hat"></reference>
+    </references>
+    <pkglist>
+      <collection short="RL8">
+        <name>Rocky Linux 8</name>
+        <package name="libcurl-minimal" version="7.61.1" release="22.el8" epoch="0" arch="i686" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>libcurl-minimal-7.61.1-22.el8.i686.rpm</filename>
+          <sum type="sha256">b2ec1f86fd58731f4fe6bb19540b8cca8d61418a47760babef44fe37eb6d1707</sum>
+        </package>
+        <package name="libcurl-devel" version="7.61.1" release="22.el8" epoch="0" arch="i686" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>libcurl-devel-7.61.1-22.el8.i686.rpm</filename>
+          <sum type="sha256">4c278eb72cbb6d9cbc0ac4677cc25ef11302ce2b149e19e9e9789ea3fbcb2fb1</sum>
+        </package>
+        <package name="curl" version="7.61.1" release="22.el8" epoch="0" arch="x86_64" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>curl-7.61.1-22.el8.x86_64.rpm</filename>
+          <sum type="sha256">e372199f281feaad685fa855a3c585c381ca5abcbe2d7e5a6dde103f337cb7e2</sum>
+        </package>
+        <package name="libcurl" version="7.61.1" release="22.el8" epoch="0" arch="i686" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>libcurl-7.61.1-22.el8.i686.rpm</filename>
+          <sum type="sha256">7508b40b10f354ae27647efa810be3d53c7255fc39494d6addd5df536c5a9295</sum>
+        </package>
+        <package name="libcurl-devel" version="7.61.1" release="22.el8" epoch="0" arch="x86_64" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>libcurl-devel-7.61.1-22.el8.x86_64.rpm</filename>
+          <sum type="sha256">b97faa42eb51fb20ceb8a70d9fb7e5647de92775d52292ace032108f3d3fab30</sum>
+        </package>
+        <package name="libcurl" version="7.61.1" release="22.el8" epoch="0" arch="x86_64" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>libcurl-7.61.1-22.el8.x86_64.rpm</filename>
+          <sum type="sha256">7cc35e59072c0f21b2f8f7c4d8769b8b143299bab5438619d0a895ee9be62b8b</sum>
+        </package>
+        <package name="libcurl-minimal" version="7.61.1" release="22.el8" epoch="0" arch="x86_64" src="curl-7.61.1-22.el8.src.rpm">
+          <filename>libcurl-minimal-7.61.1-22.el8.x86_64.rpm</filename>
+          <sum type="sha256">a01088cec7aaabebb5389eb6181dc11e1fe240319e6ce18f7f625434386591f0</sum>
+        </package>
+      </collection>
+    </pkglist>
+  </update>
+</updates>

rocky/testdata/fixtures/updateinfo_invalid/pub/rocky/8.5/BaseOS/x86_64/os/repodata/repodata

@@ -0,0 +1,9 @@
+<html>
+<head><title>Index of /pub/rocky/8.5/BaseOS/x86_64/os/repodata/</title></head>
+<body bgcolor="white">
+<h1>Index of /pub/rocky/8.5/BaseOS/x86_64/os/repodata/</h1><hr><pre><a href="../">../</a>
+<a href="1-updateinfo.xml.gz">b729c78fe0fa3b5ec30761bcc900b249b9669db8f5f23fd..&gt;</a> 27-Jan-2022 21:37               18554
+<a href="repomd.xml">repomd.xml</a>                                         27-Jan-2022 23:09                4396
+<a href="repomd.xml.asc">repomd.xml.asc</a>                                     27-Jan-2022 23:09                 833
+</pre><hr></body>
+</html>

rocky/testdata/golden/2021/RLSA-2021:1979(invalid).json

@@ -0,0 +1,41 @@
+{
+  "id": "RLSA-2021:1979(invalid)",
+  "title": "Important: squid:4 security update",
+  "issued": {
+    "date": "2021-07-22 03:16:49"
+  },
+  "updated": {
+    "date": "2021-05-18 00:00:00"
+  },
+  "severity": "Important",
+  "description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1979",
+  "packages": [
+    {
+      "name": "libecap",
+      "epoch": "0",
+      "version": "1.0.1",
+      "release": "2.module+el8.4.0+404+316a0dc5",
+      "arch": "x86_64",
+      "src": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.src.rpm",
+      "filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
+    },
+    {
+      "name": "libecap-devel",
+      "epoch": "0",
+      "version": "1.0.1",
+      "release": "2.module+el8.4.0+404+316a0dc5",
+      "arch": "x86_64",
+      "src": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.src.rpm",
+      "filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
+    }
+  ],
+  "references": [
+    {
+      "href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json",
+      "id": "CVE-2020-25097",
+      "title": "Update information for CVE-2020-25097 is retrieved from Red Hat",
+      "type": "cve"
+    }
+  ],
+  "cveids": ["CVE-2020-25097"]
+}