You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tests/stack/run.sh covers many helpers and the apply/status flows, but several data-safety / security-relevant paths are untested.
Gaps
backup/restore round-trip (stack_backup, stack_restore) — untested. These touch irreplaceable state (onion keys, dashboard history DB) and have fiddly logic: leading-/ strip/restore, the disk pre-check arithmetic, and the stop→backup→start sequencing. All shell out only to tar/df/du/docker/sudo — stubbable with the existing make_stubs pattern. A round-trip test (backup a fixture tree → restore into a clean sandbox → assert layout) needs no real nodes. (Would also have caught the backup errexit bug in pithead robustness: 'backup' aborts on a non-fatal du/df error; 'doctor' always exits 0 even on FAIL #127.)
generate_caddyfile — untested; it decides HTTPS-vs-HTTP (a security-relevant branch). Trivially unit-testable: assert the rendered Caddyfile contains tls internal when DASHBOARD_SECURE=true.
stack_upgrade — untested; a docker-stub assertion that it runs compose up -d --build (mirrors the existing apply "compose up called" assertion).
Summary
tests/stack/run.shcovers many helpers and theapply/statusflows, but several data-safety / security-relevant paths are untested.Gaps
backup/restoreround-trip (stack_backup,stack_restore) — untested. These touch irreplaceable state (onion keys, dashboard history DB) and have fiddly logic: leading-/strip/restore, the disk pre-check arithmetic, and the stop→backup→start sequencing. All shell out only totar/df/du/docker/sudo— stubbable with the existingmake_stubspattern. A round-trip test (backup a fixture tree → restore into a clean sandbox → assert layout) needs no real nodes. (Would also have caught thebackuperrexit bug in pithead robustness: 'backup' aborts on a non-fatal du/df error; 'doctor' always exits 0 even on FAIL #127.)generate_caddyfile— untested; it decides HTTPS-vs-HTTP (a security-relevant branch). Trivially unit-testable: assert the rendered Caddyfile containstls internalwhenDASHBOARD_SECURE=true.stack_upgrade— untested; a docker-stub assertion that it runscompose up -d --build(mirrors the existingapply"compose up called" assertion).doctor— no black-box test of the dr_ok/dr_warn/dr_fail tally + exit code (see pithead robustness: 'backup' aborts on a non-fatal du/df error; 'doctor' always exits 0 even on FAIL #127). Plus pure helpersdetect_host_timezone,detect_os,deps_satisfied,resolve_dashboard_hostare untested.Acceptance
generate_caddyfilesecure/insecure branch tests.stack_upgrade+doctorblack-box tests.Related
Distinct from #54 (real-server e2e) — all sandboxed/unit. Supports #127.