feat: add e2e container test harness

Implements spec docs/specs/2026-03-30-e2e-container-tests.md: - 5 Containerfiles (ubuntu, debian, fedora, alpine, arch) - test/e2e.sh runner with --runtime, --rebuild, single-distro mode - tmux-based interactive tests (full accept, safety gate decline, signing generate, signing skip) - All scripts pass shellcheck Closes: #18, #19, #20 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-31 11:30:40 +02:00
parent 2ff3a1a56c
commit f1b9d0183d
12 changed files with 796 additions and 0 deletions
--- a/test/interactive/test-signing-generate.sh
+++ b/test/interactive/test-signing-generate.sh
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+# Interactive test: generate ed25519 key via signing wizard
+# Verifies: key created, user.signingkey configured, commit.gpgsign=true
+
+set -o errexit
+set -o nounset
+set -o pipefail
+IFS=$'\n\t'
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+# shellcheck source=helpers.sh
+source "${SCRIPT_DIR}/helpers.sh"
+
+main() {
+    trap cleanup EXIT
+
+    printf 'Test: Signing wizard - generate ed25519 key\n' >&2
+
+    # Ensure no existing keys
+    rm -f "${HOME}/.ssh/id_ed25519" "${HOME}/.ssh/id_ed25519.pub"
+
+    start_session
+
+    # Safety review gate
+    wait_for "reviewed this script"
+    send "y" Enter
+
+    # Proceed with hardening
+    wait_for "Proceed with hardening"
+    send "y" Enter
+
+    # Accept settings until signing wizard
+    local pane_content
+    for _ in $(seq 1 30); do
+        sleep 0.3
+        pane_content="$(tmux capture-pane -t "$TMUX_SESSION" -p 2>/dev/null || true)"
+        if printf '%s' "$pane_content" | grep -qF "Signing key options"; then
+            break
+        fi
+        if printf '%s' "$pane_content" | grep -qF "Hardening complete"; then
+            break
+        fi
+        send "y" Enter
+    done
+
+    # Signing wizard — option 1: generate ed25519
+    wait_for "Signing key options" 15
+    send "1" Enter
+
+    # ssh-keygen prompts for passphrase — enter empty twice
+    wait_for "Enter passphrase" 10
+    send "" Enter
+    wait_for "Enter same passphrase" 10
+    send "" Enter
+
+    # Wait for completion
+    sleep 3
+    capture_output >/dev/null 2>&1 || true
+
+    # Verify key exists
+    if [ -f "${HOME}/.ssh/id_ed25519.pub" ]; then
+        pass "Key generated: ~/.ssh/id_ed25519.pub exists"
+    else
+        fail "Key not generated"
+        exit 1
+    fi
+
+    # Verify signing key configured
+    local signing_key
+    signing_key="$(git config --global --get user.signingkey 2>/dev/null || true)"
+    if [ -n "$signing_key" ]; then
+        pass "user.signingkey configured: ${signing_key}"
+    else
+        fail "user.signingkey not configured"
+        exit 1
+    fi
+
+    # Verify gpgsign enabled
+    local gpgsign
+    gpgsign="$(git config --global --get commit.gpgsign 2>/dev/null || true)"
+    if [ "$gpgsign" = "true" ]; then
+        pass "commit.gpgsign=true"
+    else
+        fail "commit.gpgsign not set"
+        exit 1
+    fi
+}
+
+main