patch #454
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Repomanager API | |
| on: | |
| push: | |
| branches: [ devel ] | |
| pull_request: | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| api-test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install curl | |
| run: sudo apt-get install curl jq wget -y | |
| # Wait for the API to be ready | |
| # Generally after the 45 first minutes of the current hour (xx:45 to xx:59) | |
| - name: Wait until API URL is ready | |
| run: | | |
| while (true); do | |
| if $(date +%M | grep -q '^[4-5][5-9]$'); then | |
| break | |
| fi | |
| sleep 60 | |
| done | |
| - name: Check if API is reachable | |
| run: | | |
| RESULT=$(curl -s -q --fail-with-body ${{ secrets.API_TEST_HOST }}) | |
| if [ $? -ne 0 ]; then | |
| echo "API is not unreachable" | |
| exit 1 | |
| fi | |
| # | |
| # Download rpm and deb packages from https://packages.repomanager.net that will be used for upload testing | |
| # To avoid an upload test failure due to the package already been uploaded (when multiple pipelines run at the same time), prefix them with the hostname of the CI runner | |
| # | |
| - name: Download test packages | |
| run: | | |
| wget -O ${HOSTNAME}_nginx-1.26.0-1.el7.ngx.x86_64.rpm https://packages.repomanager.net/repo/rpm/ci-test/8/prod/packages/x86_64/nginx-1.26.0-1.el7.ngx.x86_64.rpm | |
| wget -O ${HOSTNAME}_nginx_1.26.0-1~bookworm_amd64.deb https://packages.repomanager.net/repo/deb/ci-test/bookworm/main/prod/pool/main/nginx_1.26.0-1~bookworm_amd64.deb | |
| # | |
| # Run tests as admin user | |
| # | |
| # Register a host and retrieve the host Id and token from results | |
| # Then retrieve and export the host ID and token as environment variables for later steps | |
| - name: (admin) Try to register a host with an admin API key | |
| run: | | |
| RESULT=$(curl --fail-with-body --post301 -s -q -L -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" -H "Content-Type: application/json" -d '{"hostname":"test.local","ip":"1.2.3.4"}' ${{ secrets.API_TEST_HOST }}/api/v2/host/registering) | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to register host" | |
| exit 1 | |
| fi | |
| HOST_ID=$(echo "$RESULT" | jq .results.id | tr -d '"') | |
| HOST_TOKEN=$(echo "$RESULT" | jq -r .results.token | tr -d '"') | |
| if [ -z "$HOST_ID" ] || [ -z "$HOST_TOKEN" ]; then | |
| echo "Failed to retrieve host ID or token" | |
| exit 1 | |
| fi | |
| echo "HOST_ID=$HOST_ID" >> $GITHUB_ENV | |
| echo "HOST_TOKEN=$HOST_TOKEN" >> $GITHUB_ENV | |
| # Unregister the host using the retrieved host ID and token | |
| - name: (admin) Try to unregister a host with an admin API key | |
| run: | | |
| curl --fail-with-body -L -s -q -X DELETE -H "Authorization: Host $HOST_ID:$HOST_TOKEN" -H "Content-Type: application/json" ${{ secrets.API_TEST_HOST }}/api/v2/host/registering | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to unregister host" | |
| exit 1 | |
| fi | |
| # Upload a deb package using the admin API key | |
| # Generate a unique package name to avoid conflicts when multiple pipelines run at the same time | |
| - name: (admin) Try to upload a deb package with an admin API key | |
| run: | | |
| RANDOM=$(date +%s) | |
| PACKAGE_NAME="${RANDOM}-${HOSTNAME}-admin_nginx_1.26.0-1~bookworm_amd64.deb" | |
| cp ${HOSTNAME}_nginx_1.26.0-1~bookworm_amd64.deb $PACKAGE_NAME | |
| curl --fail-with-body -L --post301 -s -q -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" -F "files=@${PACKAGE_NAME}" ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/1/upload | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to upload deb package" | |
| exit 1 | |
| fi | |
| # Upload a rpm package using the admin API key | |
| # Generate a unique package name to avoid conflicts when multiple pipelines run at the same time | |
| - name: (admin) Try to upload an rpm package with an admin API key | |
| run: | | |
| RANDOM=$(date +%s) | |
| PACKAGE_NAME="${RANDOM}-${HOSTNAME}-admin_nginx-1.26.0-1.el7.ngx.x86_64.rpm" | |
| cp ${HOSTNAME}_nginx-1.26.0-1.el7.ngx.x86_64.rpm $PACKAGE_NAME | |
| curl --fail-with-body -L --post301 -s -q -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" -F "files=@${PACKAGE_NAME}" ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/2/upload | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to upload rpm package" | |
| exit 1 | |
| fi | |
| # Launch a rebuild of the snapshot metadata for the deb repository | |
| - name: (admin) Try to rebuild deb snapshot metadata with an admin API key | |
| run: | | |
| curl --fail-with-body -L -s -q -X PUT -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" -d '{"gpgSign":"true"}' ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/1/rebuild | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to rebuild deb snapshot metadata" | |
| exit 1 | |
| fi | |
| # Launch a rebuild of the snapshot metadata for the rpm repository | |
| - name: (admin) Try to rebuild rpm snapshot metadata with an admin API key | |
| run: | | |
| curl --fail-with-body -L -s -q -X PUT -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" -d '{"gpgSign":"true"}' ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/2/rebuild | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to rebuild rpm snapshot metadata" | |
| exit 1 | |
| fi | |
| # | |
| # Run tests as a regular user: test-user1 | |
| # This user has absolutely no permissions to do anything so all the tests must fail | |
| # | |
| # Upload a deb package using the test-user1 API key | |
| # Generate a unique package name to avoid conflicts when multiple pipelines run at the same time | |
| - name: (test-user1) Try to upload a deb package with test-user1 API key | |
| run: | | |
| RANDOM=$(date +%s) | |
| PACKAGE_NAME="${RANDOM}-${HOSTNAME}-test-user1_nginx_1.26.0-1~bookworm_amd64.deb" | |
| cp ${HOSTNAME}_nginx_1.26.0-1~bookworm_amd64.deb $PACKAGE_NAME | |
| OUTPUT=$(curl --fail-with-body -L --post301 -s -q -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER1_API_KEY }}" -F "files=@${PACKAGE_NAME}" ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/3/upload) || true | |
| if echo "$OUTPUT" | grep -q "You are not allowed to upload packages"; then | |
| echo "Correctly failed to upload deb package with test-user1 API key" | |
| else | |
| echo "Failed to fail the upload deb package with test-user1 API key" | |
| exit 1 | |
| fi | |
| # Upload a rpm package using the test-user1 API key | |
| # Generate a unique package name to avoid conflicts when multiple pipelines run at the same time | |
| - name: (test-user1) Try to upload an rpm package with test-user1 API key | |
| run: | | |
| RANDOM=$(date +%s) | |
| PACKAGE_NAME="${RANDOM}-${HOSTNAME}-test-user1_nginx-1.26.0-1.el7.ngx.x86_64.rpm" | |
| cp ${HOSTNAME}_nginx-1.26.0-1.el7.ngx.x86_64.rpm $PACKAGE_NAME | |
| OUTPUT=$(curl --fail-with-body -L --post301 -s -q -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER1_API_KEY }}" -F "files=@${PACKAGE_NAME}" ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/4/upload) || true | |
| if echo "$OUTPUT" | grep -q "You are not allowed to upload packages"; then | |
| echo "Correctly failed to upload deb package with test-user1 API key" | |
| else | |
| echo "Failed to fail the upload deb package with test-user1 API key" | |
| exit 1 | |
| fi | |
| # Launch a rebuild of the snapshot metadata for the deb repository | |
| - name: (test-user1) Try to rebuild deb snapshot metadata with test-user1 API key | |
| run: | | |
| OUTPUT=$(curl --fail-with-body -L -s -q -X PUT -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER1_API_KEY }}" -d '{"gpgSign":"true"}' ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/3/rebuild) || true | |
| if echo "$OUTPUT" | grep -q "You are not allowed to rebuild a repository snapshot"; then | |
| echo "Correctly failed to rebuild deb snapshot metadata with test-user1 API key" | |
| else | |
| echo "Failed to fail the rebuild deb snapshot metadata with test-user1 API key" | |
| exit 1 | |
| fi | |
| # Launch a rebuild of the snapshot metadata for the rpm repository | |
| - name: (test-user1) Try to rebuild rpm snapshot metadata with test-user1 API key | |
| run: | | |
| OUTPUT=$(curl --fail-with-body -L -s -q -X PUT -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER1_API_KEY }}" -d '{"gpgSign":"true"}' ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/4/rebuild) || true | |
| if echo "$OUTPUT" | grep -q "You are not allowed to rebuild a repository snapshot"; then | |
| echo "Correctly failed to rebuild rpm snapshot metadata with test-user1 API key" | |
| else | |
| echo "Failed to fail the rebuild rpm snapshot metadata with test-user1 API key" | |
| exit 1 | |
| fi | |
| # | |
| # Run tests as a regular user: test-user2 | |
| # This user has permissions to upload packages and rebuild snapshots metadata | |
| # | |
| # Upload a deb package using the test-user2 API key | |
| # Generate a unique package name to avoid conflicts when multiple pipelines run at the same time | |
| - name: (test-user2) Try to upload a deb package with test-user2 API key | |
| run: | | |
| RANDOM=$(date +%s) | |
| PACKAGE_NAME="${RANDOM}-${HOSTNAME}-test-user2_nginx_1.26.0-1~bookworm_amd64.deb" | |
| cp ${HOSTNAME}_nginx_1.26.0-1~bookworm_amd64.deb $PACKAGE_NAME | |
| curl --fail-with-body -L --post301 -s -q -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER2_API_KEY }}" -F "files=@${PACKAGE_NAME}" ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/5/upload | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to upload deb package" | |
| exit 1 | |
| fi | |
| # Upload a rpm package using the test-user2 API key | |
| # Generate a unique package name to avoid conflicts when multiple pipelines run at the same time | |
| - name: (test-user2) Try to upload an rpm package with test-user2 API key | |
| run: | | |
| RANDOM=$(date +%s) | |
| PACKAGE_NAME="${RANDOM}-${HOSTNAME}-test-user2_nginx-1.26.0-1.el7.ngx.x86_64.rpm" | |
| cp ${HOSTNAME}_nginx-1.26.0-1.el7.ngx.x86_64.rpm $PACKAGE_NAME | |
| curl --fail-with-body -L --post301 -s -q -X POST -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER2_API_KEY }}" -F "files=@${PACKAGE_NAME}" ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/6/upload | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to upload rpm package" | |
| exit 1 | |
| fi | |
| # Launch a rebuild of the snapshot metadata for the deb repository | |
| - name: (test-user2) Try to rebuild deb snapshot metadata with test-user2 API key | |
| run: | | |
| curl --fail-with-body -L -s -q -X PUT -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER2_API_KEY }}" -d '{"gpgSign":"true"}' ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/5/rebuild | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to rebuild deb snapshot metadata" | |
| exit 1 | |
| fi | |
| # Launch a rebuild of the snapshot metadata for the rpm repository | |
| - name: (test-user2) Try to rebuild rpm snapshot metadata with test-user2 API key | |
| run: | | |
| curl --fail-with-body -L -s -q -X PUT -H "Authorization: Bearer ${{ secrets.API_TEST_TEST_USER2_API_KEY }}" -d '{"gpgSign":"true"}' ${{ secrets.API_TEST_HOST }}/api/v2/snapshot/6/rebuild | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to rebuild rpm snapshot metadata" | |
| exit 1 | |
| fi | |
| # | |
| # Additional tests | |
| # | |
| # List all repositories | |
| - name: List all repositories | |
| run: | | |
| curl --fail-with-body -s -q -X GET -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" ${{ secrets.API_TEST_HOST }}/api/v2/repo/ | jq | |
| # List all repositories with name "local-deb-for-admin" | |
| - name: List repositories with specific name | |
| run: | | |
| curl --fail-with-body -s -q -X GET -H "Authorization: Bearer ${{ secrets.API_TEST_ADMIN_API_KEY }}" ${{ secrets.API_TEST_HOST }}/api/v2/repo/ | jq -r '.results[] | select(.Name == "local-deb-for-admin")' |