nixos/dependency-track: add nixos test

2024-11-21 22:43:01 +00:00 · 2024-07-24 18:04:42 +02:00 · 2024-07-24 18:04:42 +02:00 · 3b04bffbd5
commit 3b04bffbd5
parent 5b67f3b831
2 changed files with 69 additions and 0 deletions
--- a/nixos/tests/dependency-track.nix
+++ b/nixos/tests/dependency-track.nix
@ -0,0 +1,65 @@
+import ./make-test-python.nix (
+  { pkgs, ... }:
+  let
+    dependencyTrackPort = 8081;
+  in
+  {
+    name = "dependency-track";
+    meta = {
+      maintainers = pkgs.lib.teams.cyberus.members;
+    };
+
+    nodes = {
+      server =
+        { pkgs, ... }:
+        {
+          virtualisation = {
+            cores = 2;
+            diskSize = 4096;
+          };
+
+          environment.systemPackages = with pkgs; [ curl ];
+          systemd.services.dependency-track = {
+            # source: https://github.com/DependencyTrack/dependency-track/blob/37e0ba59e8057c18a87a7a76e247a8f75677a56c/dev/scripts/data-nist-generate-dummy.sh
+            preStart = ''
+              set -euo pipefail
+
+              NIST_DIR="$HOME/.dependency-track/nist"
+
+              rm -rf "$NIST_DIR"
+              mkdir -p "$NIST_DIR"
+
+              for feed in $(seq "2024" "2002"); do
+                touch "$NIST_DIR/nvdcve-1.1-$feed.json.gz"
+                echo "9999999999999" > "$NIST_DIR/nvdcve-1.1-$feed.json.gz.ts"
+              done
+            '';
+          };
+          services.dependency-track = {
+            enable = true;
+            port = dependencyTrackPort;
+            nginx.domain = "localhost";
+            database.passwordFile = "${pkgs.writeText "dbPassword" ''hunter2'THE'''H''''E''}";
+          };
+        };
+    };
+
+    testScript = ''
+      import json
+
+      start_all()
+
+      server.wait_for_unit("dependency-track.service")
+      server.wait_until_succeeds(
+        "journalctl -o cat -u dependency-track.service | grep 'Dependency-Track is ready'"
+      )
+      server.wait_for_open_port(${toString dependencyTrackPort})
+
+      with subtest("version api returns correct version"):
+        version = json.loads(
+          server.succeed("curl http://localhost/api/version")
+        )
+        assert version["version"] == "${pkgs.dependency-track.version}"
+    '';
+  }
+)
--- a/pkgs/by-name/de/dependency-track/package.nix
+++ b/pkgs/by-name/de/dependency-track/package.nix
@ -7,6 +7,7 @@
  makeWrapper,
  maven,
  nix-update-script,
+  nixosTests,
 }:
 let
  version = "4.11.7";
@ -95,6 +96,9 @@ maven.buildMavenPackage rec {
  passthru = {
    # passthru for nix-update
    inherit (frontend) npmDeps;
+    tests = {
+      inherit (nixosTests) dependency-track;
+    };
    updateScript = nix-update-script { };
  };