diff --git a/test/jest/acceptance/snyk-sbom-monitor/all-projects.spec.ts b/test/jest/acceptance/snyk-sbom-monitor/beta-all-projects.spec.ts similarity index 100% rename from test/jest/acceptance/snyk-sbom-monitor/all-projects.spec.ts rename to test/jest/acceptance/snyk-sbom-monitor/beta-all-projects.spec.ts diff --git a/test/jest/acceptance/snyk-sbom-test/sbom-test-user-journey.spec.ts b/test/jest/acceptance/snyk-sbom-test/sbom-test-user-journey.spec.ts new file mode 100644 index 0000000000..790eca67b5 --- /dev/null +++ b/test/jest/acceptance/snyk-sbom-test/sbom-test-user-journey.spec.ts @@ -0,0 +1,53 @@ +import { existsSync } from 'fs'; + +import { runSnykCLI } from '../../util/runSnykCLI'; +import { getFixturePath } from '../../util/getFixturePath'; + +jest.setTimeout(1000 * 300); + +const SBOM_FILE_PATH = getFixturePath('sbom/snyk-goof-sbom.json'); +const ASSET_NAME = 'cli-sbom-monitor-user-journey'; + +// Marker to make this user-journey test easy to locate in CI output. +const LOG_TAG = '[sbom-monitor-user-journey]'; + +const dragonflyEnv = { + ...process.env, + SNYK_API: process.env.TEST_SNYK_API_DEV, + SNYK_TOKEN: process.env.TEST_SNYK_TOKEN_DEV, + INTERNAL_SNYK_CLI_ROLLOUT_DFLY_SBOM_MONITOR: 'true', +}; + +const describeIfPreProd = process.env.TEST_SNYK_TOKEN_DEV + ? describe + : describe.skip; + +beforeAll(() => { + if (!existsSync(SBOM_FILE_PATH)) { + throw new Error( + `SBOM fixture not found at ${SBOM_FILE_PATH}. Please ensure test fixtures are properly set up.`, + ); + } +}); + +describeIfPreProd('snyk sbom test --report', () => { + it('should successfully test an SBOM', async () => { + const command = `sbom test --report --experimental --file=${SBOM_FILE_PATH} --asset-name=${ASSET_NAME}`; + console.log(`${LOG_TAG} running: snyk ${command}`); + + const { code, stdout, stderr } = await runSnykCLI(command, { + env: dragonflyEnv, + }); + + // Emit the full CLI result so the run is verifiable from the CI logs even + // when the assertions pass silently. + console.log(`${LOG_TAG} exit code: ${code}`); + console.log(`${LOG_TAG} stdout:\n${stdout}`); + console.log(`${LOG_TAG} stderr:\n${stderr}`); + + expect(stderr).toBe(''); + expect(stdout).toContain('View your asset(s) at:'); + // The goof SBOM fixture contains known vulnerabilities, so the CLI exits 1. + expect(code).toBe(1); + }); +});