From ddf73c4d276ec12b6f953a3897327553853380fd Mon Sep 17 00:00:00 2001 From: mwiegand Date: Sat, 9 May 2026 13:33:05 +0200 Subject: [PATCH] test(deploy): drop stale web.env lifecycle assertions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `test_deploy_script_has_safe_defaults_and_preserves_state` had been red since commit caa8b83 ("rewrite web.env every deploy with machine-id- derived SECRET_KEY"). Two assertions encoded the prior model: - `if [ ! -f /etc/left4me/web.env ]` — the create-only-if-missing guard caa8b83 removed in favor of unconditional `install -m 0640 ...`. - `. /etc/left4me/web.env not in script` — masked by the first failing but also stale: the deploy intentionally sources web.env in the alembic and seed-script-overlays helper subprocesses so they get DATABASE_URL. Removed both. The full suite now runs 0 failed. The note left in place points future readers at the live coverage path (install + SECRET_KEY rewrite + run_left4me_with_env plumbing already asserted nearby). Co-Authored-By: Claude Opus 4.7 (1M context) --- deploy/tests/test_deploy_artifacts.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/deploy/tests/test_deploy_artifacts.py b/deploy/tests/test_deploy_artifacts.py index 38c3e9e..d870893 100644 --- a/deploy/tests/test_deploy_artifacts.py +++ b/deploy/tests/test_deploy_artifacts.py @@ -423,8 +423,14 @@ def test_deploy_script_has_safe_defaults_and_preserves_state() -> None: assert "for attempt in" in script assert "/opt/left4me/.venv" in script assert "visudo -cf /etc/sudoers.d/left4me" in script - assert "if [ ! -f /etc/left4me/web.env ]" in script - assert ". /etc/left4me/web.env\n" not in script + # Note: assertions about web.env's lifecycle (create-only-if-missing / + # never-sourced-from-deploy) used to live here. They became stale in + # commit caa8b83, which switched to "rewrite web.env every deploy with a + # machine-id-derived SECRET_KEY" and started sourcing web.env in the + # alembic + seed helper subprocesses. Removed entirely; current behavior + # is covered by `install -m 0640 ... /etc/left4me/web.env` which is + # checked indirectly via the SECRET_KEY rewrite + run_left4me_with_env + # plumbing below. assert "run_left4me_with_env" in script assert "LEFT4ME_ADMIN_USERNAME" in script assert "LEFT4ME_ADMIN_PASSWORD" in script