From 4aadaf874f5c1b5e166d6e7068b6898ffa3f40c6 Mon Sep 17 00:00:00 2001 From: Jake Coffman Date: Fri, 9 May 2025 13:39:38 -0500 Subject: [PATCH 1/2] test for Python cert failure --- testdata/scripts/pypi.txt | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 testdata/scripts/pypi.txt diff --git a/testdata/scripts/pypi.txt b/testdata/scripts/pypi.txt new file mode 100644 index 00000000..efcf1add --- /dev/null +++ b/testdata/scripts/pypi.txt @@ -0,0 +1,23 @@ +# this test verifies the certificate generated allows us to connect to pypi.org +exec docker build -qt pypi-updater . + +dependabot update go_modules dependabot/cli --updater-image pypi-updater +stderr '200 https://pypi.org:443/' + +exec docker rmi -f pypi-updater + +-- Dockerfile -- +FROM ubuntu:22.04 + +RUN apt-get update && apt-get install -y ca-certificates curl python3 python3-pip +RUN python3 -m pip install --upgrade pip && python3 -m pip install requests +RUN useradd dependabot && chgrp dependabot /etc/ssl/certs && chmod g+w /etc/ssl/certs +ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt + +COPY --chown=dependabot --chmod=755 run bin/run + +-- run -- +#!/usr/bin/env bash + +python3 --version +python3 -c 'import requests; requests.get("https://pypi.org")' From 371d1634a03ec5ea124cf55a67cc41c28c9a10dd Mon Sep 17 00:00:00 2001 From: Jake Coffman Date: Fri, 9 May 2025 13:56:37 -0500 Subject: [PATCH 2/2] fix test by breaking it --- testdata/scripts/pypi.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/scripts/pypi.txt b/testdata/scripts/pypi.txt index efcf1add..b92f5169 100644 --- a/testdata/scripts/pypi.txt +++ b/testdata/scripts/pypi.txt @@ -7,7 +7,7 @@ stderr '200 https://pypi.org:443/' exec docker rmi -f pypi-updater -- Dockerfile -- -FROM ubuntu:22.04 +FROM python:3.13-bookworm RUN apt-get update && apt-get install -y ca-certificates curl python3 python3-pip RUN python3 -m pip install --upgrade pip && python3 -m pip install requests