Merge pull request 'CI: run pytest and coverage tests inside ephemeral VM in the "builder" VM (nested)' (#103) from ci-vm-for-pytest into master

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/103 Reviewed-by: houkime <houkime@protonmail.com>
2025-01-24 17:56:44 +00:00 · 2024-03-18 12:07:54 +02:00 · 2024-03-18 12:07:54 +02:00 · 962e8d5ca7
parent edcc7860e4 5e29816c84
commit 962e8d5ca7
6 changed files with 17 additions and 25 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -5,18 +5,11 @@ name: default
 steps:
 - name: Run Tests and Generate Coverage Report
  commands:
-  - kill $(ps aux | grep 'redis-server 127.0.0.1:6389' | awk '{print $2}') || true
+  - nix flake check -L
  - redis-server --bind 127.0.0.1 --port 6389 >/dev/null &
  # We do not care about persistance on CI
  - sleep 10
  - redis-cli -h 127.0.0.1 -p 6389 config set stop-writes-on-bgsave-error no
  - coverage run -m pytest -q
  - coverage xml
  - sonar-scanner -Dsonar.projectKey=SelfPrivacy-REST-API -Dsonar.sources=. -Dsonar.host.url=http://analyzer.lan:9000 -Dsonar.login="$SONARQUBE_TOKEN"
  environment:
    SONARQUBE_TOKEN:
      from_secret: SONARQUBE_TOKEN
    USE_REDIS_PORT: 6389
 - name: Run Bandit Checks
--- a/flake.nix
+++ b/flake.nix
@ -135,7 +135,6 @@
              services.redis.servers.sp-api = {
                enable = true;
                save = [ ];
                port = 6379; # FIXME
                settings.notify-keyspace-events = "KEA";
              };
              environment.systemPackages = with pkgs; [
--- a/selfprivacy_api/repositories/tokens/redis_tokens_repository.py
+++ b/selfprivacy_api/repositories/tokens/redis_tokens_repository.py
@ -30,7 +30,7 @@ class RedisTokensRepository(AbstractTokensRepository):
    @staticmethod
    def token_key_for_device(device_name: str):
-        md5_hash = md5()
+        md5_hash = md5(usedforsecurity=False)
        md5_hash.update(bytes(device_name, "utf-8"))
        digest = md5_hash.hexdigest()
        return TOKENS_PREFIX + digest
--- a/tests/common.py
+++ b/tests/common.py
@ -7,16 +7,16 @@ RECOVERY_KEY_VALIDATION_DATETIME = "selfprivacy_api.models.tokens.time.datetime"
 DEVICE_KEY_VALIDATION_DATETIME = RECOVERY_KEY_VALIDATION_DATETIME
-def ten_minutes_into_future_naive():
+def ten_hours_into_future_naive():
-    return datetime.now() + timedelta(minutes=10)
+    return datetime.now() + timedelta(hours=10)
-def ten_minutes_into_future_naive_utc():
+def ten_hours_into_future_naive_utc():
-    return datetime.utcnow() + timedelta(minutes=10)
+    return datetime.utcnow() + timedelta(hours=10)
-def ten_minutes_into_future():
+def ten_hours_into_future():
-    return datetime.now(timezone.utc) + timedelta(minutes=10)
+    return datetime.now(timezone.utc) + timedelta(hours=10)
 def ten_minutes_into_past_naive():
@ -34,11 +34,11 @@ def ten_minutes_into_past():
 class NearFuture(datetime):
    @classmethod
    def now(cls, tz=None):
-        return datetime.now(tz) + timedelta(minutes=13)
+        return datetime.now(tz) + timedelta(hours=13)
    @classmethod
    def utcnow(cls):
-        return datetime.utcnow() + timedelta(minutes=13)
+        return datetime.utcnow() + timedelta(hours=13)
 def read_json(file_path):
--- a/tests/test_graphql/test_api_recovery.py
+++ b/tests/test_graphql/test_api_recovery.py
@ -14,9 +14,9 @@ from tests.common import (
 )
 # Graphql API's output should be timezone-naive
-from tests.common import ten_minutes_into_future_naive_utc as ten_minutes_into_future
+from tests.common import ten_hours_into_future_naive_utc as ten_hours_into_future
-from tests.common import ten_minutes_into_future as ten_minutes_into_future_tz
+from tests.common import ten_hours_into_future as ten_hours_into_future_tz
-from tests.common import ten_minutes_into_past_naive_utc as ten_minutes_into_past
+from tests.common import ten_minutes_into_past_naive_utc as ten_hours_into_past
 from tests.test_graphql.common import (
    assert_empty,
@ -168,7 +168,7 @@ def test_graphql_generate_recovery_key(client, authorized_client):
@pytest.mark.parametrize(
-    "expiration_date", [ten_minutes_into_future(), ten_minutes_into_future_tz()]
+    "expiration_date", [ten_hours_into_future(), ten_hours_into_future_tz()]
 )
 def test_graphql_generate_recovery_key_with_expiration_date(
    client, authorized_client, expiration_date: datetime
@ -193,7 +193,7 @@ def test_graphql_generate_recovery_key_with_expiration_date(
 def test_graphql_use_recovery_key_after_expiration(client, authorized_client, mocker):
-    expiration_date = ten_minutes_into_future()
+    expiration_date = ten_hours_into_future()
    key = graphql_make_new_recovery_key(authorized_client, expires_at=expiration_date)
    # Timewarp to after it expires
@ -219,7 +219,7 @@ def test_graphql_use_recovery_key_after_expiration(client, authorized_client, mo
 def test_graphql_generate_recovery_key_with_expiration_in_the_past(authorized_client):
-    expiration_date = ten_minutes_into_past()
+    expiration_date = ten_hours_into_past()
    response = request_make_new_recovery_key(
        authorized_client, expires_at=expiration_date
    )
--- a/tests/test_repository/test_tokens_repository.py
+++ b/tests/test_repository/test_tokens_repository.py
@ -24,7 +24,7 @@ from selfprivacy_api.repositories.tokens.abstract_tokens_repository import (
    AbstractTokensRepository,
 )
-from tests.common import ten_minutes_into_past, ten_minutes_into_future
+from tests.common import ten_minutes_into_past, ten_hours_into_future
 ORIGINAL_DEVICE_NAMES = [