Merge branch 'ali/allow-ca-certs-from-builds-dir' into 'master' (3298329c) · Commits · GitLab.org / release-cli

internal/app/app_integration_unix_test.go

+43 −4

Original line number	Diff line number	Diff line
		@@ -4,7 +4,9 @@
		package app_test

		import (
		"io"
		"os"
		"path/filepath"
		"testing"

		"github.com/sirupsen/logrus"
		@@ -27,12 +29,15 @@ func TestHTTPSCustomCA_Unix(t *testing.T) {
		s.StartTLS()
		defer s.Close()

		tempDir := t.TempDir()

		tests := []struct {
		name string
		certFlags []string
		env string
		wantErrStr string
		wantLogEntries []string
		ciBuildsDir string
		createCert bool
		}{
		{
		name: "with_invalid_path_to_file",
		@@ -56,15 +61,49 @@ func TestHTTPSCustomCA_Unix(t *testing.T) {
		certFlags: []string{"--additional-ca-cert-bundle", "../testdata/certs/CA.pem"},
		wantLogEntries: []string{"Creating Release...", "release created successfully!"},
		},
		{
		name: "with_absolute_path_in_ci_builds_dir",
		certFlags: []string{"--additional-ca-cert-bundle", filepath.Join(tempDir, "CA.pem")},
		wantLogEntries: []string{"Creating Release...", "release created successfully!"},
		ciBuildsDir: filepath.Dir(tempDir),
		createCert: true,
		},
		{
		name: "with_absolute_path_outside_ci_builds_dir",
		certFlags: []string{"--additional-ca-cert-bundle", "/tmp/other/CA.pem"},
		wantErrStr: "open /tmp/builds/other/CA.pem: no such file or directory",
		ciBuildsDir: "/tmp/builds",
		},
		}

		for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
		log, hook := testlog.NewNullLogger()

		err := os.Setenv("ADDITIONAL_CA_CERT_BUNDLE", tt.env)
		t.Setenv("CI_BUILDS_DIR", tt.ciBuildsDir)

		if tt.createCert {
		src, err := os.Open("testdata/certs/CA.pem")
		require.NoError(t, err)

		dest, err := os.Create(tt.certFlags[1])
		require.NoError(t, err)

		_, err = io.Copy(dest, src)
		require.NoError(t, err)

		err = src.Close()
		require.NoError(t, err)

		err = dest.Close()
		require.NoError(t, err)

		t.Cleanup(func() {
		err = os.Remove(dest.Name())
		require.NoError(t, err)
		})
		}

		testApp := app.New(logrus.NewEntry(log), t.Name())
		args := []string{"release-cli", "--server-url", s.URL, "--job-token",
		"token", "--project-id", "projectID"}
		@@ -74,7 +113,7 @@ func TestHTTPSCustomCA_Unix(t *testing.T) {
		args = append(args, "create", "--name", "release name", "--description",
		"release description", "--tag-name", "v1.1.0")

		err = testApp.Run(args)
		err := testApp.Run(args)
		if tt.wantErrStr != "" {
		require.Error(t, err)
		require.Contains(t, err.Error(), tt.wantErrStr)

internal/app/http_client.go

+18 −0

Original line number	Diff line number	Diff line
		@@ -3,6 +3,7 @@ package app
		import (
		"crypto/tls"
		"crypto/x509"
		"errors"
		"fmt"
		"net/http"
		"os"
		@@ -87,5 +88,22 @@ func getCA(ca string) ([]byte, error) {
		return nil, err
		}

		if _, statErr := os.Stat(filePath); errors.Is(statErr, os.ErrNotExist) {
		buildsDir := os.Getenv("CI_BUILDS_DIR")
		if buildsDir == "" {
		return nil, statErr
		}

		rel, err := filepath.Rel(buildsDir, ca)
		if err != nil {
		return nil, err
		}

		filePath, err = securejoin.SecureJoin(buildsDir, rel)
		if err != nil {
		return nil, err
		}
		}

		return os.ReadFile(filepath.Clean(filePath))
		}