Merge remote-tracking branch 'origin/main' into codex/playwright-mcp-supply-20260715

This commit is contained in:
ogt
2026-07-15 09:49:41 +08:00
5 changed files with 407 additions and 2 deletions

View File

@@ -81,7 +81,7 @@ class RuntimeImageMirrorControllerTest(unittest.TestCase):
self.assertEqual(policy.work_item_id, "AIA-P0-006-02A")
self.assertEqual(policy.risk_level, "high")
self.assertEqual(len(policy.images), 17)
self.assertEqual(len(policy.images), 18)
self.assertNotIn("github.com", raw)
self.assertNotIn("ghcr.io", raw)
self.assertIn('"external_pull_allowed": false', raw)
@@ -106,7 +106,7 @@ class RuntimeImageMirrorControllerTest(unittest.TestCase):
)
)
container_kinds = [image.workload.container_kind for image in policy.images]
self.assertEqual(container_kinds.count("container"), 14)
self.assertEqual(container_kinds.count("container"), 15)
self.assertEqual(container_kinds.count("init_container"), 3)
vpa = next(
@@ -176,6 +176,31 @@ class RuntimeImageMirrorControllerTest(unittest.TestCase):
),
)
sealed_secrets = next(
image
for image in policy.images
if image.asset_id == "runtime-image:sealed-secrets-controller"
)
self.assertEqual(
sealed_secrets.target_registry_digest,
"sha256:2692460ed95f213760550cb508c881e1490a2f0ce4affbed31a0bf900ebba363",
)
self.assertEqual(sealed_secrets.workload.namespace, "kube-system")
self.assertEqual(sealed_secrets.workload.name, "sealed-secrets-controller")
self.assertEqual(
sealed_secrets.workload.container, "sealed-secrets-controller"
)
self.assertEqual(
sealed_secrets.availability_guard,
controller.AvailabilityGuard(
minimum_ready_replicas=1,
maximum_effective_unavailable=0,
minimum_effective_surge=1,
enforced_max_unavailable=0,
enforced_max_surge=1,
),
)
def test_policy_loads_and_validates_init_container_kind(self) -> None:
image = self._image_with_container_kind("init_container")