diff --git a/.github/scripts/tests/check-approved-external-endpoints-test.sh b/.github/scripts/tests/check-approved-external-endpoints-test.sh new file mode 100644 index 0000000000..a2cb2011ff --- /dev/null +++ b/.github/scripts/tests/check-approved-external-endpoints-test.sh @@ -0,0 +1,198 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/check-approved-external-endpoints.sh" + +echo "===== verify script structure =====" + +if ! head -n 1 "$script_under_test" | rg -q "^#!/usr/bin/env bash"; then + echo "[FAIL] script missing proper shebang" + exit 1 +fi + +if ! head -n 5 "$script_under_test" | rg -q "set -euo pipefail"; then + echo "[FAIL] script missing set -euo pipefail" + exit 1 +fi + +echo "[OK] Script has proper structure" + +echo "===== verify script has required components =====" + +if ! rg -q 'policy_file.*approved-external-endpoints.txt' "$script_under_test"; then + echo "[FAIL] script doesn't reference policy file" + exit 1 +fi + +if ! rg -q 'matches_policy\(\)' "$script_under_test"; then + echo "[FAIL] script missing matches_policy function" + exit 1 +fi + +if ! rg -q 'mapfile -t approved_hosts' "$script_under_test"; then + echo "[FAIL] script doesn't read approved hosts" + exit 1 +fi + +if ! rg -q 'mapfile -t discovered_hosts' "$script_under_test"; then + echo "[FAIL] script doesn't discover hosts" + exit 1 +fi + +if ! rg -q "https\?://" "$script_under_test"; then + echo "[FAIL] script missing URL discovery pattern" + exit 1 +fi + +echo "[OK] Script has URL discovery logic" + +echo "===== verify script has exclusions =====" + +if ! rg -q 'localhost.*127.0.0.1.*0.0.0.0' "$script_under_test"; then + echo "[FAIL] script missing localhost exclusions" + exit 1 +fi + +if ! rg -q 'example.com' "$script_under_test"; then + echo "[FAIL] script missing example.com exclusions" + exit 1 +fi + +if ! rg -q 'proxy.com.*proxy.local' "$script_under_test"; then + echo "[FAIL] script missing proxy exclusions" + exit 1 +fi + +if ! rg -q '%|\{' "$script_under_test"; then + echo "[FAIL] script missing template variable exclusions" + exit 1 +fi + +echo "[OK] Script has proper exclusions" + +echo "===== verify script has proper glob patterns =====" + +if ! rg -q -- "--glob '!docs/\*\*'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude docs" + exit 1 +fi + +if ! rg -q -- "--glob '!\*\*/\*_test.go'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude test files" + exit 1 +fi + +if ! rg -q -- "--glob '!\*\*/node_modules/\*\*'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude node_modules" + exit 1 +fi + +echo "[OK] Script has proper glob patterns" + +echo "===== verify script searches correct paths =====" + +if ! rg -q 'cmd pkg sdk scripts .github/workflows' "$script_under_test"; then + echo "[FAIL] script doesn't search expected directories" + exit 1 +fi + +if ! rg -q 'README.md README_CN.md' "$script_under_test"; then + echo "[FAIL] script doesn't search README files" + exit 1 +fi + +echo "[OK] Script searches correct paths" + +echo "===== verify script has error handling =====" + +if ! rg -q 'Missing policy file' "$script_under_test"; then + echo "[FAIL] script missing policy file check" + exit 1 +fi + +if ! rg -q 'No approved hosts in policy file' "$script_under_test"; then + echo "[FAIL] script missing empty policy check" + exit 1 +fi + +if ! rg -q 'Found external hosts not in' "$script_under_test"; then + echo "[FAIL] script missing violation message" + exit 1 +fi + +echo "[OK] Script has proper error handling" + +echo "===== verify script has success message =====" + +if ! rg -q 'external endpoint policy check passed' "$script_under_test"; then + echo "[FAIL] script missing success message" + exit 1 +fi + +echo "[OK] Script has success message" + +echo "===== verify script handles case-insensitive matching =====" + +if ! rg -q "tr '\[:upper:\]' '\[:lower:\]'" "$script_under_test"; then + echo "[FAIL] script doesn't normalize case" + exit 1 +fi + +echo "[OK] Script handles case-insensitive matching" + +echo "===== verify script has subdomain matching logic =====" + +if ! rg -q '\*\.".*approved' "$script_under_test"; then + echo "[FAIL] script missing subdomain matching" + exit 1 +fi + +echo "[OK] Script has subdomain matching" + +echo "===== verify script has correct exit behavior =====" + +if ! rg -q 'exit 1' "$script_under_test"; then + echo "[FAIL] script missing exit 1 for failures" + exit 1 +fi + +echo "[OK] Script has correct exit behavior" + +echo "===== verify script uses grep for filtering =====" + +if ! rg -q "grep -Ev" "$script_under_test"; then + echo "[FAIL] script doesn't use grep for filtering" + exit 1 +fi + +echo "[OK] Script uses grep for filtering" + +echo "===== verify script has host comparison logic =====" + +if ! rg -q '\[.*==.*\]' "$script_under_test"; then + echo "[FAIL] script missing host comparison logic" + exit 1 +fi + +echo "[OK] Script has host comparison logic" + +echo "===== verify script converts URLs to hosts =====" + +if ! rg -q "awk.*print" "$script_under_test"; then + echo "[FAIL] script doesn't extract hosts from URLs" + exit 1 +fi + +if ! rg -q "cut -d/" "$script_under_test"; then + echo "[FAIL] script doesn't parse URL paths" + exit 1 +fi + +if ! rg -q "cut -d:" "$script_under_test"; then + echo "[FAIL] script doesn't strip ports" + exit 1 +fi + +echo "[OK] Script converts URLs to hosts" + +echo "[OK] check-approved-external-endpoints script test suite passed" \ No newline at end of file diff --git a/.github/scripts/tests/check-distributed-critical-paths-test.sh b/.github/scripts/tests/check-distributed-critical-paths-test.sh new file mode 100644 index 0000000000..f6ee48a9d4 --- /dev/null +++ b/.github/scripts/tests/check-distributed-critical-paths-test.sh @@ -0,0 +1,222 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/check-distributed-critical-paths.sh" + +run_case() { + local label="$1" + local expect_exit="$2" + local expected_text="$3" + local test_root="$4" + + local output status + output="" + status=0 + + set +e + output="$(cd "$test_root" && bash "$script_under_test" 2>&1)" + status=$? + set -e + + printf '===== %s =====\n' "$label" + echo "$output" + + if [[ "$status" -ne "$expect_exit" ]]; then + echo "[FAIL] $label: expected exit $expect_exit, got $status" + exit 1 + fi + + if ! echo "$output" | rg -q "$expected_text"; then + echo "[FAIL] $label: expected output to contain '$expected_text'" + exit 1 + fi +} + +# Create test environment +tmpdir="$(mktemp -d)" +trap 'rm -rf "$tmpdir"' EXIT + +# Test 1: Verify script has correct test invocations +echo "===== verify script contains expected test patterns =====" +if ! rg -q "TestMultiSourceSecret_FileHandling" "$script_under_test"; then + echo "[FAIL] script missing TestMultiSourceSecret_FileHandling test" + exit 1 +fi + +if ! rg -q "TestMultiSourceSecret_CacheBehavior" "$script_under_test"; then + echo "[FAIL] script missing TestMultiSourceSecret_CacheBehavior test" + exit 1 +fi + +if ! rg -q "TestMultiSourceSecret_Concurrency" "$script_under_test"; then + echo "[FAIL] script missing TestMultiSourceSecret_Concurrency test" + exit 1 +fi + +if ! rg -q "TestAmpModule_OnConfigUpdated_CacheInvalidation" "$script_under_test"; then + echo "[FAIL] script missing TestAmpModule_OnConfigUpdated_CacheInvalidation test" + exit 1 +fi + +if ! rg -q "TestRegisterManagementRoutes" "$script_under_test"; then + echo "[FAIL] script missing TestRegisterManagementRoutes test" + exit 1 +fi + +if ! rg -q "TestEnsureCacheControl" "$script_under_test"; then + echo "[FAIL] script missing TestEnsureCacheControl test" + exit 1 +fi + +if ! rg -q "TestCacheControlOrder" "$script_under_test"; then + echo "[FAIL] script missing TestCacheControlOrder test" + exit 1 +fi + +if ! rg -q "TestCountOpenAIChatTokens" "$script_under_test"; then + echo "[FAIL] script missing TestCountOpenAIChatTokens test" + exit 1 +fi + +if ! rg -q "TestCountClaudeChatTokens" "$script_under_test"; then + echo "[FAIL] script missing TestCountClaudeChatTokens test" + exit 1 +fi + +if ! rg -q "TestBuildProviderMetricsFromSnapshot_FailoverAndQueueTelemetry" "$script_under_test"; then + echo "[FAIL] script missing TestBuildProviderMetricsFromSnapshot_FailoverAndQueueTelemetry test" + exit 1 +fi + +if ! rg -q "TestCacheSignature_BasicStorageAndRetrieval" "$script_under_test"; then + echo "[FAIL] script missing TestCacheSignature_BasicStorageAndRetrieval test" + exit 1 +fi + +if ! rg -q "TestCacheSignature_ExpirationLogic" "$script_under_test"; then + echo "[FAIL] script missing TestCacheSignature_ExpirationLogic test" + exit 1 +fi + +echo "[OK] All expected test patterns found in script" + +# Test 2: Verify script validates correct packages +echo "===== verify script validates correct packages =====" +if ! rg -q "./pkg/llmproxy/api/modules/amp" "$script_under_test"; then + echo "[FAIL] script missing amp package validation" + exit 1 +fi + +if ! rg -q "./pkg/llmproxy/runtime/executor" "$script_under_test"; then + echo "[FAIL] script missing executor package validation" + exit 1 +fi + +if ! rg -q "./pkg/llmproxy/usage" "$script_under_test"; then + echo "[FAIL] script missing usage package validation" + exit 1 +fi + +if ! rg -q "./pkg/llmproxy/cache" "$script_under_test"; then + echo "[FAIL] script missing cache package validation" + exit 1 +fi + +echo "[OK] All expected packages found in script" + +# Test 3: Verify script uses correct go test flags +echo "===== verify script uses correct go test flags =====" +if ! rg -q "go test -count=1" "$script_under_test"; then + echo "[FAIL] script missing -count=1 flag" + exit 1 +fi + +if ! rg -q "\-run" "$script_under_test"; then + echo "[FAIL] script missing -run flag" + exit 1 +fi + +echo "[OK] Script uses correct go test flags" + +# Test 4: Verify script has proper structure +echo "===== verify script structure =====" +if ! head -n 1 "$script_under_test" | rg -q "^#!/usr/bin/env bash"; then + echo "[FAIL] script missing proper shebang" + exit 1 +fi + +if ! head -n 5 "$script_under_test" | rg -q "set -euo pipefail"; then + echo "[FAIL] script missing set -euo pipefail" + exit 1 +fi + +echo "[OK] Script has proper structure" + +# Test 5: Verify script has validation messages +echo "===== verify script has validation messages =====" +if ! rg -q "distributed-critical-paths" "$script_under_test"; then + echo "[FAIL] script missing validation messages" + exit 1 +fi + +if ! rg -q "validating filesystem-sensitive paths" "$script_under_test"; then + echo "[FAIL] script missing filesystem validation message" + exit 1 +fi + +if ! rg -q "validating ops endpoint route registration" "$script_under_test"; then + echo "[FAIL] script missing ops endpoint validation message" + exit 1 +fi + +if ! rg -q "validating compute/cache-sensitive paths" "$script_under_test"; then + echo "[FAIL] script missing compute/cache validation message" + exit 1 +fi + +if ! rg -q "validating queue telemetry to provider metrics path" "$script_under_test"; then + echo "[FAIL] script missing queue telemetry validation message" + exit 1 +fi + +if ! rg -q "validating signature cache primitives" "$script_under_test"; then + echo "[FAIL] script missing signature cache validation message" + exit 1 +fi + +if ! rg -q "all targeted checks passed" "$script_under_test"; then + echo "[FAIL] script missing success message" + exit 1 +fi + +echo "[OK] Script has all validation messages" + +# Test 6: Create mock go binary that succeeds +testdir6="$tmpdir/test6" +mkdir -p "$testdir6" +cat >"$testdir6/go" <<'EOF' +#!/usr/bin/env bash +echo "ok package/test 0.001s" +exit 0 +EOF +chmod +x "$testdir6/go" + +# Test with mock successful go command +echo "===== test with mock successful go command =====" +PATH="$testdir6:$PATH" run_case "pass with successful go tests" 0 "all targeted checks passed" "$testdir6" + +# Test 7: Create mock go binary that fails +testdir7="$tmpdir/test7" +mkdir -p "$testdir7" +cat >"$testdir7/go" <<'EOF' +#!/usr/bin/env bash +echo "FAIL package/test 0.001s" +exit 1 +EOF +chmod +x "$testdir7/go" + +# Test with mock failing go command +echo "===== test with mock failing go command =====" +PATH="$testdir7:$PATH" run_case "fail with failing go tests" 1 "FAIL" "$testdir7" + +echo "[OK] check-distributed-critical-paths script test suite passed" \ No newline at end of file diff --git a/.github/scripts/tests/check-docs-secret-samples-test.sh b/.github/scripts/tests/check-docs-secret-samples-test.sh new file mode 100644 index 0000000000..55f518ffdf --- /dev/null +++ b/.github/scripts/tests/check-docs-secret-samples-test.sh @@ -0,0 +1,195 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/check-docs-secret-samples.sh" + +echo "===== verify script structure =====" + +if ! head -n 1 "$script_under_test" | rg -q "^#!/usr/bin/env bash"; then + echo "[FAIL] script missing proper shebang" + exit 1 +fi + +if ! head -n 5 "$script_under_test" | rg -q "set -euo pipefail"; then + echo "[FAIL] script missing set -euo pipefail" + exit 1 +fi + +echo "[OK] Script has proper structure" + +echo "===== verify script has secret patterns =====" + +if ! rg -q "sk-\[A-Za-z0-9\]" "$script_under_test"; then + echo "[FAIL] script missing OpenAI API key pattern" + exit 1 +fi + +if ! rg -q "ghp_\[A-Za-z0-9\]" "$script_under_test"; then + echo "[FAIL] script missing GitHub token pattern" + exit 1 +fi + +if ! rg -q "AKIA\[0-9A-Z\]" "$script_under_test"; then + echo "[FAIL] script missing AWS key pattern" + exit 1 +fi + +if ! rg -q "AIza\[0-9A-Za-z_-\]" "$script_under_test"; then + echo "[FAIL] script missing Google API key pattern" + exit 1 +fi + +if ! rg -q "BEGIN.*KEY" "$script_under_test"; then + echo "[FAIL] script missing private key pattern" + exit 1 +fi + +echo "[OK] Script has secret patterns" + +echo "===== verify script has allowed context patterns =====" + +if ! rg -q 'YOUR' "$script_under_test"; then + echo "[FAIL] script missing YOUR placeholder detection" + exit 1 +fi + +if ! rg -q 'REDACTED' "$script_under_test"; then + echo "[FAIL] script missing REDACTED detection" + exit 1 +fi + +if ! rg -q 'example' "$script_under_test"; then + echo "[FAIL] script missing example detection" + exit 1 +fi + +if ! rg -q 'dummy' "$script_under_test"; then + echo "[FAIL] script missing dummy detection" + exit 1 +fi + +if ! rg -q 'placeholder' "$script_under_test"; then + echo "[FAIL] script missing placeholder detection" + exit 1 +fi + +echo "[OK] Script has allowed context patterns" + +echo "===== verify script has proper file exclusions =====" + +if ! rg -q -- "--glob '!docs/node_modules/\*\*'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude node_modules" + exit 1 +fi + +if ! rg -q -- "--glob '!\*\*/\*\.min\.\*'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude minified files" + exit 1 +fi + +if ! rg -q -- "--glob '!\*\*/\*\.svg'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude svg files" + exit 1 +fi + +if ! rg -q -- "--glob '!\*\*/\*\.lock'" "$script_under_test"; then + echo "[FAIL] script doesn't exclude lock files" + exit 1 +fi + +echo "[OK] Script has proper file exclusions" + +echo "===== verify script searches correct paths =====" + +if ! rg -q 'docs README.md README_CN.md examples' "$script_under_test"; then + echo "[FAIL] script doesn't search expected paths" + exit 1 +fi + +echo "[OK] Script searches correct paths" + +echo "===== verify script uses ripgrep with PCRE2 =====" + +if ! rg -q "rg.*--pcre2" "$script_under_test"; then + echo "[FAIL] script doesn't use PCRE2" + exit 1 +fi + +if ! rg -q "rg.*--hidden" "$script_under_test"; then + echo "[FAIL] script doesn't search hidden files" + exit 1 +fi + +echo "[OK] Script uses ripgrep with PCRE2" + +echo "===== verify script has proper messages =====" + +if ! rg -q 'docs secret sample check passed' "$script_under_test"; then + echo "[FAIL] script missing success message" + exit 1 +fi + +if ! rg -q 'Potential secret detected' "$script_under_test"; then + echo "[FAIL] script missing violation message" + exit 1 +fi + +if ! rg -q 'Secret sample check failed' "$script_under_test"; then + echo "[FAIL] script missing failure message" + exit 1 +fi + +echo "[OK] Script has proper messages" + +echo "===== verify script uses temp files =====" + +if ! rg -q 'mktemp' "$script_under_test"; then + echo "[FAIL] script doesn't use mktemp" + exit 1 +fi + +if ! rg -q 'trap.*rm.*EXIT' "$script_under_test"; then + echo "[FAIL] script doesn't clean up temp files" + exit 1 +fi + +echo "[OK] Script uses temp files properly" + +echo "===== verify script has context matching logic =====" + +if ! rg -q 'allowed_context' "$script_under_test"; then + echo "[FAIL] script missing allowed_context variable" + exit 1 +fi + +if ! rg -q 'line_content' "$script_under_test"; then + echo "[FAIL] script doesn't extract line content" + exit 1 +fi + +if ! rg -q 'violations' "$script_under_test"; then + echo "[FAIL] script doesn't track violations" + exit 1 +fi + +echo "[OK] Script has context matching logic" + +echo "===== verify script loops through patterns =====" + +if ! rg -q 'for pattern in.*patterns' "$script_under_test"; then + echo "[FAIL] script doesn't loop through patterns" + exit 1 +fi + +echo "[OK] Script loops through patterns" + +echo "===== verify script processes hits =====" + +if ! rg -q 'while IFS=.*read' "$script_under_test"; then + echo "[FAIL] script doesn't read hits line by line" + exit 1 +fi + +echo "[OK] Script processes hits" + +echo "[OK] check-docs-secret-samples script test suite passed" \ No newline at end of file diff --git a/.github/scripts/tests/check-phase-doc-placeholder-tokens-test.sh b/.github/scripts/tests/check-phase-doc-placeholder-tokens-test.sh new file mode 100644 index 0000000000..65c24faea0 --- /dev/null +++ b/.github/scripts/tests/check-phase-doc-placeholder-tokens-test.sh @@ -0,0 +1,236 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/check-phase-doc-placeholder-tokens.sh" + +run_case() { + local label="$1" + local expect_exit="$2" + local expected_text="$3" + local test_root="$4" + + local output status + output="" + status=0 + + set +e + output="$(cd "$test_root" && "$script_under_test" 2>&1)" + status=$? + set -e + + printf '===== %s =====\n' "$label" + echo "$output" + + if [[ "$status" -ne "$expect_exit" ]]; then + echo "[FAIL] $label: expected exit $expect_exit, got $status" + exit 1 + fi + + if ! echo "$output" | rg -q "$expected_text"; then + echo "[FAIL] $label: expected output to contain '$expected_text'" + exit 1 + fi +} + +# Create test environment +tmpdir="$(mktemp -d)" +trap 'rm -rf "$tmpdir"' EXIT + +# Test 1: No planning reports directory - should pass +testdir1="$tmpdir/test1" +mkdir -p "$testdir1/docs/planning" +run_case "pass with no reports directory" 0 "no unresolved placeholder-like tokens" "$testdir1" + +# Test 2: Empty reports directory - should pass +testdir2="$tmpdir/test2" +mkdir -p "$testdir2/docs/planning/reports" +run_case "pass with empty reports directory" 0 "no unresolved placeholder-like tokens" "$testdir2" + +# Test 3: Clean report with no placeholders - should pass +testdir3="$tmpdir/test3" +mkdir -p "$testdir3/docs/planning/reports" +cat >"$testdir3/docs/planning/reports/implementation-2026-02-23.md" <<'EOF' +# Implementation Report + +## Status +All items implemented successfully. + +## Tasks +- CPB-0001: Feature A +- CPB-0002: Feature B + +## Notes +Everything is properly defined and implemented. +EOF +run_case "pass with clean report" 0 "no unresolved placeholder-like tokens" "$testdir3" + +# Test 4: Natural language "undefined" mention - should pass +testdir4="$tmpdir/test4" +mkdir -p "$testdir4/docs/planning/reports" +cat >"$testdir4/docs/planning/reports/implementation-2026-02-23.md" <<'EOF' +# Implementation Report + +## Notes +The behavior is undefined in edge cases according to the specification. +Some fields remain undefined until configuration is loaded. +EOF +run_case "pass with natural language undefined" 0 "no unresolved placeholder-like tokens" "$testdir4" + +# Test 5: undefinedBKM- pattern - should fail +testdir5="$tmpdir/test5" +mkdir -p "$testdir5/docs/planning/reports" +cat >"$testdir5/docs/planning/reports/implementation-2026-02-23.md" <<'EOF' +# Implementation Report + +## Tasks +- undefinedBKM-001: Feature A +- CPB-0002: Feature B +EOF +run_case "fail with undefinedBKM- token" 1 "unresolved placeholder-like tokens detected" "$testdir5" + +# Test 6: undefinedXYZundefined pattern - should fail +testdir6="$tmpdir/test6" +mkdir -p "$testdir6/docs/planning/reports" +cat >"$testdir6/docs/planning/reports/implementation-2026-02-23.md" <<'EOF' +# Implementation Report + +## Tasks +- undefinedCPB0001undefined: Feature A +- CPB-0002: Feature B +EOF +run_case "fail with undefinedXundefined token" 1 "unresolved placeholder-like tokens detected" "$testdir6" + +# Test 7: undefined with uppercase/numbers - should fail +testdir7="$tmpdir/test7" +mkdir -p "$testdir7/docs/planning/reports" +cat >"$testdir7/docs/planning/reports/implementation-2026-02-23.md" <<'EOF' +# Implementation Report + +## Tasks +- undefinedCPB_001undefined: Feature A +EOF +run_case "fail with undefined_uppercase_undefined" 1 "unresolved placeholder-like tokens detected" "$testdir7" + +# Test 8: undefinedBKM with hyphens - should fail +testdir8="$tmpdir/test8" +mkdir -p "$testdir8/docs/planning/reports" +cat >"$testdir8/docs/planning/reports/implementation-2026-02-23.md" <<'EOF' +# Implementation Report + +Reference: undefinedBKM-test-123 +EOF +run_case "fail with undefinedBKM-hyphenated" 1 "unresolved placeholder-like tokens detected" "$testdir8" + +# Test 9: Multiple reports with mixed content - should fail if any bad +testdir9="$tmpdir/test9" +mkdir -p "$testdir9/docs/planning/reports" +cat >"$testdir9/docs/planning/reports/report1.md" <<'EOF' +# Report 1 +Clean content. +EOF +cat >"$testdir9/docs/planning/reports/report2.md" <<'EOF' +# Report 2 +Has undefinedBKM-001 placeholder. +EOF +run_case "fail with placeholder in second report" 1 "unresolved placeholder-like tokens detected" "$testdir9" + +# Test 10: undefinedBKM in code block - should still fail +testdir10="$tmpdir/test10" +mkdir -p "$testdir10/docs/planning/reports" +cat >"$testdir10/docs/planning/reports/implementation.md" <<'EOF' +# Implementation Report + +Example template: +``` +ID: undefinedBKM-placeholder +``` +EOF +run_case "fail with placeholder in code block" 1 "unresolved placeholder-like tokens detected" "$testdir10" + +# Test 11: undefined with lowercase only - should pass +testdir11="$tmpdir/test11" +mkdir -p "$testdir11/docs/planning/reports" +cat >"$testdir11/docs/planning/reports/implementation.md" <<'EOF' +# Implementation Report + +The value is undefined in this context. +We have undefined behavior here. +The undefinedvariable is not set. +EOF +run_case "pass with lowercase undefined" 0 "no unresolved placeholder-like tokens" "$testdir11" + +# Test 12: Edge case - undefined at line boundaries +testdir12="$tmpdir/test12" +mkdir -p "$testdir12/docs/planning/reports" +cat >"$testdir12/docs/planning/reports/implementation.md" <<'EOF' +# Implementation Report + +Task: undefinedCPB-001undefined +Status: Complete +EOF +run_case "fail with undefined at line boundaries" 1 "unresolved placeholder-like tokens detected" "$testdir12" + +# Test 13: Verify line numbers in output +testdir13="$tmpdir/test13" +mkdir -p "$testdir13/docs/planning/reports" +cat >"$testdir13/docs/planning/reports/test.md" <<'EOF' +Line 1 +Line 2 +Line 3 undefinedBKM-test +Line 4 +EOF +run_case "fail with line number in output" 1 "test.md:3:" "$testdir13" + +# Test 14: Non-markdown files should be ignored +testdir14="$tmpdir/test14" +mkdir -p "$testdir14/docs/planning/reports" +cat >"$testdir14/docs/planning/reports/data.txt" <<'EOF' +This has undefinedBKM-001 but is not markdown +EOF +cat >"$testdir14/docs/planning/reports/report.md" <<'EOF' +Clean markdown report +EOF +run_case "pass with placeholder in non-markdown file" 0 "no unresolved placeholder-like tokens" "$testdir14" + +# Test 15: undefinedBKM_ with underscores - should fail +testdir15="$tmpdir/test15" +mkdir -p "$testdir15/docs/planning/reports" +cat >"$testdir15/docs/planning/reports/report.md" <<'EOF' +Task ID: undefinedBKM_test_001 +EOF +run_case "fail with undefinedBKM_ underscores" 1 "unresolved placeholder-like tokens detected" "$testdir15" + +# Test 16: Nested undefined patterns - should fail +testdir16="$tmpdir/test16" +mkdir -p "$testdir16/docs/planning/reports" +cat >"$testdir16/docs/planning/reports/report.md" <<'EOF' +Pattern: undefined123undefined +Another: undefinedABC-123undefined +EOF +run_case "fail with nested undefined patterns" 1 "unresolved placeholder-like tokens detected" "$testdir16" + +# Test 17: Script location check +echo "===== verify script uses correct root directory =====" +if ! rg -q 'ROOT.*dirname.*BASH_SOURCE' "$script_under_test"; then + echo "[FAIL] script doesn't compute root directory correctly" + exit 1 +fi +echo "[OK] Script computes root directory" + +# Test 18: Script checks correct path +echo "===== verify script checks docs/planning/reports =====" +if ! rg -q 'docs/planning/reports' "$script_under_test"; then + echo "[FAIL] script doesn't check docs/planning/reports" + exit 1 +fi +echo "[OK] Script checks correct path" + +# Test 19: Script uses correct pattern +echo "===== verify script uses correct regex pattern =====" +if ! rg -q "undefinedBKM-.*undefined.*undefined" "$script_under_test"; then + echo "[FAIL] script doesn't have correct pattern" + exit 1 +fi +echo "[OK] Script has correct pattern" + +echo "[OK] check-phase-doc-placeholder-tokens script test suite passed" \ No newline at end of file diff --git a/.github/scripts/tests/check-workflow-token-permissions-test.sh b/.github/scripts/tests/check-workflow-token-permissions-test.sh new file mode 100644 index 0000000000..a27ce2d031 --- /dev/null +++ b/.github/scripts/tests/check-workflow-token-permissions-test.sh @@ -0,0 +1,380 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/check-workflow-token-permissions.sh" + +run_case() { + local label="$1" + local expect_exit="$2" + local expected_text="$3" + local test_root="$4" + + local output status + output="" + status=0 + + set +e + output="$(cd "$test_root" && "$script_under_test" 2>&1)" + status=$? + set -e + + printf '===== %s =====\n' "$label" + echo "$output" + + if [[ "$status" -ne "$expect_exit" ]]; then + echo "[FAIL] $label: expected exit $expect_exit, got $status" + exit 1 + fi + + if ! echo "$output" | rg -q "$expected_text"; then + echo "[FAIL] $label: expected output to contain '$expected_text'" + exit 1 + fi +} + +# Create test environment +tmpdir="$(mktemp -d)" +trap 'rm -rf "$tmpdir"' EXIT + +# Test 1: No workflows directory - should pass +testdir1="$tmpdir/test1" +mkdir -p "$testdir1/.github" +run_case "pass with no workflows" 0 "workflow token permission check passed" "$testdir1" + +# Test 2: Empty workflows directory - should pass +testdir2="$tmpdir/test2" +mkdir -p "$testdir2/.github/workflows" +run_case "pass with empty workflows" 0 "workflow token permission check passed" "$testdir2" + +# Test 3: Clean workflow with read-only permissions - should pass +testdir3="$tmpdir/test3" +mkdir -p "$testdir3/.github/workflows" +cat >"$testdir3/.github/workflows/test.yml" <<'EOF' +name: Test +on: + pull_request: +permissions: + contents: read + pull-requests: read +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with read-only permissions" 0 "workflow token permission check passed" "$testdir3" + +# Test 4: Workflow with write-all permissions - should fail +testdir4="$tmpdir/test4" +mkdir -p "$testdir4/.github/workflows" +cat >"$testdir4/.github/workflows/test.yml" <<'EOF' +name: Test +on: push +permissions: write-all +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with write-all permissions" 1 "uses permissions: write-all" "$testdir4" + +# Test 5: Pull request workflow with disallowed write permission - should fail +testdir5="$tmpdir/test5" +mkdir -p "$testdir5/.github/workflows" +cat >"$testdir5/.github/workflows/pr.yml" <<'EOF' +name: PR +on: + pull_request: +permissions: + contents: write + pull-requests: read +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with contents write on pull_request" 1 "pull_request workflow grants 'contents: write'" "$testdir5" + +# Test 6: Pull request workflow with security-events write - should pass +testdir6="$tmpdir/test6" +mkdir -p "$testdir6/.github/workflows" +cat >"$testdir6/.github/workflows/security.yml" <<'EOF' +name: Security +on: + pull_request: +permissions: + contents: read + security-events: write +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with security-events write" 0 "workflow token permission check passed" "$testdir6" + +# Test 7: Pull request workflow with id-token write - should pass +testdir7="$tmpdir/test7" +mkdir -p "$testdir7/.github/workflows" +cat >"$testdir7/.github/workflows/oidc.yml" <<'EOF' +name: OIDC +on: + pull_request: +permissions: + contents: read + id-token: write +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with id-token write" 0 "workflow token permission check passed" "$testdir7" + +# Test 8: Pull request workflow with pages write - should pass +testdir8="$tmpdir/test8" +mkdir -p "$testdir8/.github/workflows" +cat >"$testdir8/.github/workflows/pages.yml" <<'EOF' +name: Pages +on: + pull_request: +permissions: + pages: write + contents: read +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with pages write" 0 "workflow token permission check passed" "$testdir8" + +# Test 9: Non-pull_request workflow with write permissions - should pass +testdir9="$tmpdir/test9" +mkdir -p "$testdir9/.github/workflows" +cat >"$testdir9/.github/workflows/push.yml" <<'EOF' +name: Push +on: + push: + branches: [main] +permissions: + contents: write + pull-requests: write +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with write on push event" 0 "workflow token permission check passed" "$testdir9" + +# Test 10: Pull request workflow with actions write - should fail +testdir10="$tmpdir/test10" +mkdir -p "$testdir10/.github/workflows" +cat >"$testdir10/.github/workflows/pr.yml" <<'EOF' +name: PR +on: + pull_request: +permissions: + actions: write +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with actions write on pull_request" 1 "pull_request workflow grants 'actions: write'" "$testdir10" + +# Test 11: Pull request workflow with pull-requests write - should fail +testdir11="$tmpdir/test11" +mkdir -p "$testdir11/.github/workflows" +cat >"$testdir11/.github/workflows/pr.yml" <<'EOF' +name: PR +on: + pull_request: +permissions: + pull-requests: write +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with pull-requests write" 1 "pull_request workflow grants 'pull-requests: write'" "$testdir11" + +# Test 12: Mixed workflow triggers including pull_request - should fail with write +testdir12="$tmpdir/test12" +mkdir -p "$testdir12/.github/workflows" +cat >"$testdir12/.github/workflows/mixed.yml" <<'EOF' +name: Mixed +on: + push: + pull_request: +permissions: + contents: write +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with write on mixed triggers including pull_request" 1 "pull_request workflow grants 'contents: write'" "$testdir12" + +# Test 13: Multiple workflows with one violation +testdir13="$tmpdir/test13" +mkdir -p "$testdir13/.github/workflows" +cat >"$testdir13/.github/workflows/good.yml" <<'EOF' +name: Good +on: + pull_request: +permissions: + contents: read +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +cat >"$testdir13/.github/workflows/bad.yml" <<'EOF' +name: Bad +on: + pull_request: +permissions: + issues: write +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with one bad workflow" 1 "issues: write" "$testdir13" + +# Test 14: Workflow with .yaml extension - should be checked +testdir14="$tmpdir/test14" +mkdir -p "$testdir14/.github/workflows" +cat >"$testdir14/.github/workflows/test.yaml" <<'EOF' +name: Test +on: + pull_request: +permissions: + checks: write +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with .yaml extension and write permission" 1 "checks: write" "$testdir14" + +# Test 15: All three allowed write permissions together - should pass +testdir15="$tmpdir/test15" +mkdir -p "$testdir15/.github/workflows" +cat >"$testdir15/.github/workflows/all-allowed.yml" <<'EOF' +name: All Allowed +on: + pull_request: +permissions: + security-events: write + id-token: write + pages: write + contents: read +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with all allowed write permissions" 0 "workflow token permission check passed" "$testdir15" + +# Test 16: Job-level permissions (not top-level) - should still be checked +testdir16="$tmpdir/test16" +mkdir -p "$testdir16/.github/workflows" +cat >"$testdir16/.github/workflows/job-perms.yml" <<'EOF' +name: Job Perms +on: + pull_request: +jobs: + test: + runs-on: ubuntu-latest + permissions: + deployments: write + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with job-level write permission" 1 "deployments: write" "$testdir16" + +# Test 17: Packages write permission - should fail +testdir17="$tmpdir/test17" +mkdir -p "$testdir17/.github/workflows" +cat >"$testdir17/.github/workflows/packages.yml" <<'EOF' +name: Packages +on: + pull_request: +permissions: + packages: write +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with packages write" 1 "packages: write" "$testdir17" + +# Test 18: Statuses write permission - should fail +testdir18="$tmpdir/test18" +mkdir -p "$testdir18/.github/workflows" +cat >"$testdir18/.github/workflows/statuses.yml" <<'EOF' +name: Statuses +on: + pull_request: +permissions: + statuses: write +jobs: + status: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "fail with statuses write" 1 "statuses: write" "$testdir18" + +# Test 19: workflow_run trigger (not pull_request) - should pass with write +testdir19="$tmpdir/test19" +mkdir -p "$testdir19/.github/workflows" +cat >"$testdir19/.github/workflows/workflow-run.yml" <<'EOF' +name: Workflow Run +on: + workflow_run: + workflows: ["CI"] + types: [completed] +permissions: + contents: write + pull-requests: write +jobs: + post-ci: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with workflow_run trigger" 0 "workflow token permission check passed" "$testdir19" + +# Test 20: Schedule trigger - should pass with write +testdir20="$tmpdir/test20" +mkdir -p "$testdir20/.github/workflows" +cat >"$testdir20/.github/workflows/scheduled.yml" <<'EOF' +name: Scheduled +on: + schedule: + - cron: '0 0 * * *' +permissions: + contents: write +jobs: + update: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 +EOF +run_case "pass with schedule trigger" 0 "workflow token permission check passed" "$testdir20" + +echo "[OK] check-workflow-token-permissions script test suite passed" \ No newline at end of file diff --git a/.github/scripts/tests/release-lint-test.sh b/.github/scripts/tests/release-lint-test.sh new file mode 100644 index 0000000000..fa1a166ac1 --- /dev/null +++ b/.github/scripts/tests/release-lint-test.sh @@ -0,0 +1,396 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/release-lint.sh" + +run_case() { + local label="$1" + local expect_exit="$2" + local expected_text="$3" + local test_root="$4" + local go_path="${5:-}" + local python_path="${6:-}" + + local output status + output="" + status=0 + + local custom_path="$PATH" + if [[ -n "$go_path" ]]; then + custom_path="$go_path:$custom_path" + fi + if [[ -n "$python_path" ]]; then + custom_path="$python_path:$custom_path" + fi + + set +e + output="$(cd "$test_root" && PATH="$custom_path" "$script_under_test" 2>&1)" + status=$? + set -e + + printf '===== %s =====\n' "$label" + echo "$output" + + if [[ "$status" -ne "$expect_exit" ]]; then + echo "[FAIL] $label: expected exit $expect_exit, got $status" + exit 1 + fi + + if ! echo "$output" | rg -q "$expected_text"; then + echo "[FAIL] $label: expected output to contain '$expected_text'" + exit 1 + fi +} + +# Create test environment +tmpdir="$(mktemp -d)" +trap 'rm -rf "$tmpdir"' EXIT + +# Test 1: Verify script invokes correct Go tests +echo "===== verify script has correct Go test invocations =====" +if ! rg -q "TestLoadConfig" "$script_under_test"; then + echo "[FAIL] script missing TestLoadConfig" + exit 1 +fi + +if ! rg -q "TestMigrateOAuthModelAlias" "$script_under_test"; then + echo "[FAIL] script missing TestMigrateOAuthModelAlias" + exit 1 +fi + +if ! rg -q "TestConfig_Validate" "$script_under_test"; then + echo "[FAIL] script missing TestConfig_Validate" + exit 1 +fi + +if ! rg -q "./pkg/llmproxy/config" "$script_under_test"; then + echo "[FAIL] script missing config package path" + exit 1 +fi + +echo "[OK] Script has correct Go test invocations" + +# Test 2: Verify script checks for python3 +echo "===== verify script checks for python3 =====" +if ! rg -q "command -v python3" "$script_under_test"; then + echo "[FAIL] script doesn't check for python3" + exit 1 +fi + +echo "[OK] Script checks for python3" + +# Test 3: Mock successful go and python3 +testdir3="$tmpdir/test3" +mkdir -p "$testdir3/bin" "$testdir3/pkg/llmproxy/config" "$testdir3/docs" +cat >"$testdir3/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir3/bin/go" + +cat >"$testdir3/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse passed" +exit 0 +EOF +chmod +x "$testdir3/bin/python3" + +cat >"$testdir3/docs/guide.md" <<'EOF' +# Guide +```json +{"key": "value"} +``` +EOF + +run_case "pass with successful go and python3" 0 "markdown snippet parse passed" "$testdir3" "$testdir3/bin" "$testdir3/bin" + +# Test 4: Mock failing go test +testdir4="$tmpdir/test4" +mkdir -p "$testdir4/bin" "$testdir4/pkg/llmproxy/config" +cat >"$testdir4/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "FAIL ./pkg/llmproxy/config 0.001s" +exit 1 +EOF +chmod +x "$testdir4/bin/go" + +run_case "fail with failing go test" 1 "FAIL" "$testdir4" "$testdir4/bin" "" + +# Test 5: No python3 available - should skip markdown check +testdir5="$tmpdir/test5" +mkdir -p "$testdir5/bin" "$testdir5/pkg/llmproxy/config" +cat >"$testdir5/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir5/bin/go" + +# Create a mock command binary that doesn't include python3 +cat >"$testdir5/bin/command" <<'EOF' +#!/usr/bin/env bash +if [[ "$1" == "-v" && "$2" == "python3" ]]; then + exit 1 +fi +EOF +chmod +x "$testdir5/bin/command" + +run_case "skip markdown check when no python3" 0 "python3 not available" "$testdir5" "$testdir5/bin" "" + +# Test 6: Python script detects invalid JSON +testdir6="$tmpdir/test6" +mkdir -p "$testdir6/bin" "$testdir6/pkg/llmproxy/config" "$testdir6/docs" +cat >"$testdir6/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir6/bin/go" + +cat >"$testdir6/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse failed:" +echo "- docs/bad.md:5::json::Invalid JSON" +exit 1 +EOF +chmod +x "$testdir6/bin/python3" + +cat >"$testdir6/docs/bad.md" <<'EOF' +# Guide +```json +{invalid json} +``` +EOF + +run_case "fail with invalid JSON in markdown" 1 "markdown snippet parse failed" "$testdir6" "$testdir6/bin" "$testdir6/bin" + +# Test 7: Python script handles YAML +testdir7="$tmpdir/test7" +mkdir -p "$testdir7/bin" "$testdir7/pkg/llmproxy/config" "$testdir7/docs" +cat >"$testdir7/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir7/bin/go" + +cat >"$testdir7/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse passed" +exit 0 +EOF +chmod +x "$testdir7/bin/python3" + +cat >"$testdir7/docs/config.md" <<'EOF' +# Configuration +```yaml +key: value +nested: + - item1 + - item2 +``` +EOF + +run_case "pass with valid YAML" 0 "markdown snippet parse passed" "$testdir7" "$testdir7/bin" "$testdir7/bin" + +# Test 8: Python script skips placeholders +testdir8="$tmpdir/test8" +mkdir -p "$testdir8/bin" "$testdir8/pkg/llmproxy/config" "$testdir8/docs" +cat >"$testdir8/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir8/bin/go" + +cat >"$testdir8/bin/python3" <<'EOF' +#!/usr/bin/env bash +# Verify placeholder detection works +stdin="$(cat)" +if echo "$stdin" | grep -q 'YOUR_'; then + echo "release-lint: markdown snippet parse passed" + exit 0 +else + echo "release-lint: markdown snippet parse failed: missing placeholder detection" + exit 1 +fi +EOF +chmod +x "$testdir8/bin/python3" + +cat >"$testdir8/docs/example.md" <<'EOF' +# Example +```json +{"api_key": ""} +``` +EOF + +run_case "pass with placeholder in JSON" 0 "markdown snippet parse passed" "$testdir8" "$testdir8/bin" "$testdir8/bin" + +# Test 9: Verify script structure +echo "===== verify script has proper structure =====" +if ! head -n 1 "$script_under_test" | rg -q "^#!/usr/bin/env bash"; then + echo "[FAIL] script missing proper shebang" + exit 1 +fi + +if ! head -n 5 "$script_under_test" | rg -q "set -euo pipefail"; then + echo "[FAIL] script missing set -euo pipefail" + exit 1 +fi + +echo "[OK] Script has proper structure" + +# Test 10: Verify script computes REPO_ROOT +echo "===== verify script computes REPO_ROOT =====" +if ! rg -q 'REPO_ROOT.*dirname.*BASH_SOURCE' "$script_under_test"; then + echo "[FAIL] script doesn't compute REPO_ROOT" + exit 1 +fi + +echo "[OK] Script computes REPO_ROOT" + +# Test 11: Verify script has heredoc for Python +echo "===== verify script uses heredoc for Python =====" +if ! rg -q "<<'PY'" "$script_under_test"; then + echo "[FAIL] script doesn't use heredoc for Python" + exit 1 +fi + +if ! rg -q "^PY$" "$script_under_test"; then + echo "[FAIL] script heredoc not properly terminated" + exit 1 +fi + +echo "[OK] Script uses heredoc for Python" + +# Test 12: Multiple markdown files with mixed content +testdir12="$tmpdir/test12" +mkdir -p "$testdir12/bin" "$testdir12/pkg/llmproxy/config" "$testdir12/docs" +cat >"$testdir12/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir12/bin/go" + +cat >"$testdir12/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse passed" +exit 0 +EOF +chmod +x "$testdir12/bin/python3" + +cat >"$testdir12/README.md" <<'EOF' +# README +```json +{"status": "ok"} +``` +EOF + +cat >"$testdir12/docs/api.md" <<'EOF' +# API +```yaml +endpoint: /api/v1 +method: GET +``` +EOF + +run_case "pass with multiple markdown files" 0 "markdown snippet parse passed" "$testdir12" "$testdir12/bin" "$testdir12/bin" + +# Test 13: JSONC (JSON with comments) support +testdir13="$tmpdir/test13" +mkdir -p "$testdir13/bin" "$testdir13/pkg/llmproxy/config" "$testdir13/docs" +cat >"$testdir13/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir13/bin/go" + +cat >"$testdir13/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse passed" +exit 0 +EOF +chmod +x "$testdir13/bin/python3" + +cat >"$testdir13/docs/config.md" <<'EOF' +# Config +```jsonc +{ + // This is a comment + "key": "value" +} +``` +EOF + +run_case "pass with JSONC snippets" 0 "markdown snippet parse passed" "$testdir13" "$testdir13/bin" "$testdir13/bin" + +# Test 14: Verify Python script checks supported languages +echo "===== verify Python handles json, jsonc, yaml, yml =====" +if ! rg -q '"json".*"jsonc".*"yaml".*"yml"' "$script_under_test"; then + echo "[FAIL] script missing expected language support" + exit 1 +fi + +echo "[OK] Script supports expected languages" + +# Test 15: Verify Python checks skip markers +echo "===== verify Python checks for skip markers =====" +if ! rg -q 'YOUR_' "$script_under_test"; then + echo "[FAIL] script missing YOUR_ skip marker check" + exit 1 +fi + +if ! rg -q 'REDACTED' "$script_under_test"; then + echo "[FAIL] script missing REDACTED skip marker check" + exit 1 +fi + +echo "[OK] Script has skip marker checks" + +# Test 16: Go test with specific run filter +testdir16="$tmpdir/test16" +mkdir -p "$testdir16/bin" "$testdir16/pkg/llmproxy/config" +cat >"$testdir16/bin/go" <<'EOF' +#!/usr/bin/env bash +if [[ "$*" == *"-run"* ]]; then + echo "ok ./pkg/llmproxy/config 0.001s" + exit 0 +else + echo "Expected -run flag" + exit 1 +fi +EOF +chmod +x "$testdir16/bin/go" + +cat >"$testdir16/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse passed" +exit 0 +EOF +chmod +x "$testdir16/bin/python3" + +run_case "pass with go test -run flag" 0 "markdown snippet parse passed" "$testdir16" "$testdir16/bin" "$testdir16/bin" + +# Test 17: Script logs what it's doing +testdir17="$tmpdir/test17" +mkdir -p "$testdir17/bin" "$testdir17/pkg/llmproxy/config" +cat >"$testdir17/bin/go" <<'EOF' +#!/usr/bin/env bash +echo "ok ./pkg/llmproxy/config 0.001s" +exit 0 +EOF +chmod +x "$testdir17/bin/go" + +cat >"$testdir17/bin/python3" <<'EOF' +#!/usr/bin/env bash +echo "release-lint: markdown snippet parse passed" +exit 0 +EOF +chmod +x "$testdir17/bin/python3" + +run_case "output includes progress messages" 0 "release-lint:" "$testdir17" "$testdir17/bin" "$testdir17/bin" + +echo "[OK] release-lint script test suite passed" \ No newline at end of file