36 lines
2.4 KiB
TypeScript
36 lines
2.4 KiB
TypeScript
import { readFileSync } from "node:fs";
|
|
import { rootPath } from "./src/config";
|
|
|
|
const source = readFileSync(rootPath("scripts/src/artifact-registry.ts"), "utf8");
|
|
const downloadRemoteFileSource = source.slice(
|
|
source.indexOf("function downloadRemoteFile("),
|
|
source.indexOf("async function runRemoteScriptBackground("),
|
|
);
|
|
|
|
function assertCondition(condition: unknown, message: string): void {
|
|
if (!condition) throw new Error(message);
|
|
}
|
|
|
|
assertCondition(!source.includes('docker save "$image" | gzip -1"'), "artifact registry must not stream docker save over ssh stdout");
|
|
assertCondition(source.includes("downloadRemoteFile(options, remoteArchive, localArchive"), "compose artifact pull must use verified ssh download");
|
|
assertCondition(source.includes("runRemoteScriptBackground(options, remoteScript"), "remote docker save must run as a background job");
|
|
assertCondition(source.includes('runRemoteScriptBackground(options, deployScript, Math.max(options.timeoutMs, 420_000), "d601-k3s-deploy")'), "D601 k3s deploy must use background polling");
|
|
assertCondition(source.includes('"ssh",\n options.providerId,\n "download"'), "download helper must route through UniDesk ssh download");
|
|
assertCondition(downloadRemoteFileSource.includes('"--chunk-bytes",\n "1048576"'), "artifact ssh download chunk should use MiB-scale blocks after ssh data moved to tcp-pool");
|
|
assertCondition(!downloadRemoteFileSource.includes('"45000"'), "artifact ssh download must not preserve the old provider bridge truncation boundary");
|
|
assertCondition(downloadRemoteFileSource.includes("tee -a") && downloadRemoteFileSource.includes("UNIDESK_JOB_STDERR_FILE"), "artifact ssh download must stream progress stderr into async job logs");
|
|
assertCondition(source.includes("UNIDESK_SSH_CLIENT_TOKEN") && source.includes("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST"), "dev frontend artifact deploy must sync scoped ssh runtime keys");
|
|
|
|
console.log(JSON.stringify({
|
|
ok: true,
|
|
test: "artifact-registry-ssh-timeout-contract",
|
|
assertions: [
|
|
"no docker-save stdout stream over ssh",
|
|
"compose artifact uses verified ssh download",
|
|
"remote docker save and k3s deploy use background polling",
|
|
"artifact downloads use MiB-scale tcp-pool chunks instead of the old bridge truncation boundary",
|
|
"artifact download progress is visible in async job stderr",
|
|
"dev frontend artifact deploy syncs scoped ssh runtime keys"
|
|
]
|
|
}, null, 2));
|