unrip/test/deploy-workflow-static.test.mjs

import test from 'node:test';
import assert from 'node:assert/strict';
import { readFileSync } from 'node:fs';

const workflow = readFileSync(new URL('../.forgejo/workflows/deploy.yml', import.meta.url), 'utf8');
const forgejoBootstrap = readFileSync(new URL('../scripts/deploy/forgejo_repo_bootstrap.py', import.meta.url), 'utf8');

test('deploy workflow upserts dashboard password before applying public dashboard manifest', () => {
  assert.match(workflow, /name: Upsert runtime secrets/);
  assert.match(workflow, /OPERATOR_DASHBOARD_AUTH_PASSWORD: \$\{\{ secrets\.OPERATOR_DASHBOARD_AUTH_PASSWORD \}\}/);
  assert.match(workflow, /missing required repo action secret OPERATOR_DASHBOARD_AUTH_PASSWORD/);
  assert.match(workflow, /patch secret "\$\{PROJECT_NAME\}-secrets"/);
  assert.match(workflow, /--patch-file "\$patch_file"/);
});

test('Forgejo bootstrap can publish dashboard password as a repo action secret', () => {
  assert.match(forgejoBootstrap, /--operator-dashboard-auth-password/);
  assert.match(forgejoBootstrap, /OPERATOR_DASHBOARD_AUTH_PASSWORD/);
  assert.match(forgejoBootstrap, /upserted repo action secret OPERATOR_DASHBOARD_AUTH_PASSWORD/);
});