Add Forgejo T05 verify, operator bootstrap, and security hardening
Introduce forgejo-verify acceptance checks, idempotent operator bootstrap, runner registration SOPS capture helper, and session/security Helm values.
This commit is contained in:
parent
9b31f229e8
commit
3a9236148a
8 changed files with 436 additions and 1 deletions
34
tools/forgejo-npm-smoke.sh
Executable file
34
tools/forgejo-npm-smoke.sh
Executable file
|
|
@ -0,0 +1,34 @@
|
|||
#!/usr/bin/env bash
|
||||
# T07 npm registry smoke — install published @coulomb/forgejo-npm-probe (no publish).
|
||||
set -euo pipefail
|
||||
|
||||
REGISTRY="${FORGEJO_NPM_REGISTRY:-https://forgejo.coulomb.social/api/packages/coulomb/npm/}"
|
||||
TOKEN_FILE="${FORGEJO_NPM_TOKEN_FILE:-${FORGEJO_TOKEN_FILE:-/tmp/forgejo-tegwick-api-token}}"
|
||||
PROBE_PKG="${FORGEJO_NPM_PROBE_PKG:-@coulomb/forgejo-npm-probe@0.0.1}"
|
||||
|
||||
if [[ -n "${FORGEJO_NPM_TOKEN:-}" ]]; then
|
||||
TOKEN="${FORGEJO_NPM_TOKEN}"
|
||||
elif [[ -f "${TOKEN_FILE}" ]]; then
|
||||
TOKEN="$(cat "${TOKEN_FILE}")"
|
||||
else
|
||||
echo "Set FORGEJO_NPM_TOKEN or create ${TOKEN_FILE}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
command -v npm >/dev/null 2>&1 || { echo "npm required" >&2; exit 1; }
|
||||
|
||||
work="$(mktemp -d)"
|
||||
trap 'rm -rf "${work}"' EXIT
|
||||
cd "${work}"
|
||||
|
||||
npm config set @coulomb:registry "${REGISTRY}"
|
||||
npm config set -- '//forgejo.coulomb.social/api/packages/coulomb/npm/:_authToken' "${TOKEN}"
|
||||
|
||||
npm install "${PROBE_PKG}" >/dev/null
|
||||
out="$(node -e "console.log(require('@coulomb/forgejo-npm-probe')())")"
|
||||
if [[ "${out}" == "forgejo-npm-probe-ok" ]]; then
|
||||
echo "npm smoke ok: ${PROBE_PKG}"
|
||||
else
|
||||
echo "npm smoke fail: unexpected output '${out}'" >&2
|
||||
exit 1
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue