Compare commits

...

1 Commits

Author SHA1 Message Date
e0f2a5d66a tests: add libredesk (LibreDesk helpdesk) recipe test suite
Some checks failed
continuous-integration/drone/push Build is failing
New recipe recipe-maintainers/Libre-Desk (abra TYPE=libredesk): app libredesk
v2.4.0 on :9000 + postgres:17 + redis:7. Adds:
- recipe_meta.py: /health probe, BACKUP_CAPABLE (backupbot db labels), upgrade
  EXPECTED_NA (only one published version so far), WARM_CANONICAL.
- install_steps.sh: insert format-compliant enc_key (32-hex) + admin_pwd
  (upper+lower+num+special) before deploy — abra's generic generator doesn't
  satisfy LibreDesk's strict secret formats.
- custom/: /health 200 probe + served-shell brand/asset probe (real app, not a
  fallback 200).
2026-07-07 23:07:40 +00:00
4 changed files with 150 additions and 0 deletions

View File

@ -0,0 +1,20 @@
"""libredesk — health check: the app's /health endpoint responds 200 through Traefik.
This is the same endpoint the compose healthcheck hits internally (:9000/health); exercising it via
the public domain confirms the app is bound and the proxy route is wired.
"""
from __future__ import annotations
import os
import sys
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
from harness import http as harness_http # noqa: E402
def test_libredesk_health(live_app):
"""GET /health → 200."""
url = f"https://{live_app}/health"
status, _ = harness_http.retry_http_get(url, expect_status=(200,), max_wait=120, interval=5)
assert status == 200, f"GET {url} HTTP {status} (expected 200)"

View File

@ -0,0 +1,49 @@
"""libredesk — UI probe: the served root HTML is the real LibreDesk app, not a fallback page.
/health passing only proves the process is up. This asserts the front-end SPA is actually bound and
serving its own shell — a wedged backend or a misrouted proxy would 200 with generic/empty content.
"""
from __future__ import annotations
import os
import ssl
import sys
import urllib.request
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
from harness import http as harness_http # noqa: E402
_CTX = ssl.create_default_context()
_CTX.check_hostname = False
_CTX.verify_mode = ssl.CERT_NONE
def _get_body(url: str) -> tuple[int, str]:
req = urllib.request.Request(url, method="GET")
with urllib.request.urlopen(req, timeout=15, context=_CTX) as r:
return r.status, r.read().decode(errors="replace")
def test_libredesk_serves_app_shell(live_app):
"""GET /; assert LibreDesk-specific brand or SPA-asset markers in the served HTML."""
url = f"https://{live_app}/"
def _ready():
try:
status, body = _get_body(url)
except Exception: # noqa: BLE001
return None
return body if status in (200, 301, 302) else None
body = harness_http.assert_converges(_ready, f"GET {url}", max_wait=120, interval=5)
lower = body.lower()
# Brand markers: the app title / meta / bundle references carry "libredesk".
brand = [m for m in ("libredesk", "libre desk") if m in lower]
# SPA asset markers: the built front-end serves hashed JS/CSS bundles + a favicon.
assets = [m for m in ("/assets/", "favicon", ".js", ".css", "<div id=\"app\"", "id=app") if m in body]
assert brand or assets, (
f"GET {url} HTML has no LibreDesk brand or SPA-asset markers. Excerpt: {body[:300]!r}"
)

View File

@ -0,0 +1,49 @@
#!/usr/bin/env bash
# libredesk — INSTALL-TIME secret hook.
#
# Runs during the install tier AFTER `abra app new` + EXTRA_ENV + `abra app secret generate --all`
# and BEFORE the single `abra app deploy` (lifecycle.py::_run_install_steps). LibreDesk validates
# two secrets with formats that abra's generic generator does not guarantee, so we insert compliant
# values here (at a bumped version — swarm forbids overwriting a secret at the same version) and
# point the .env at them, so the recipe deploys ONCE, healthy, with no reconverge:
# - enc_key : exactly 32 hex chars (AES-256 encryption_key) → openssl rand -hex 16
# - admin_pwd : 1072 chars incl. upper+lower+number+special (the app rejects weaker "System"
# user passwords, which abra's alphanumeric generator can produce)
# db_password is fine as abra-generated (no special format), so it is left untouched.
#
# Env supplied by the harness:
# CCCI_APP_DOMAIN — the per-run libredesk app domain (== abra app name)
# CCCI_APP_ENV — path to the app's .env (the one `abra app deploy` reads)
set -euo pipefail
: "${CCCI_APP_DOMAIN:?missing}"
ENV_PATH="${CCCI_APP_ENV:?missing}"
# Insert a compliant value for <secret> and repoint SECRET_<VAR>_VERSION at the bumped version.
insert_secret() {
local secret="$1" env_var="$2" value="$3"
local cur new num
cur=$(grep -E "^\s*${env_var}=" "$ENV_PATH" | tail -1 | cut -d= -f2 | tr -d '"\r' || echo "v1")
cur=${cur:-v1}
num=$(( ${cur#v} + 1 )); new="v${num}"
# abra forbids overwriting an existing version; insert at the fresh version. -C creates it, -o
# allows overwrite if a stale one exists, --no-input for non-interactive.
local log
log=$(abra app secret insert "$CCCI_APP_DOMAIN" "$secret" "$new" "$value" --no-input -C -o 2>&1) ||
log=$(script -qec "abra app secret insert $CCCI_APP_DOMAIN $secret $new $value --no-input -C -o" /dev/null 2>&1) ||
{ echo " install_steps: abra app secret insert ${secret}@${new} failed: $log"; exit 1; }
sed -i "s|^\s*${env_var}=.*|${env_var}=${new}|" "$ENV_PATH"
echo " install_steps: ${secret} inserted at ${new} (was ${cur})"
}
# 32 hex chars = 16 bytes (AES-256 key LibreDesk expects for encryption_key).
ENC_KEY=$(openssl rand -hex 16)
# 1072 chars with upper+lower+number+special. Build deterministically-compliant: a fixed
# upper+lower+digit+special prefix plus random hex entropy (lowercase letters + digits).
ADMIN_PWD="Ci$(openssl rand -hex 12)Aa1!"
insert_secret enc_key SECRET_ENC_KEY_VERSION "$ENC_KEY"
insert_secret admin_pwd SECRET_ADMIN_PWD_VERSION "$ADMIN_PWD"
echo " libredesk install_steps: enc_key (32-hex) + admin_pwd (complex) inserted; deploy will use them"

View File

@ -0,0 +1,32 @@
# Per-recipe harness config for libredesk (LibreDesk — open-source, self-hosted customer-support /
# help desk; recipe repo recipe-maintainers/Libre-Desk, abra TYPE=libredesk).
#
# Stack (compose.yml): app (libredesk/libredesk:v2.4.0, serves on :9000 behind Traefik) + db
# (postgres:17-alpine, user/db=libredesk) + redis (redis:7-alpine). abra-entrypoint.sh self-installs
# the schema and runs migrations on boot (`--install --idempotent-install` then `--upgrade`), so the
# stack comes up ready with no post-deploy step.
#
# Secrets have STRICT formats that abra's generic generator does not satisfy, so install_steps.sh
# inserts compliant values before the single deploy (see that file):
# - enc_key must be 32 hex chars (AES-256 key) → openssl rand -hex 16
# - admin_pwd must be 1072 chars, upper+lower+num+sym → the "System" user's password
# - db_password is abra-generated (no special format) and left as-is.
HEALTH_PATH = "/health" # the app's own healthcheck endpoint (compose hits :9000/health)
HEALTH_OK = (200,)
DEPLOY_TIMEOUT = 600 # app + postgres + redis; app runs install+migrate on first boot
HTTP_TIMEOUT = 300
BACKUP_CAPABLE = True # db carries backupbot.backup labels (pg_dump pre-hook / psql restore-hook)
# Only one published version exists so far (0.1.0+v2.4.0), so there is no PRIOR deployable base to
# upgrade FROM — the upgrade rung is intentionally N/A (a declared skip, never promoted to a pass).
# Drop this once a second version is published; the dynamic base then resolves it (last-green warm
# canonical → same-version step-back → main tip).
EXPECTED_NA = {
"upgrade": "only one published version so far (0.1.0+v2.4.0) — no prior deployable base to "
"upgrade FROM yet; drop this when a second version ships",
}
# canon §2.B: enroll as a DATA-WARM canonical (all recipes enrolled — operator 2026-06-17).
# The weekly sweep promotes this recipe's canonical to its latest green RELEASE TAG.
WARM_CANONICAL = True