chore(test): using alpine instead of wordpress

[afdesk]

Description

This PR updates the base images used for scanning in integration tests — switching from wordpress to alpine.
This reduces image pull time and simplifies running them locally on macOS with Apple processors.

Checklist

• I've read the guidelines for contributing to this repository.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[afdesk]

@simar7 could you take a look at this PR when you have time?
also it'd be nice if you try to run it locally.
thanks

[simar7]

I ran it locally but it doesn't seem stable.

• [FAILED] [300.791 seconds]
Trivy Operator Vulnerability ScanJob When unmanaged Pod is created [It] Should create VulnerabilityReport
/Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:502

  [FAILED] Timed out after 300.000s.
  Expected
      <bool>: false
  to be true
  In [It] at: /Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:503 @ 09/08/25 16:34:44.6
------------------------------
S [SKIPPED] [0.000 seconds]
Trivy Operator Vulnerability ScanJob When unmanaged Pod is created [It] Should keep ScanJob in completed state
/Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:506

  [SKIPPED] Spec skipped because an earlier spec in an ordered container failed
  In [It] at: /Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:506 @ 09/08/25 16:34:45.391
------------------------------
S [SKIPPED] [0.000 seconds]
Trivy Operator Vulnerability ScanJob When unmanaged Pod is created [It] Should delete ScanJob after ttl expired
/Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:534

  [SKIPPED] Spec skipped because an earlier spec in an ordered container failed
  In [It] at: /Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:534 @ 09/08/25 16:34:45.392
------------------------------
[AfterSuite]
/Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/suite_test.go:95
  STEP: Stopping Trivy operator @ 09/08/25 16:34:45.393
[AfterSuite] PASSED [0.002 seconds]
------------------------------

Summarizing 1 Failure:
  [FAIL] Trivy Operator Vulnerability ScanJob When unmanaged Pod is created [It] Should create VulnerabilityReport
  /Users/simarpreetsingh/repos/trivy-operator/tests/itest/trivy-operator/behavior/behavior.go:503

Ran 10 of 12 Specs in 619.917 seconds
FAIL! -- 9 Passed | 1 Failed | 0 Pending | 2 Skipped

Is it due to this PR?

[afdesk]

@simar7 is there something strange in the logs?
in my env I see OOMKilled on Minikube

{"level":"error","ts":"2025-09-09T14:34:43+06:00","logger":"reconciler.scan job","msg":"Scan job container","job":"trivy-system/scan-vulnerabilityreport-98b66b69","container":"88e558cf-97c8-41a1-a5b3-da6e6f076d73","status.reason":"OOMKilled","status.message":"------------------>_] 97.69% 6.13 MiB p/s ETA 0s68.98 MiB / 70.12 MiB [------------------------------------------------>] 98.38% 6.13 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 6.13 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.91 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.91 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.91 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.53 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.53 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.53 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.17 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.17 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.17 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.84 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.84 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.84 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.52 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.52 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.52 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.23 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.23 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.23 MiB p/s ETA 0s","stacktrace":"github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers\n\t/Users/amf/aqua/my-trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:441\ngithub.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1\n\t/Users/amf/aqua/my-trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:103\nsigs.k8s.io/controller-runtime/pkg/reconcile.TypedFunc[...].Reconcile\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/reconcile/reconcile.go:134\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:340\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:300\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.1\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:202"}

[simar7]

@simar7 is there something strange in the logs? in my env I see OOMKilled on Minikube

{"level":"error","ts":"2025-09-09T14:34:43+06:00","logger":"reconciler.scan job","msg":"Scan job container","job":"trivy-system/scan-vulnerabilityreport-98b66b69","container":"88e558cf-97c8-41a1-a5b3-da6e6f076d73","status.reason":"OOMKilled","status.message":"------------------>_] 97.69% 6.13 MiB p/s ETA 0s68.98 MiB / 70.12 MiB [------------------------------------------------>] 98.38% 6.13 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 6.13 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.91 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.91 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.91 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.53 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.53 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.53 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.17 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.17 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 5.17 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.84 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.84 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.84 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.52 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.52 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.52 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.23 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.23 MiB p/s ETA 0s70.12 MiB / 70.12 MiB [----------------------------------------------->] 100.00% 4.23 MiB p/s ETA 0s","stacktrace":"github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers\n\t/Users/amf/aqua/my-trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:441\ngithub.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1\n\t/Users/amf/aqua/my-trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:103\nsigs.k8s.io/controller-runtime/pkg/reconcile.TypedFunc[...].Reconcile\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/reconcile/reconcile.go:134\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:340\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:300\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.1\n\t/Users/amf/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:202"}

I just took another look at the log - nothing strange or unexpected. It just times out. The rest of the tests pass except this one.

[simar7]

@afdesk just took another look at it - wouldn't changing the test image impact any assertions that we make? It seems that there's no updated test / broken test as part of this change but I expected there to be one.

[afdesk]

just took another look at it - wouldn't changing the test image impact any assertions that we make? It seems that there's no updated test / broken test as part of this change but I expected there to be one.

Unfortunately, the tests only verify the presence of vulnerability reports, not their actual content.
That’s why changing the images didn’t affect the test results

[simar7]

just took another look at it - wouldn't changing the test image impact any assertions that we make? It seems that there's no updated test / broken test as part of this change but I expected there to be one.

Unfortunately, the tests only verify the presence of vulnerability reports, not their actual content. That’s why changing the images didn’t affect the test results

I think we should address this. We should assert the content in addition to the presence as that's the only definitive way to know functionally if the expectation was correct or not. Could you do it as part of this PR?