-
-
Notifications
You must be signed in to change notification settings - Fork 0
274 lines (234 loc) · 9.35 KB
/
Copy pathtest.yml
File metadata and controls
274 lines (234 loc) · 9.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
name: Test SSH Key Sync
# This workflow performs comprehensive testing of the SSH key sync script
# It includes unit tests, configuration validation, and integration tests
# Unit tests avoid executing the main script to prevent unintended side effects
on:
workflow_call:
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install required packages
run: |
sudo apt-get update
sudo apt-get install -y diffutils
- name: Make script executable
run: chmod +x sync-ssh-keys.sh
- name: Create test users
run: |
sudo useradd -m testuser1 || true
sudo useradd -m testuser2 || true
sudo useradd -m testuser3 || true
- name: Setup test environment
run: |
# Create a temporary test configuration
cat > test-users.conf << 'EOF'
#!/bin/bash
# Test configuration for GitHub Actions
# No GitHub token needed for public key tests
CONF_GITHUB_TOKEN=""
# Test user key mapping with public GitHub users
declare -A USER_KEYS=(
# Test with a known GitHub user that has public keys
["testuser1"]="ghuser:locus313"
# Test with raw public key (using GitHub's public key endpoint)
["testuser2"]="raw:https://github.com/locus313.keys"
)
EOF
- name: Test configuration validation
run: |
# Test with missing config file
mv users.conf users.conf.backup
if sudo ./sync-ssh-keys.sh 2>&1 | grep -q "Failed to load configuration file 'users.conf'"; then
echo "✓ Configuration file validation works"
else
echo "✗ Configuration file validation failed"
mv users.conf.backup users.conf
exit 1
fi
mv users.conf.backup users.conf
- name: Test configuration loading
run: |
# Use test configuration
cp test-users.conf users.conf
# Test that configuration can be sourced and validated
bash -c 'source users.conf && declare -p USER_KEYS >/dev/null'
echo "✓ Configuration loading test completed"
- name: Test invalid method handling
run: |
# Create config with invalid method
cat > test-invalid.conf << 'EOF'
#!/bin/bash
declare -A USER_KEYS=(
["testuser1"]="invalid:test"
)
EOF
cp test-invalid.conf users.conf
# Should fail with unsupported method error
# Run with sudo to avoid permission issues that would mask the method error
if sudo ./sync-ssh-keys.sh 2>&1 | grep -q "Unsupported method 'invalid'"; then
echo "✓ Invalid method handling works"
else
echo "✗ Invalid method handling failed"
echo "Actual output:"
sudo ./sync-ssh-keys.sh 2>&1 | head -10
exit 1
fi
- name: Test script syntax and functions
run: |
# Test script syntax
bash -n sync-ssh-keys.sh
echo "✓ Script syntax is valid"
# Test that required functions are defined (without executing main)
if grep -q "^log_message()" sync-ssh-keys.sh && \
grep -q "^fetch_key_file()" sync-ssh-keys.sh && \
grep -q "^validate_method()" sync-ssh-keys.sh && \
grep -q "^load_configuration()" sync-ssh-keys.sh; then
echo "✓ Required functions are present"
else
echo "✗ Required functions are missing"
exit 1
fi
- name: Test with empty user array
run: |
# Create config with empty user array
cat > test-empty.conf << 'EOF'
#!/bin/bash
declare -A USER_KEYS=()
EOF
cp test-empty.conf users.conf
# Should exit cleanly with warning (no sudo needed since no user access)
if ./sync-ssh-keys.sh 2>&1 | grep -q "No users defined in USER_KEYS array"; then
echo "✓ Empty user array handling works"
else
echo "✗ Empty user array handling failed"
exit 1
fi
- name: Test GitHub user key fetching (mock)
run: |
# Test the curl command format for GitHub user keys
curl -fsSL "https://github.com/locus313.keys" | head -2
echo "✓ GitHub user key endpoint is accessible"
- name: Test script version extraction
run: |
# Verify version can be extracted
VERSION=$(awk -F'"' '/SCRIPT_VERSION/ {print $2; exit}' sync-ssh-keys.sh)
if [[ -n "$VERSION" ]]; then
echo "✓ Script version found: $VERSION"
else
echo "✗ Script version not found"
exit 1
fi
- name: Test self-update function (dry run)
run: |
# Test that self-update function exists and can be parsed
grep -q "self_update()" sync-ssh-keys.sh
grep -q "get_latest_release_url" sync-ssh-keys.sh
grep -q "download_latest_script" sync-ssh-keys.sh
echo "✓ Self-update functions are present"
- name: Test error handling
run: |
# Create config that will trigger various error conditions
cat > test-errors.conf << 'EOF'
#!/bin/bash
declare -A USER_KEYS=(
["nonexistentuser"]="ghuser:nonexistentuser12345"
["testuser1"]="raw:https://invalid-url-that-does-not-exist.example.com/keys"
)
EOF
# Test that config is syntactically valid
bash -n test-errors.conf
echo "✓ Error handling configuration is valid"
- name: Test log message formatting
run: |
# Test log functions exist and have correct format
if grep -q "log_message()" sync-ssh-keys.sh && \
grep -q "log_error()" sync-ssh-keys.sh && \
grep -q "log_warning()" sync-ssh-keys.sh && \
grep -q "log_info()" sync-ssh-keys.sh; then
echo "✓ Log functions are present"
else
echo "✗ Log functions are missing"
exit 1
fi
- name: Cleanup test environment
run: |
# Restore original configuration
git checkout users.conf 2>/dev/null || true
# Remove test files
rm -f test-*.conf
# Remove test users (if they exist)
sudo userdel -f testuser1 2>/dev/null || true
sudo userdel -f testuser2 2>/dev/null || true
sudo userdel -f testuser3 2>/dev/null || true
echo "✓ Cleanup completed"
integration-test:
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install required packages
run: |
sudo apt-get update
sudo apt-get install -y diffutils
- name: Make script executable
run: chmod +x sync-ssh-keys.sh
- name: Create integration test user
run: |
sudo useradd -m integrationuser
- name: Setup integration test configuration
run: |
cat > users.conf << 'EOF'
#!/bin/bash
# Integration test configuration
declare -A USER_KEYS=(
# Use a real GitHub user with known public keys for integration testing
["integrationuser"]="ghuser:locus313"
)
EOF
- name: Run integration test
run: |
# Run the script with sudo and verify it completes successfully
sudo ./sync-ssh-keys.sh
# Verify the authorized_keys file was created
if sudo test -f /home/integrationuser/.ssh/authorized_keys; then
echo "✓ authorized_keys file created successfully"
echo "File contents:"
sudo head -2 /home/integrationuser/.ssh/authorized_keys
echo "File permissions:"
sudo ls -la /home/integrationuser/.ssh/authorized_keys
else
echo "✗ authorized_keys file was not created"
echo "Directory contents:"
sudo ls -la /home/integrationuser/ || true
sudo ls -la /home/integrationuser/.ssh/ || true
exit 1
fi
- name: Verify file permissions
run: |
# Check SSH directory permissions
PERMS=$(sudo stat -c "%a" /home/integrationuser/.ssh)
if [[ "$PERMS" == "700" ]]; then
echo "✓ SSH directory permissions are correct (700)"
else
echo "✗ SSH directory permissions are incorrect: $PERMS"
exit 1
fi
# Check authorized_keys file permissions
PERMS=$(sudo stat -c "%a" /home/integrationuser/.ssh/authorized_keys)
if [[ "$PERMS" == "600" ]]; then
echo "✓ authorized_keys file permissions are correct (600)"
else
echo "✗ authorized_keys file permissions are incorrect: $PERMS"
exit 1
fi
- name: Cleanup integration test
run: |
sudo userdel -rf integrationuser 2>/dev/null || true
git checkout users.conf