Files
pikasTech-unidesk/scripts/artifact-registry-ssh-timeout-contract-test.ts
T

35 lines
2.2 KiB
TypeScript

import { readFileSync } from "node:fs";
import { rootPath } from "./src/config";
const source = readFileSync(rootPath("scripts/src/artifact-registry.ts"), "utf8");
const downloadRemoteFileSource = source.slice(
source.indexOf("function downloadRemoteFile("),
source.indexOf("async function runRemoteScriptBackground("),
);
function assertCondition(condition: unknown, message: string): void {
if (!condition) throw new Error(message);
}
assertCondition(!source.includes('docker save "$image" | gzip -1"'), "artifact registry must not stream docker save over ssh stdout");
assertCondition(source.includes("downloadRemoteFile(options, remoteArchive, localArchive"), "compose artifact pull must use verified ssh download");
assertCondition(source.includes("runRemoteScriptBackground(options, remoteScript"), "remote docker save must run as a background job");
assertCondition(source.includes('runRemoteScriptBackground(options, deployScript, Math.max(options.timeoutMs, 420_000), "d601-k3s-deploy")'), "D601 k3s deploy must use background polling");
assertCondition(source.includes('"ssh",\n options.providerId,\n "download"'), "download helper must route through UniDesk ssh download");
assertCondition(downloadRemoteFileSource.includes('"--chunk-bytes",\n "45000"'), "artifact ssh download chunk must keep base64 stdout below the provider bridge truncation boundary");
assertCondition(downloadRemoteFileSource.includes("tee -a") && downloadRemoteFileSource.includes("UNIDESK_JOB_STDERR_FILE"), "artifact ssh download must stream progress stderr into async job logs");
assertCondition(source.includes("UNIDESK_SSH_CLIENT_TOKEN") && source.includes("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST"), "dev frontend artifact deploy must sync scoped ssh runtime keys");
console.log(JSON.stringify({
ok: true,
test: "artifact-registry-ssh-timeout-contract",
assertions: [
"no docker-save stdout stream over ssh",
"compose artifact uses verified ssh download",
"remote docker save and k3s deploy use background polling",
"artifact downloads keep base64 stdout below the provider bridge truncation boundary",
"artifact download progress is visible in async job stderr",
"dev frontend artifact deploy syncs scoped ssh runtime keys"
]
}, null, 2));