Enable the GitHub app e2e test

The GitHub app e2e test requires a GitHub app to be created and
installed, and also requires a few environment variables to be set.

This commit updates the GitHub action workflow by providing the
environment variables which can be set via GitHub Secret. GitHub
Secrests cannot start with `GITHUB_`. Hence, this commit prepends
`TEST_` to the env variables.

It also updates how GitHub app private key file is set. It can be set by
either `TEST_GITHUB_APP_PRIVATE_KEY` or
`TEST_GITHUB_APP_PRIVATE_KEY_FILE`.

.github/workflows/main.yml

@@ -44,6 +44,13 @@ jobs:
 
       - name: make test
         working-directory: git-sync
+        env:
+          SKIP_GITHUB_APP_TEST: false
+          TEST_GITHUB_APP_APPLICATION_ID: ${{ secrets.TEST_GITHUB_APP_APPLICATION_ID }}
+          TEST_GITHUB_APP_AUTH_TEST_REPO: ${{ secrets.TEST_GITHUB_APP_AUTH_TEST_REPO }}
+          TEST_GITHUB_APP_CLIENT_ID: ${{ secrets.TEST_GITHUB_APP_CLIENT_ID }}
+          TEST_GITHUB_APP_INSTALLATION_ID: ${{ secrets.TEST_GITHUB_APP_INSTALLATION_ID }}
+          TEST_GITHUB_APP_PRIVATE_KEY: ${{ secrets.TEST_GITHUB_APP_PRIVATE_KEY }}
         run: |
           make test
 

docs/dev/testing_github_app_auth.md

@@ -15,24 +15,29 @@ Go to https://github.com/settings/apps/new
 
 ## Step 2: Export the necessary environment variables
 
-The following environment variables are *required* to run the git-sync github app auth tests:
+The following environment variables are *required* to run the git-sync GitHub app auth tests:
-- `GITHUB_APP_PRIVATE_KEY`
+- `TEST_GITHUB_APP_PRIVATE_KEY` or `TEST_GITHUB_APP_PRIVATE_KEY_FILE`. If both are set, `TEST_GITHUB_APP_PRIVATE_KEY` overwrites `TEST_GITHUB_APP_PRIVATE_KEY_FILE`.
-- `GITHUB_APP_APPLICATION_ID`
+- `TEST_GITHUB_APP_APPLICATION_ID`
-- `GITHUB_APP_CLIENT_ID`
+- `TEST_GITHUB_APP_CLIENT_ID`
-- `GITHUB_APP_INSTALLATION_ID`
+- `TEST_GITHUB_APP_INSTALLATION_ID`
-- `GITHUB_APP_AUTH_TEST_REPO`
+- `TEST_GITHUB_APP_AUTH_TEST_REPO`
 
-### GITHUB_APP_PRIVATE_KEY
+### TEST_GITHUB_APP_PRIVATE_KEY
-Should have been saved when creating the app
+The content of the GitHub app's private key file. It should have been saved when creating the app.
+If `TEST_GITHUB_APP_PRIVATE_KEY_FILE` is also set, it overwrites the file with the content.
+Otherwise, it saves the content to `/tmp/git-sync-e2e.random-id/github_app_private_key.pem`.
 
-### GITHUB_APP_APPLICATION_ID
+### TEST_GITHUB_APP_PRIVATE_KEY_FILE
-The value after "App ID" in the app's settings page
+The absolute path to the file that stores the GitHub app's private key file. It should have been saved when creating the app.
 
-### GITHUB_APP_CLIENT_ID
+### TEST_GITHUB_APP_APPLICATION_ID
-The value after "Client ID" in the app's settings page
+The value after "App ID" in the app's settings page.
 
-### GITHUB_APP_INSTALLATION_ID
+### TEST_GITHUB_APP_CLIENT_ID
+The value after "Client ID" in the app's settings page.
+
+### TEST_GITHUB_APP_INSTALLATION_ID
 Found in the URL of the app's installation page if you installed it to a repository: https://github.com/settings/installations/<installation_id>
 
-### GITHUB_APP_AUTH_TEST_REPO
+### TEST_GITHUB_APP_AUTH_TEST_REPO.
-Should be set to the repository that the github app is installed to.
+Should be set to the repository that the GitHub app is installed to.

test_e2e.sh

@@ -194,6 +194,48 @@ fi
 RUNID="${RANDOM}${RANDOM}"
 DIR="/tmp/git-sync-e2e.$RUNID"
 mkdir "$DIR"
+function final_cleanup() {
+  if [[ "${CLEANUP:-}" == 0 ]]; then
+      echo "leaving logs in $DIR"
+  else
+      rm -rf "$DIR"
+  fi
+}
+# Set the trap to call the final_cleanup function on exit.
+trap final_cleanup EXIT
+
+skip_github_app_test="${SKIP_GITHUB_APP_TEST:-false}"
+required_env_vars=()
+LOCAL_GITHUB_APP_PRIVATE_KEY_FILE="github_app_private_key.pem"
+GITHUB_APP_PRIVATE_KEY_MOUNT=""
+if [[ "${skip_github_app_test}" != "true" ]]; then
+  required_env_vars=(
+    "TEST_GITHUB_APP_AUTH_TEST_REPO"
+    "TEST_GITHUB_APP_APPLICATION_ID"
+    "TEST_GITHUB_APP_INSTALLATION_ID"
+    "TEST_GITHUB_APP_CLIENT_ID"
+    "TEST_GITHUB_APP_PRIVATE_KEY_FILE"
+  )
+
+  # TEST_GITHUB_APP_PRIVATE_KEY, if set, overrides TEST_GITHUB_APP_PRIVATE_KEY_FILE
+  if [[ -v TEST_GITHUB_APP_PRIVATE_KEY && -n "${TEST_GITHUB_APP_PRIVATE_KEY}" ]]; then
+    if [[ ! -v TEST_GITHUB_APP_PRIVATE_KEY_FILE || -z "${TEST_GITHUB_APP_PRIVATE_KEY_FILE}" ]]; then
+      TEST_GITHUB_APP_PRIVATE_KEY_FILE="${DIR}/${LOCAL_GITHUB_APP_PRIVATE_KEY_FILE}"
+    fi
+    echo "${TEST_GITHUB_APP_PRIVATE_KEY}" > "${TEST_GITHUB_APP_PRIVATE_KEY_FILE}"
+  fi
+
+  # Validate all required environment variables for the github-app-auth tests are provided.
+  for var in "${required_env_vars[@]}"; do
+    if [[ ! -v "${var}" ]]; then
+      echo "Error: Required environment variable '${var}' is not set or empty. Either provide a value or skip the GitHub App test by setting SKIP_GITHUB_APP_TEST to 'true'."
+      exit 1
+    fi
+  done
+
+  # Mount the GitHub App private key file to the git-sync container
+  GITHUB_APP_PRIVATE_KEY_MOUNT=(-v "${TEST_GITHUB_APP_PRIVATE_KEY_FILE}":"/${LOCAL_GITHUB_APP_PRIVATE_KEY_FILE}":ro)
+fi
 
 # WORK is temp space and in reset for each testcase.
 WORK="$DIR/work"
@@ -295,7 +337,7 @@ function GIT_SYNC() {
         -v "$DOT_SSH/1/id_test":"/ssh/secret.1":ro \
         -v "$DOT_SSH/2/id_test":"/ssh/secret.2":ro \
         -v "$DOT_SSH/3/id_test":"/ssh/secret.3":ro \
-	-v "$(pwd)/$GITHUB_APP_PRIVATE_KEY_FILE":"/github_app_private_key.pem":ro \
+        "${GITHUB_APP_PRIVATE_KEY_MOUNT[@]}" \
         "${GIT_SYNC_E2E_IMAGE}" \
             -v=6 \
             --add-user \
@@ -2189,27 +2231,33 @@ function e2e::auth_askpass_url_slow_start() {
 # Test github app auth
 ##############################################
 function e2e::auth_github_app_application_id() {
+    if [[ "${skip_github_app_test}" == "true" ]]; then
+        return
+    fi
     GIT_SYNC \
         --one-time \
-        --repo="$GITHUB_APP_AUTH_TEST_REPO" \
+        --repo="${TEST_GITHUB_APP_AUTH_TEST_REPO}" \
-        --github-app-application-id "$GITHUB_APP_APPLICATION_ID" \
+        --github-app-application-id "${TEST_GITHUB_APP_APPLICATION_ID}" \
-        --github-app-installation-id "$GITHUB_APP_INSTALLATION_ID" \
+        --github-app-installation-id "${TEST_GITHUB_APP_INSTALLATION_ID}" \
-        --github-app-private-key-file "/github_app_private_key.pem" \
+        --github-app-private-key-file "/${LOCAL_GITHUB_APP_PRIVATE_KEY_FILE}" \
-        --root="$ROOT" \
+        --root="${ROOT}" \
         --link="link"
-    assert_file_exists "$ROOT/link/LICENSE"
+    assert_file_exists "${ROOT}/link/LICENSE"
 }
 
 function e2e::auth_github_app_client_id() {
+    if [[ "${skip_github_app_test}" == "true" ]]; then
+        return
+    fi
     GIT_SYNC \
         --one-time \
-        --repo="$GITHUB_APP_AUTH_TEST_REPO" \
+        --repo="${TEST_GITHUB_APP_AUTH_TEST_REPO}" \
-        --github-app-client-id "$GITHUB_APP_CLIENT_ID" \
+        --github-app-client-id "${TEST_GITHUB_APP_CLIENT_ID}" \
-        --github-app-installation-id "$GITHUB_APP_INSTALLATION_ID" \
+        --github-app-installation-id "${TEST_GITHUB_APP_INSTALLATION_ID}" \
-        --github-app-private-key-file "/github_app_private_key.pem" \
+        --github-app-private-key-file "/${LOCAL_GITHUB_APP_PRIVATE_KEY_FILE}" \
-        --root="$ROOT" \
+        --root="${ROOT}" \
         --link="link"
-    assert_file_exists "$ROOT/link/LICENSE"
+    assert_file_exists "${ROOT}/link/LICENSE"
 }
 
 ##############################################
@@ -3640,11 +3688,4 @@ if [[ "$FINAL_RET" != 0 ]]; then
     exit 1
 fi
 
-# Finally...
-echo
-if [[ "${CLEANUP:-}" == 0 ]]; then
-    echo "leaving logs in $DIR"
-else
-    rm -rf "$DIR"
-fi