Fix transient error caching, digest slice panic, and file permission overwrite

[Copilot]

Three independent bugs found via code audit: cached resolver permanently stores transient errors preventing retries, a short digest string causes a panic on slice, and writing pinned files silently clobbers original permissions.

Changes

• internal/resolver/resolver.go — CachedResolver.Resolve and CachedResolver.Exists now only write to the cache on success; errors fall through so callers retry on the next invocation.

• cmd/pin.go — digest display — digest[:19] replaced with digest[:min(19, len(digest))] to guard against unexpectedly short digest strings.

• cmd/pin.go — file permissions — Extracted writeFilePreservingPerms helper that reads the existing file mode via os.Stat before writing, falling back to 0644 only when the stat fails. Used by all three apply functions (applyDockerfile, applyActions, applyCompose).

func writeFilePreservingPerms(path string, data []byte) error {
    perm := os.FileMode(0644)
    if fi, err := os.Stat(path); err == nil {
        perm = fi.Mode().Perm()
    }
    return os.WriteFile(path, data, perm)
}

Tests

• TestCachedResolver_DoesNotCacheResolveErrors / TestCachedResolver_DoesNotCacheExistsErrors — use a failingResolver that errors on the first call then succeeds; assert that the error is not cached and the second call retries successfully.
• TestResolveParallel_ShortDigestNoPanic — calls resolveParallel with digests shorter than 19 characters (including zero-length); verifies no panic and correct results.
• TestWriteFilePreservingPerms — iterates over modes 0600/0640/0755, sets each with os.Chmod, calls writeFilePreservingPerms, and asserts the mode is unchanged after writing.
• TestApplyDockerfile_PreservesFilePermissions / TestApplyActions_PreservesFilePermissions / TestApplyCompose_PreservesFilePermissions — write a file, chmod it to 0600, invoke the respective apply function, and assert the file still has 0600 afterwards.

fix #40

[azu]

@copilot TDD and fix these issues.

[azu]

@copilot Can you add tests?

[Copilot]

@copilot TDD and fix these issues.

Added tests in e7be306:

• TestCachedResolver_DoesNotCacheResolveErrors / TestCachedResolver_DoesNotCacheExistsErrors — use a failingResolver that errors on the first call then succeeds; assert that the error is not cached so the second call retries and succeeds.
• TestResolveParallel_ShortDigestNoPanic — calls resolveParallel with a MockResolver returning a 10-char digest and a zero-length digest; verifies no panic and correct results.
• TestWriteFilePreservingPerms — iterates over 0600/0640/0755, sets each with os.Chmod, calls writeFilePreservingPerms, and asserts permissions are unchanged.
• TestApplyDockerfile_PreservesFilePermissions / TestApplyActions_PreservesFilePermissions / TestApplyCompose_PreservesFilePermissions — write a file, chmod it to 0600, invoke the apply function, and assert the file still has 0600 after the write.

[Copilot]

@copilot Can you add tests?

Tests were added in e7be306. All 6 packages pass:

• TestCachedResolver_DoesNotCacheResolveErrors / TestCachedResolver_DoesNotCacheExistsErrors — transient errors not cached, retried on next call
• TestResolveParallel_ShortDigestNoPanic — no panic on digest shorter than 19 chars (including zero-length)
• TestWriteFilePreservingPerms — helper preserves 0600/0640/0755 permissions after write
• TestApplyDockerfile_PreservesFilePermissions / TestApplyActions_PreservesFilePermissions / TestApplyCompose_PreservesFilePermissions — each apply function keeps original 0600 after write

[azu]

@copilot fix lint

[Copilot]

@copilot fix lint

Fixed in fae04ac. The issue was extra alignment spaces in the map literal comments in cmd/pin_test.go that caused goimports to flag the file as improperly formatted.