wails-release/internal/notarize/notarize_test.go

package notarize_test

import (
	"context"
	"errors"
	"reflect"
	"strings"
	"testing"

	"lmika.dev/actions/wails-release/internal/notarize"
	"lmika.dev/actions/wails-release/internal/runner"
)

func TestSubmit_APIKeyArgs(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return([]byte(`{"id":"sub-1","status":"Accepted"}`), nil)

	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/dist/MyApp.app.zip",
		APIKey:  &notarize.APIKey{KeyPath: "/tmp/key.p8", KeyID: "ABCD1234", IssuerID: "iss"},
	})
	if err != nil {
		t.Fatalf("unexpected: %v", err)
	}
	want := []string{
		"notarytool", "submit", "/dist/MyApp.app.zip",
		"--key", "/tmp/key.p8",
		"--key-id", "ABCD1234",
		"--issuer", "iss",
		"--wait",
		"--output-format", "json",
	}
	if !reflect.DeepEqual(f.Calls[0].Args, want) {
		t.Fatalf("args got %v want %v", f.Calls[0].Args, want)
	}
}

func TestSubmit_AppleIDArgs(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return([]byte(`{"id":"1","status":"Accepted"}`), nil)

	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/dist/MyApp.app.zip",
		AppleID: &notarize.AppleID{Username: "u@x", Password: "pw", TeamID: "TEAM1234"},
	})
	if err != nil {
		t.Fatalf("unexpected: %v", err)
	}
	want := []string{
		"notarytool", "submit", "/dist/MyApp.app.zip",
		"--apple-id", "u@x",
		"--password", "pw",
		"--team-id", "TEAM1234",
		"--wait",
		"--output-format", "json",
	}
	if !reflect.DeepEqual(f.Calls[0].Args, want) {
		t.Fatalf("args got %v want %v", f.Calls[0].Args, want)
	}
}

func TestSubmit_RejectionFetchesLogAndReturnsError(t *testing.T) {
	f := &runner.Fake{}
	// First call: submit returns Invalid status with id.
	f.On("xcrun", []string{
		"notarytool", "submit", "/dist/MyApp.app.zip",
		"--key", "/tmp/key.p8", "--key-id", "K", "--issuer", "I",
		"--wait", "--output-format", "json",
	}).Return([]byte(`{"id":"sub-1","status":"Invalid"}`), nil)

	// Second call: log fetch.
	f.On("xcrun", []string{
		"notarytool", "log", "sub-1",
		"--key", "/tmp/key.p8", "--key-id", "K", "--issuer", "I",
	}).Return([]byte(`{"issues":[{"message":"missing entitlement"}]}`), nil)

	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/dist/MyApp.app.zip",
		APIKey:  &notarize.APIKey{KeyPath: "/tmp/key.p8", KeyID: "K", IssuerID: "I"},
	})
	if err == nil {
		t.Fatal("expected error")
	}
	if !strings.Contains(err.Error(), "missing entitlement") {
		t.Fatalf("expected log content in error, got %v", err)
	}
}

func TestSubmit_NoCredentialsErrors(t *testing.T) {
	err := notarize.Submit(context.Background(), &runner.Fake{}, notarize.Opts{ZipPath: "/x"})
	if err == nil {
		t.Fatal("expected error")
	}
}

func TestSubmit_ToolFailureWraps(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return(nil, errors.New("network down"))
	err := notarize.Submit(context.Background(), f, notarize.Opts{
		ZipPath: "/x",
		APIKey:  &notarize.APIKey{KeyPath: "/k", KeyID: "K", IssuerID: "I"},
	})
	if err == nil {
		t.Fatal("expected error")
	}
}

func TestStaple_BuildsCorrectArgs(t *testing.T) {
	f := &runner.Fake{}
	f.On("xcrun", nil).Return(nil, nil)

	err := notarize.Staple(context.Background(), f, "/build/MyApp.app")
	if err != nil {
		t.Fatalf("unexpected: %v", err)
	}
	want := []string{"stapler", "staple", "/build/MyApp.app"}
	if !reflect.DeepEqual(f.Calls[0].Args, want) {
		t.Fatalf("args got %v want %v", f.Calls[0].Args, want)
	}
}
Add notarytool wrapper supporting api-key and apple-id Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 00:18:46 +00:00			`package notarize_test`

			`import (`
			`"context"`
			`"errors"`
			`"reflect"`
			`"strings"`
			`"testing"`

Fixed action package 2026-05-02 01:47:13 +00:00			`"lmika.dev/actions/wails-release/internal/notarize"`
			`"lmika.dev/actions/wails-release/internal/runner"`
Add notarytool wrapper supporting api-key and apple-id Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 00:18:46 +00:00			`)`

			`func TestSubmit_APIKeyArgs(t *testing.T) {`
			`f := &runner.Fake{}`
			f.On("xcrun", nil).Return([]byte(`{"id":"sub-1","status":"Accepted"}`), nil)

			`err := notarize.Submit(context.Background(), f, notarize.Opts{`
			`ZipPath: "/dist/MyApp.app.zip",`
			`APIKey: &notarize.APIKey{KeyPath: "/tmp/key.p8", KeyID: "ABCD1234", IssuerID: "iss"},`
			`})`
			`if err != nil {`
			`t.Fatalf("unexpected: %v", err)`
			`}`
			`want := []string{`
			`"notarytool", "submit", "/dist/MyApp.app.zip",`
			`"--key", "/tmp/key.p8",`
			`"--key-id", "ABCD1234",`
			`"--issuer", "iss",`
			`"--wait",`
			`"--output-format", "json",`
			`}`
			`if !reflect.DeepEqual(f.Calls[0].Args, want) {`
			`t.Fatalf("args got %v want %v", f.Calls[0].Args, want)`
			`}`
			`}`

			`func TestSubmit_AppleIDArgs(t *testing.T) {`
			`f := &runner.Fake{}`
			f.On("xcrun", nil).Return([]byte(`{"id":"1","status":"Accepted"}`), nil)

			`err := notarize.Submit(context.Background(), f, notarize.Opts{`
			`ZipPath: "/dist/MyApp.app.zip",`
			`AppleID: &notarize.AppleID{Username: "u@x", Password: "pw", TeamID: "TEAM1234"},`
			`})`
			`if err != nil {`
			`t.Fatalf("unexpected: %v", err)`
			`}`
			`want := []string{`
			`"notarytool", "submit", "/dist/MyApp.app.zip",`
			`"--apple-id", "u@x",`
			`"--password", "pw",`
			`"--team-id", "TEAM1234",`
			`"--wait",`
			`"--output-format", "json",`
			`}`
			`if !reflect.DeepEqual(f.Calls[0].Args, want) {`
			`t.Fatalf("args got %v want %v", f.Calls[0].Args, want)`
			`}`
			`}`

			`func TestSubmit_RejectionFetchesLogAndReturnsError(t *testing.T) {`
			`f := &runner.Fake{}`
			`// First call: submit returns Invalid status with id.`
			`f.On("xcrun", []string{`
			`"notarytool", "submit", "/dist/MyApp.app.zip",`
			`"--key", "/tmp/key.p8", "--key-id", "K", "--issuer", "I",`
			`"--wait", "--output-format", "json",`
			}).Return([]byte(`{"id":"sub-1","status":"Invalid"}`), nil)

			`// Second call: log fetch.`
			`f.On("xcrun", []string{`
			`"notarytool", "log", "sub-1",`
			`"--key", "/tmp/key.p8", "--key-id", "K", "--issuer", "I",`
			}).Return([]byte(`{"issues":[{"message":"missing entitlement"}]}`), nil)

			`err := notarize.Submit(context.Background(), f, notarize.Opts{`
			`ZipPath: "/dist/MyApp.app.zip",`
			`APIKey: &notarize.APIKey{KeyPath: "/tmp/key.p8", KeyID: "K", IssuerID: "I"},`
			`})`
			`if err == nil {`
			`t.Fatal("expected error")`
			`}`
			`if !strings.Contains(err.Error(), "missing entitlement") {`
			`t.Fatalf("expected log content in error, got %v", err)`
			`}`
			`}`

			`func TestSubmit_NoCredentialsErrors(t *testing.T) {`
			`err := notarize.Submit(context.Background(), &runner.Fake{}, notarize.Opts{ZipPath: "/x"})`
			`if err == nil {`
			`t.Fatal("expected error")`
			`}`
			`}`

			`func TestSubmit_ToolFailureWraps(t *testing.T) {`
			`f := &runner.Fake{}`
			`f.On("xcrun", nil).Return(nil, errors.New("network down"))`
			`err := notarize.Submit(context.Background(), f, notarize.Opts{`
			`ZipPath: "/x",`
			`APIKey: &notarize.APIKey{KeyPath: "/k", KeyID: "K", IssuerID: "I"},`
			`})`
			`if err == nil {`
			`t.Fatal("expected error")`
			`}`
			`}`

			`func TestStaple_BuildsCorrectArgs(t *testing.T) {`
			`f := &runner.Fake{}`
			`f.On("xcrun", nil).Return(nil, nil)`

			`err := notarize.Staple(context.Background(), f, "/build/MyApp.app")`
			`if err != nil {`
			`t.Fatalf("unexpected: %v", err)`
			`}`
			`want := []string{"stapler", "staple", "/build/MyApp.app"}`
			`if !reflect.DeepEqual(f.Calls[0].Args, want) {`
			`t.Fatalf("args got %v want %v", f.Calls[0].Args, want)`
			`}`
			`}`