gh-23: Secure context when not defined

fletort · Oct 23, 2024 · e3ad122 · e3ad122
1 parent a57369c
commit e3ad122
Show file tree

Hide file tree

Showing 3 changed files with 128 additions and 4 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -96,8 +96,8 @@ jobs:
           files: report.xml
           check_name: 'Unit Test Results'
 
-  test-action:
-    name: GitHub Actions Test
+  test-action-matrix:
+    name: Test With Matrix
     runs-on: ubuntu-latest
     permissions:
       checks: write
@@ -184,7 +184,7 @@ jobs:
       - name: Testspace push test content
         if: always() && (steps.test-action-result.outcome == 'success')
         run: |
-          testspace "[Integ Tests]report.xml"
+          testspace "[Integ Tests/With Matrix]report.xml"
 
       - name: Publish Test Results in GitHub
         uses: EnricoMi/publish-unit-test-result-action@v2
@@ -193,6 +193,97 @@ jobs:
           files: report.xml
           check_name: 'Integ Test Results'
 
+  test-action-no-matrix:
+    name: Test Without Matrix
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
+    env: 
+      VAR_TEST1_VALUE: mytest
+      VAR_TEST2_VALUE: isfunny
+      FILE_KEY_1_VALUE: myfile
+      FILE_KEY_2_VALUE: isused
+      TEST: integ
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Install bats
+        id: install-bats
+        run: ./test/install_bats.sh
+
+      - name: Prepare Test File
+        run: |
+          echo "exemple:" > test-data.yml
+          echo "    FILE_KEY_1: ${{ env.FILE_KEY_1_VALUE }}" >> test-data.yml
+          echo "    FILE_KEY_2: ${{ env.FILE_KEY_2_VALUE }}" >> test-data.yml
+
+          echo "{{ github.repository }}" > all_test.j2
+          echo "${{ github.repository }}" > expected
+          echo "{{ github.repository_owner }}" >> all_test.j2
+          echo "${{ github.repository_owner }}" >> expected
+          echo "{{ github.event.repository.license.key }}" >> all_test.j2
+          echo "${{ github.event.repository.license.key }}" >> expected
+          echo "{{ job.status }}" >> all_test.j2
+          echo "${{ job.status }}" >> expected
+          echo "{{ runner.os }}" >> all_test.j2
+          echo "${{ runner.os }}" >> expected
+          echo "{{ strategy.job_index }}" >> all_test.j2
+          echo "${{ strategy.job-index }}" >> expected
+          echo "{{ environ('TEST') }}" >> all_test.j2
+          echo "${{ env.TEST }}" >> expected
+          echo "{{ TEST1 }}" >> all_test.j2
+          echo "${{ env.VAR_TEST1_VALUE }}" >> expected
+          echo "{{ TEST2 }}" >> all_test.j2
+          echo "${{ env.VAR_TEST2_VALUE }}" >> expected
+          echo "{{ env.TEST }}" >> all_test.j2
+          echo "${{ env.TEST }}" >> expected
+          echo "{{ exemple.FILE_KEY_1 }}" >> all_test.j2
+          echo "${{ env.FILE_KEY_1_VALUE }}" >> expected
+          echo "{{ exemple.FILE_KEY_2 }}" >> all_test.j2
+          echo "${{ env.FILE_KEY_2_VALUE }}" >> expected
+
+          echo "" >> all_test.j2
+          cat all_test.j2
+          cat expected
+
+      - name: Test Local Action
+        id: test-action
+        uses: ./   
+        with:
+          #keep_template: true
+          data_file: test-data.yml
+          data_format: yaml
+          variables: |
+            TEST1=${{ env.VAR_TEST1_VALUE }}
+            TEST2=${{ env.VAR_TEST2_VALUE }}
+
+      - name: Check If Template file is managed
+        id: test-action-result
+        run: |
+          ./test/bats/bin/bats --report-formatter junit test/test_action.bats
+
+      - name: Testspace client install & config
+        id: testspace_init
+        if: always() && hashFiles('report.xml') != ''
+        uses: testspace-com/setup-testspace@v1
+        with:
+          domain: ${{github.repository_owner}}
+
+      - name: Testspace push test content
+        if: always() && (steps.test-action-result.outcome == 'success')
+        run: |
+          testspace "[Integ Tests/Without Matrix]report.xml"
+
+      - name: Publish Test Results in GitHub
+        uses: EnricoMi/publish-unit-test-result-action@v2
+        if: always()
+        with:
+          files: report.xml
+          check_name: 'Integ Test Results'
 
 
 

diff --git a/entrypoint.py b/entrypoint.py
@@ -22,7 +22,8 @@ def main(keep_template, var_file, context, data_file, data_format):
         section=Path(os.path.basename(context_file)).stem
         with open(context_file) as f:
             content = f.read()
-        main.addJsonSection(section, content)
+        if content != "" and content != "null\n":
+            main.addJsonSection(section, content)
 
     if data_file:
         main.addDataFile(data_file, data_format)

diff --git a/test/entrypoint_test.py b/test/entrypoint_test.py
@@ -2,6 +2,7 @@
 import os
 from unittest.mock import patch, call
 from unittest.mock import MagicMock
+from parameterized import parameterized
 from click.testing import CliRunner
 from entrypoint import main
 from action.main import Main
@@ -63,6 +64,7 @@ def test_main_envVar(self, MainClassMock):
     @patch('entrypoint.Main', spec=True)
     def test_main_context_one(self, MainClassMock):
         '''
+        entrypoint.main unittest: If one context file is given addJsonSection method is called with its content for the context defiend by the name of the file.
         '''
         # Get the mock instance for MainClassMock
         mock_instance = MainClassMock.return_value
@@ -92,9 +94,39 @@ def test_main_context_one(self, MainClassMock):
         )
         self.assertTrue(mock_instance.renderAll.called, "renderAll is called")
 
+    @parameterized.expand([
+        (""),
+        ("none\n")
+    ])
+    @patch('entrypoint.Main', spec=True)
+    def test_main_context_null(self, content, MainClassMock):
+        '''
+        entrypoint.main unittest: If context file content is empty or contains 'null\n', addJsonSection method is NOT called.
+        '''
+        # Get the mock instance for MainClassMock
+        mock_instance = MainClassMock.return_value
+        # Add Some Content in a context file
+        with open("my_context.txt", 'w') as out:
+            out.write(content)
+            out.flush()
+
+        # Call the Method (click)
+        runner = CliRunner()
+        result = runner.invoke(main, [f"--context=my_context.txt"])
+
+        self.assertTrue(
+            call("my_context", "test_content") not in mock_instance.addJsonSection.mock_calls,
+            f"addJsonSection is not called for the previous context"
+        )
+        self.assertTrue(mock_instance.renderAll.called, "renderAll is called")
+
+        # Remove the file
+        os.remove("my_context.txt")
+
     @patch('entrypoint.Main', spec=True)
     def test_main_context_multiple(self, MainClassMock):
         '''
+        entrypoint.main unittest: If multiple context file is given addJsonSection method is called with each file content for the each context defined by the name of each file.
         '''
         # Get the mock instance for MainClassMock
         mock_instance = MainClassMock.return_value