Skip to content

Commit 914f500

Browse files
Fix OJS beacon rendering and smoke matrix
Render OJS_ENABLE_BEACON through an explicit truthy helper so false-like values do not enable the beacon in generated config. Limit buildkit create smoke tests to apps whose branch images were actually built and make fcrepo Syn auth fixtures corrupt signature bytes deterministically.
1 parent 5fb991b commit 914f500

5 files changed

Lines changed: 108 additions & 55 deletions

File tree

.github/workflows/push.yml

Lines changed: 62 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@ jobs:
6262
sitectl_drupal_image_tags: ${{ steps.plan.outputs.sitectl_drupal_image_tags }}
6363
sitectl_isle_libops_image_tags: ${{ steps.plan.outputs.sitectl_isle_libops_image_tags }}
6464
sitectl_isle_images: ${{ steps.plan.outputs.sitectl_isle_images }}
65+
sitectl_create_smoke_matrix: ${{ steps.plan.outputs.sitectl_create_smoke_matrix }}
6566
steps:
6667
- uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" # v6
6768
with:
@@ -109,14 +110,65 @@ jobs:
109110
./ci/image-metadata.sh first-tag "$1" "$mode" "$FALLBACK_TAG"
110111
}
111112
113+
planned_tag_assignment() {
114+
local service="$1"
115+
local image="$2"
116+
if grep -Fq "\"${image}\"" build-plan.out; then
117+
printf '%s=%s' "$service" "$(first_tag "$image")"
118+
fi
119+
}
120+
121+
add_smoke_row() {
122+
local plugin="$1"
123+
local packages="$2"
124+
local create_args="$3"
125+
local image_tags="$4"
126+
local images="$5"
127+
if [ -z "${image_tags// }" ]; then
128+
return
129+
fi
130+
smoke_matrix="$(
131+
jq -c \
132+
--arg plugin "$plugin" \
133+
--arg packages "$packages" \
134+
--arg create_args "$create_args" \
135+
--arg image_tags "$image_tags" \
136+
--arg images "$images" \
137+
'. + [{
138+
"plugin": $plugin,
139+
"packages": $packages,
140+
"create-args": $create_args,
141+
"image-tags": $image_tags,
142+
"images": $images
143+
}]' <<<"$smoke_matrix"
144+
)"
145+
}
146+
147+
sitectl_wp_image_tags="$(planned_tag_assignment wp wp-php84)"
148+
sitectl_omeka_s_image_tags="$(planned_tag_assignment omeka-s omeka-s-php84)"
149+
sitectl_omeka_classic_image_tags="$(planned_tag_assignment omeka-classic omeka-classic-php84)"
150+
sitectl_ojs_image_tags="$(planned_tag_assignment ojs ojs-php84)"
151+
sitectl_drupal_image_tags="$(planned_tag_assignment drupal drupal-php84)"
152+
sitectl_isle_libops_image_tags="$(planned_tag_assignment drupal islandora-php84)"
153+
sitectl_isle_images=""
154+
155+
smoke_matrix='[]'
156+
add_smoke_row "wp" "sitectl sitectl-wp" "" "$sitectl_wp_image_tags" ""
157+
add_smoke_row "omeka-s" "sitectl sitectl-omeka-s" "" "$sitectl_omeka_s_image_tags" ""
158+
add_smoke_row "omeka-classic" "sitectl sitectl-omeka-classic" "" "$sitectl_omeka_classic_image_tags" ""
159+
add_smoke_row "ojs" "sitectl sitectl-ojs" "" "$sitectl_ojs_image_tags" ""
160+
add_smoke_row "drupal" "sitectl sitectl-drupal" "" "$sitectl_drupal_image_tags" ""
161+
add_smoke_row "isle" "sitectl sitectl-isle sitectl-drupal" "--template-repo https://github.com/libops/isle --fcrepo off --blazegraph off --isle-file-system-uri private --iiif triplet --iiif-topology disabled --bot-mitigation off" "$sitectl_isle_libops_image_tags" "$sitectl_isle_images"
162+
112163
{
113-
echo "sitectl_wp_image_tags=wp=$(first_tag wp-php84)"
114-
echo "sitectl_omeka_s_image_tags=omeka-s=$(first_tag omeka-s-php84)"
115-
echo "sitectl_omeka_classic_image_tags=omeka-classic=$(first_tag omeka-classic-php84)"
116-
echo "sitectl_ojs_image_tags=ojs=$(first_tag ojs-php84)"
117-
echo "sitectl_drupal_image_tags=drupal=$(first_tag drupal-php84)"
118-
echo "sitectl_isle_libops_image_tags=drupal=$(first_tag islandora-php84) activemq=$(first_tag activemq6) alpaca=$(first_tag alpaca) crayfits=$(first_tag crayfits) fits=$(first_tag fits) homarus=$(first_tag homarus) houdini=$(first_tag houdini) hypercube=$(first_tag hypercube) init=$(first_tag base) mariadb=$(first_tag mariadb11) mergepdf=$(first_tag mergepdf) solr=$(first_tag solr9)"
119-
echo "sitectl_isle_images="
164+
echo "sitectl_wp_image_tags=${sitectl_wp_image_tags}"
165+
echo "sitectl_omeka_s_image_tags=${sitectl_omeka_s_image_tags}"
166+
echo "sitectl_omeka_classic_image_tags=${sitectl_omeka_classic_image_tags}"
167+
echo "sitectl_ojs_image_tags=${sitectl_ojs_image_tags}"
168+
echo "sitectl_drupal_image_tags=${sitectl_drupal_image_tags}"
169+
echo "sitectl_isle_libops_image_tags=${sitectl_isle_libops_image_tags}"
170+
echo "sitectl_isle_images=${sitectl_isle_images}"
171+
echo "sitectl_create_smoke_matrix=${smoke_matrix}"
120172
} >> "$GITHUB_OUTPUT"
121173
122174
- name: Summary
@@ -134,6 +186,7 @@ jobs:
134186
echo "sitectl ojs image tags: ${{ steps.plan.outputs.sitectl_ojs_image_tags }}"
135187
echo "sitectl drupal image tags: ${{ steps.plan.outputs.sitectl_drupal_image_tags }}"
136188
echo "sitectl isle libops image tags: ${{ steps.plan.outputs.sitectl_isle_libops_image_tags }}"
189+
echo "sitectl create smoke matrix: ${{ steps.plan.outputs.sitectl_create_smoke_matrix }}"
137190
138191
build-level-0:
139192
if: ${{ needs.plan.outputs.level0 != '[]' }}
@@ -321,49 +374,12 @@ jobs:
321374
packages: read
322375

323376
sitectl-create-smoke-test:
324-
if: ${{ always() && !cancelled() && !failure() }}
377+
if: ${{ always() && needs.plan.outputs.sitectl_create_smoke_matrix != '[]' && !cancelled() && !failure() }}
325378
needs: [plan, test-level-4]
326379
strategy:
327380
fail-fast: false
328381
matrix:
329-
include:
330-
- plugin: wp
331-
packages: sitectl sitectl-wp
332-
create-args: ""
333-
image-tags: ${{ needs.plan.outputs.sitectl_wp_image_tags }}
334-
images: ""
335-
- plugin: omeka-s
336-
packages: sitectl sitectl-omeka-s
337-
create-args: ""
338-
image-tags: ${{ needs.plan.outputs.sitectl_omeka_s_image_tags }}
339-
images: ""
340-
- plugin: omeka-classic
341-
packages: sitectl sitectl-omeka-classic
342-
create-args: ""
343-
image-tags: ${{ needs.plan.outputs.sitectl_omeka_classic_image_tags }}
344-
images: ""
345-
- plugin: ojs
346-
packages: sitectl sitectl-ojs
347-
create-args: ""
348-
image-tags: ${{ needs.plan.outputs.sitectl_ojs_image_tags }}
349-
images: ""
350-
- plugin: drupal
351-
packages: sitectl sitectl-drupal
352-
create-args: ""
353-
image-tags: ${{ needs.plan.outputs.sitectl_drupal_image_tags }}
354-
images: ""
355-
- plugin: isle
356-
packages: sitectl sitectl-isle sitectl-drupal
357-
create-args: >-
358-
--template-repo https://github.com/libops/isle
359-
--fcrepo off
360-
--blazegraph off
361-
--isle-file-system-uri private
362-
--iiif triplet
363-
--iiif-topology disabled
364-
--bot-mitigation off
365-
image-tags: ${{ needs.plan.outputs.sitectl_isle_libops_image_tags }}
366-
images: ${{ needs.plan.outputs.sitectl_isle_images }}
382+
include: ${{ fromJson(needs.plan.outputs.sitectl_create_smoke_matrix) }}
367383

368384
uses: libops/.github/.github/workflows/sitectl-create-smoke-test.yaml@main
369385
with:

images/fcrepo6/tests/SynAuthentication/test.sh

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,19 @@ create_jwt() {
1919
printf '%s.%s' "${signing_input}" "${signature}"
2020
}
2121

22+
corrupt_jwt_signature() {
23+
local header payload replacement signature token
24+
token=${1}
25+
IFS=. read -r header payload signature <<<"${token}"
26+
27+
case "${signature:0:1}" in
28+
A) replacement=B ;;
29+
*) replacement=A ;;
30+
esac
31+
32+
printf '%s.%s.%s%s' "${header}" "${payload}" "${replacement}" "${signature:1}"
33+
}
34+
2235
post_status() {
2336
local body_file token
2437
token=${1}
@@ -42,10 +55,7 @@ if [[ "${valid_status}" != 2* ]]; then
4255
fi
4356
echo "Valid JWT accepted with HTTP ${valid_status}."
4457

45-
case "${valid_jwt: -1}" in
46-
x) bad_jwt="${valid_jwt%?}y" ;;
47-
*) bad_jwt="${valid_jwt%?}x" ;;
48-
esac
58+
bad_jwt=$(corrupt_jwt_signature "${valid_jwt}")
4959

5060
bad_status=$(post_status "${bad_jwt}" /tmp/syn-bad-response.txt)
5161
if [[ "${bad_status}" != "401" ]]; then

images/fcrepo7/tests/SynAuthentication/test.sh

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,19 @@ create_jwt() {
1919
printf '%s.%s' "${signing_input}" "${signature}"
2020
}
2121

22+
corrupt_jwt_signature() {
23+
local header payload replacement signature token
24+
token=${1}
25+
IFS=. read -r header payload signature <<<"${token}"
26+
27+
case "${signature:0:1}" in
28+
A) replacement=B ;;
29+
*) replacement=A ;;
30+
esac
31+
32+
printf '%s.%s.%s%s' "${header}" "${payload}" "${replacement}" "${signature:1}"
33+
}
34+
2235
post_status() {
2336
local body_file token
2437
token=${1}
@@ -42,10 +55,7 @@ if [[ "${valid_status}" != 2* ]]; then
4255
fi
4356
echo "Valid JWT accepted with HTTP ${valid_status}."
4457

45-
case "${valid_jwt: -1}" in
46-
x) bad_jwt="${valid_jwt%?}y" ;;
47-
*) bad_jwt="${valid_jwt%?}x" ;;
48-
esac
58+
bad_jwt=$(corrupt_jwt_signature "${valid_jwt}")
4959

5060
bad_status=$(post_status "${bad_jwt}" /tmp/syn-bad-response.txt)
5161
if [[ "${bad_status}" != "401" ]]; then

images/ojs/rootfs/etc/confd/templates/config.inc.tmpl

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
{{- define "doubleQuoteEscape" -}}{{- $escaped := replace . "\\" "\\\\" -1 -}}{{- replace $escaped "\"" "\\\"" -1 -}}{{- end -}}
2+
{{- define "booleanOnOff" -}}{{- if or (eq . "1") (eq . "on") (eq . "On") (eq . "ON") (eq . "true") (eq . "True") (eq . "TRUE") (eq . "y") (eq . "Y") (eq . "yes") (eq . "Yes") (eq . "YES") -}}On{{- else -}}Off{{- end -}}{{- end -}}
23
; <?php exit; // DO NOT DELETE?>
34
; DO NOT DELETE THE ABOVE LINE!!!
45
; Doing so will expose this configuration file through your web site!
@@ -118,7 +119,7 @@ enable_minified = On
118119

119120
; Provide a unique site ID and OAI base URL to PKP for statistics and security
120121
; alert purposes only.
121-
enable_beacon = {{ if getenv "OJS_ENABLE_BEACON" }}On{{ else }}Off{{ end }}
122+
enable_beacon = {{ template "booleanOnOff" (getenv "OJS_ENABLE_BEACON") }}
122123

123124
; Set this to "On" if you would like to only have a single, site-wide Privacy
124125
; Statement, rather than a separate Privacy Statement for each journal. Setting

internal/buildkit/metadata_test.go

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,22 @@ func TestMariaDBLongrunStartsServer(t *testing.T) {
151151
}
152152
}
153153

154+
func TestOJSEnableBeaconTemplateUsesTruthyHelper(t *testing.T) {
155+
root := repoRoot(t)
156+
templateFile := filepath.Join(root, "images", "ojs", "rootfs", "etc", "confd", "templates", "config.inc.tmpl")
157+
content, err := os.ReadFile(templateFile)
158+
if err != nil {
159+
t.Fatal(err)
160+
}
161+
got := string(content)
162+
if strings.Contains(got, `if getenv "OJS_ENABLE_BEACON"`) {
163+
t.Fatalf("%s treats any non-empty OJS_ENABLE_BEACON value as On", templateFile)
164+
}
165+
if !strings.Contains(got, `define "booleanOnOff"`) || !strings.Contains(got, `enable_beacon = {{ template "booleanOnOff" (getenv "OJS_ENABLE_BEACON") }}`) {
166+
t.Fatalf("%s must render OJS_ENABLE_BEACON through the booleanOnOff helper", templateFile)
167+
}
168+
}
169+
154170
func TestBaseVaultSecretsBootstrap(t *testing.T) {
155171
root := repoRoot(t)
156172

0 commit comments

Comments
 (0)