fetchGit: add simple test for ssh fetching

Also move tests to separate files which are auto-imported. This should allow people adding tests concurrently without introducing merge conflicts
2025-07-06 21:41:48 +02:00 · 2024-01-11 14:41:35 +07:00 · 2024-01-11 14:41:35 +07:00 · 0f95330fde
commit 0f95330fde
parent 813c113b9e
5 changed files with 138 additions and 43 deletions
--- a/tests/nixos/fetch-git/testsupport/gitea.nix
+++ b/tests/nixos/fetch-git/testsupport/gitea.nix
@ -1,4 +1,18 @@
-{ lib, nixpkgs, system, ... }: {
+{ lib, nixpkgs, system, pkgs, ... }: let
+  clientPrivateKey = pkgs.writeText "id_ed25519" ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
+    VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
+    AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
+    Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+
+  clientPublicKey =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB";
+
+in {
  imports = [
    ../testsupport/setup.nix
  ];
@ -8,8 +22,11 @@
      services.gitea.settings.service.DISABLE_REGISTRATION = true;
      services.gitea.settings.log.LEVEL = "Info";
      services.gitea.settings.database.LOG_SQL = false;
+      services.openssh.enable = true;
      networking.firewall.allowedTCPPorts = [ 3000 ];
-      environment.systemPackages = [ pkgs.gitea ];
+      environment.systemPackages = [ pkgs.git pkgs.gitea ];
+
+      users.users.root.openssh.authorizedKeys.keys = [clientPublicKey];

      # TODO: remove this after updating to nixos-23.11
      nixpkgs.pkgs = lib.mkForce (import nixpkgs {
@ -59,5 +76,25 @@
      git config --global gc.autodetach 0
      git config --global gc.auto 0
    """)
+
+    # add client's private key to ~/.ssh
+    client.succeed("""
+      mkdir -p ~/.ssh
+      chmod 700 ~/.ssh
+      cat ${clientPrivateKey} >~/.ssh/id_ed25519
+      chmod 600 ~/.ssh/id_ed25519
+    """)
+
+    client.succeed("""
+      echo "Host gitea" >>~/.ssh/config
+      echo "  StrictHostKeyChecking no" >>~/.ssh/config
+      echo "  UserKnownHostsFile /dev/null" >>~/.ssh/config
+      echo "  User root" >>~/.ssh/config
+    """)
+
+    # ensure ssh from client to gitea works
+    client.succeed("""
+      ssh root@gitea true
+    """)
  '';
 }
--- a/tests/nixos/fetch-git/testsupport/setup.nix
+++ b/tests/nixos/fetch-git/testsupport/setup.nix
@ -78,19 +78,27 @@ in
          self.name = name
          self.path = "/tmp/repos/" + name
          self.remote = "http://gitea:3000/test/" + name
+          self.remote_ssh = "ssh://gitea/root/" + name
          self.git = f"git -C {self.path}"
          self.create()

        def create(self):
+          # create ssh remote repo
+          gitea.succeed(f"""
+            git init --bare -b main /root/{self.name}
+          """)
+          # create http remote repo
          gitea.succeed(f"""
            curl --fail -X POST http://{gitea_admin}:{gitea_admin_password}@gitea:3000/api/v1/user/repos \
              -H 'Accept: application/json' -H 'Content-Type: application/json' \
              -d {shlex.quote( f'{{"name":"{self.name}", "default_branch": "main"}}' )}
          """)
+          # setup git remotes on client
          client.succeed(f"""
            mkdir -p {self.path} \
            && git init -b main {self.path} \
-            && {self.git} remote add origin {self.remote}
+            && {self.git} remote add origin {self.remote} \
+            && {self.git} remote add origin-ssh root@gitea:{self.name}
          """)
    '';
    testScript = ''