From 0f95330fde6ebad95b5a50be3aacb0a1d11363af Mon Sep 17 00:00:00 2001 From: DavHau Date: Thu, 11 Jan 2024 14:41:35 +0700 Subject: [PATCH] fetchGit: add simple test for ssh fetching Also move tests to separate files which are auto-imported. This should allow people adding tests concurrently without introducing merge conflicts --- tests/nixos/fetch-git/default.nix | 52 +++++-------------- .../test-cases/http-simple/default.nix | 37 +++++++++++++ .../test-cases/ssh-simple/default.nix | 41 +++++++++++++++ tests/nixos/fetch-git/testsupport/gitea.nix | 41 ++++++++++++++- tests/nixos/fetch-git/testsupport/setup.nix | 10 +++- 5 files changed, 138 insertions(+), 43 deletions(-) create mode 100644 tests/nixos/fetch-git/test-cases/http-simple/default.nix create mode 100644 tests/nixos/fetch-git/test-cases/ssh-simple/default.nix diff --git a/tests/nixos/fetch-git/default.nix b/tests/nixos/fetch-git/default.nix index abeefb0e3..254fecaaf 100644 --- a/tests/nixos/fetch-git/default.nix +++ b/tests/nixos/fetch-git/default.nix @@ -8,53 +8,25 @@ /* Test cases + + Test cases are automatically imported from ./test-cases/{name} + The following is set up automatically for each test case: - a repo with the {name} is created on the gitea server - a repo with the {name} is created on the client - the client repo is configured to push to the server repo + Python variables: - repo.path: the path to the directory of the client repo - repo.git: the git command with the client repo as the working directory - repo.remote: the url to the server repo */ - testCases = [ - { - name = "simple-http"; - description = "can fetch a git repo via http"; - script = '' - # add a file to the repo - client.succeed(f""" - echo chiang-mai > {repo.path}/thailand \ - && {repo.git} add thailand \ - && {repo.git} commit -m 'commit1' - """) - - # memoize the revision - rev1 = client.succeed(f""" - {repo.git} rev-parse HEAD - """).strip() - - # push to the server - client.succeed(f""" - {repo.git} push origin main - """) - - # fetch the repo via nix - fetched1 = client.succeed(f""" - nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).outPath" - """) - - # check if the committed file is there - client.succeed(f""" - test -f {fetched1}/thailand - """) - - # check if the revision is the same - rev1_fetched = client.succeed(f""" - nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).rev" - """).strip() - assert rev1 == rev1_fetched - ''; - } - ]; + testCases = + map + (testCaseName: {...}: { + imports = ["${./test-cases}/${testCaseName}"]; + # ensures tests are named like their directories they are defined in + name = testCaseName; + }) + (lib.attrNames (builtins.readDir ./test-cases)); } diff --git a/tests/nixos/fetch-git/test-cases/http-simple/default.nix b/tests/nixos/fetch-git/test-cases/http-simple/default.nix new file mode 100644 index 000000000..1bd5bbba2 --- /dev/null +++ b/tests/nixos/fetch-git/test-cases/http-simple/default.nix @@ -0,0 +1,37 @@ +{ + description = "can fetch a git repo via http"; + script = '' + # add a file to the repo + client.succeed(f""" + echo chiang-mai > {repo.path}/thailand \ + && {repo.git} add thailand \ + && {repo.git} commit -m 'commit1' + """) + + # memoize the revision + rev1 = client.succeed(f""" + {repo.git} rev-parse HEAD + """).strip() + + # push to the server + client.succeed(f""" + {repo.git} push origin main + """) + + # fetch the repo via nix + fetched1 = client.succeed(f""" + nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).outPath" + """) + + # check if the committed file is there + client.succeed(f""" + test -f {fetched1}/thailand + """) + + # check if the revision is the same + rev1_fetched = client.succeed(f""" + nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).rev" + """).strip() + assert rev1 == rev1_fetched, f"rev1: {rev1} != rev1_fetched: {rev1_fetched}" + ''; +} diff --git a/tests/nixos/fetch-git/test-cases/ssh-simple/default.nix b/tests/nixos/fetch-git/test-cases/ssh-simple/default.nix new file mode 100644 index 000000000..0e4494ae0 --- /dev/null +++ b/tests/nixos/fetch-git/test-cases/ssh-simple/default.nix @@ -0,0 +1,41 @@ +{ + description = "can fetch a git repo via ssh"; + script = '' + # add a file to the repo + client.succeed(f""" + echo chiang-mai > {repo.path}/thailand \ + && {repo.git} add thailand \ + && {repo.git} commit -m 'commit1' + """) + + # memoize the revision + rev1 = client.succeed(f""" + {repo.git} rev-parse HEAD + """).strip() + + # push to the server + client.succeed(f""" + {repo.git} push origin-ssh main + """) + + # fetch the repo via nix + fetched1 = client.succeed(f""" + nix eval --impure --raw --expr ' + (builtins.fetchGit "{repo.remote_ssh}").outPath + ' + """) + + # check if the committed file is there + client.succeed(f""" + test -f {fetched1}/thailand + """) + + # check if the revision is the same + rev1_fetched = client.succeed(f""" + nix eval --impure --raw --expr ' + (builtins.fetchGit "{repo.remote_ssh}").rev + ' + """).strip() + assert rev1 == rev1_fetched, f"rev1: {rev1} != rev1_fetched: {rev1_fetched}" + ''; +} diff --git a/tests/nixos/fetch-git/testsupport/gitea.nix b/tests/nixos/fetch-git/testsupport/gitea.nix index d2bd622e4..2ea23961e 100644 --- a/tests/nixos/fetch-git/testsupport/gitea.nix +++ b/tests/nixos/fetch-git/testsupport/gitea.nix @@ -1,4 +1,18 @@ -{ lib, nixpkgs, system, ... }: { +{ lib, nixpkgs, system, pkgs, ... }: let + clientPrivateKey = pkgs.writeText "id_ed25519" '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO + VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ + AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH + Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU= + -----END OPENSSH PRIVATE KEY----- + ''; + + clientPublicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB"; + +in { imports = [ ../testsupport/setup.nix ]; @@ -8,8 +22,11 @@ services.gitea.settings.service.DISABLE_REGISTRATION = true; services.gitea.settings.log.LEVEL = "Info"; services.gitea.settings.database.LOG_SQL = false; + services.openssh.enable = true; networking.firewall.allowedTCPPorts = [ 3000 ]; - environment.systemPackages = [ pkgs.gitea ]; + environment.systemPackages = [ pkgs.git pkgs.gitea ]; + + users.users.root.openssh.authorizedKeys.keys = [clientPublicKey]; # TODO: remove this after updating to nixos-23.11 nixpkgs.pkgs = lib.mkForce (import nixpkgs { @@ -59,5 +76,25 @@ git config --global gc.autodetach 0 git config --global gc.auto 0 """) + + # add client's private key to ~/.ssh + client.succeed(""" + mkdir -p ~/.ssh + chmod 700 ~/.ssh + cat ${clientPrivateKey} >~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + """) + + client.succeed(""" + echo "Host gitea" >>~/.ssh/config + echo " StrictHostKeyChecking no" >>~/.ssh/config + echo " UserKnownHostsFile /dev/null" >>~/.ssh/config + echo " User root" >>~/.ssh/config + """) + + # ensure ssh from client to gitea works + client.succeed(""" + ssh root@gitea true + """) ''; } diff --git a/tests/nixos/fetch-git/testsupport/setup.nix b/tests/nixos/fetch-git/testsupport/setup.nix index f2fbd737d..2f74f51f8 100644 --- a/tests/nixos/fetch-git/testsupport/setup.nix +++ b/tests/nixos/fetch-git/testsupport/setup.nix @@ -78,19 +78,27 @@ in self.name = name self.path = "/tmp/repos/" + name self.remote = "http://gitea:3000/test/" + name + self.remote_ssh = "ssh://gitea/root/" + name self.git = f"git -C {self.path}" self.create() def create(self): + # create ssh remote repo + gitea.succeed(f""" + git init --bare -b main /root/{self.name} + """) + # create http remote repo gitea.succeed(f""" curl --fail -X POST http://{gitea_admin}:{gitea_admin_password}@gitea:3000/api/v1/user/repos \ -H 'Accept: application/json' -H 'Content-Type: application/json' \ -d {shlex.quote( f'{{"name":"{self.name}", "default_branch": "main"}}' )} """) + # setup git remotes on client client.succeed(f""" mkdir -p {self.path} \ && git init -b main {self.path} \ - && {self.git} remote add origin {self.remote} + && {self.git} remote add origin {self.remote} \ + && {self.git} remote add origin-ssh root@gitea:{self.name} """) ''; testScript = ''