VERSION 0.8

test-rsa-only:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=false \
        --USER_RSA=true \
        --USER_ED25519=false
    ENV BUILDKIT_DEBUG_GIT=1 # TODO: remove this? it's here for debugging.
    RUN echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# next validate ssh is working
ssh git@git.example.com | grep \"Hi git! You've successfully authenticated, but you get no shellz\"

# test the clone can work (unsure if we should merge this, or merge it commented out -- it's useful if you need to debug something, but makes test runs longer)
git clone git@git.example.com:testuser/repo.git therepo1
ls -la therepo1
rm -rf therepo1

git clone ssh://git@git.example.com/~/testuser/repo.git therepo2
ls -la therepo2
rm -rf therepo2

git clone ssh://git@git.example.com/testuser/repo.git therepo3
ls -la therepo3
rm -rf therepo3

# finally perform earthly tests
earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-ed25519-only:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=false \
        --SSHD_ED25519=true \
        --USER_RSA=false \
        --USER_ED25519=true
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-ed25519-key
ssh-add -l

# next validate ssh is working
ssh git@git.example.com | grep \"Hi git! You've successfully authenticated, but you get no shellz\"

# finally perform earthly tests
earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-server-both-user-rsa-only:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# next validate ssh is working
ssh git@git.example.com | grep \"Hi git! You've successfully authenticated, but you get no shellz\"

# finally perform earthly tests
earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-server-both-with-missing-keyscan:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# Clear out known_hosts
> ~/.ssh/known_hosts

if earthly --config \$earthly_config --verbose -D +test > output.txt 2>&1; then
    cat output.txt
    echo \"expected earthly failure, but got clean exit code instead\" && exit 1
fi
cat output.txt | grep 'no known_hosts entries found for git.example.com; falling back to https'

if earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello > output.txt 2>&1; then
    cat output.txt
    echo \"expected earthly failure, but got clean exit code instead\" && exit 1
fi
cat output.txt | grep 'no known_hosts entries found for git.example.com; falling back to https'
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-server-both-with-only-rsa-keyscan:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# limit known_hosts to ssh-rsa only
cp ~/.ssh/known_hosts /tmp/known_hosts.old
cat /tmp/known_hosts.old | grep ssh-rsa > ~/.ssh/known_hosts
cat ~/.ssh/known_hosts

earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-server-both-with-only-ed25519-keyscan:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# limit known_hosts to ssh-ed25519 only
cp ~/.ssh/known_hosts /tmp/known_hosts.old
cat /tmp/known_hosts.old | grep ssh-ed25519 > ~/.ssh/known_hosts
cat ~/.ssh/known_hosts

earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-configured-ssh-no-keyscan:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# Clear out known_hosts
> ~/.ssh/known_hosts

# Setup auth to be ssh; disallowing https-fallback.
earthly --config \$earthly_config config 'git.\"git.example.com\"' '{\"auth\": \"ssh\", \"user\": \"git\"}'

if earthly --config \$earthly_config --verbose -D +test > output.txt 2>&1; then
    cat output.txt
    echo \"expected earthly failure, but got clean exit code instead\" && exit 1
fi

if earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello > output.txt 2>&1; then
    cat output.txt
    echo \"expected earthly failure, but got clean exit code instead\" && exit 1
fi

# Next configure earthly to allow unknown hosts (insecure!)
earthly --config \$earthly_config config 'git.\"git.example.com\"' '{\"auth\": \"ssh\", \"user\": \"git\", \"strict_host_key_checking\": false}'

# earthly should now be able to clone these even though no known_hosts entry exists
earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-server-with-unhashed-keyscan:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# first check that known_hosts are hashed (hashed entries start with |1|)
cat ~/.ssh/known_hosts | awk '{print \$1}' | grep '|1|'

# convert hashed hostnames into unhashed hostnames
cp ~/.ssh/known_hosts /tmp/known_hosts.old
cat /tmp/known_hosts.old | awk '{printf \"git.example.com %s %s\\n\", \$2, \$3}' > ~/.ssh/known_hosts

earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo:main+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-private-ssh.earth --exec_cmd=/tmp/test-earthly-script

test-with-custom-matcher:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# Clear out known_hosts
mv ~/.ssh/known_hosts /tmp/known_hosts.old

# Setup auth to be ssh; with custom pattern/sub that converts `funnyserver/repo` to `ssh://git@git.example.com:22/home/git/testuser/repo.git`
earthly --config \$earthly_config config 'git.\"git.example.com\"' '{\"auth\": \"ssh\", \"user\": \"git\", \"pattern\": \"funnyserver/([^/]+)\", \"substitute\": \"ssh://git@git.example.com:22/home/git/testuser/\$1.git\"}'
cat \$earthly_config

if earthly --config \$earthly_config --verbose -D +test > output.txt 2>&1; then
    cat output.txt
    echo \"expected earthly failure, but got clean exit code instead\" && exit 1
fi

if earthly --config \$earthly_config --verbose -D funnyserver/repo:main+hello > output.txt 2>&1; then
    cat output.txt
    echo \"expected earthly failure, but got clean exit code instead\" && exit 1
fi

# restore known_hosts
mv /tmp/known_hosts.old ~/.ssh/known_hosts

# earthly should now be able to clone these even though no known_hosts entry exists
earthly --config \$earthly_config --verbose -D +test 2>&1 | tee output.txt
cat output.txt | grep $(echo MTIzM2MwODQtNGNmNS00Nzk3LWE0YzUtZWI2NTM1NGVlN2Vl | base64 -d)

earthly --config \$earthly_config --verbose -D funnyserver/repo:main+hello 2>&1 | tee output.txt
cat output.txt | grep $(echo MTIzM2MwODQtNGNmNS00Nzk3LWE0YzUtZWI2NTM1NGVlN2Vl | base64 -d)
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=from-funnyserver.earth --exec_cmd=/tmp/test-earthly-script

test-git-clone-command-with-custom-matcher:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# Setup auth to be ssh; with custom pattern/sub that converts `funnyserver/repo` to `ssh://git@git.example.com:22/home/git/testuser/repo.git`
#earthly --config \$earthly_config config 'git.\"git.example.com\"' '{\"auth\": \"ssh\", \"user\": \"git\", \"pattern\": \"funnyserver/([^/]+)\", \"substitute\": \"ssh://git@git.example.com:22/home/git/testuser/\$1.git\"}'
#cat \$earthly_config

# call target which performs a git-clone
(set +e; earthly --config \$earthly_config --verbose -D +test 2>&1; echo \"\$?\" > status) | tee output.txt
test \"\$(cat status)\" = \"0\"
grep 57043e67e8ad8367799dd70c5f78ff42 output.txt
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-funnyserver.earth --exec_cmd=/tmp/test-earthly-script

test-custom-matcher-non-standard-port-and-no-host-checking:
    FROM --pass-args ./setup+server \
        --SSHD_RSA=true \
        --SSHD_ED25519=true \
        --USER_RSA=true \
        --USER_ED25519=false \
        --SSH_PORT=2244
    RUN --no-cache echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 git.example.com
ping -c 1 buildkitsandbox

# load in preauthorized key
eval \$(ssh-agent)
ssh-add /root/self-hosted-rsa-key
ssh-add -l

# Setup auth to be ssh on non-standard port, and disable host checking
earthly --config \$earthly_config config 'git.\"git.example.com\"' '{\"auth\": \"ssh\", \"user\": \"git\", \"port\": 2244, \"strict_host_key_checking\": false}'
cat \$earthly_config

# call target which performs a git-clone
(set +e; earthly --config \$earthly_config --verbose -D +test-abs-path 2>&1; echo \"\$?\" > status) | tee output.txt
test \"\$(cat status)\" = \"0\"
grep 57043e67e8ad8367799dd70c5f78ff42 output.txt

# next, change config to reflect git repos that use relative paths and require a prefix
earthly --config \$earthly_config config 'git.\"git.example.com\"' '{\"auth\": \"ssh\", \"user\": \"git\", \"port\": 2244, \"prefix\": \"~/\", \"strict_host_key_checking\": false}'
cat \$earthly_config
(set +e; earthly --config \$earthly_config --verbose -D +test-rel-path 2>&1; echo \"\$?\" > status) | tee output2.txt
test \"\$(cat status)\" = \"0\"
grep 57043e67e8ad8367799dd70c5f78ff42 output2.txt

# finally make sure we can reference it remotely via the cli
earthly --config \$earthly_config --verbose -D git.example.com/testuser/repo+hello
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script
    DO --pass-args +RUN_EARTHLY_ARGS --pre_command=start-sshd --earthfile=git-clone-self-hosted.earth --exec_cmd=/tmp/test-earthly-script


all:
    BUILD +test-rsa-only
    BUILD +test-ed25519-only
    BUILD +test-server-both-user-rsa-only
    BUILD +test-server-both-with-missing-keyscan
    BUILD +test-server-both-with-only-rsa-keyscan
    BUILD +test-server-both-with-only-ed25519-keyscan
    BUILD +test-configured-ssh-no-keyscan
    BUILD +test-server-with-unhashed-keyscan
    BUILD +test-with-custom-matcher
    BUILD +test-git-clone-command-with-custom-matcher
    BUILD +test-custom-matcher-non-standard-port-and-no-host-checking

RUN_EARTHLY_ARGS:
    FUNCTION
    ARG earthfile
    ARG pre_command
    ARG exec_cmd
    DO ..+RUN_EARTHLY \
        --earthfile=$earthfile \
        --pre_command=$pre_command \
        --exec_cmd=$exec_cmd
