#!/usr/bin/env bats # End-to-end integration tests for KNEL-Football Secure OS # Tests the complete workflow from source to ISO # Copyright © 2026 Known Element Enterprises LLC # License: GNU Affero General Public License v3.0 only # ============================================================================= # PROJECT STRUCTURE TESTS # ============================================================================= @test "project root has essential files" { [ -f "/workspace/run.sh" ] [ -f "/workspace/Dockerfile" ] [ -f "/workspace/AGENTS.md" ] [ -f "/workspace/README.md" ] [ -f "/workspace/docs/PRD.md" ] } @test "src directory contains all build scripts" { [ -f "/workspace/src/build-iso.sh" ] [ -f "/workspace/src/firewall-setup.sh" ] [ -f "/workspace/src/security-hardening.sh" ] } @test "all source scripts are executable" { [ -x "/workspace/src/build-iso.sh" ] [ -x "/workspace/src/firewall-setup.sh" ] [ -x "/workspace/src/security-hardening.sh" ] } @test "run.sh is executable" { [ -x "/workspace/run.sh" ] } # ============================================================================= # CONFIGURATION DIRECTORY TESTS # ============================================================================= @test "config directory structure is complete" { [ -d "/workspace/config" ] [ -d "/workspace/config/hooks" ] [ -d "/workspace/config/hooks/live" ] [ -d "/workspace/config/hooks/installed" ] [ -d "/workspace/config/package-lists" ] } @test "config has preseed file" { [ -f "/workspace/config/includes.installer/preseed.cfg" ] } @test "config has package list" { [ -f "/workspace/config/package-lists/knel-football.list.chroot" ] } # ============================================================================= # LIVE HOOKS TESTS # ============================================================================= @test "live hook desktop-environment.sh exists and is executable" { [ -f "/workspace/config/hooks/live/desktop-environment.sh" ] [ -x "/workspace/config/hooks/live/desktop-environment.sh" ] } @test "live hook firewall-setup.sh exists and is executable" { [ -f "/workspace/config/hooks/live/firewall-setup.sh" ] [ -x "/workspace/config/hooks/live/firewall-setup.sh" ] } @test "live hook qr-code-import.sh exists and is executable" { [ -f "/workspace/config/hooks/live/qr-code-import.sh" ] [ -x "/workspace/config/hooks/live/qr-code-import.sh" ] } @test "live hook security-hardening.sh exists and is executable" { [ -f "/workspace/config/hooks/live/security-hardening.sh" ] [ -x "/workspace/config/hooks/live/security-hardening.sh" ] } @test "live hook usb-automount.sh exists and is executable" { [ -f "/workspace/config/hooks/live/usb-automount.sh" ] [ -x "/workspace/config/hooks/live/usb-automount.sh" ] } # ============================================================================= # INSTALLED HOOKS TESTS # ============================================================================= @test "installed hook disable-package-management.sh exists and is executable" { [ -f "/workspace/config/hooks/installed/disable-package-management.sh" ] [ -x "/workspace/config/hooks/installed/disable-package-management.sh" ] } @test "installed hook encryption-setup.sh exists and is executable" { [ -f "/workspace/config/hooks/installed/encryption-setup.sh" ] [ -x "/workspace/config/hooks/installed/encryption-setup.sh" ] } @test "installed hook encryption-validation.sh exists and is executable" { [ -f "/workspace/config/hooks/installed/encryption-validation.sh" ] [ -x "/workspace/config/hooks/installed/encryption-validation.sh" ] } @test "installed hook install-scripts.sh exists and is executable" { [ -f "/workspace/config/hooks/installed/install-scripts.sh" ] [ -x "/workspace/config/hooks/installed/install-scripts.sh" ] } # ============================================================================= # HOOKS USE STRICT MODE # ============================================================================= @test "all live hooks use set -e or set -euo pipefail" { for hook in /workspace/config/hooks/live/*.sh; do grep -q "set -e\|set -euo pipefail" "$hook" done } @test "all installed hooks use set -e or set -euo pipefail" { for hook in /workspace/config/hooks/installed/*.sh; do grep -q "set -e\|set -euo pipefail" "$hook" done } # ============================================================================= # DOCUMENTATION TESTS # ============================================================================= @test "docs directory exists with documentation files" { [ -d "/workspace/docs" ] [ -f "/workspace/docs/PRD.md" ] } @test "AGENTS.md has required sections" { grep -q "MANDATORY SECURITY REQUIREMENTS" /workspace/AGENTS.md grep -q "DOCKER-ONLY WORKFLOW" /workspace/AGENTS.md grep -q "AGENT WORKFLOW" /workspace/AGENTS.md } @test "README.md has essential sections" { grep -q "## " /workspace/README.md } @test "PRD.md has functional requirements" { grep -q "FR-" /workspace/docs/PRD.md } # ============================================================================= # RUN.SH COMMAND TESTS # ============================================================================= @test "run.sh help command works" { run /workspace/run.sh help # Help exits with 1 (usage message) [ "$status" -eq 0 ] || [ "$status" -eq 1 ] } @test "run.sh shows available commands" { run /workspace/run.sh help [[ "$output" == *"build"* ]] [[ "$output" == *"test"* ]] [[ "$output" == *"iso"* ]] } @test "run.sh has lint command" { run /workspace/run.sh lint # Lint may pass (0), fail with issues (123), command issues (1), or not found (127) [ "$status" -eq 0 ] || [ "$status" -eq 1 ] || [ "$status" -eq 123 ] || [ "$status" -eq 127 ] } # ============================================================================= # SECURITY REQUIREMENTS INTEGRATION # ============================================================================= @test "encryption setup contains LUKS2 configuration" { grep -q "luks2\|LUKS2" /workspace/config/hooks/installed/encryption-setup.sh } @test "encryption setup contains AES-256 cipher" { grep -q "aes-xts\|aes_xts\|AES-256" /workspace/config/hooks/installed/encryption-setup.sh } @test "security-hardening.sh configures password policy" { grep -q "pwquality\|minlen\|dcredit" /workspace/src/security-hardening.sh } @test "firewall-setup.sh uses nftables" { grep -q "nft\|nftables" /workspace/src/firewall-setup.sh } @test "firewall-setup.sh configures WireGuard" { grep -q "wireguard\|WireGuard\|51820" /workspace/src/firewall-setup.sh } # ============================================================================= # PACKAGE LIST VALIDATION # ============================================================================= @test "package list contains linux kernel" { grep -q "linux-image-amd64" /workspace/config/package-lists/knel-football.list.chroot } @test "package list contains Secure Boot packages" { grep -q "shim-signed" /workspace/config/package-lists/knel-football.list.chroot grep -q "grub-efi-amd64-signed" /workspace/config/package-lists/knel-football.list.chroot } @test "package list contains desktop environment" { grep -q "icewm" /workspace/config/package-lists/knel-football.list.chroot grep -q "lightdm" /workspace/config/package-lists/knel-football.list.chroot } @test "package list contains WireGuard" { grep -q "wireguard" /workspace/config/package-lists/knel-football.list.chroot } @test "package list contains SSH client (not server)" { grep -q "openssh-client" /workspace/config/package-lists/knel-football.list.chroot ! grep -q "openssh-server" /workspace/config/package-lists/knel-football.list.chroot } @test "package list contains security tools" { grep -q "auditd" /workspace/config/package-lists/knel-football.list.chroot grep -q "aide" /workspace/config/package-lists/knel-football.list.chroot } # ============================================================================= # TEST DIRECTORY STRUCTURE # ============================================================================= @test "tests directory has proper structure" { [ -d "/workspace/tests" ] [ -d "/workspace/tests/unit" ] [ -d "/workspace/tests/integration" ] [ -d "/workspace/tests/security" ] [ -d "/workspace/tests/system" ] } @test "unit tests exist" { ls /workspace/tests/unit/*.bats 2>/dev/null | grep -q . } @test "integration tests exist" { ls /workspace/tests/integration/*.bats 2>/dev/null | grep -q . } @test "security tests exist" { ls /workspace/tests/security/*.bats 2>/dev/null | grep -q . } @test "system tests exist" { ls /workspace/tests/system/*.bats 2>/dev/null | grep -q . } # ============================================================================= # DOCKERFILE VALIDATION # ============================================================================= @test "Dockerfile exists and has content" { [ -f "/workspace/Dockerfile" ] [ -s "/workspace/Dockerfile" ] } @test "Dockerfile installs live-build" { grep -q "live-build" /workspace/Dockerfile } @test "Dockerfile installs bats for testing" { grep -q "bats" /workspace/Dockerfile } @test "Dockerfile installs shellcheck for linting" { grep -q "shellcheck" /workspace/Dockerfile } @test "Dockerfile sets WORKDIR" { grep -q "WORKDIR" /workspace/Dockerfile }