forgejo/tests/integration/api_repo_secrets_test.go

// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package integration

import (
	"fmt"
	"net/http"
	"testing"

	auth_model "code.gitea.io/gitea/models/auth"
	repo_model "code.gitea.io/gitea/models/repo"
	"code.gitea.io/gitea/models/unittest"
	user_model "code.gitea.io/gitea/models/user"
	api "code.gitea.io/gitea/modules/structs"
	"code.gitea.io/gitea/tests"
)

func TestAPIRepoSecrets(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
	session := loginUser(t, user.Name)
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

	t.Run("List", func(t *testing.T) {
		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/actions/secrets", repo.FullName())).
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusOK)
	})

	t.Run("Create", func(t *testing.T) {
		cases := []struct {
			Name           string
			ExpectedStatus int
		}{
			{
				Name:           "",
				ExpectedStatus: http.StatusMethodNotAllowed,
			},
			{
				Name:           "-",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           "_",
				ExpectedStatus: http.StatusCreated,
			},
			{
				Name:           "secret",
				ExpectedStatus: http.StatusCreated,
			},
			{
				Name:           "2secret",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           "GITEA_secret",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           "GITHUB_secret",
				ExpectedStatus: http.StatusBadRequest,
			},
		}

		for _, c := range cases {
			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), c.Name), api.CreateOrUpdateSecretOption{
				Data: "data",
			}).AddTokenAuth(token)
			MakeRequest(t, req, c.ExpectedStatus)
		}
	})

	t.Run("Update", func(t *testing.T) {
		name := "update_secret"
		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)

		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
			Data: "initial",
		}).AddTokenAuth(token)
		MakeRequest(t, req, http.StatusCreated)

		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
			Data: "changed",
		}).AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNoContent)
	})

	t.Run("Delete", func(t *testing.T) {
		name := "delete_secret"
		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)

		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
			Data: "initial",
		}).AddTokenAuth(token)
		MakeRequest(t, req, http.StatusCreated)

		req = NewRequest(t, "DELETE", url).
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNoContent)

		req = NewRequest(t, "DELETE", url).
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNotFound)

		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/000", repo.FullName())).
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusBadRequest)
	})
}
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`// Copyright 2023 The Gitea Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`

			`package integration`

			`import (`
			`"fmt"`
			`"net/http"`
			`"testing"`

			`auth_model "code.gitea.io/gitea/models/auth"`
			`repo_model "code.gitea.io/gitea/models/repo"`
			`"code.gitea.io/gitea/models/unittest"`
			`user_model "code.gitea.io/gitea/models/user"`
			`api "code.gitea.io/gitea/modules/structs"`
			`"code.gitea.io/gitea/tests"`
			`)`

			`func TestAPIRepoSecrets(t *testing.T) {`
			`defer tests.PrepareTestEnv(t)()`

			`repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})`
			`user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})`
			`session := loginUser(t, user.Name)`
			`token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)`

feat(api): enhance Actions Secrets Management API for repository (#30656) - Add endpoint to list repository action secrets in API routes - Implement `ListActionsSecrets` function to retrieve action secrets from the database - Update Swagger documentation to include the new `/repos/{owner}/{repo}/actions/secrets` endpoint - Add `actions` package import and define new routes for actions, secrets, variables, and runners in `api.go`. - Refactor action-related API functions into `Action` struct methods in `org/action.go` and `repo/action.go`. - Remove `actionAPI` struct and related functions, replacing them with `NewAction()` calls. - Rename `variables.go` to `action.go` in `org` directory. - Delete `runners.go` and `secrets.go` in both `org` and `repo` directories, consolidating their content into `action.go`. - Update copyright year and add new imports in `org/action.go`. - Implement `API` interface in `services/actions/interface.go` for action-related methods. - Remove individual action-related functions and replace them with methods on the `Action` struct in `repo/action.go`. --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Signed-off-by: appleboy <appleboy.tw@gmail.com> (cherry picked from commit 852547d0dc70299589c7bf8d00ea462ed709b8e5) Conflicts: routers/api/v1/api.go trivial conflict because of Fix #2512 /api/forgejo/v1/version auth check (#2582) 2024-04-26 16:11:49 +03:00			`t.Run("List", func(t *testing.T) {`
			`req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/actions/secrets", repo.FullName())).`
			`AddTokenAuth(token)`
			`MakeRequest(t, req, http.StatusOK)`
			`})`

Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`t.Run("Create", func(t *testing.T) {`
			`cases := []struct {`
			`Name string`
			`ExpectedStatus int`
			`}{`
			`{`
			`Name: "",`
feat(api): enhance Actions Secrets Management API for repository (#30656) - Add endpoint to list repository action secrets in API routes - Implement `ListActionsSecrets` function to retrieve action secrets from the database - Update Swagger documentation to include the new `/repos/{owner}/{repo}/actions/secrets` endpoint - Add `actions` package import and define new routes for actions, secrets, variables, and runners in `api.go`. - Refactor action-related API functions into `Action` struct methods in `org/action.go` and `repo/action.go`. - Remove `actionAPI` struct and related functions, replacing them with `NewAction()` calls. - Rename `variables.go` to `action.go` in `org` directory. - Delete `runners.go` and `secrets.go` in both `org` and `repo` directories, consolidating their content into `action.go`. - Update copyright year and add new imports in `org/action.go`. - Implement `API` interface in `services/actions/interface.go` for action-related methods. - Remove individual action-related functions and replace them with methods on the `Action` struct in `repo/action.go`. --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Signed-off-by: appleboy <appleboy.tw@gmail.com> (cherry picked from commit 852547d0dc70299589c7bf8d00ea462ed709b8e5) Conflicts: routers/api/v1/api.go trivial conflict because of Fix #2512 /api/forgejo/v1/version auth check (#2582) 2024-04-26 16:11:49 +03:00			`ExpectedStatus: http.StatusMethodNotAllowed,`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`},`
			`{`
			`Name: "-",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`{`
			`Name: "_",`
			`ExpectedStatus: http.StatusCreated,`
			`},`
			`{`
			`Name: "secret",`
			`ExpectedStatus: http.StatusCreated,`
			`},`
			`{`
			`Name: "2secret",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`{`
			`Name: "GITEA_secret",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`{`
			`Name: "GITHUB_secret",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`}`

			`for _, c := range cases {`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), c.Name), api.CreateOrUpdateSecretOption{`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`Data: "data",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`}).AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, c.ExpectedStatus)`
			`}`
			`})`

			`t.Run("Update", func(t *testing.T) {`
			`name := "update_secret"`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00
			`req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{`
			`Data: "initial",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`}).AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, http.StatusCreated)`

			`req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{`
			`Data: "changed",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`}).AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, http.StatusNoContent)`
			`})`

			`t.Run("Delete", func(t *testing.T) {`
			`name := "delete_secret"`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00
			`req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{`
			`Data: "initial",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`}).AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, http.StatusCreated)`

Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`req = NewRequest(t, "DELETE", url).`
			`AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, http.StatusNoContent)`

Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`req = NewRequest(t, "DELETE", url).`
			`AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, http.StatusNotFound)`

Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 02:59:59 +03:00			`req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/000", repo.FullName())).`
			`AddTokenAuth(token)`
Refactor secrets modification logic (#26873) - Share code between web and api - Add some tests 2023-09-05 18:21:02 +03:00			`MakeRequest(t, req, http.StatusBadRequest)`
			`})`
			`}`