kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
a56d68896fcf24806a2cd18185ea5bfd3f0498f0
baron-sso/test/production_image_release_policy_test.sh

103 lines
5.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
assert_contains() {
local file="$1"
local pattern="$2"
if ! grep -Fq -- "$pattern" "$file"; then
echo "ERROR: missing pattern in $file: $pattern" >&2
exit 1
fi
}
assert_not_contains() {
local file="$1"
local pattern="$2"
if grep -Fq -- "$pattern" "$file"; then
echo "ERROR: forbidden pattern remains in $file: $pattern" >&2
exit 1
fi
}
build_rc="$ROOT_DIR/.gitea/workflows/build_RC.yml"
staging_release="$ROOT_DIR/.gitea/workflows/staging_release.yml"
production_release="$ROOT_DIR/.gitea/workflows/production_release.yml"
production_compose="$ROOT_DIR/docker/docker-compose.template.yaml"
for file in "$build_rc" "$staging_release" "$production_release" "$production_compose"; do
if [[ ! -f "$file" ]]; then
echo "ERROR: expected file not found: $file" >&2
exit 1
fi
done
for app in adminfront devfront orgfront; do
assert_contains "$build_rc" "Build and push $app RC image"
assert_contains "$build_rc" "file: ./$app/Dockerfile"
assert_contains "$build_rc" "build-args: |"
assert_contains "$build_rc" "VITE_OIDC_AUTHORITY=\${{ vars.VITE_OIDC_AUTHORITY }}"
done
assert_contains "$build_rc" "Validate RC build configuration"
assert_contains "$build_rc" "Missing required RC build value"
assert_contains "$build_rc" "Check Gitea repo variables/secrets"
assert_contains "$build_rc" "VITE_ADMIN_PUBLIC_URL=\${{ vars.ADMINFRONT_URL }}"
assert_contains "$build_rc" "VITE_DEVFRONT_PUBLIC_URL=\${{ vars.DEVFRONT_URL }}"
assert_contains "$build_rc" "VITE_ORGFRONT_PUBLIC_URL=\${{ vars.ORGFRONT_URL }}"
assert_contains "$build_rc" "ORGFRONT_URL=\${{ vars.ORGFRONT_URL }}"
assert_contains "$staging_release" "CLICKHOUSE_PASSWORD=\${{ secrets.CLICKHOUSE_PASSWORD }}"
assert_not_contains "$staging_release" "CLICKHOUSE_PASSWORD=\${{ vars.CLICKHOUSE_PASSWORD }}"
assert_contains "$staging_release" "PROFILE_CACHE_TTL=\${{ vars.PROFILE_CACHE_TTL }}"
assert_contains "$staging_release" "KRATOS_UI_NODE_VERSION=\${{ vars.KRATOS_UI_NODE_VERSION }}"
assert_contains "$staging_release" "Missing required staging .env value"
assert_contains "$staging_release" "Check Gitea repo variables/secrets"
assert_contains "$staging_release" "scp scripts/render_ory_config.sh"
assert_contains "$staging_release" "scp compose.ory.yaml"
assert_not_contains "$staging_release" "scp docker/compose.ory.yaml"
assert_contains "$staging_release" "bash scripts/render_ory_config.sh"
assert_contains "$staging_release" "chmod -R 777 config/.generated/ory"
assert_contains "$production_release" "for image in backend userfront adminfront devfront orgfront; do"
assert_contains "$production_release" 'docker://${HARBOR_HOSTNAME}/baron_sso/${image}:${BASE_TAG}'
assert_contains "$production_release" 'docker://${HARBOR_HOSTNAME}/baron_sso/${image}:${RE_TAG}'
assert_contains "$production_release" "ADMINFRONT_IMAGE_NAME: \${{ vars.HARBOR_HOSTNAME }}/baron_sso/adminfront"
assert_contains "$production_release" "DEVFRONT_IMAGE_NAME: \${{ vars.HARBOR_HOSTNAME }}/baron_sso/devfront"
assert_contains "$production_release" "ORGFRONT_IMAGE_NAME: \${{ vars.HARBOR_HOSTNAME }}/baron_sso/orgfront"
assert_contains "$production_release" "USERFRONT_URL=\${{ vars.PROD_FRONTEND_URL }}"
assert_contains "$production_release" "BACKEND_URL=\${{ vars.PROD_BACKEND_URL }}"
assert_contains "$production_release" "USERFRONT_PORT=\${{ vars.PROD_FRONTEND_PORT }}"
assert_contains "$production_release" "PROD_BACKEND_PORT=\${{ vars.PROD_BACKEND_PORT }}"
assert_contains "$production_release" "BACKEND_PORT=3000"
assert_contains "$production_release" "ADMINFRONT_URL=\${{ vars.ADMINFRONT_URL }}"
assert_contains "$production_release" "DEVFRONT_URL=\${{ vars.DEVFRONT_URL }}"
assert_contains "$production_release" "ORGFRONT_URL=\${{ vars.ORGFRONT_URL }}"
assert_contains "$production_release" "VITE_OIDC_AUTHORITY=\${{ vars.VITE_OIDC_AUTHORITY }}"
assert_contains "$production_release" "ADMINFRONT_CALLBACK_URLS=\${{ vars.ADMINFRONT_CALLBACK_URLS }}"
assert_contains "$production_release" "DEVFRONT_CALLBACK_URLS=\${{ vars.DEVFRONT_CALLBACK_URLS }}"
assert_contains "$production_release" "ORGFRONT_CALLBACK_URLS=\${{ vars.ORGFRONT_CALLBACK_URLS }}"
assert_contains "$production_release" "ADMINFRONT_PORT=\${{ vars.ADMINFRONT_PORT }}"
assert_contains "$production_release" "DEVFRONT_PORT=\${{ vars.DEVFRONT_PORT }}"
assert_contains "$production_release" "ORGFRONT_PORT=\${{ vars.ORGFRONT_PORT }}"
assert_contains "$production_release" "export ADMINFRONT_IMAGE_NAME='\${ADMINFRONT_IMAGE_NAME}'"
assert_contains "$production_release" "export DEVFRONT_IMAGE_NAME='\${DEVFRONT_IMAGE_NAME}'"
assert_contains "$production_release" "export ORGFRONT_IMAGE_NAME='\${ORGFRONT_IMAGE_NAME}'"
assert_contains "$production_release" "Missing required production .env value"
assert_not_contains "$production_release" "PROD_USERFRONT_URL"
assert_not_contains "$production_release" "PROD_USERFRONT_PORT"
for app in adminfront devfront orgfront; do
assert_contains "$production_compose" "$app:"
done
assert_contains "$production_compose" 'image: ${ADMINFRONT_IMAGE_NAME}:${IMAGE_TAG}'
assert_contains "$production_compose" 'image: ${DEVFRONT_IMAGE_NAME}:${IMAGE_TAG}'
assert_contains "$production_compose" 'image: ${ORGFRONT_IMAGE_NAME}:${IMAGE_TAG}'
assert_contains "$production_compose" 'API_PROXY_TARGET=http://baron_backend:${BACKEND_PORT:-3000}'
assert_contains "$production_compose" '${PROD_BACKEND_PORT:-3010}:3000'
assert_contains "$production_compose" '${USERFRONT_PORT:-80}:5000'
assert_contains "$production_compose" 'BACKEND_PORT=3000'
assert_contains "$production_compose" 'http://127.0.0.1:3000/health'
echo "production image release policy checks passed"
View Git Blame Copy Permalink