From b902b5d046e7e3935c0d393100cbc34f45bf57c5 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Wed, 19 Oct 2016 08:41:05 -0700 Subject: [PATCH] Pixelrebel amc pr2654 (#18089) * Add tag verification test (ansible-modules-core PR 2654) * Fix typo * Use smaller repo for testing, add dependency control * Test is gpg exists before running git signing tasks * Correct the test conditionals so that gpg1 is tested --- test/integration/targets/git/tasks/main.yml | 59 +++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/test/integration/targets/git/tasks/main.yml b/test/integration/targets/git/tasks/main.yml index ec842c84078..452a23201bf 100644 --- a/test/integration/targets/git/tasks/main.yml +++ b/test/integration/targets/git/tasks/main.yml @@ -31,6 +31,7 @@ repo_update_url_1: 'https://github.com/ansible-test-robinro/git-test-old' repo_update_url_2: 'https://github.com/ansible-test-robinro/git-test-new' repo_depth_url: 'https://github.com/ansible-test-robinro/git-test-shallow-depth' + repo_verify: 'https://github.com/pixelrebel/ansible-git-test.git' known_host_files: - "{{ lookup('env','HOME') }}/.ssh/known_hosts" - '/etc/ssh/ssh_known_hosts' @@ -46,6 +47,10 @@ shell: git --version | grep 'git version' | sed 's/git version //' register: git_version +- name: get gpg version + shell: gpg --version 2>1 | head -1 | sed -e 's/gpg (GnuPG) //' + register: gpg_version + - name: set dummy git config shell: git config --global user.email "noreply@example.com"; git config --global user.name "Ansible Test Runner" @@ -659,3 +664,57 @@ - name: clear checkout_dir file: state=absent path={{ checkout_dir }} + + # Test for tag verification + # clone a repo checkout signed tag, verify tag + +- name: Import Jamie Evans GPG key + command: gpg --keyserver pgp.mit.edu --recv-key 61107C8E + when: > + not gpg_version.stderr and + gpg_version.stdout and + (git_version.stdout | version_compare("2.1.0", '>=') or + gpg_version.stdout | version_compare("1.4.16", '>=')) + +- name: Copy ownertrust + copy: "content='2D55902D66FEEBCEA4447C93E79A36DA61107C8E:6:\n' dest=/tmp/ownertrust-git.txt" + when: > + not gpg_version.stderr and + gpg_version.stdout and + (git_version.stdout | version_compare("2.1.0", '>=') or + gpg_version.stdout | version_compare("1.4.16", '>=')) + +- name: Import ownertrust + command: gpg --import-ownertrust /tmp/ownertrust-git.txt + when: > + not gpg_version.stderr and + gpg_version.stdout and + (git_version.stdout | version_compare("2.1.0", '>=') or + gpg_version.stdout | version_compare("1.4.16", '>=')) + +- name: Clone signed repo and verify tag + git: repo={{ repo_verify }} dest={{ checkout_dir }} version=v0.0 verify_commit=yes + when: > + not gpg_version.stderr and + gpg_version.stdout and + (git_version.stdout | version_compare("2.1.0", '>=') or + gpg_version.stdout | version_compare("1.4.16", '>=')) + +- name: Remove Jamie Evans GPG key + command: gpg --batch --yes --delete-key 61107C8E + when: > + not gpg_version.stderr and + gpg_version.stdout and + (git_version.stdout | version_compare("2.1.0", '>=') or + gpg_version.stdout | version_compare("1.4.16", '>=')) + +- name: Clean up files + file: path="{{ item }}" state=absent + with_items: + - "{{ checkout_dir }}" + - /tmp/ownertrust-git.txt + when: > + not gpg_version.stderr and + gpg_version.stdout and + (git_version.stdout | version_compare("2.1.0", '>=') or + gpg_version.stdout | version_compare("1.4.16", '>='))