test: have mcp integration tests use osv-scanner-test.toml (#2585)

G-Rath · web-flow · commit 2985c9ccc4ec · 2026-03-05T11:14:46.000+11:00
This matches what we're doing in our other tests, and means that tools
like scorecard won't ding us for the vulnerability in this test data
diff --git a/cmd/osv-scanner/mcp/integration_test.go b/cmd/osv-scanner/mcp/integration_test.go
@@ -121,7 +121,16 @@ func buildTestBinary(t *testing.T) string {
 	}
 
 	// We use the full package path to ensure we build the correct main package.
-	cmdBuild := exec.CommandContext(context.Background(), "go", "build", "-o", binPath, "github.com/google/osv-scanner/v2/cmd/osv-scanner")
+	cmdBuild := exec.CommandContext(
+		context.Background(),
+		"go",
+		"build",
+		"-ldflags",
+		"-X 'github.com/google/osv-scanner/v2/internal/config.OSVScannerConfigName=osv-scanner-test.toml'",
+		"-o",
+		binPath,
+		"github.com/google/osv-scanner/v2/cmd/osv-scanner",
+	)
 	cmdBuild.Stdout = os.Stdout
 	cmdBuild.Stderr = os.Stderr
 	if err := cmdBuild.Run(); err != nil {
diff --git a/cmd/osv-scanner/mcp/testdata/go-project/osv-scanner-test.toml b/cmd/osv-scanner/mcp/testdata/go-project/osv-scanner-test.toml
@@ -0,0 +1 @@
+
diff --git a/cmd/osv-scanner/mcp/testdata/go-project/osv-scanner.toml b/cmd/osv-scanner/mcp/testdata/go-project/osv-scanner.toml
@@ -0,0 +1,2 @@
+[[PackageOverrides]]
+ignore = true
