Tests installation script for zsh integration (#7)

* implements hello world test

* implements which tests and begins docker

* fix devbox test cmd

* WIP docker installs via bootstrap

* bats passing in docker container

* removed SSL workaround from bootstrap

* devbox command for docker container build & run

* WIP gh action using Dockerfile

* WIP denotes action as job

* WIP using container's docker cmd

* removes double up of steps

* adds workflow trigger for manual testing

* action on commit for testing

* typo in action

* removes description

* WIP fixes Dockerfile path in action

* removes stdin op from action

* updates action names

* comments changes required for testing

* no longer require test on push

* fixes action typo

* comments sed function

* removes comments

* renamed and polished zsh test

* moves mockfunction to reflect wrapper functionality

* updates wrapper name to reflect zsh specificity

* action on all PR not just main

* corrects shell var and comments sed

* renames Dockerfile

* catches sed edge case with leading space for sudo

.envrc

@@ -0,0 +1,7 @@
+# Automatically sets up your devbox environment whenever you cd into this
+# directory via our direnv integration:
+
+eval "$(devbox generate direnv --print-envrc)"
+
+# check out https://www.jetpack.io/devbox/docs/ide_configuration/direnv/
+# for more details

.github/workflows/bootstrap-test.yml

@@ -0,0 +1,16 @@
+name: 'bootstrap-test'
+
+on:
+  pull_request
+
+jobs:
+  test-bootstrap:
+    name: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Build docker image with bootstrap script
+        run: docker build -t bootstrap-script-test -f ./boostrap-zsh-test.Dockerfile .
+      - name: Run bats test via devbox
+        run: docker run bootstrap-script-test

boostrap-zsh-test.Dockerfile

@@ -0,0 +1,20 @@
+FROM ubuntu:latest
+
+RUN apt-get update \
+ && apt-get install -y sudo curl ca-certificates git
+
+ARG NETSKOPE_CERT
+RUN if [ "${NETSKOPE_CERT}z" != "z" ];  then \
+      echo "Installing Netskope MitM certificates" && \
+      echo "${NETSKOPE_CERT}" >> /usr/local/share/ca-certificates/netskope.crt; \
+      update-ca-certificates; \
+    fi 
+
+WORKDIR /app
+
+COPY . .
+
+RUN ./scripts/docker-test-wrapper-zsh.sh
+
+RUN ["devbox", "run", "echo", "installed"]
+CMD ["devbox", "run", "bats", "test"]

devbox.json

@@ -0,0 +1,22 @@
+{
+  "env": {
+    "DEVBOX_SHARE_DIR": "$PWD/.devbox/nix/profile/default/share",
+    "NETSKOPE_CERT_PATH": "/Library/Application Support/Netskope/STAgent/data/nscacert.pem"
+  },
+  "packages": [
+    "bats@latest",
+    "bats.libraries.bats-assert",
+    "bats.libraries.bats-support"
+  ],
+  "shell": {
+    "init_hook": [
+      "echo 'Welcome to devbox!' > /dev/null"
+    ],
+    "scripts": {
+      "test": [
+        "docker build -t bootstrap-script-test --build-arg NETSKOPE_CERT=\"$(cat \"$NETSKOPE_CERT_PATH\")\" -f ./boostrap-zsh-test.Dockerfile .",
+        "docker run bootstrap-script-test"
+      ]
+    }
+  }
+}

devbox.lock

@@ -0,0 +1,33 @@
+{
+  "lockfile_version": "1",
+  "packages": {
+    "bats.libraries.bats-assert": {
+      "resolved": "github:NixOS/nixpkgs/75a52265bda7fd25e06e3a67dee3f0354e73243c#bats.libraries.bats-assert",
+      "source": "nixpkg"
+    },
+    "bats.libraries.bats-support": {
+      "resolved": "github:NixOS/nixpkgs/75a52265bda7fd25e06e3a67dee3f0354e73243c#bats.libraries.bats-support",
+      "source": "nixpkg"
+    },
+    "bats@latest": {
+      "last_modified": "2023-11-19T17:46:56Z",
+      "resolved": "github:NixOS/nixpkgs/0bf3f5cf6a98b5d077cdcdb00a6d4b3d92bc78b5#bats",
+      "source": "devbox-search",
+      "version": "1.10.0",
+      "systems": {
+        "aarch64-darwin": {
+          "store_path": "/nix/store/gkb8zmmzsqn8lshha7zddbjmr87mc056-bats-1.10.0"
+        },
+        "aarch64-linux": {
+          "store_path": "/nix/store/z8xiwh8m8qc00j94bp7xvb2mnfxv8gs6-bats-1.10.0"
+        },
+        "x86_64-darwin": {
+          "store_path": "/nix/store/00kmcikc4xbc3mgz0z4vjs0yn1mz4cal-bats-1.10.0"
+        },
+        "x86_64-linux": {
+          "store_path": "/nix/store/1sw93sc9pzmbwn359lbj7pxd7ril3whd-bats-1.10.0"
+        }
+      }
+    }
+  }
+}

scripts/bootstrap.sh

@@ -6,6 +6,9 @@ set -e
 
 NETSKOPE_DATA_DIR="/Library/Application Support/Netskope/STAgent/data"
 
+# This variable is set by docker in mock_functions.sh to provide the linux path rather than the typical MacOS path
+NIX_FINAL_SSL_FILE="${NIX_FINAL_SSL_FILE:-NETSKOPE_DATA_DIR/nscacert_combined.pem}"
+
 # Copy create Netskope combined cert and save to known location recommended by their docs:
 # https://docs.netskope.com/en/netskope-help/data-security/netskope-secure-web-gateway/configuring-cli-based-tools-and-development-frameworks-to-work-with-netskope-ssl-interception/#mac-1
 generate_combined_netskope_cert() {
@@ -32,13 +35,16 @@ generate_combined_netskope_cert() {
 install_nix() {
 	echo "=== installing nix (requires sudo)..."
 	curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix |
-		sh -s -- install --no-confirm \
+		# $INSTALLER_EXTRA_ARGS below is required by docker as default install expects systemd for a linux install
+		# That alone is able to be set by an env var in the docker environment, 
+		# however we also have to provide 'linux' as an argument for the installing script
+		sh -s -- install $INSTALLER_EXTRA_ARGS --no-confirm \
 			--extra-conf "trusted-users = root @admin" \
-			--ssl-cert-file "$NETSKOPE_DATA_DIR/nscacert_combined.pem"
+			--ssl-cert-file "$NIX_FINAL_SSL_FILE"
 	echo "=== nix installed..."
 
 	echo "=== sourcing nix daemon so we can use it in this script..."
-	export NIX_SSL_CERT_FILE="$NETSKOPE_DATA_DIR/nscacert_combined.pem"
+	export NIX_SSL_CERT_FILE="$NIX_FINAL_SSL_FILE"
 	. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
 	echo "=== nix daemon sourced..."
 }
@@ -102,7 +108,7 @@ direnv_shell_integration() {
 		EOF
 		;;
 	*)
-		fail "Don't know how to setup for shell $SHELL. checkout https://direnv.net/docs/hook.html"
+		echo "Don't know how to setup for shell $SHELL. checkout https://direnv.net/docs/hook.html"
 		;;
 	esac
 }
@@ -130,7 +136,6 @@ install_nix_direnv() {
 print_further_steps() {
 	echo "================================================================"
 	echo "Nix, direnv, and devbox have been installed and setup"
-	echo "but there is ONE MANUAL STEP LEFT!"
 
 	if [ "$DID_INSTALL_DIRENV" ]; then
 		echo "You had direnv already installed, if you've already configured it you can skip the last step"

scripts/docker-test-wrapper-zsh.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+# Mocking MacOS programs for linux based docker container 
+
+mkdir -p /tmp/test-metadata
+
+export TMPDIR="/tmp"
+export INSTALLER_EXTRA_ARGS="linux --init none"
+export SHELL="/bin/zsh"
+export NIX_FINAL_SSL_FILE="/etc/ssl/certs/ca-certificates.crt"
+
+echo '
+#!/bin/sh
+echo "dseditgroup ran with args: $@" > /tmp/test-metadata/dseditgroup.txt' | sudo tee -a /bin/dseditgroup
+sudo chmod a+x /bin/dseditgroup
+
+echo '
+#!/bin/sh
+echo "security ran with args: $@"' | sudo tee -a /bin/security
+sudo chmod a+x /bin/security
+
+# The below removes all sudo commands from install script
+# Required as the docker container runs as root and the docker container 
+# must be run as root because the nix installer only supports single user 
+# root installs in containers 
+sed -i 's/sudo / /g' ./scripts/bootstrap.sh 
+
+. ./scripts/bootstrap.sh

test/bootstrap-zsh.bats

@@ -0,0 +1,33 @@
+load "$DEVBOX_SHARE_DIR/bats/bats-support/load.bash"
+load "$DEVBOX_SHARE_DIR/bats/bats-assert/load.bash"
+
+@test "installed-nix" {
+	run which nix
+	test "$status" -eq 0
+}
+
+@test "installed-devbox" {
+	run which devbox
+	test "$status" -eq 0
+}
+
+@test "installed-direnv" {
+	run which direnv
+	test "$status" -eq 0
+}
+
+@test "direnv-integrated-to-zsh" {
+	run cat ~/.zshrc
+	assert_output --partial "export DIRENV_BIN="
+	assert_output --partial "eval \"\$(\$DIRENV_BIN hook zsh)\""
+	assert_output --partial "export NIX_SSL_CERT_FILE="
+}
+
+@test "direnv-configured-to-nix" {
+	run cat ~/.config/direnv/direnvrc
+	assert_output "source \$HOME/.nix-profile/share/nix-direnv/direnvrc"
+}
+
+@test "nix-ssl-cert-set" {
+	test -n $NIX_SSL_CERT_FILE
+}