29 lines
1.7 KiB
TypeScript
29 lines
1.7 KiB
TypeScript
import { readFileSync } from "node:fs";
|
|
import { rootPath } from "./src/config";
|
|
|
|
const source = readFileSync(rootPath("scripts/src/artifact-registry.ts"), "utf8");
|
|
|
|
function assertCondition(condition: unknown, message: string): void {
|
|
if (!condition) throw new Error(message);
|
|
}
|
|
|
|
assertCondition(!source.includes('docker save "$image" | gzip -1"'), "artifact registry must not stream docker save over ssh stdout");
|
|
assertCondition(source.includes("downloadRemoteFile(options, remoteArchive, localArchive"), "compose artifact pull must use verified ssh download");
|
|
assertCondition(source.includes("runRemoteScriptBackground(options, remoteScript"), "remote docker save must run as a background job");
|
|
assertCondition(source.includes('runRemoteScriptBackground(options, deployScript, Math.max(options.timeoutMs, 420_000), "d601-k3s-deploy")'), "D601 k3s deploy must use background polling");
|
|
assertCondition(source.includes('"ssh",\n options.providerId,\n "download"'), "download helper must route through UniDesk ssh download");
|
|
assertCondition(source.includes('"--chunk-bytes",\n "96000"'), "artifact ssh download must use the largest bounded chunk size");
|
|
assertCondition(source.includes("UNIDESK_SSH_CLIENT_TOKEN") && source.includes("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST"), "dev frontend artifact deploy must sync scoped ssh runtime keys");
|
|
|
|
console.log(JSON.stringify({
|
|
ok: true,
|
|
test: "artifact-registry-ssh-timeout-contract",
|
|
assertions: [
|
|
"no docker-save stdout stream over ssh",
|
|
"compose artifact uses verified ssh download",
|
|
"remote docker save and k3s deploy use background polling",
|
|
"artifact downloads use the largest bounded ssh chunk size",
|
|
"dev frontend artifact deploy syncs scoped ssh runtime keys"
|
|
]
|
|
}, null, 2));
|