From 16779a75f81f76c7455a0466a2cfd0058861b05d Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Wed, 3 Apr 2024 12:02:21 +0300
Subject: [PATCH] actions: Add a way to initialize client in test-repository

Now the action will find a ./root.json in the working directory
and will pass that to tuf-on-ci-test-client: this file
will be used as the initial root file
---
 actions/test-repository/action.yml | 34 +++++++++++++++++++++++-------
 repo/tuf_on_ci/client.py           | 18 ++++++++++------
 2 files changed, 38 insertions(+), 14 deletions(-)

diff --git a/actions/test-repository/action.yml b/actions/test-repository/action.yml
index c67dc685..056cbc8d 100644
--- a/actions/test-repository/action.yml
+++ b/actions/test-repository/action.yml
@@ -3,28 +3,39 @@ description: 'Test a published TUF-on-CI repository with a client'
 
 inputs:
   metadata_url:
-    description: 'base metadata URL the client should use'
+    description: |
+      base metadata URL the client should use. The client will be initialized with
+      `metadata_url/1.root.json` by default. However if there is a `root.json` file
+      in the working directory, that will be used instead.
     default: ''
   artifact_url:
-    description: 'Base artifact URL the client should use'
+    description: 'Base artifact URL the client should use.'
     default: ''
   update_base_url:
-    description: 'Optional metadata URL to use as previous repository state'
+    description: 'Optional metadata URL to use as previous repository state.'
     default: ''
   expected_artifact:
-    description: 'Optional artifact path that should be checked to exist in the repository'
+    description: |
+      Optional artifact path that should be checked to exist in the repository.
     default: ''
   compare_source:
-    description: 'When true, client metadata is compared to current repository content. Set to false if action is not running in a tuf-on-ci repository'
+    description: |
+      When true, client metadata is compared to current repository content. Set to
+      false if action is not running in a tuf-on-ci repository.
     default: 'true'
   valid_days:
-    description: 'Number of days. The repository is checked to be valid at "now + N days"'
+    description: |
+      Number of days. The repository is checked to be valid at "now + N days".
     default: '0'
   offline_valid_days:
-    description: 'Number of days. Root and targets role validity is checked to be valid at "now + N days". Can be larger than repository validity'
+    description: |
+      Number of days. Root and targets role validity is checked to be valid at
+      "now + N days". This number can be larger than repository validity.
     default: '0'
   metadata_dir:
-    description: 'Optional directory name. The metadata client receives will be stored here. Useful e.g. for deduplication purpose'
+    description: |
+      Optional directory name. The metadata client receives will be left here.
+      Useful e.g. for deduplication purposes.
     default: ''
 
 runs:
@@ -105,11 +116,18 @@ runs:
           METADATA_DIR_ARG="--metadata-dir $METADATA_DIR"
         fi
 
+        if [ -e root.json ]; then
+          ROOT_ARG="--initial-root root.json"
+        else
+          ROOT_ARG=""
+        fi
+
         echo "Testing repository at metadata-url $METADATA_URL, artifact-url $ARTIFACT_URL"
         tuf-on-ci-test-client \
           --metadata-url "$METADATA_URL" \
           --artifact-url "$ARTIFACT_URL" \
           $UPDATE_BASE_URL_ARG \
+          $ROOT_ARG \
           $ARTIFACT_ARG \
           $COMPARE_SOURCE_ARG \
           $TIME_ARG \
diff --git a/repo/tuf_on_ci/client.py b/repo/tuf_on_ci/client.py
index 1c744a79..b54c8125 100755
--- a/repo/tuf_on_ci/client.py
+++ b/repo/tuf_on_ci/client.py
@@ -5,6 +5,7 @@
 
 import logging
 import os
+import shutil
 import sys
 from datetime import datetime
 from filecmp import cmp
@@ -31,6 +32,7 @@ def expiry_check(dir: str, role: str, timestamp: int):
 @click.option("-m", "--metadata-url", type=str, required=True)
 @click.option("-a", "--artifact-url", type=str, required=True)
 @click.option("-u", "--update-base-url", type=str)
+@click.option("-r", "--initial-root", type=str)
 @click.option("-e", "--expected-artifact", type=str)
 @click.option("--compare-source/--no-compare-source", default=True)
 @click.option("-t", "--time", type=int)
@@ -41,6 +43,7 @@ def client(
     metadata_url: str,
     artifact_url: str,
     update_base_url: str | None,
+    initial_root: str | None,
     expected_artifact: str | None,
     compare_source: bool,
     time: int | None,
@@ -58,12 +61,15 @@ def client(
         os.makedirs(metadata_dir, exist_ok=True)
         os.mkdir(artifact_dir)
 
-        # initialize client with a root.json from metadata_url
-        root_url = f"{metadata_url}/1.root.json"
-        try:
-            request.urlretrieve(root_url, f"{metadata_dir}/root.json")  # noqa: S310
-        except OSError as e:
-            sys.exit(f"Failed to download initial root {root_url}: {e}")
+        # initialize client with --initial-root or from metadata_url
+        if initial_root is not None:
+            shutil.copy(initial_root, os.path.join(metadata_dir, "root.json"))
+        else:
+            root_url = f"{metadata_url}/1.root.json"
+            try:
+                request.urlretrieve(root_url, f"{metadata_dir}/root.json")  # noqa: S310
+            except OSError as e:
+                sys.exit(f"Failed to download initial root {root_url}: {e}")
 
         if update_base_url is not None:
             # Update client to update_base_url before doing the actual update