Files
pikasTech-unidesk/scripts/artifact-registry-ssh-timeout-contract-test.ts
T
2026-06-07 02:02:38 +00:00

36 lines
2.4 KiB
TypeScript

import { readFileSync } from "node:fs";
import { rootPath } from "./src/config";
const source = readFileSync(rootPath("scripts/src/artifact-registry.ts"), "utf8");
const downloadRemoteFileSource = source.slice(
source.indexOf("function downloadRemoteFile("),
source.indexOf("async function runRemoteScriptBackground("),
);
function assertCondition(condition: unknown, message: string): void {
if (!condition) throw new Error(message);
}
assertCondition(!source.includes('docker save "$image" | gzip -1"'), "artifact registry must not stream docker save over ssh stdout");
assertCondition(source.includes("downloadRemoteFile(options, remoteArchive, localArchive"), "compose artifact pull must use verified ssh download");
assertCondition(source.includes("runRemoteScriptBackground(options, remoteScript"), "remote docker save must run as a background job");
assertCondition(source.includes('runRemoteScriptBackground(options, deployScript, Math.max(options.timeoutMs, 420_000), "d601-k3s-deploy")'), "D601 k3s deploy must use background polling");
assertCondition(source.includes('"ssh",\n options.providerId,\n "download"'), "download helper must route through UniDesk ssh download");
assertCondition(downloadRemoteFileSource.includes('"--chunk-bytes",\n "1048576"'), "artifact ssh download chunk should use MiB-scale blocks after ssh data moved to tcp-pool");
assertCondition(!downloadRemoteFileSource.includes('"45000"'), "artifact ssh download must not preserve the old provider bridge truncation boundary");
assertCondition(downloadRemoteFileSource.includes("tee -a") && downloadRemoteFileSource.includes("UNIDESK_JOB_STDERR_FILE"), "artifact ssh download must stream progress stderr into async job logs");
assertCondition(source.includes("UNIDESK_SSH_CLIENT_TOKEN") && source.includes("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST"), "dev frontend artifact deploy must sync scoped ssh runtime keys");
console.log(JSON.stringify({
ok: true,
test: "artifact-registry-ssh-timeout-contract",
assertions: [
"no docker-save stdout stream over ssh",
"compose artifact uses verified ssh download",
"remote docker save and k3s deploy use background polling",
"artifact downloads use MiB-scale tcp-pool chunks instead of the old bridge truncation boundary",
"artifact download progress is visible in async job stderr",
"dev frontend artifact deploy syncs scoped ssh runtime keys"
]
}, null, 2));