Files
pikasTech-unidesk/scripts/artifact-registry-ssh-timeout-contract-test.ts
T
2026-06-02 08:40:58 +00:00

29 lines
1.7 KiB
TypeScript

import { readFileSync } from "node:fs";
import { rootPath } from "./src/config";
const source = readFileSync(rootPath("scripts/src/artifact-registry.ts"), "utf8");
function assertCondition(condition: unknown, message: string): void {
if (!condition) throw new Error(message);
}
assertCondition(!source.includes('docker save "$image" | gzip -1"'), "artifact registry must not stream docker save over ssh stdout");
assertCondition(source.includes("downloadRemoteFile(options, remoteArchive, localArchive"), "compose artifact pull must use verified ssh download");
assertCondition(source.includes("runRemoteScriptBackground(options, remoteScript"), "remote docker save must run as a background job");
assertCondition(source.includes('runRemoteScriptBackground(options, deployScript, Math.max(options.timeoutMs, 420_000), "d601-k3s-deploy")'), "D601 k3s deploy must use background polling");
assertCondition(source.includes('"ssh",\n options.providerId,\n "download"'), "download helper must route through UniDesk ssh download");
assertCondition(source.includes('"--chunk-bytes",\n "96000"'), "artifact ssh download must use the largest bounded chunk size");
assertCondition(source.includes("UNIDESK_SSH_CLIENT_TOKEN") && source.includes("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST"), "dev frontend artifact deploy must sync scoped ssh runtime keys");
console.log(JSON.stringify({
ok: true,
test: "artifact-registry-ssh-timeout-contract",
assertions: [
"no docker-save stdout stream over ssh",
"compose artifact uses verified ssh download",
"remote docker save and k3s deploy use background polling",
"artifact downloads use the largest bounded ssh chunk size",
"dev frontend artifact deploy syncs scoped ssh runtime keys"
]
}, null, 2));