test case for encrypting file

kamilchm · Jun 4, 2024 · 7b89548 · 7b89548
1 parent 01267f8
commit 7b89548
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 6 deletions.
diff --git a/.github/workflows/test.yml → .github/workflows/check.yml b/.github/workflows/test.yml → .github/workflows/check.yml
@@ -1,4 +1,4 @@
-name: "Test"
+name: "CI checks"
 on:
   pull_request:
   push:
@@ -12,4 +12,5 @@ jobs:
     - uses: cachix/install-nix-action@v18
       with:
         nix_path: nixpkgs=channel:nixos-unstable
+    - run: ./lint.sh
     - run: ./tests.sh
diff --git a/lint.sh b/lint.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p shellcheck
+##shellcheck shell=bash
+
+set -euo pipefail
+
+shellcheck dotsecrets tests.sh
diff --git a/tests.sh b/tests.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash_unit -p bash bash_unit coreutils openssl
+##shellcheck shell=bash
+
 set -euo pipefail
 
 test_env_var() {
@@ -14,21 +16,60 @@ test_env_var() {
   assert_equals 'VAR_ONE=VAL ONE' "$(bash .secrets)"
 }
 
+test_empty_var_value() {
+  export SECRET_KEY="secret for empty value"
+
+  bash .secrets "VAR_NAME" >> .secrets
+  assert_equals 1 $? "should return error for empty var value"
+}
+
+test_file() {
+  export SECRET_KEY="dotsecrets-file"
+  echo -n "SECRET FILE" > secretfile
+
+  bash .secrets secretfile >> .secrets
+  assert_equals 0 $?
+
+  grep "SECRET FILE" .secrets
+  assert_equals 1 $? "unencrypted value found in .secrets"
+
+  rm secretfile
+  assert_fail "test -e secretfile" "secret file should not exists"
+
+  bash .secrets
+  assert_equals 0 $?
+
+  assert_equals 'SECRET FILE' "$(cat secretfile)"
+}
+
 test_secret_key_not_set() {
   unset SECRET_KEY
+
   bash .secrets "VAR_ONE" "VAL_ONE" >> .secrets
   assert_equals 1 $? "should return error if SECRET_KEY is not set"
 }
 
-CWD="$(pwd)"
+PROJECT_ROOT="$(pwd)"
+export PROJECT_ROOT
+CODE_LEN=$(wc -l < dotsecrets)
+export CODE_LEN
 
 setup() {
   cd "$(mktemp -d)"
-  cp "$CWD/dotsecrets" .secrets
+  cp "$PROJECT_ROOT/dotsecrets" .secrets
+}
+
+verify_code_unchanged() {
+  if [ "$(head -n "$CODE_LEN" .secrets)" != "$(cat "$PROJECT_ROOT/dotsecrets")" ]
+  then
+    echo ".dotsecrets code changed"
+    diff "$PROJECT_ROOT/dotsecrets" .secrets
+    exit 1
+  fi
 }
 
 teardown() {
-  cd "$CWD"
-  # TODO: verify .secrets code is unchanged
-  # TODO: verify .secrtes is the only file that can be modified
+  verify_code_unchanged
+
+  cd "$PROJECT_ROOT"
 }