pyrox.dev
1import ./make-test-python.nix (
2 { pkgs, ... }:
3 let
4 dependencyTrackPort = 8081;
5 in
6 {
7 name = "dependency-track";
8 meta = {
9 maintainers = pkgs.lib.teams.cyberus.members;
10 };
11
12 nodes = {
13 server =
14 { pkgs, ... }:
15 {
16 virtualisation = {
17 cores = 2;
18 diskSize = 4096;
19 memorySize = 1024 * 2;
20 };
21
22 environment.systemPackages = with pkgs; [ curl ];
23 systemd.services.dependency-track = {
24 # source: https://github.com/DependencyTrack/dependency-track/blob/37e0ba59e8057c18a87a7a76e247a8f75677a56c/dev/scripts/data-nist-generate-dummy.sh
25 preStart = ''
26 set -euo pipefail
27
28 NIST_DIR="$HOME/.dependency-track/nist"
29
30 rm -rf "$NIST_DIR"
31 mkdir -p "$NIST_DIR"
32
33 for feed in $(seq "2024" "2002"); do
34 touch "$NIST_DIR/nvdcve-1.1-$feed.json.gz"
35 echo "9999999999999" > "$NIST_DIR/nvdcve-1.1-$feed.json.gz.ts"
36 done
37 '';
38 };
39 services.dependency-track = {
40 enable = true;
41 port = dependencyTrackPort;
42 nginx.domain = "localhost";
43 database.passwordFile = "${pkgs.writeText "dbPassword" ''hunter2'THE'''H''''E''}";
44 };
45 };
46 };
47
48 testScript =
49 # python
50 ''
51 import json
52
53 start_all()
54
55 server.wait_for_unit("dependency-track.service")
56 server.wait_until_succeeds(
57 "journalctl -o cat -u dependency-track.service | grep 'Dependency-Track is ready'"
58 )
59 server.wait_for_open_port(${toString dependencyTrackPort})
60
61 with subtest("version api returns correct version"):
62 version = json.loads(
63 server.succeed("curl http://localhost/api/version")
64 )
65 assert version["version"] == "${pkgs.dependency-track.version}"
66
67 with subtest("nginx serves frontend"):
68 server.succeed("curl http://localhost/ | grep \"<title>Dependency-Track</title>\"")
69 '';
70 }
71)