test(quickscope): add integration test

Author: user

.github/workflows/pull-request.yml

@@ -0,0 +1,66 @@
+name: Pull Request
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  quickscope:
+    name: quickscope
+    runs-on: ubuntu-latest
+    outputs:
+      result: ${{ steps.test.outputs.result }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Build quickscope
+        working-directory: quickscope
+        run: |
+          docker pull eclipse-temurin:21-alpine
+          docker build -t quickscope .
+
+      - name: Run integration test
+        id: test
+        working-directory: quickscope
+        run: |
+          result=$(./integration/integration.sh | tee /dev/stderr | tail -n1)
+          echo "result=$result" >> $GITHUB_OUTPUT
+
+      - name: Upload new diff
+        uses: actions/upload-artifact@v4
+        with:
+          name: quickscope-new
+          path: ./quickscope/integration/new.diff
+
+      - name: Upload integration diff
+        uses: actions/upload-artifact@v4
+        with:
+          name: quickscope-integration
+          path: ./quickscope/integration/integration.diff
+
+  comment:
+    name: Comment integration
+    needs: quickscope
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Post comment
+        env:
+          PR_C_REPO: ${{ github.repository }}
+          PR_C_NUMBER: ${{ github.event.pull_request.number }}
+          PR_C_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_QS_DIFF: ${{ needs.quickscope.outputs.result }}
+        run: .internal/ci/comment-integration.sh

.gitignore

@@ -1,4 +1,6 @@
 KEYS
 env
 .env
-*.swp
+*.swp
+new.diff
+integration.diff

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/pentext"]
+	path = lib/pentext
+	url = https://github.com/radicallyopensecurity/pentext.git

.internal/ci/comment-integration.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -e
+
+artifacts_root="https://github.com/$PR_C_REPO/actions/runs/$GITHUB_RUN_ID"
+
+artifacts_url="https://api.github.com/repos/$PR_C_REPO/actions/runs/$GITHUB_RUN_ID/artifacts"
+artifacts_json=$(curl -s -H "Authorization: token $PR_C_TOKEN" "$artifacts_url")
+
+new_url=$(echo "$artifacts_json" | jq -r '.artifacts[] | select(.name=="quickscope-new") | .archive_download_url')
+integration_url=$(echo "$artifacts_json" | jq -r '.artifacts[] | select(.name=="quickscope-integration") | .archive_download_url')
+
+if [ "$PR_QS_DIFF" = "true" ]; then
+  body="# Quickscope
+
+Found diff. Please check the diffs:
+
+- [current.diff](https://github.com/$PR_C_REPO/blob/${GITHUB_SHA}/quickscope/integration/current.diff)
+- [new.diff]($new_url)
+- [integration.diff]($integration_url)"
+else
+  body="# Quickscope
+
+No diff found."
+fi
+
+curl -s -H "Authorization: token $PR_C_TOKEN" \
+     -H "Content-Type: application/json" \
+     -d "$(jq -nc --arg body "$body" '{body: $body}')" \
+     "https://api.github.com/repos/$PR_C_REPO/issues/$PR_C_NUMBER/comments"

lib/pentext

@@ -0,0 +1,61 @@
+diff -ruN /home/user/git/pentext-docker/quickscope/integration/tmp/source/test-remote.git/source/offerte.xml /home/user/git/pentext-docker/quickscope/integration/tmp/remote/test-remote.git/source/offerte.xml
+--- /home/user/git/pentext-docker/quickscope/integration/tmp/source/test-remote.git/source/offerte.xml	1970-01-01 01:00:00.000000000 +0100
++++ /home/user/git/pentext-docker/quickscope/integration/tmp/remote/test-remote.git/source/offerte.xml	2025-09-25 00:48:52.129967308 +0200
+@@ -0,0 +1,57 @@
++<?xml version="1.0" encoding="UTF-8"?>
++<offerte xmlns:xi="http://www.w3.org/2001/XInclude"
++         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
++         xsi:noNamespaceSchemaLocation="../dtd/offerte.xsd"
++         xml:lang="en"><!--document meta information; to be filled in by the offerte writer-->
++   <meta>
++      <title>Quote</title>
++      <offered_service_long>penetration testing services</offered_service_long>
++      <!--if there is a shorter way of saying the same thing, you can type it here (it makes for more dynamic offerte text). If not, just repeat the long name.-->
++      <offered_service_short>penetration test</offered_service_short>
++      <xi:include href="snippets/company_info.xml"/>
++      <targets><!--one target element per target-->
++         <target/>
++         <target/>
++      </targets>
++      <permission_parties>
++         <xi:include href="client_info.xml"/>
++      </permission_parties>
++      <activityinfo>
++         <persondays>0</persondays>
++         <!--duration of pentest, in persondays-->
++         <planning>
++            <start>YYYY-MM-DD</start>
++            <end>TBD</end>
++         </planning>
++         <!--start and end dates, in ISO format: 'YYYY-MM-DD' - or 'TBD'-->
++         <report_due>TBD</report_due>
++         <!--date or date range in text, e.g. May 18th until May 25th, 2024-->
++         <nature>time-boxed</nature>
++         <type>crystal-box</type>
++         <!--please choose one of the following: black-box, grey-box, crystal-box-->
++         <fee denomination="eur">0</fee>
++         <!--(eur|usd|gbp)-->
++         <xi:include href="servicebreakdown.xml"/>
++      </activityinfo>
++      <version_history><!--needed for date on frontpage and in signature boxes; it is possible to add a new <version> after each review; in that case, make sure to update the date/time-->
++         <version number="auto" date="2025-09-24T10:00:00"><!--actual date-time here; you can leave the number attribute alone-->
++            <v_author>ROS Writer</v_author>
++            <!--name of the author here; for internal use only-->
++            <v_description>Initial draft</v_description>
++            <!--for internal use only-->
++         </version>
++      </version_history>
++   </meta>
++   <xi:include href="snippets/offerte/en/introandscope.xml"/>
++   <xi:include href="snippets/offerte/en/projectoverview.xml"/>
++   <xi:include href="snippets/offerte/en/prerequisites.xml"/>
++   <xi:include href="snippets/offerte/en/disclaimer.xml"/>
++   <xi:include href="snippets/offerte/en/methodology.xml"/>
++   <xi:include href="snippets/offerte/en/additional-code-audit_methodology.xml"/>
++   <xi:include href="snippets/offerte/en/teamandreporting.xml"/>
++   <xi:include href="snippets/offerte/en/planningandpayment.xml"/>
++   <xi:include href="snippets/offerte/en/aboutus.xml"/>
++   <xi:include href="snippets/offerte/en/conditions.xml"/>
++   <xi:include href="snippets/offerte/en/generaltermsandconditions.xml"/>
++   <xi:include href="snippets/offerte/en/waiver.xml"/>
++</offerte>

quickscope/integration/current.diff

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -e
+
+GIT_USER=CI
+GIT_PASS=dummy
+REPO_NAME=test-remote.git
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+TMPDIR="$SCRIPT_DIR/tmp"
+REMOTE="$TMPDIR/remote"
+SOURCE="$TMPDIR/source"
+
+echo "* Preparing tmp dirs"
+rm -rf "$TMPDIR"
+mkdir -p "$REMOTE" "$SOURCE"
+
+echo "* Cloning test repo into remote"
+git -C "$SCRIPT_DIR/../../lib/pentext" \
+  clone . "$REMOTE/$REPO_NAME"
+
+echo "* Starting git-http-backend container"
+docker rm -f git-http-backend 2>/dev/null || true
+docker run -d --name git-http-backend \
+  -u $(id -u):$(id -g) \
+  -v "$REMOTE":/var/gerrit/git \
+  k8sgerrit/apache-git-http-backend:v0.1-791-gda829e467a-3.12.2-965-g6ae725f802
+
+docker exec -u 0 git-http-backend mkdir -p /var/apache/credentials
+docker exec -u 0 git-http-backend htpasswd -b -B -c /var/apache/credentials/.htpasswd "$GIT_USER" "$GIT_PASS"
+
+echo "* Running quickscope"
+docker run --rm --name quickscope \
+  --link git-http-backend \
+  -e GIT_SSL_NO_VERIFY=true \
+  -e SERVER_PROTOCOL=http \
+  -e CI_PROJECT_DIR=/usr/local/src/repo \
+  -e CI_SERVER_HOST=git-http-backend:8080 \
+  -e CI_PROJECT_PATH=$REPO_NAME \
+  -e CI_DEFAULT_BRANCH=main \
+  -e PROJECT_ACCESS_TOKEN=$GIT_PASS \
+  -v "$REMOTE/$REPO_NAME":/usr/local/src/repo \
+  --entrypoint ash \
+  quickscope:latest \
+  -c "git config --global --add safe.directory /usr/local/src/repo && exec /scripts/quickscope2off.sh"
+
+echo "* Preparing for diff"
+git -C "$SCRIPT_DIR/../../lib/pentext" \
+  clone . "$SOURCE/$REPO_NAME"
+docker exec -u 0 git-http-backend rm -rf "/var/gerrit/git/$REPO_NAME/.git"
+rm -rf "$SOURCE/$REPO_NAME/.git"
+
+echo "* Creating new diff"
+diff -ruN "$SOURCE/$REPO_NAME" "$REMOTE/$REPO_NAME" > "$SCRIPT_DIR/new.diff" || true
+
+echo "* Diffing with current"
+diff -u \
+  <(sed -E 's/^(---|\+\+\+) ([^[:space:]]+).*/\1 \2/' "$SCRIPT_DIR/current.diff") \
+  <(sed -E 's/^(---|\+\+\+) ([^[:space:]]+).*/\1 \2/' "$SCRIPT_DIR/new.diff") \
+  > "$SCRIPT_DIR/integration.diff" || true
+
+echo "* Cleaning up"
+docker rm -f git-http-backend || true
+rm -rf "$TMPDIR"
+
+echo "* Found diff?"
+if [ -s "$SCRIPT_DIR/integration.diff" ]; then
+  echo "true"
+else
+  echo "false"
+fi

quickscope/integration/integration.sh

@@ -1,4 +1,5 @@
-#!/bin/sh
+#!/usr/bin/env bash
+
 set -e
 cd "$CI_PROJECT_DIR"
 
@@ -11,6 +12,6 @@ git commit -m "convert pentext quickscope to offerte"
 git remote -v
 
 git remote rm origin
-git remote add origin "https://CI:${PROJECT_ACCESS_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}"
+git remote add origin "${SERVER_PROTOCOL:-https}://CI:${PROJECT_ACCESS_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}"
 
 git push origin HEAD:${CI_DEFAULT_BRANCH}