tftsr-devops_investigation/tests/unit/releaseWorkflowCrossPlatformArtifacts.test.ts

import { describe, expect, it } from "vitest";
import { readFileSync } from "node:fs";
import path from "node:path";

const autoTagWorkflowPath = path.resolve(
  process.cwd(),
  ".github/workflows/release.yml",
);

describe("auto-tag release cross-platform artifact handling", () => {
  it("overrides OpenSSL vendoring for windows-gnu cross builds", () => {
    const workflow = readFileSync(autoTagWorkflowPath, "utf-8");

    expect(workflow).toContain("OPENSSL_NO_VENDOR: \"0\"");
    expect(workflow).toContain("OPENSSL_STATIC: \"1\"");
  });

  it("fails linux uploads when no artifacts are found", () => {
    const workflow = readFileSync(autoTagWorkflowPath, "utf-8");

    expect(workflow).toContain("ERROR: No Linux amd64 artifacts found.");
    expect(workflow).toContain("ERROR: No Linux arm64 artifacts found.");
    expect(workflow).toContain("CI=true npx tauri build");
    expect(workflow).toContain("find src-tauri/target/aarch64-unknown-linux-gnu/release/bundle -type f");
    expect(workflow).toContain("CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc");
    expect(workflow).toContain("PKG_CONFIG_ALLOW_CROSS: \"1\"");
    expect(workflow).toContain("aarch64-unknown-linux-gnu");
  });

  it("fails windows uploads when no artifacts are found", () => {
    const workflow = readFileSync(autoTagWorkflowPath, "utf-8");

    expect(workflow).toContain("ERROR: No Windows amd64 artifacts found.");
  });

  it("replaces existing release assets before uploading reruns", () => {
    const workflow = readFileSync(autoTagWorkflowPath, "utf-8");

    expect(workflow).toContain("gh release delete-asset");
    expect(workflow).toContain("gh release upload");
    expect(workflow).toContain("linux-amd64-$(basename");
    expect(workflow).toContain("linux-arm64-$(basename");
  });

  it("uses pre-baked Ubuntu 22.04 cross-compiler image for arm64", () => {
    const workflow = readFileSync(autoTagWorkflowPath, "utf-8");

    // Multiarch ubuntu:22.04 + ports mirror setup moved to pre-baked image;
    // verify workflow references the correct image and cross-compile env vars.
    expect(workflow).toContain("trcaa-linux-arm64:rust1.88-node22");
    expect(workflow).toContain("CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc");
    expect(workflow).toContain("aarch64-unknown-linux-gnu");
  });
});
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00			`import { describe, expect, it } from "vitest";`
			`import { readFileSync } from "node:fs";`
			`import path from "node:path";`

refactor(ci): remove standalone release workflow Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline. Made-with: Cursor 2026-04-05 02:34:15 +00:00			`const autoTagWorkflowPath = path.resolve(`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00			`process.cwd(),`
feat: full copy from apollo_nxt-trcaa with complete sanitization Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-06-05 19:11:00 +00:00			`".github/workflows/release.yml",`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00			`);`

refactor(ci): remove standalone release workflow Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline. Made-with: Cursor 2026-04-05 02:34:15 +00:00			`describe("auto-tag release cross-platform artifact handling", () => {`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00			`it("overrides OpenSSL vendoring for windows-gnu cross builds", () => {`
refactor(ci): remove standalone release workflow Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline. Made-with: Cursor 2026-04-05 02:34:15 +00:00			`const workflow = readFileSync(autoTagWorkflowPath, "utf-8");`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00
			`expect(workflow).toContain("OPENSSL_NO_VENDOR: \"0\"");`
			`expect(workflow).toContain("OPENSSL_STATIC: \"1\"");`
			`});`

			`it("fails linux uploads when no artifacts are found", () => {`
refactor(ci): remove standalone release workflow Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline. Made-with: Cursor 2026-04-05 02:34:15 +00:00			`const workflow = readFileSync(autoTagWorkflowPath, "utf-8");`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00
feat: full copy from apollo_nxt-trcaa with complete sanitization Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-06-05 19:11:00 +00:00			`expect(workflow).toContain("ERROR: No Linux amd64 artifacts found.");`
			`expect(workflow).toContain("ERROR: No Linux arm64 artifacts found.");`
fix(ci): fix arm64 cross-compile, drop cargo install tauri-cli, move wiki-sync build-linux-arm64: switch from QEMU-emulated linux-arm64 runner to cross-compile on linux-amd64 using aarch64-linux-gnu toolchain. Removes the uname -m arch guard that was causing the job to exit immediately (QEMU reports x86_64 as kernel arch), and fixes the artifact path to the explicit target directory. All build jobs: replace `cargo install tauri-cli --locked` with `npx tauri build`, using the pre-compiled @tauri-apps/cli binary from devDependencies. Eliminates the 20-30 min Tauri CLI recompilation on every run. wiki-sync: move from test.yml to auto-tag.yml. test.yml only fires on pull_request events so the `if: github.ref == 'refs/heads/master'` guard was never true and the wiki was never updated. auto-tag.yml triggers on push to master, so wiki sync now runs on every merge. Update releaseWorkflowCrossPlatformArtifacts.test.ts to match the new workflow. 2026-04-05 15:33:49 +00:00			`expect(workflow).toContain("CI=true npx tauri build");`
			`expect(workflow).toContain("find src-tauri/target/aarch64-unknown-linux-gnu/release/bundle -type f");`
			`expect(workflow).toContain("CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc");`
			`expect(workflow).toContain("PKG_CONFIG_ALLOW_CROSS: \"1\"");`
			`expect(workflow).toContain("aarch64-unknown-linux-gnu");`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00			`});`
fix(ci): harden release asset uploads for reruns Make all release upload steps fail fast when expected artifacts are missing, replace existing same-name assets before uploading, and print HTTP/body details on upload failures so Linux/Windows publishing issues are diagnosable and reruns remain deterministic. Made-with: Cursor 2026-04-05 02:09:03 +00:00
			`it("fails windows uploads when no artifacts are found", () => {`
refactor(ci): remove standalone release workflow Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline. Made-with: Cursor 2026-04-05 02:34:15 +00:00			`const workflow = readFileSync(autoTagWorkflowPath, "utf-8");`
fix(ci): harden release asset uploads for reruns Make all release upload steps fail fast when expected artifacts are missing, replace existing same-name assets before uploading, and print HTTP/body details on upload failures so Linux/Windows publishing issues are diagnosable and reruns remain deterministic. Made-with: Cursor 2026-04-05 02:09:03 +00:00
feat: full copy from apollo_nxt-trcaa with complete sanitization Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-06-05 19:11:00 +00:00			`expect(workflow).toContain("ERROR: No Windows amd64 artifacts found.");`
fix(ci): harden release asset uploads for reruns Make all release upload steps fail fast when expected artifacts are missing, replace existing same-name assets before uploading, and print HTTP/body details on upload failures so Linux/Windows publishing issues are diagnosable and reruns remain deterministic. Made-with: Cursor 2026-04-05 02:09:03 +00:00			`});`

			`it("replaces existing release assets before uploading reruns", () => {`
refactor(ci): remove standalone release workflow Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline. Made-with: Cursor 2026-04-05 02:34:15 +00:00			`const workflow = readFileSync(autoTagWorkflowPath, "utf-8");`
fix(ci): harden release asset uploads for reruns Make all release upload steps fail fast when expected artifacts are missing, replace existing same-name assets before uploading, and print HTTP/body details on upload failures so Linux/Windows publishing issues are diagnosable and reruns remain deterministic. Made-with: Cursor 2026-04-05 02:09:03 +00:00
feat: full copy from apollo_nxt-trcaa with complete sanitization Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-06-05 19:11:00 +00:00			`expect(workflow).toContain("gh release delete-asset");`
			`expect(workflow).toContain("gh release upload");`
			`expect(workflow).toContain("linux-amd64-$(basename");`
			`expect(workflow).toContain("linux-arm64-$(basename");`
fix(ci): harden release asset uploads for reruns Make all release upload steps fail fast when expected artifacts are missing, replace existing same-name assets before uploading, and print HTTP/body details on upload failures so Linux/Windows publishing issues are diagnosable and reruns remain deterministic. Made-with: Cursor 2026-04-05 02:09:03 +00:00			`});`
fix(ci): switch build-linux-arm64 to Ubuntu 22.04 with ports mirror The Debian single-mirror multiarch approach causes irreconcilable apt dependency conflicts when both amd64 and arm64 point at the same repo: the binary-all index is duplicated and certain -dev package pairs lack Multi-Arch: same. This produces "held broken packages" regardless of sources.list tweaks. Ubuntu 22.04 routes arm64 through ports.ubuntu.com/ubuntu-ports, a separate mirror from archive.ubuntu.com (amd64). This eliminates all cross-arch index overlaps. Rust is installed via rustup since it is not pre-installed in the Ubuntu base image. libayatana-appindicator3-dev is dropped — no tray icon is used by this application. Co-Authored-By: fix/yaml-heredoc-indent <noreply@local> 2026-04-05 17:51:19 +00:00
fix(ci): resolve test.yml failures — Cargo.lock, updated test assertions Cargo.lock: - Commit the pre-existing version bump (0.1.0 → 0.2.50) so cargo --locked does not fail in CI; Cargo.toml already at 0.2.50 releaseWorkflowCrossPlatformArtifacts.test.ts: - Update test that previously checked for ubuntu:22.04 / ports mirror inline in auto-tag.yml; that setup moved to the pre-baked trcaa-linux-arm64 image so the test now verifies the image reference and cross-compile env vars instead ciDockerBuilders.test.ts: - Update test that checked for docker:24-cli; changed to alpine:latest + docker-cli to avoid act_runner v0.3.1 duplicate socket mount bug; negative assertion on docker:24-cli retained 2026-04-13 00:59:41 +00:00			`it("uses pre-baked Ubuntu 22.04 cross-compiler image for arm64", () => {`
fix(ci): switch build-linux-arm64 to Ubuntu 22.04 with ports mirror The Debian single-mirror multiarch approach causes irreconcilable apt dependency conflicts when both amd64 and arm64 point at the same repo: the binary-all index is duplicated and certain -dev package pairs lack Multi-Arch: same. This produces "held broken packages" regardless of sources.list tweaks. Ubuntu 22.04 routes arm64 through ports.ubuntu.com/ubuntu-ports, a separate mirror from archive.ubuntu.com (amd64). This eliminates all cross-arch index overlaps. Rust is installed via rustup since it is not pre-installed in the Ubuntu base image. libayatana-appindicator3-dev is dropped — no tray icon is used by this application. Co-Authored-By: fix/yaml-heredoc-indent <noreply@local> 2026-04-05 17:51:19 +00:00			`const workflow = readFileSync(autoTagWorkflowPath, "utf-8");`

fix(ci): resolve test.yml failures — Cargo.lock, updated test assertions Cargo.lock: - Commit the pre-existing version bump (0.1.0 → 0.2.50) so cargo --locked does not fail in CI; Cargo.toml already at 0.2.50 releaseWorkflowCrossPlatformArtifacts.test.ts: - Update test that previously checked for ubuntu:22.04 / ports mirror inline in auto-tag.yml; that setup moved to the pre-baked trcaa-linux-arm64 image so the test now verifies the image reference and cross-compile env vars instead ciDockerBuilders.test.ts: - Update test that checked for docker:24-cli; changed to alpine:latest + docker-cli to avoid act_runner v0.3.1 duplicate socket mount bug; negative assertion on docker:24-cli retained 2026-04-13 00:59:41 +00:00			`// Multiarch ubuntu:22.04 + ports mirror setup moved to pre-baked image;`
			`// verify workflow references the correct image and cross-compile env vars.`
			`expect(workflow).toContain("trcaa-linux-arm64:rust1.88-node22");`
			`expect(workflow).toContain("CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc");`
			`expect(workflow).toContain("aarch64-unknown-linux-gnu");`
fix(ci): switch build-linux-arm64 to Ubuntu 22.04 with ports mirror The Debian single-mirror multiarch approach causes irreconcilable apt dependency conflicts when both amd64 and arm64 point at the same repo: the binary-all index is duplicated and certain -dev package pairs lack Multi-Arch: same. This produces "held broken packages" regardless of sources.list tweaks. Ubuntu 22.04 routes arm64 through ports.ubuntu.com/ubuntu-ports, a separate mirror from archive.ubuntu.com (amd64). This eliminates all cross-arch index overlaps. Rust is installed via rustup since it is not pre-installed in the Ubuntu base image. libayatana-appindicator3-dev is dropped — no tray icon is used by this application. Co-Authored-By: fix/yaml-heredoc-indent <noreply@local> 2026-04-05 17:51:19 +00:00			`});`
fix(ci): make release artifacts reliable across platforms Override OpenSSL vendoring for the windows-gnu release build so cross-compiles no longer fail on pkg-config lookup, and fail fast when Linux release jobs produce no artifacts so incomplete releases are detected immediately. Made-with: Cursor 2026-04-05 00:53:40 +00:00			`});`