211 lines
9.2 KiB
TypeScript
211 lines
9.2 KiB
TypeScript
import { spawnSync } from "node:child_process";
|
|
import { mkdirSync, writeFileSync } from "node:fs";
|
|
import { tmpdir } from "node:os";
|
|
import { join } from "node:path";
|
|
import assert from "node:assert/strict";
|
|
|
|
type JsonRecord = Record<string, unknown>;
|
|
|
|
function runCli(args: string[], env: NodeJS.ProcessEnv = {}): JsonRecord {
|
|
const result = spawnSync("bun", ["scripts/cli.ts", ...args], {
|
|
cwd: process.cwd(),
|
|
env: { ...process.env, ...env },
|
|
encoding: "utf8",
|
|
timeout: 20_000,
|
|
});
|
|
assert.equal(result.stderr, "", `stderr should be empty: ${result.stderr}`);
|
|
assert.notEqual(result.stdout.trim(), "", "CLI must not produce empty output");
|
|
const parsed = JSON.parse(result.stdout) as JsonRecord;
|
|
if (result.status !== 0) {
|
|
assert.equal(parsed.ok, false, `nonzero CLI should return ok=false: ${result.stdout}`);
|
|
}
|
|
return parsed;
|
|
}
|
|
|
|
function makeFakeHwlabRepo(): string {
|
|
const root = join(tmpdir(), `unidesk-hwlab-cd-wrapper-${process.pid}-${Date.now()}`);
|
|
mkdirSync(join(root, "scripts"), { recursive: true });
|
|
writeFileSync(join(root, "scripts/dev-cd-apply.mjs"), "process.stdout.write(JSON.stringify({ok:true}))\n");
|
|
writeFileSync(join(root, "scripts/dev-deploy-apply.mjs"), [
|
|
"const dryRun = process.argv.includes('--dry-run');",
|
|
"const kubeconfigIndex = process.argv.indexOf('--kubeconfig');",
|
|
"process.stdout.write(JSON.stringify({",
|
|
" reportVersion: 'v1',",
|
|
" status: dryRun ? 'pass' : 'blocked',",
|
|
" commitId: 'abc1234',",
|
|
" namespace: 'hwlab-dev',",
|
|
" endpoint: 'http://74.48.78.17:16667',",
|
|
" blockers: [],",
|
|
" devDeployApply: {",
|
|
" conclusion: { status: 'ready', blockerCount: 0 },",
|
|
" artifactPlan: { expectedArtifactCommit: 'abc1234', deployCommitId: 'abc1234', catalogCommitId: 'abc1234', published: true, registryVerified: true, imageCount: 13, requiredServiceCount: 13, unpublishedServices: [] },",
|
|
" applyBoundary: { currentMode: 'dry-run', defaultNoWrite: true, mutationAttempted: false, mutationAllowed: false, kubeconfigSource: 'flag:--kubeconfig', writeScope: 'KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply -k deploy/k8s/dev', noWriteScope: 'server-side dry-run only', forbiddenActions: ['prod-deploy'] },",
|
|
" applyStep: { status: 'pass', command: 'KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply --dry-run=server -k deploy/k8s/dev', mutationAttempted: false },",
|
|
" manualCommands: { status: 'ready' }",
|
|
" },",
|
|
" kubeconfig: kubeconfigIndex >= 0 ? process.argv[kubeconfigIndex + 1] : null",
|
|
"}, null, 2));",
|
|
].join("\n"));
|
|
writeFileSync(join(root, "scripts/deploy-desired-state-plan.mjs"), [
|
|
"process.stdout.write(JSON.stringify({",
|
|
" kind: 'hwlab-deploy-desired-state-plan',",
|
|
" status: 'pass',",
|
|
" summary: { desiredCommitId: 'abc1234', desiredImageTag: 'abc1234', artifactState: 'published', ciPublished: true, registryVerified: true, services: 13, workloadContainers: 13, diagnostics: 0, blockers: 0, targetConvergence: 'not_requested' }",
|
|
"}, null, 2));",
|
|
].join("\n"));
|
|
return root;
|
|
}
|
|
|
|
function makeFakeBin(mode: "native" | "desktop" | "stale-default" | "wrong-node"): string {
|
|
const bin = join(tmpdir(), `unidesk-hwlab-cd-bin-${process.pid}-${Date.now()}-${mode}`);
|
|
mkdirSync(bin, { recursive: true });
|
|
const explicitContext = mode === "desktop" ? "docker-desktop" : "default";
|
|
const explicitServer = mode === "desktop" ? "https://127.0.0.1:11700" : "https://127.0.0.1:6443";
|
|
const explicitNodes = mode === "desktop" ? "desktop-control-plane" : mode === "wrong-node" ? "d602" : "d601";
|
|
const defaultContext = mode === "stale-default" ? "docker-desktop" : explicitContext;
|
|
const defaultServer = mode === "stale-default" ? "https://127.0.0.1:11700" : explicitServer;
|
|
const defaultNodes = mode === "stale-default" ? "desktop-control-plane" : explicitNodes;
|
|
writeFileSync(join(bin, "kubectl"), [
|
|
"#!/usr/bin/env bash",
|
|
"set -euo pipefail",
|
|
"printf 'KUBECONFIG=%s\\n' \"${KUBECONFIG:-}\" >&2",
|
|
"context=" + JSON.stringify(explicitContext),
|
|
"server=" + JSON.stringify(explicitServer),
|
|
"nodes=" + JSON.stringify(explicitNodes),
|
|
"if [[ \"${KUBECONFIG:-}\" == '' ]]; then",
|
|
" context=" + JSON.stringify(defaultContext),
|
|
" server=" + JSON.stringify(defaultServer),
|
|
" nodes=" + JSON.stringify(defaultNodes),
|
|
"fi",
|
|
"if [[ \"$*\" == 'config current-context' ]]; then printf '%s\\n' \"$context\"; exit 0; fi",
|
|
"if [[ \"$*\" == 'config view --minify -o jsonpath={.clusters[0].cluster.server}' ]]; then printf '%s' \"$server\"; exit 0; fi",
|
|
"if [[ \"$*\" == 'get nodes -o jsonpath={range .items[*]}{.metadata.name}{\"\\n\"}{end}' ]]; then printf '%s\\n' \"$nodes\"; exit 0; fi",
|
|
"if [[ \"$*\" == '-n hwlab-dev get lease hwlab-dev-cd-lock -o json' ]]; then printf 'Error from server (NotFound): leases.coordination.k8s.io \"hwlab-dev-cd-lock\" not found\\n' >&2; exit 1; fi",
|
|
"printf '{}\\n'",
|
|
].join("\n"));
|
|
spawnSync("chmod", ["+x", join(bin, "kubectl")]);
|
|
return bin;
|
|
}
|
|
|
|
const fakeRepo = makeFakeHwlabRepo();
|
|
const nativeBin = makeFakeBin("native");
|
|
const desktopBin = makeFakeBin("desktop");
|
|
const staleDefaultBin = makeFakeBin("stale-default");
|
|
const wrongNodeBin = makeFakeBin("wrong-node");
|
|
const liveBody = "data:application/json,%7B%22serviceId%22%3A%22hwlab-cloud-web%22%2C%22environment%22%3A%22dev%22%2C%22status%22%3A%22ok%22%2C%22revision%22%3A%22abc1234%22%7D";
|
|
const apiBody = "data:application/json,%7B%22serviceId%22%3A%22hwlab-cloud-api%22%2C%22environment%22%3A%22dev%22%2C%22status%22%3A%22ok%22%2C%22revision%22%3A%22abc1234%22%7D";
|
|
|
|
const help = runCli(["hwlab", "help"]);
|
|
assert.equal(help.ok, true);
|
|
assert.equal((help.data as JsonRecord).command, "hwlab cd");
|
|
|
|
const applyDryRun = runCli([
|
|
"hwlab",
|
|
"cd",
|
|
"apply",
|
|
"--env",
|
|
"dev",
|
|
"--dry-run",
|
|
"--hwlab-repo",
|
|
fakeRepo,
|
|
], {
|
|
PATH: `${nativeBin}:${process.env.PATH ?? ""}`,
|
|
});
|
|
assert.equal(applyDryRun.ok, true);
|
|
const dryRunData = applyDryRun.data as JsonRecord;
|
|
assert.equal(dryRunData.dryRun, true);
|
|
assert.equal(dryRunData.mutation, false);
|
|
assert.equal(((dryRunData.d601NativeK3sGuard as JsonRecord).injectedEnv as JsonRecord).KUBECONFIG, "/etc/rancher/k3s/k3s.yaml");
|
|
assert.equal((dryRunData.d601NativeK3sGuard as JsonRecord).requiredNodePresent, true);
|
|
assert.equal((dryRunData.controlledDryRun as JsonRecord).commandOk, true);
|
|
assert.equal(((dryRunData.hostCommanderOnlyLiveApply as JsonRecord).commandShape as unknown[]).includes("scripts/dev-cd-apply.mjs"), true);
|
|
|
|
const realApply = runCli([
|
|
"hwlab",
|
|
"cd",
|
|
"apply",
|
|
"--env",
|
|
"dev",
|
|
"--hwlab-repo",
|
|
fakeRepo,
|
|
], {
|
|
PATH: `${nativeBin}:${process.env.PATH ?? ""}`,
|
|
});
|
|
assert.equal(realApply.ok, false);
|
|
assert.equal((realApply.data as JsonRecord).error, "host-commander-only-real-apply");
|
|
|
|
const status = runCli([
|
|
"hwlab",
|
|
"cd",
|
|
"status",
|
|
"--env",
|
|
"dev",
|
|
"--hwlab-repo",
|
|
fakeRepo,
|
|
], {
|
|
PATH: `${nativeBin}:${process.env.PATH ?? ""}`,
|
|
UNIDESK_HWLAB_CD_TEST_FRONTEND_LIVE_URL: liveBody,
|
|
UNIDESK_HWLAB_CD_TEST_API_LIVE_URL: apiBody,
|
|
});
|
|
assert.equal(status.ok, true);
|
|
const statusData = status.data as JsonRecord;
|
|
assert.equal(((statusData.d601NativeK3sGuard as JsonRecord).injectedEnv as JsonRecord).KUBECONFIG, "/etc/rancher/k3s/k3s.yaml");
|
|
assert.equal((statusData.liveRevisions as JsonRecord).status, "observed");
|
|
assert.ok(typeof statusData.dumpDir === "string" && String(statusData.dumpDir).includes(".state/hwlab-cd"));
|
|
|
|
const staleDefaultOk = runCli([
|
|
"hwlab",
|
|
"cd",
|
|
"apply",
|
|
"--env",
|
|
"dev",
|
|
"--dry-run",
|
|
"--hwlab-repo",
|
|
fakeRepo,
|
|
], {
|
|
PATH: `${staleDefaultBin}:${process.env.PATH ?? ""}`,
|
|
KUBECONFIG: "",
|
|
});
|
|
assert.equal(staleDefaultOk.ok, true);
|
|
const staleDefaultGuard = (staleDefaultOk.data as JsonRecord).d601NativeK3sGuard as JsonRecord;
|
|
assert.equal(staleDefaultGuard.status, "pass");
|
|
assert.equal(staleDefaultGuard.refusal, false);
|
|
assert.equal((staleDefaultGuard.defaultKubectlDiagnostic as JsonRecord).status, "stale-forbidden-default");
|
|
assert.deepEqual((staleDefaultGuard.defaultKubectlDiagnostic as JsonRecord).refusalSignals, ["docker-desktop", "desktop-control-plane", "127.0.0.1:11700"]);
|
|
|
|
const desktopRefusal = runCli([
|
|
"hwlab",
|
|
"cd",
|
|
"apply",
|
|
"--env",
|
|
"dev",
|
|
"--dry-run",
|
|
"--hwlab-repo",
|
|
fakeRepo,
|
|
], {
|
|
PATH: `${desktopBin}:${process.env.PATH ?? ""}`,
|
|
});
|
|
assert.equal(desktopRefusal.ok, false);
|
|
assert.equal((desktopRefusal.data as JsonRecord).error, "native-k3s-guard-refused");
|
|
assert.deepEqual((desktopRefusal.data as JsonRecord).d601NativeK3sGuard && ((desktopRefusal.data as JsonRecord).d601NativeK3sGuard as JsonRecord).refusalSignals, ["docker-desktop", "desktop-control-plane", "127.0.0.1:11700"]);
|
|
|
|
const wrongNodeBlocked = runCli([
|
|
"hwlab",
|
|
"cd",
|
|
"apply",
|
|
"--env",
|
|
"dev",
|
|
"--dry-run",
|
|
"--hwlab-repo",
|
|
fakeRepo,
|
|
], {
|
|
PATH: `${wrongNodeBin}:${process.env.PATH ?? ""}`,
|
|
});
|
|
assert.equal(wrongNodeBlocked.ok, true);
|
|
const wrongNodeGuard = (wrongNodeBlocked.data as JsonRecord).d601NativeK3sGuard as JsonRecord;
|
|
assert.equal(wrongNodeGuard.status, "blocked");
|
|
assert.equal(wrongNodeGuard.requiredNodePresent, false);
|
|
assert.equal(((wrongNodeBlocked.data as JsonRecord).blockers as JsonRecord[]).some((blocker) => blocker.scope === "d601-native-k3s-guard"), true);
|
|
|
|
console.log(JSON.stringify({ ok: true, checked: "hwlab-cd-wrapper-contract" }));
|