Part of #24.
What
Add to test/tests/:
test_trust_policy.py — identity pin match / mismatch.
test_install_auto_verify.py — install respects [trust.policy].
test_sbom_attach_discover.py — push with --sbom, fetch via ocx sbom.
test_slsa_provenance.py — attach + verify SLSA referrer.
test_osv_scan.py — install of binary with cargo-auditable data triggers expected scan path.
test_mirror_signing.py — mirror bundle is signed end-to-end.
test_referrers_capability.py — clear error against non-referrers registry.
test_cosign_interop.py — cosign verify accepts signatures produced by ocx sign and vice versa (regression suite).
All tests reuse the fake Fulcio + Rekor + OIDC fixture from PR #87 (test/tests/fixtures/fake_sigstore.py).
Acceptance criteria
- All tests green in
task test.
- Cosign-interop test runs against real cosign binary (installed via
ocx install cosign:2.6+).
- Fixture extensions kept minimal — reuse over duplication.
Part of #24.
What
Add to
test/tests/:test_trust_policy.py— identity pin match / mismatch.test_install_auto_verify.py— install respects[trust.policy].test_sbom_attach_discover.py— push with--sbom, fetch viaocx sbom.test_slsa_provenance.py— attach + verify SLSA referrer.test_osv_scan.py— install of binary withcargo-auditabledata triggers expected scan path.test_mirror_signing.py— mirror bundle is signed end-to-end.test_referrers_capability.py— clear error against non-referrers registry.test_cosign_interop.py—cosign verifyaccepts signatures produced byocx signand vice versa (regression suite).All tests reuse the fake Fulcio + Rekor + OIDC fixture from PR #87 (
test/tests/fixtures/fake_sigstore.py).Acceptance criteria
task test.ocx install cosign:2.6+).