ops: prepare docker critical events watcher

services/posture-check/tests/test-docker-critical-events.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+WATCHER="$SCRIPT_DIR/../docker-critical-events.sh"
+
+if [ ! -r "$WATCHER" ]; then
+  echo "FAIL: watcher not readable at $WATCHER" >&2
+  exit 1
+fi
+
+tmp="$(mktemp -d)"
+trap 'rm -rf "$tmp"' EXIT
+
+mkdir -p "$tmp/bin"
+cat > "$tmp/bin/docker" <<'EOF'
+#!/usr/bin/env bash
+if [ "${1:-}" != "events" ]; then
+  echo "unexpected docker command: $*" >&2
+  exit 1
+fi
+
+cat <<'EVENTS'
+{"Type":"container","Action":"die","Actor":{"Attributes":{"name":"ok-container","image":"example:latest","exitCode":"0"}}}
+{"Type":"container","Action":"die","Actor":{"Attributes":{"name":"bad-container","image":"example:latest","exitCode":"137"}}}
+{"Type":"container","Action":"oom","Actor":{"Attributes":{"name":"oom-container","image":"example:latest"}}}
+EVENTS
+EOF
+chmod +x "$tmp/bin/docker"
+
+PATH="$tmp/bin:$PATH" \
+SEND_NTFY=0 \
+OUTPUT_PATH="$tmp/events.log" \
+bash "$WATCHER"
+
+fail() {
+  echo "FAIL: $*" >&2
+  echo "--- events.log ---" >&2
+  cat "$tmp/events.log" >&2 || true
+  exit 1
+}
+
+[ -s "$tmp/events.log" ] || fail "expected critical event log to be written"
+
+if grep -q 'ok-container' "$tmp/events.log"; then
+  fail "exitCode 0 die event should not alert"
+fi
+
+grep -q 'bad-container' "$tmp/events.log" || fail "non-zero die event missing"
+grep -q 'oom-container' "$tmp/events.log" || fail "oom event missing"
+
+line_count="$(wc -l < "$tmp/events.log" | tr -d ' ')"
+[ "$line_count" = "2" ] || fail "expected 2 logged critical events, got $line_count"
+
+echo "OK - docker critical events filter test passed"