test(ci): scope integrity workflow secret guard
This commit is contained in:
@@ -12,6 +12,12 @@ MIGRATION = (
|
||||
CD_WORKFLOW = ROOT / ".gitea" / "workflows" / "cd.yaml"
|
||||
|
||||
|
||||
def _workflow_step(workflow: str, name: str) -> str:
|
||||
return workflow.split(f"- name: {name}", 1)[1].split(
|
||||
"\n - name:", 1
|
||||
)[0]
|
||||
|
||||
|
||||
def test_migration_quarantines_duplicates_without_deleting_history() -> None:
|
||||
sql = MIGRATION.read_text(encoding="utf-8")
|
||||
upper = sql.upper()
|
||||
@@ -38,9 +44,7 @@ def test_migration_quarantines_duplicates_without_deleting_history() -> None:
|
||||
|
||||
def test_cd_runs_bounded_integrity_repair_and_independent_verifier() -> None:
|
||||
workflow = CD_WORKFLOW.read_text(encoding="utf-8")
|
||||
step = workflow.split(
|
||||
"- name: Repair Asset Inventory Canonical Integrity", 1
|
||||
)[1].split("# 2026-03-31 ogt: 移除中間通知", 1)[0]
|
||||
step = _workflow_step(workflow, "Repair Asset Inventory Canonical Integrity")
|
||||
script = step.split("run: |", 1)[1]
|
||||
|
||||
assert "MIGRATION_DATABASE_URL: ${{ secrets.MIGRATION_DATABASE_URL }}" in step
|
||||
@@ -63,9 +67,7 @@ def test_cd_runs_bounded_integrity_repair_and_independent_verifier() -> None:
|
||||
|
||||
def test_cd_embedded_integrity_migration_python_compiles() -> None:
|
||||
workflow = CD_WORKFLOW.read_text(encoding="utf-8")
|
||||
step = workflow.split(
|
||||
"- name: Repair Asset Inventory Canonical Integrity", 1
|
||||
)[1]
|
||||
step = _workflow_step(workflow, "Repair Asset Inventory Canonical Integrity")
|
||||
source = step.split("python - <<'PY'", 1)[1].split(" PY", 1)[0]
|
||||
|
||||
compile(textwrap.dedent(source), "<asset-inventory-integrity-migration>", "exec")
|
||||
|
||||
Reference in New Issue
Block a user