innisfree 0.4.3

#!/usr/bin/env bash
#
# Wrapper for the `simple_http_server_is_remotely_accessible` integration
# test in `tests/integration_test.rs`. The test spawns `innisfree up`, which
# needs CAP_NET_ADMIN to bring up the userspace wireguard TUN. Rather than
# running the entire test suite as root, this wrapper builds the binary and
# applies the capabilities once via sudo, then invokes `cargo test` as the
# regular user.
#
# Set DIGITALOCEAN_API_TOKEN before running. Extra args are forwarded to
# `cargo test` after the `--ignored` separator (e.g. `--nocapture` is on by
# default; pass `--test-threads=1` to add more).
set -euo pipefail

cd "$(dirname "$0")/.."

if [ -z "${DIGITALOCEAN_API_TOKEN:-}" ]; then
    echo "ERROR: DIGITALOCEAN_API_TOKEN must be set" >&2
    exit 1
fi

if ! sudo -n echo hello > /dev/null 2>&1 ; then
  gum log --level warn "host machine requires sudo password to set CAP_NET_ADMIN on test binary"
  sudo -v
fi

# Compile the test artifacts — including the `innisfree` bin in its test-
# time feature configuration — without running them. `cargo test` adds
# dev-dependencies to the dependency graph, which can change the feature
# unification of upstream crates (notably `tokio`, which we union with
# `process` + `time` for the integration test). That changes the bin's
# build inputs, so a plain `cargo build` followed by `cargo test` would
# rebuild and replace the binary, dropping the file capabilities below.
# `--no-run` produces the exact same artifacts `cargo test` will use, so
# the subsequent setcap survives.
gum log --level debug "pre-building test binary..."
cargo test --no-run --features integration --test integration_test
gum log --level info "setting netadmin capability on test binary..."
sudo setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN=+ep target/debug/innisfree
exec cargo test --features integration --test integration_test -- --nocapture "$@"