Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-12-19 11:12:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

refactor: bats tests to cover STRICT_HOSTKEYS_CHECKING + assert whole rsync command

Browse source
This commit is contained in:
Burnett01 2025-12-02 17:08:29 +00:00
parent 09f62ba15b
commit 35c5778c2d
1 changed files with 73 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
test/entrypoint.bats
View file

@ -1,12 +1,13 @@
#!/usr/bin/env bats #!/usr/bin/env bats
setup() { setup() {
# Create a dummy ssh agent and agent-add for sourcing # Create dummy binaries for sourcing
echo 'echo "source"' > source
echo 'echo "agent started"' > agent-start echo 'echo "agent started"' > agent-start
echo 'echo "key added"' > agent-add echo 'echo "key added"' > agent-add
chmod +x agent-start agent-add chmod +x source agent-start agent-add
# Create a dummy rsync to capture its arguments # Create dummy rsync binary to capture its arguments
echo 'echo "rsync $@"' > rsync echo 'echo "rsync $@"' > rsync
chmod +x rsync chmod +x rsync
@ -14,7 +15,7 @@ setup() {
} }
teardown() { teardown() {
rm -f agent-start agent-add rsync rm -f source agent-start agent-add rsync ssh-keyscan hosts-add
} }
@test "fails if INPUT_REMOTE_PATH is empty" { @test "fails if INPUT_REMOTE_PATH is empty" {
@ -35,13 +36,14 @@ teardown() {
export INPUT_RSH="" export INPUT_RSH=""
export INPUT_PATH="" export INPUT_PATH=""
export INPUT_REMOTE_USER="user" export INPUT_REMOTE_USER="user"
export INPUT_REMOTE_HOST="host" export INPUT_REMOTE_HOST="localhost.local"
export GITHUB_WORKSPACE="/tmp" export GITHUB_WORKSPACE="/tmp"
export DSN="user@host" export DSN="user@localhost.local"
export LOCAL_PATH="/tmp/" export LOCAL_PATH="/tmp/"
run ./entrypoint.sh run ./entrypoint.sh
[[ "${output}" == *"HostKeyAlgorithms=+ssh-rsa"* ]]
[[ "${output}" == *"rsync -avz -e ssh -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -p 22 /tmp/ user@localhost.local:remote/"* ]]
} }
@test "does not include legacy RSA switches when not allowed" { @test "does not include legacy RSA switches when not allowed" {
@ -55,11 +57,72 @@ teardown() {
export INPUT_RSH="" export INPUT_RSH=""
export INPUT_PATH="" export INPUT_PATH=""
export INPUT_REMOTE_USER="user" export INPUT_REMOTE_USER="user"
export INPUT_REMOTE_HOST="host" export INPUT_REMOTE_HOST="localhost.local"
export GITHUB_WORKSPACE="/tmp" export GITHUB_WORKSPACE="/tmp"
export DSN="user@host" export DSN="user@localhost.local"
export LOCAL_PATH="/tmp/" export LOCAL_PATH="/tmp/"
run ./entrypoint.sh run ./entrypoint.sh
[[ "${output}" != *"HostKeyAlgorithms=+ssh-rsa"* ]] [[ "${output}" == *"rsync -avz -e ssh -o StrictHostKeyChecking=no -p 22 /tmp/ user@localhost.local:remote/"* ]]
}
@test "includes STRICT_HOSTKEYS_CHECKING switches when allowed" {
# Set a fake HOME dir
local -r HOME="/tmp"
export INPUT_LEGACY_ALLOW_RSA_HOSTKEYS="false"
export INPUT_STRICT_HOSTKEYS_CHECKING="true"
export INPUT_REMOTE_PATH="remote/"
export INPUT_REMOTE_KEY="dummy"
export INPUT_REMOTE_KEY_PASS="dummy"
export GITHUB_ACTION="dummy"
export INPUT_SWITCHES="-avz"
export INPUT_REMOTE_PORT="22"
export INPUT_RSH=""
export INPUT_PATH=""
export INPUT_REMOTE_USER="user"
export INPUT_REMOTE_HOST="localhost.local"
export GITHUB_WORKSPACE="/tmp"
export DSN="user@localhost.local"
export LOCAL_PATH="/tmp/"
# Generate a mock key pair to test ssh-keyscan (entrypoint.sh:32)
rm -f "$HOME/mockKeyPair" "$HOME/mockKeyPair.pub" \
&& ssh-keygen -t ed25519 -f "$HOME/mockKeyPair" -N '' -q -C '' \
&& mockPublicKey=$(< "$HOME/mockKeyPair.pub")
# Create dummy ssh-keyscan binary to return $mockPublicKey
echo "echo 'localhost.local $mockPublicKey #Mock 1'" > ssh-keyscan
chmod +x ssh-keyscan
# Create dummy hosts-add binary to capture its arguments
echo 'echo "hosts-add $@"' > hosts-add
chmod +x hosts-add
run ./entrypoint.sh
[[ "${output}" == *"hosts-add localhost.local ssh-ed25519"* ]]
[[ "${output}" == *"rsync -avz -e ssh -o UserKnownHostsFile=/tmp/.ssh/known_hosts -o StrictHostKeyChecking=yes -p 22 /tmp/ user@localhost.local:remote/"* ]]
}
@test "does not includes STRICT_HOSTKEYS_CHECKING switches when not allowed" {
export INPUT_LEGACY_ALLOW_RSA_HOSTKEYS="false"
export INPUT_STRICT_HOSTKEYS_CHECKING="false"
export INPUT_REMOTE_PATH="remote/"
export INPUT_REMOTE_KEY="dummy"
export INPUT_REMOTE_KEY_PASS="dummy"
export GITHUB_ACTION="dummy"
export INPUT_SWITCHES="-avz"
export INPUT_REMOTE_PORT="22"
export INPUT_RSH=""
export INPUT_PATH=""
export INPUT_REMOTE_USER="user"
export INPUT_REMOTE_HOST="localhost.local"
export GITHUB_WORKSPACE="/tmp"
export DSN="user@localhost.local"
export LOCAL_PATH="/tmp/"
run ./entrypoint.sh
[[ "${output}" == *"rsync -avz -e ssh -o StrictHostKeyChecking=no -p 22 /tmp/ user@localhost.local:remote/"* ]]
} }