Files
Gitea-Tools/tests/test_create_pr.py
T
sysadmin dc899d23c8 fix(session): require config-backed mutation authority and workspace-bound targets (#714)
Close the #714 remediation gap left at 943d402 where env-only mutation
profiles, REMOTES Timesheet defaults treated as explicit caller input, and
machine-dependent Git remotes produced false greens.

- Fail closed when mutations lack a config-backed profile with non-empty
  allowed_repositories; env ops cannot invent mutation authority.
- Preserve omitted-vs-explicit org/repo provenance through the mutation
  gate; omitted targets bind to the verified workspace repository.
- Prefer workspace-aligned Git remotes over historical Timesheet defaults
  in MCP _resolve and CLI resolve_remote.
- Centralize deterministic config-backed mutation fixtures; migrate
  mutation tests off env-only authority without weakening security
  assertions.

Full suite: 2744 passed, 6 skipped.
2026-07-15 21:13:21 -04:00

171 lines
6.5 KiB
Python

import os
"""Tests for create_pr.py.
Every test mocks `get_credentials` and `urllib.request.urlopen` so no real
network calls or keychain access are performed.
"""
import io
import json
import sys
import unittest
import contextlib
from unittest.mock import patch, MagicMock, patch
sys.path.insert(0, str(__import__("pathlib").Path(__file__).resolve().parent.parent))
import create_pr # noqa: E402
FAKE_CREDS = ("testuser", "testpass")
def _mock_urlopen(body=None):
if body is None:
body = {"number": 99, "html_url": "https://gitea.example.com/pulls/99"}
resp = MagicMock()
resp.read.return_value = json.dumps(body).encode("utf-8")
resp.__enter__ = lambda s: s
resp.__exit__ = MagicMock(return_value=False)
return resp
# ---------------------------------------------------------------------------
# Argument parsing
# ---------------------------------------------------------------------------
class TestArgParsing(unittest.TestCase):
@patch("create_pr.urllib.request.urlopen", return_value=_mock_urlopen())
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_minimal_required_args(self, _cred, _url):
with contextlib.redirect_stdout(io.StringIO()), contextlib.redirect_stderr(io.StringIO()):
rc = create_pr.main(["--title", "PR Title", "--head", "feat/branch"])
self.assertEqual(rc, 0)
def test_missing_title_exits(self):
with self.assertRaises(SystemExit):
create_pr.main(["--head", "feat/branch"])
def test_missing_head_exits(self):
with self.assertRaises(SystemExit):
create_pr.main(["--title", "PR Title"])
def test_invalid_remote_exits(self):
with self.assertRaises(SystemExit):
create_pr.main(["--remote", "nope", "--title", "T", "--head", "h"])
# ---------------------------------------------------------------------------
# Remote resolution
# ---------------------------------------------------------------------------
class TestRemoteResolution(unittest.TestCase):
@patch("create_pr.urllib.request.urlopen", return_value=_mock_urlopen())
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_default_dadeschools(self, mock_cred, _url):
create_pr.main(["--title", "T", "--head", "h"])
mock_cred.assert_called_with("gitea.dadeschools.net")
@patch("create_pr.urllib.request.urlopen", return_value=_mock_urlopen())
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_prgs_remote(self, mock_cred, _url):
create_pr.main(["--remote", "prgs", "--title", "T", "--head", "h"])
mock_cred.assert_called_with("gitea.prgs.cc")
# ---------------------------------------------------------------------------
# API payload
# ---------------------------------------------------------------------------
class TestAPIPayload(unittest.TestCase):
"""#714: omitted --org/--repo uses workspace-bound repo (Gitea-Tools),
not the historical REMOTES Timesheet default. Intentional security-policy
migration of legacy omitted-target assertions.
"""
def setUp(self):
self._ws_env = patch.dict(
os.environ,
{
"GITEA_TEST_WORKSPACE_REMOTE_URL": (
"https://gitea.prgs.cc/Scaled-Tech-Consulting/Gitea-Tools.git"
)
},
clear=False,
)
self._ws_env.start()
def tearDown(self):
self._ws_env.stop()
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_payload_fields(self, _cred):
with patch("create_pr.urllib.request.Request") as MockReq:
MockReq.return_value = MagicMock()
with patch("create_pr.urllib.request.urlopen",
return_value=_mock_urlopen()):
create_pr.main([
"--title", "My PR",
"--head", "feat/x",
"--base", "develop",
"--body", "Closes #1",
])
data = json.loads(MockReq.call_args[1]["data"].decode("utf-8"))
self.assertEqual(data["title"], "My PR")
self.assertEqual(data["head"], "feat/x")
self.assertEqual(data["base"], "develop")
self.assertEqual(data["body"], "Closes #1")
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_default_base_is_main(self, _cred):
with patch("create_pr.urllib.request.Request") as MockReq:
MockReq.return_value = MagicMock()
with patch("create_pr.urllib.request.urlopen",
return_value=_mock_urlopen()):
create_pr.main(["--title", "T", "--head", "h"])
data = json.loads(MockReq.call_args[1]["data"].decode("utf-8"))
self.assertEqual(data["base"], "main")
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_url_prgs(self, _cred):
with patch("create_pr.urllib.request.Request") as MockReq:
MockReq.return_value = MagicMock()
with patch("create_pr.urllib.request.urlopen",
return_value=_mock_urlopen()):
create_pr.main(["--remote", "prgs", "--title", "T", "--head", "h"])
url = MockReq.call_args[0][0]
self.assertEqual(
url,
"https://gitea.prgs.cc/api/v1/repos/Scaled-Tech-Consulting/Gitea-Tools/pulls",
)
# ---------------------------------------------------------------------------
# Auth failure
# ---------------------------------------------------------------------------
class TestAuthFailure(unittest.TestCase):
@patch("create_pr.get_credentials", return_value=("", ""))
def test_no_credentials_returns_1(self, _cred):
rc = create_pr.main(["--title", "T", "--head", "h"])
self.assertEqual(rc, 1)
# ---------------------------------------------------------------------------
# HTTP error
# ---------------------------------------------------------------------------
class TestHTTPError(unittest.TestCase):
@patch("create_pr.get_credentials", return_value=FAKE_CREDS)
def test_422_returns_1(self, _cred):
import urllib.error
err = urllib.error.HTTPError(
url="https://example.com", code=422, msg="Unprocessable",
hdrs=None, fp=io.BytesIO(b'{"message":"branch not found"}'),
)
with patch("create_pr.urllib.request.urlopen", side_effect=err):
rc = create_pr.main(["--title", "T", "--head", "h"])
self.assertEqual(rc, 1)
if __name__ == "__main__":
unittest.main()