Skip to content

Commit 485fda3

Browse files
test: cover SSH publickey diagnostic edges
Adds explicit publickey-only and non-SSH negative coverage for the clone failure diagnostic, and records the user-facing fix in the changelog. Addresses panel follow-ups from test coverage and growth. apm-spec-waiver: Diagnostic-only failure text; no OpenAPM protocol behavior change. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 2f23e8d commit 485fda3

2 files changed

Lines changed: 46 additions & 8 deletions

File tree

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
2020

2121
### Fixed
2222

23+
- SSH clone failures from passphrase-protected keys now explain how to unblock
24+
non-interactive clones with `ssh-add`, CI deploy keys, or token-backed HTTPS
25+
instead of ending with an opaque git error. (#2244)
2326
- Govern policy cache freshness now honors the effective policy's `cache.ttl`;
2427
bounded property coverage protects all 39 enforceable fields, cold/warm parity,
2528
canonical serialization, and last-good bytes after malformed refreshes. (#2235)

tests/unit/deps/test_bare_cache_clone_failure.py

Lines changed: 43 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,12 @@
99
from apm_cli.models.apm_package import DependencyReference
1010

1111

12-
def test_clone_failure_message_explains_passphrase_protected_ssh_key() -> None:
13-
"""SSH passphrase failures must tell users how to unblock non-interactive clones."""
12+
def _clone_failure_message(
13+
*,
14+
stderr: bytes,
15+
explicit_scheme: str | None,
16+
) -> str:
17+
"""Build a clone failure message for an SSH diagnostic scenario."""
1418
plan = MagicMock()
1519
plan.strict = True
1620
plan.attempts = [MagicMock(label="SSH")]
@@ -20,19 +24,16 @@ def test_clone_failure_message_explains_passphrase_protected_ssh_key() -> None:
2024
last_error = subprocess.CalledProcessError(
2125
128,
2226
["git", "clone", "ssh://github.com/owner/repo"],
23-
stderr=(
24-
b"Enter passphrase for key '/Users/alice/.ssh/id_ed25519':\n"
25-
b"Permission denied (publickey).\n"
26-
),
27+
stderr=stderr,
2728
)
2829

29-
message = build_clone_failure_message(
30+
return build_clone_failure_message(
3031
repo_url_base="owner/repo",
3132
plan=plan,
3233
dep_ref=DependencyReference(
3334
repo_url="owner/repo",
3435
host="github.com",
35-
explicit_scheme="ssh",
36+
explicit_scheme=explicit_scheme,
3637
),
3738
dep_host="github.com",
3839
is_ado=False,
@@ -46,8 +47,42 @@ def test_clone_failure_message_explains_passphrase_protected_ssh_key() -> None:
4647
sanitize_git_error=lambda value: value,
4748
)
4849

50+
51+
def test_clone_failure_message_explains_passphrase_protected_ssh_key() -> None:
52+
"""SSH passphrase failures must tell users how to unblock non-interactive clones."""
53+
message = _clone_failure_message(
54+
stderr=(
55+
b"Enter passphrase for key '/Users/alice/.ssh/id_ed25519':\n"
56+
b"Permission denied (publickey).\n"
57+
),
58+
explicit_scheme="ssh",
59+
)
60+
4961
assert "SSH authentication failed" in message
5062
assert "ssh-add <key-file>" in message
5163
assert "ssh-agent" in message
5264
assert "token-backed HTTPS" in message
5365
assert "will not open a raw passphrase prompt" in message
66+
67+
68+
def test_clone_failure_message_explains_explicit_ssh_publickey_failure() -> None:
69+
"""Explicit SSH publickey denials should get the same non-interactive guidance."""
70+
message = _clone_failure_message(
71+
stderr=b"Permission denied (publickey).\n",
72+
explicit_scheme="ssh",
73+
)
74+
75+
assert "SSH authentication failed" in message
76+
assert "ssh-add <key-file>" in message
77+
assert "token-backed HTTPS" in message
78+
79+
80+
def test_clone_failure_message_omits_ssh_diagnostic_for_non_ssh_publickey_text() -> None:
81+
"""Publickey text on a non-SSH dependency must not produce SSH-only guidance."""
82+
message = _clone_failure_message(
83+
stderr=b"Permission denied (publickey).\n",
84+
explicit_scheme=None,
85+
)
86+
87+
assert "SSH authentication failed" not in message
88+
assert "ssh-add <key-file>" not in message

0 commit comments

Comments
 (0)