Fix tests for attestations

This commit is contained in:
Nanda H Krishna 2024-07-15 12:23:10 -04:00
parent 4d387d285e
commit 802eb54e87
No known key found for this signature in database
GPG Key ID: 067E5FCD58ADF3AA
2 changed files with 9 additions and 37 deletions

View File

@ -129,13 +129,6 @@ module Homebrew
# Even if we have credentials, they may be invalid or malformed.
raise GhAuthNeeded, "invalid credentials" if e.status.exitstatus == 4
gh_version = Version.new(system_command!(gh_executable, args: ["--version"], print_stderr: false)
.stdout.match(/\d+(?:\.\d+)+/i).to_s)
if gh_version < GH_ATTESTATION_MIN_VERSION
raise e,
"#{gh_executable} is too old, you must upgrade it to continue"
end
raise InvalidAttestationError, "attestation verification failed: #{e}"
end

View File

@ -6,6 +6,7 @@ RSpec.describe Homebrew::Attestation do
let(:fake_gh) { Pathname.new("/extremely/fake/gh") }
let(:fake_old_gh) { Pathname.new("/extremely/fake/old/gh") }
let(:fake_gh_creds) { "fake-gh-api-token" }
let(:fake_gh_formula) { instance_double(Formula, "gh", opt_bin: Pathname.new("/extremely/fake")) }
let(:fake_gh_version) { instance_double(SystemCommand::Result, stdout: "2.49.0") }
let(:fake_old_gh_version) { instance_double(SystemCommand::Result, stdout: "2.48.0") }
let(:fake_error_status) { instance_double(Process::Status, exitstatus: 1, termsig: nil) }
@ -68,40 +69,22 @@ RSpec.describe Homebrew::Attestation do
end
describe "::gh_executable" do
it "calls ensure_executable" do
expect(described_class).to receive(:ensure_executable!)
.with("gh")
.and_return(fake_gh)
described_class.gh_executable
end
end
describe "::check_attestation fails with old gh" do
before do
allow(described_class).to receive(:gh_executable)
.and_return(fake_old_gh)
allow(described_class).to receive(:system_command!)
.with(fake_old_gh, args: ["--version"], print_stderr: false)
.and_return(fake_old_gh_version)
end
it "raises when gh is too old" do
expect(GitHub::API).to receive(:credentials)
.and_return(fake_gh_creds)
it "calls ensure_executable and ensure_formula_installed" do
expect(described_class).to receive(:ensure_executable!)
.with("gh")
.and_return(fake_old_gh)
expect(described_class).to receive(:system_command!)
.with(fake_old_gh, args: ["attestation", "verify", cached_download, "--repo",
described_class::HOMEBREW_CORE_REPO, "--format", "json"],
env: { "GH_TOKEN" => fake_gh_creds }, secrets: [fake_gh_creds],
print_stderr: false, chdir: HOMEBREW_TEMP)
.and_raise(ErrorDuringExecution.new(["foo"], status: fake_error_status))
expect(described_class).to receive(:ensure_formula_installed!)
.with("gh", latest: true, reason: "verifying attestations")
.and_return(fake_gh_formula)
expect do
described_class.check_attestation fake_bottle,
described_class::HOMEBREW_CORE_REPO
end.to raise_error(ErrorDuringExecution)
described_class.gh_executable
end
end
@ -109,10 +92,6 @@ RSpec.describe Homebrew::Attestation do
before do
allow(described_class).to receive(:gh_executable)
.and_return(fake_gh)
allow(described_class).to receive(:system_command!)
.with(fake_gh, args: ["--version"], print_stderr: false)
.and_return(fake_gh_version)
end
it "raises without any gh credentials" do