add conformance test driver (#792)

Signed-off-by: Brian DeHamer <[email protected]>

Author: bdehamer

.changeset/slimy-pears-jam.md

@@ -0,0 +1,2 @@
+---
+---

.github/scripts/tuf-conformance

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+const fs = require('fs')
+const path = require('path')
+const { Updater } = require('tuf-js')
+const yargs = require('yargs/yargs')
+const { hideBin } = require('yargs/helpers')
+
+yargs(hideBin(process.argv))
+  .version(false)
+
+  // init command
+  .command('init <trusted-root>', 'init cache', {
+    'metadata-dir': { type: 'string' },
+  }, (argv) => {
+    if (!fs.existsSync(argv.metadataDir)) {
+      fs.mkdirSync(argv.metadataDir, {
+        recursive: true
+      });
+    }
+
+    fs.copyFileSync(argv.trustedRoot, path.join(argv.metadataDir, 'root.json'));
+  })
+
+  // refresh command
+  .command('refresh', 'refresh metadata from tuf repo', {
+    'metadata-url': { type: 'string' },
+    'metadata-dir': { type: 'string' },
+  }, async (argv) => {
+    const updater = new Updater({
+      metadataBaseUrl: argv.metadataUrl,
+      metadataDir: argv.metadataDir,
+    })
+
+    return updater.refresh()
+  })
+
+  // download command
+  .command('download', 'retrieve target', {
+    'metadata-url': { type: 'string' },
+    'metadata-dir': { type: 'string' },
+    'target-name': { type: 'string' },
+    'target-base-url': { type: 'string' },
+    'target-dir': { type: 'string' }
+  }, async (argv) => {
+    if (!fs.existsSync(argv.targetDir)) {
+      fs.mkdirSync(argv.targetDir, {
+        recursive: true
+      });
+    }
+
+    const updater = new Updater({
+      metadataBaseUrl: argv.metadataUrl,
+      metadataDir: argv.metadataDir,
+      targetBaseUrl: argv.targetBaseUrl,
+      targetDir: argv.targetDir
+    })
+
+    const targetInfo = await updater.getTargetInfo(argv.targetName)
+    if (!targetInfo) {
+      throw new Error(`Target ${argv.targetPath} not found`);
+    }
+
+    return updater.downloadTarget(targetInfo)
+  })
+  .parse()

.github/workflows/conformance.yml

@@ -0,0 +1,37 @@
+---
+name: Conformance
+
+"on":
+  push:
+    branches: ['main']
+  pull_request:
+    branches: ['main']
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  tuf-conformance:
+    name: TUF Conformance Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+
+      - name: Setup node
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run build
+        run: npm run build
+
+      - name: Run conformance suite
+        uses: theupdateframework/tuf-conformance@3a8726362e0440ddcf5156ab06aa385f3728558c # TODO: Pin to a released version
+        with:
+          entrypoint: ".github/scripts/tuf-conformance"