recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
main
cc-ci/tests/unit/test_discovery.py
autonomic-bot 29a28e2028
All checks were successful
continuous-integration/drone/push Build is passing
Details
feat(harness): P4 — custom-test ergonomics (rcust) 
Placement RULE: discovery.custom_tests covers ONLY functional/ + playwright/ —
the top-level test_*.py glob for recipe dirs is removed (top level is reserved
for lifecycle overlays; zero in-repo users of top-level custom tests, verified
by sweep). Lifecycle-name exclusion inside the subdirs stays as the double-run
safety net. HC2 default-deny unchanged (repo-local custom now pinned via
functional/ in the gate test).

New conftest fixture op_state: parses $CCCI_OP_STATE_FILE (op context: versions,
artifact paths), skipping with a clear reason when unset/absent/unparseable —
overlay tests read op facts from the fixture instead of hand-parsing env (zero
existing hand-parsers found; the fixture is the documented path forward). deps
fixture landed in P2d.

Unit tests: placement-rule discovery tests (top-level custom NOT discovered;
functional/playwright are; misfiled lifecycle names excluded), op_state fixture
contract (reads file / skips without env / skips on missing file), deps fixture
attribute sugar.

Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 184 passed; scripts/lint.sh -> PASS.
2026-06-10 17:14:21 +00:00

132 lines
6.0 KiB
Python
Raw Permalink Blame History

"""Unit tests for overlay/custom/hook discovery + precedence (Phase 1d DG4 + Phase 1e HC2/HC3).
Deterministic, no deployment. Proves:
- the overlay resolution rule (repo-local > cc-ci) + the generic floor (HC3: additive, separate);
- the HC2 repo-local approval gate (default-deny; repo-local consulted only for approved recipes).
Run with: `cc-ci-run -m pytest tests/unit`. These live under tests/unit/ (NOT a recipe name, NOT
tests/_generic/) so the run orchestrator never picks them up as overlays/custom tests."""
import os
import sys
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
from harness import discovery # noqa: E402
def _approve(tmp_path, *recipes):
"""Point the allowlist at a temp file approving the given recipes (HC2), and return a cleanup."""
f = tmp_path / "approved.txt"
f.write_text("".join(f"{r}\n" for r in recipes))
os.environ["CCCI_REPO_LOCAL_APPROVED_FILE"] = str(f)
def teardown_function():
os.environ.pop("CCCI_REPO_LOCAL_APPROVED_FILE", None)
# ---- HC3: generic is the floor; overlay resolution is separate + additive --------------------
def test_no_overlay_means_generic_floor():
# hedgedoc ships no tests/hedgedoc/ overlay and no repo-local -> no overlay; generic floor exists
assert discovery.resolve_overlay_op("hedgedoc", "install", None) is None
src, path = discovery.generic_op("install")
assert src == "generic"
assert path == os.path.join(discovery.GENERIC_DIR, "test_install.py")
# back-compat resolver still yields generic when there is no overlay
assert discovery.resolve_op("hedgedoc", "install", None) == ("generic", path)
def test_cc_ci_overlay_found_for_each_op():
# custom-html ships cc-ci overlays for all four ops -> resolve_overlay_op returns the cc-ci file
for op in discovery.LIFECYCLE_OPS:
res = discovery.resolve_overlay_op("custom-html", op, None)
assert res == (
"cc-ci",
os.path.join(discovery.cc_ci_dir("custom-html"), f"test_{op}.py"),
), op
# ---- HC2: repo-local approval gate (default-deny) --------------------------------------------
def test_repo_local_ignored_when_not_approved(tmp_path):
# default-deny: a repo-local overlay is NOT consulted for an unapproved recipe -> cc-ci wins
_approve(tmp_path) # empty allowlist
(tmp_path / "test_install.py").write_text("# repo-local overlay\n")
res = discovery.resolve_overlay_op("custom-html", "install", str(tmp_path))
assert res == ("cc-ci", os.path.join(discovery.cc_ci_dir("custom-html"), "test_install.py"))
assert discovery.repo_local_approved("custom-html") is False
def test_repo_local_wins_when_approved(tmp_path):
# approved: repo-local is upstream-authoritative and beats cc-ci for the same op
rl = tmp_path / "repo"
rl.mkdir()
(rl / "test_install.py").write_text("# repo-local overlay\n")
_approve(tmp_path, "custom-html")
assert discovery.repo_local_approved("custom-html") is True
res = discovery.resolve_overlay_op("custom-html", "install", str(rl))
assert res == ("repo-local", str(rl / "test_install.py"))
def test_custom_tests_repo_local_gated(tmp_path, monkeypatch):
# custom test_*.py from repo-local only count for approved recipes (HC2); placement rule
# (rcust P4): custom tests live under functional/ (or playwright/) — top-level files are
# lifecycle overlays only, so the repo-local custom here sits in functional/.
# Use a synthetic recipe name + monkeypatched cc_ci_dir so this is independent of what
# tests/<real-recipe>/ ships (F2-1).
fake_recipe = "ccci-hc2-fixture"
monkeypatch.setattr(discovery, "cc_ci_dir", lambda r: str(tmp_path / "cc-ci" / r))
(tmp_path / "cc-ci" / fake_recipe).mkdir(parents=True)
rl = tmp_path / "repo"
(rl / "functional").mkdir(parents=True)
(rl / "functional" / "test_sso.py").write_text("# repo-local custom\n")
(rl / "functional" / "test_install.py").write_text("# lifecycle name -> excluded from custom\n")
_approve(tmp_path) # not approved -> repo-local custom ignored
assert discovery.custom_tests(fake_recipe, str(rl)) == []
_approve(tmp_path, fake_recipe) # approved -> repo-local custom honored
customs = discovery.custom_tests(fake_recipe, str(rl))
names = {(src, os.path.basename(p)) for src, p in customs}
assert ("repo-local", "test_sso.py") in names
assert all(os.path.basename(p) != "test_install.py" for _, p in customs)
def test_install_steps_repo_local_gated(tmp_path):
rl = tmp_path / "repo"
rl.mkdir()
(rl / "install_steps.sh").write_text("#!/usr/bin/env bash\n")
_approve(tmp_path) # not approved -> repo-local hook ignored (custom-html has no cc-ci hook)
assert discovery.install_steps("custom-html", str(rl)) is None
_approve(tmp_path, "custom-html") # approved -> repo-local hook honored
hook = discovery.install_steps("custom-html", str(rl))
assert hook == ("repo-local", str(rl / "install_steps.sh"))
assert discovery.install_steps("hedgedoc", None) is None
def test_pre_op_hook_repo_local_gated(tmp_path):
# hedgedoc has no cc-ci ops.py, so this isolates the repo-local gate (custom-html now ships a
# real cc-ci tests/custom-html/ops.py, which would mask the gate).
rl = tmp_path / "repo"
rl.mkdir()
(rl / "ops.py").write_text("def pre_upgrade(domain, meta):\n pass\n")
_approve(tmp_path) # not approved -> repo-local ops.py ignored (no cc-ci ops.py either)
assert discovery.pre_op_hook("hedgedoc", "upgrade", str(rl)) is None
_approve(tmp_path, "hedgedoc") # approved -> repo-local pre-op hook honored
hook = discovery.pre_op_hook("hedgedoc", "upgrade", str(rl))
assert hook == ("repo-local", str(rl / "ops.py"))
# an ops.py that does NOT define pre_<op> is not a hook for that op
assert discovery.pre_op_hook("hedgedoc", "backup", str(rl)) is None
def test_default_allowlist_is_empty():
# the checked-in tests/repo-local-approved.txt approves nothing (default-deny invariant)
os.environ.pop("CCCI_REPO_LOCAL_APPROVED_FILE", None)
assert discovery.approved_recipes() == set()
Reference in New Issue View Git Blame Copy Permalink