-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCiWebhookIntegrationTest.java
More file actions
269 lines (235 loc) · 10.8 KB
/
CiWebhookIntegrationTest.java
File metadata and controls
269 lines (235 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
package ci.controller;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.inOrder;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockConstruction;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import ci.integration.GithubAPIHandler;
import ci.service.CiService;
import ci.service.CompilationService;
import ci.util.RepoSetup;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.tomcat.util.buf.HexUtils;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import org.mockito.MockedConstruction;
import org.mockito.MockedStatic;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc;
import org.springframework.context.annotation.Bean;
import org.springframework.core.task.SyncTaskExecutor;
import org.springframework.core.task.TaskExecutor;
import org.springframework.http.MediaType;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.test.web.servlet.MockMvc;
// Overwrites any properties file SpringBoot might have access too
@SpringBootTest(
properties = {
"sharedKey=test-secret",
"git.repoName=daDevBoat/ContinuousIntegration",
"ci.repoSsh=fake-ssh",
"ci.repoID=ContinuousIntegration",
"server.auth=fake-token",
"local.url=http://localhost:1234"
})
@ActiveProfiles("test")
@AutoConfigureMockMvc
/**
* Integration tests: Use a mock HTTP post to trigger the CI workflow (CIWebhookController and
* CIService) Uses mock values to overwrite any properties files that might exist. Uses mock
* function returns where the results requires a special key / permissions, since these functions
* are tested independently in their own Unit Tests.
*
* <p>Evaluates if the send HTTP codes are as expected.
*/
class CiWebhookIntegrationTest {
@TempDir Path temp;
// SECRET needs to match the sharedKey set in the properties at the top of the file
private static final String SECRET = "test-secret";
private static final String REPO_ID = "ContinuousIntegration";
@Autowired MockMvc mockMvc;
@Autowired CiService ciService;
private final ObjectMapper om = new ObjectMapper();
/**
* enforces the runBuild in CiService to be executed in synchron mode, otherwise we cant get the
* response
*/
@TestConfiguration
static class SyncAsyncConfig {
@Bean(name = "taskExecutor")
TaskExecutor taskExecutor() {
return new SyncTaskExecutor();
}
}
/**
* Function from Validation The function HMAC:s a message, in bytes, using SHA256 and the
* sharedKey. The answer is in hexadecimals (string).
*
* @param sharedKey the shared key between Github and our program
* @param payloadBody the body sent by the webhook
* @return the body HMAC:ed with SHA256 using sharedKey
* @throws IllegalArgumentException if payloadBody or sharedKey is null
* @throws NoSuchAlgorithmException if Mac.getInstance can't find the HmacSHA256 algorithm
* @throws UnsupportedEncodingException if sharedKey.getBytes can't find "UTF-8" encoding
* @throws InvalidKeyException if the secretKey is invalid for initializing sha256HMAC
*/
private static String computeHMACWithSHA256(String sharedKey, byte[] payloadBody)
throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
if (payloadBody == null || payloadBody.length == 0 || sharedKey == null) {
throw new IllegalArgumentException("payloadBody was empty or null.");
}
Mac sha256HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(sharedKey.getBytes("UTF-8"), "HmacSHA256");
sha256HMAC.init(secretKey);
byte[] result = sha256HMAC.doFinal(payloadBody);
return HexUtils.toHexString(result);
}
/**
* @param sha the sha to be used in the payload
* @return A JSON payload containing the sha and a few additional necessary values for this test
* @throws Exception when the JSON object can not be created as anticipated
*/
private byte[] buildPayload(String sha) throws Exception {
String json =
"""
{
"after": "%s",
"repository": {
"full_name": "daDevBoat/ContinuousIntegration",
"name": "ContinuousIntegration",
"owner": { "name": "daDevBoat" }
}
}
"""
.formatted(sha);
return om.readTree(json).toString().getBytes(StandardCharsets.UTF_8);
}
@Test
@Disabled
void successfulBuild_postsPendingThenSuccess() throws Exception {
/**
* Contract: The CI server replies first with Code 202 when it receives a HTTP post request and,
* iff all checks within the runBuild function pass, updates the status 200 "success".
*/
// Set value repoParentDir in ciService to temp
ReflectionTestUtils.setField(ciService, "repoParentDir", temp.toString());
// Create the repo so it passes checks
String sha = "0123456789abcdef0123456789abcdef01234567";
Files.createDirectories(temp.resolve("test").resolve(sha).resolve(REPO_ID));
// Fake compilation success - when the compile function is caled always return success as true
CompilationService compilationMock = mock(CompilationService.class);
when(compilationMock.compile(any()))
.thenReturn(new CompilationService.CompilationResult(true, List.of("ok"), 0));
// Use the mock compilationService class
ReflectionTestUtils.setField(ciService, "compilationService", compilationMock);
// Setup a fake RepoSetup class
try (MockedStatic<RepoSetup> repoSetup = mockStatic(RepoSetup.class)) {
// Make sure none of the functions in RepoSetup returns anything (set all to null)
repoSetup.when(() -> RepoSetup.createDir(anyString())).thenAnswer(i -> null);
repoSetup
.when(() -> RepoSetup.cloneRepo(anyString(), anyString(), anyString()))
.thenAnswer(i -> null);
repoSetup
.when(() -> RepoSetup.updateRepo(anyString(), anyString(), anyString()))
.thenAnswer(i -> null);
// Setup a fake GitHubAPI Handler
try (MockedConstruction<GithubAPIHandler> apiCons =
mockConstruction(
GithubAPIHandler.class,
(mock, ctx) -> {
doNothing().when(mock).sendPost(anyString(), anyString(), anyString(), anyString());
})) {
// Building the fake payload
byte[] payloadBody = buildPayload(sha);
String sig = "sha256=" + computeHMACWithSHA256(SECRET, payloadBody);
// Building a fake http post
mockMvc
.perform(
post("/webhook/github")
.contentType(MediaType.APPLICATION_JSON)
.header("X-GitHub-Event", "push")
.header("X-Hub-Signature-256", sig)
.content(payloadBody))
.andExpect(status().isAccepted());
// Check if the GitHubAPIHandler would have send the correct status
GithubAPIHandler handler = apiCons.constructed().get(0);
var inOrder = inOrder(handler);
inOrder.verify(handler).sendPost(anyString(), anyString(), eq("pending"), anyString());
inOrder.verify(handler).sendPost(anyString(), anyString(), eq("success"), anyString());
}
}
}
@Test
void failedBuild_postsPendingThenFailure() throws Exception {
/**
* Contract: The CI server replies first with Code 202 when it receives a HTTP post request and,
* iff all the build fails, updates the status to "failure".
*/
// Set value repoParentDir in ciService to temp
ReflectionTestUtils.setField(ciService, "repoParentDir", temp.toString());
// Create the repo so it passes checks
String sha = "0123456789abcdef0123456789abcdef01234567";
Files.createDirectories(temp.resolve("test").resolve(sha).resolve(REPO_ID));
// Fake compilation success - when the compile function is caled always return success as true
CompilationService compilationMock = mock(CompilationService.class);
when(compilationMock.compile(any()))
.thenReturn(new CompilationService.CompilationResult(false, List.of("fail"), 1));
// Use the mock compilationService class
ReflectionTestUtils.setField(ciService, "compilationService", compilationMock);
// Setup a fake RepoSetup class
try (MockedStatic<RepoSetup> repoSetup = mockStatic(RepoSetup.class)) {
// Make sure none of the functions in RepoSetup returns anything (set all to null)
repoSetup.when(() -> RepoSetup.createDir(anyString())).thenAnswer(i -> null);
repoSetup
.when(() -> RepoSetup.cloneRepo(anyString(), anyString(), anyString()))
.thenAnswer(i -> null);
repoSetup
.when(() -> RepoSetup.updateRepo(anyString(), anyString(), anyString()))
.thenAnswer(i -> null);
// Setup a fake GitHubAPI Handler
try (MockedConstruction<GithubAPIHandler> apiCons =
mockConstruction(
GithubAPIHandler.class,
(mock, ctx) -> {
doNothing().when(mock).sendPost(anyString(), anyString(), anyString(), anyString());
})) {
// Building the fake payload
byte[] payloadBody = buildPayload(sha);
String sig = "sha256=" + computeHMACWithSHA256(SECRET, payloadBody);
// Building a fake http post
mockMvc
.perform(
post("/webhook/github")
.contentType(MediaType.APPLICATION_JSON)
.header("X-GitHub-Event", "push")
.header("X-Hub-Signature-256", sig)
.content(payloadBody))
.andExpect(status().isAccepted());
// Check if the GitHubAPIHandler would have send the correct status
GithubAPIHandler handler = apiCons.constructed().get(0);
var inOrder = inOrder(handler);
inOrder.verify(handler).sendPost(anyString(), anyString(), eq("pending"), anyString());
inOrder.verify(handler).sendPost(anyString(), anyString(), eq("failure"), anyString());
}
}
}
}