From 3b04bffbd541245937ffade1aa55ac6baecbf44b Mon Sep 17 00:00:00 2001 From: Alexander Sieg Date: Wed, 24 Jul 2024 18:04:42 +0200 Subject: [PATCH] nixos/dependency-track: add nixos test --- nixos/tests/dependency-track.nix | 65 ++++++++++++++++++++ pkgs/by-name/de/dependency-track/package.nix | 4 ++ 2 files changed, 69 insertions(+) create mode 100644 nixos/tests/dependency-track.nix diff --git a/nixos/tests/dependency-track.nix b/nixos/tests/dependency-track.nix new file mode 100644 index 000000000000..ab0d78827286 --- /dev/null +++ b/nixos/tests/dependency-track.nix @@ -0,0 +1,65 @@ +import ./make-test-python.nix ( + { pkgs, ... }: + let + dependencyTrackPort = 8081; + in + { + name = "dependency-track"; + meta = { + maintainers = pkgs.lib.teams.cyberus.members; + }; + + nodes = { + server = + { pkgs, ... }: + { + virtualisation = { + cores = 2; + diskSize = 4096; + }; + + environment.systemPackages = with pkgs; [ curl ]; + systemd.services.dependency-track = { + # source: https://github.com/DependencyTrack/dependency-track/blob/37e0ba59e8057c18a87a7a76e247a8f75677a56c/dev/scripts/data-nist-generate-dummy.sh + preStart = '' + set -euo pipefail + + NIST_DIR="$HOME/.dependency-track/nist" + + rm -rf "$NIST_DIR" + mkdir -p "$NIST_DIR" + + for feed in $(seq "2024" "2002"); do + touch "$NIST_DIR/nvdcve-1.1-$feed.json.gz" + echo "9999999999999" > "$NIST_DIR/nvdcve-1.1-$feed.json.gz.ts" + done + ''; + }; + services.dependency-track = { + enable = true; + port = dependencyTrackPort; + nginx.domain = "localhost"; + database.passwordFile = "${pkgs.writeText "dbPassword" ''hunter2'THE'''H''''E''}"; + }; + }; + }; + + testScript = '' + import json + + start_all() + + server.wait_for_unit("dependency-track.service") + server.wait_until_succeeds( + "journalctl -o cat -u dependency-track.service | grep 'Dependency-Track is ready'" + ) + server.wait_for_open_port(${toString dependencyTrackPort}) + + with subtest("version api returns correct version"): + version = json.loads( + server.succeed("curl http://localhost/api/version") + ) + assert version["version"] == "${pkgs.dependency-track.version}" + ''; + } +) diff --git a/pkgs/by-name/de/dependency-track/package.nix b/pkgs/by-name/de/dependency-track/package.nix index 7ec89335cc8c..64f45f5c0619 100644 --- a/pkgs/by-name/de/dependency-track/package.nix +++ b/pkgs/by-name/de/dependency-track/package.nix @@ -7,6 +7,7 @@ makeWrapper, maven, nix-update-script, + nixosTests, }: let version = "4.11.7"; @@ -95,6 +96,9 @@ maven.buildMavenPackage rec { passthru = { # passthru for nix-update inherit (frontend) npmDeps; + tests = { + inherit (nixosTests) dependency-track; + }; updateScript = nix-update-script { }; };