feat(security): add gitea private inventory p0 scorecard
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Failing after 3m6s
CD Pipeline / build-and-deploy (push) Has been skipped
CD Pipeline / post-deploy-checks (push) Has been skipped
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Failing after 3m6s
CD Pipeline / build-and-deploy (push) Has been skipped
CD Pipeline / post-deploy-checks (push) Has been skipped
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import subprocess
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
|
||||
ROOT = Path(__file__).resolve().parents[3]
|
||||
SCRIPT = ROOT / "scripts" / "security" / "gitea-private-inventory-p0-scorecard.py"
|
||||
|
||||
|
||||
def load_scorecard() -> dict:
|
||||
result = subprocess.run(
|
||||
[sys.executable, str(SCRIPT), "--generated-at", "2026-06-29T14:12:00+08:00"],
|
||||
text=True,
|
||||
capture_output=True,
|
||||
check=True,
|
||||
)
|
||||
return json.loads(result.stdout)
|
||||
|
||||
|
||||
def test_scorecard_excludes_github_from_p0_blocker_math() -> None:
|
||||
scorecard = load_scorecard()
|
||||
|
||||
assert scorecard["schema_version"] == "awoooi_gitea_private_inventory_p0_scorecard_v1"
|
||||
assert scorecard["workplan_id"] == "P0-003"
|
||||
assert scorecard["source_control_authority"] == "gitea"
|
||||
assert scorecard["private_inventory_source"] == "gitea"
|
||||
assert scorecard["github_status"] == "stopped_retired_do_not_use"
|
||||
assert scorecard["github_lane_excluded_from_p0_blocker_count"] is True
|
||||
assert scorecard["github_api_used"] is False
|
||||
assert scorecard["github_cli_used"] is False
|
||||
assert scorecard["github_primary_switch_authorized"] is False
|
||||
assert not any("github" in blocker.lower() for blocker in scorecard["active_blockers"])
|
||||
|
||||
|
||||
def test_scorecard_preserves_current_gitea_inventory_blocker() -> None:
|
||||
scorecard = load_scorecard()
|
||||
|
||||
assert scorecard["status"] == "blocked_waiting_gitea_authenticated_or_owner_export_inventory"
|
||||
assert scorecard["gitea_inventory"]["status"] == "partial"
|
||||
assert scorecard["gitea_inventory"]["visibility_scope"] == "public_only"
|
||||
assert scorecard["gitea_inventory"]["repo_count"] == 2
|
||||
assert scorecard["authenticated_import_acceptance"]["accepted_payload_count"] == 0
|
||||
assert scorecard["coverage_attestation"]["received_attestation_count"] == 0
|
||||
assert "gitea_repo_inventory_status_not_ok" in scorecard["active_blockers"]
|
||||
assert "gitea_authenticated_inventory_payload_not_accepted" in scorecard["active_blockers"]
|
||||
|
||||
|
||||
def test_scorecard_keeps_all_active_product_rows_visible() -> None:
|
||||
scorecard = load_scorecard()
|
||||
coverage = scorecard["product_row_coverage"]
|
||||
|
||||
assert coverage["expected_product_count"] == 11
|
||||
assert coverage["present_product_row_count"] == 11
|
||||
assert coverage["missing_product_row_count"] == 0
|
||||
assert coverage["ready_product_count"] == 3
|
||||
assert coverage["blocked_product_count"] == 8
|
||||
assert coverage["all_active_product_repos_have_gitea_owner_readiness_row"] is True
|
||||
|
||||
product_ids = {row["product_id"] for row in scorecard["product_rows"]}
|
||||
assert {"awoooi", "momo-pro", "awooogo", "bitan-pharmacy", "tsenyang-website"} <= product_ids
|
||||
Reference in New Issue
Block a user