Address e2e suite failures

2026-05-26 12:10:49 +00:00 · 2026-05-12 10:33:26 +01:00 · 2026-05-12 10:33:26 +01:00 · 5f0ad7ecfd
commit 5f0ad7ecfd
parent e891d1a992
4 changed files with 165 additions and 105 deletions
--- a/test/e2e/rush.e2e.spec.js
+++ b/test/e2e/rush.e2e.spec.js
@ -1,14 +1,22 @@
 import { describe, it, before, beforeEach, afterEach } from "node:test";
 import { DockerTestContainer } from "./DockerTestContainer.js";
+import {
+  buildRushConfig,
+  resolveRushVersions,
+  writeTextFile,
+} from "./utils/rushtestutils.mjs";
 import assert from "node:assert";

+// These tests cover safe-chain's Rush wrapper: pre-scanning `rush add` and
+// blocking malicious packages downloaded during `rush update` via the MITM
+// proxy. They use a single Rush-internal package manager (pnpm) — see
+// `utils/rushtestutils.mjs` for why this suite isn't parameterised over the
+// CI matrix's NPM_VERSION/PNPM_VERSION/YARN_VERSION values.
+
 describe("E2E: rush coverage", () => {
  let container;
-  const packageManagerConfigs = [
-    { name: "pnpm", versionField: "pnpmVersion", version: "latest" },
-    { name: "yarn", versionField: "yarnVersion", version: "latest" },
-    { name: "npm", versionField: "npmVersion", version: "latest" },
-  ];
+  /** @type {{ rushVersion: string, pnpmVersion: string } | undefined} */
+  let resolvedVersions;

  before(async () => {
    DockerTestContainer.buildImage();
@ -20,7 +28,12 @@ describe("E2E: rush coverage", () => {

    const installationShell = await container.openShell("zsh");
    await installationShell.runCommand("safe-chain setup");
-    await setupRushWorkspace(installationShell);
+
+    if (!resolvedVersions) {
+      resolvedVersions = await resolveRushVersions(installationShell);
+    }
+
+    await setupRushWorkspace(installationShell, { resolvedVersions });
  });

  afterEach(async () => {
@ -71,80 +84,58 @@ describe("E2E: rush coverage", () => {
    );
  });

-  for (const packageManagerConfig of packageManagerConfigs) {
-    it(`safe-chain proxy blocks malicious package downloads during rush update with ${packageManagerConfig.name}`, async () => {
-      const shell = await container.openShell("zsh");
-      await setupRushWorkspace(shell, {
-        packageManagerConfig,
-        packageJson: `{
+  it("safe-chain proxy blocks malicious package downloads during rush update", async () => {
+    const shell = await container.openShell("zsh");
+    await setupRushWorkspace(shell, {
+      resolvedVersions,
+      packageJson: `{
  "name": "test-app",
  "version": "1.0.0",
  "dependencies": {
    "safe-chain-test": "0.0.1-security"
  }
 }`,
-      });
-
-      const result = await shell.runCommand("cd /testapp/apps/test-app && rush update");
-
-      assert.ok(
-        result.output.includes("blocked 1 malicious package downloads"),
-        `Output did not include expected text. Output was:\n${result.output}`
-      );
-      assert.ok(
-        result.output.includes("- safe-chain-test"),
-        `Output did not include expected text. Output was:\n${result.output}`
-      );
-      assert.ok(
-        result.output.includes("Exiting without installing malicious packages."),
-        `Output did not include expected text. Output was:\n${result.output}`
-      );
    });
-  }
+
+    const result = await shell.runCommand(
+      "cd /testapp/apps/test-app && rush update"
+    );
+
+    assert.ok(
+      result.output.includes("blocked 1 malicious package downloads"),
+      `Output did not include expected text. Output was:\n${result.output}`
+    );
+    assert.ok(
+      result.output.includes("- safe-chain-test"),
+      `Output did not include expected text. Output was:\n${result.output}`
+    );
+    assert.ok(
+      result.output.includes("Exiting without installing malicious packages."),
+      `Output did not include expected text. Output was:\n${result.output}`
+    );
+  });
 });

-async function setupRushWorkspace(shell, options = {}) {
-  const packageManagerConfig = options.packageManagerConfig ?? {
-    versionField: "pnpmVersion",
-    version: "11.0.6",
-  };
-  const packageJson = options.packageJson ?? `{
-  "name": "test-app",
-  "version": "1.0.0"
-}`;
-  const rushConfig = {
-    $schema: "https://developer.microsoft.com/json-schemas/rush/v5/rush.schema.json",
-    rushVersion: "5.175.1",
-    [packageManagerConfig.versionField]: packageManagerConfig.version,
-    nodeSupportedVersionRange: ">=18.0.0",
-    projectFolderMinDepth: 1,
-    projectFolderMaxDepth: 2,
-    gitPolicy: {},
-    repository: {
-      url: "https://example.com/testapp.git",
-      defaultBranch: "main",
-    },
-    eventHooks: {
-      preRushInstall: [],
-      postRushInstall: [],
-      preRushBuild: [],
-      postRushBuild: [],
-    },
-    projects: [
-      {
-        packageName: "test-app",
-        projectFolder: "apps/test-app",
-      },
-    ],
-  };
+async function setupRushWorkspace(shell, { resolvedVersions, packageJson }) {
+  const rushConfig = buildRushConfig({
+    rushVersion: resolvedVersions.rushVersion,
+    pnpmVersion: resolvedVersions.pnpmVersion,
+  });

  await shell.runCommand("rm -rf /testapp/common /testapp/apps/test-app");
  await shell.runCommand("mkdir -p /testapp/apps/test-app");
-  await writeTextFile(shell, "/testapp/rush.json", JSON.stringify(rushConfig, null, 2));
-  await writeTextFile(shell, "/testapp/apps/test-app/package.json", packageJson);
-}
-
-async function writeTextFile(shell, filePath, content) {
-  const encoded = Buffer.from(content).toString("base64");
-  await shell.runCommand(`printf '%s' '${encoded}' | base64 -d > ${filePath}`);
+  await writeTextFile(
+    shell,
+    "/testapp/rush.json",
+    JSON.stringify(rushConfig, null, 2)
+  );
+  await writeTextFile(
+    shell,
+    "/testapp/apps/test-app/package.json",
+    packageJson ??
+      `{
+  "name": "test-app",
+  "version": "1.0.0"
+}`
+  );
 }