Add dry-run support across destructive commands (#516)

* chore: update contributors [skip ci] * Add dry-run support across destructive commands Implement dry-run for uninstall, purge, installer, touchid, completion, and remove flows.\nGuard side effects in uninstall path (launchctl, defaults writes, kill/brew actions), update help/README, and add coverage in CLI/Bats tests.\n\nValidation: ./scripts/check.sh and ./scripts/test.sh (452 tests, 0 failures, 8 skipped). * test(purge): keep dev-compatible purge coverage --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tw93 <hitw93@gmail.com>
2026-03-22 20:50:06 +00:00 · 2026-03-01 20:03:22 +08:00
parent adcd98096a
commit 05446e0847
18 changed files with 1021 additions and 684 deletions
--- a/tests/cli.bats
+++ b/tests/cli.bats
@@ -1,39 +1,39 @@
 #!/usr/bin/env bats

 setup_file() {
-    PROJECT_ROOT="$(cd "${BATS_TEST_DIRNAME}/.." && pwd)"
-    export PROJECT_ROOT
+	PROJECT_ROOT="$(cd "${BATS_TEST_DIRNAME}/.." && pwd)"
+	export PROJECT_ROOT

-    ORIGINAL_HOME="${HOME:-}"
-    export ORIGINAL_HOME
+	ORIGINAL_HOME="${HOME:-}"
+	export ORIGINAL_HOME

-    HOME="$(mktemp -d "${BATS_TEST_DIRNAME}/tmp-cli-home.XXXXXX")"
-    export HOME
+	HOME="$(mktemp -d "${BATS_TEST_DIRNAME}/tmp-cli-home.XXXXXX")"
+	export HOME

-    mkdir -p "$HOME"
+	mkdir -p "$HOME"
 }

 teardown_file() {
-    rm -rf "$HOME"
-    if [[ -n "${ORIGINAL_HOME:-}" ]]; then
-        export HOME="$ORIGINAL_HOME"
-    fi
+	rm -rf "$HOME"
+	if [[ -n "${ORIGINAL_HOME:-}" ]]; then
+		export HOME="$ORIGINAL_HOME"
+	fi
 }

 create_fake_utils() {
-    local dir="$1"
-    mkdir -p "$dir"
+	local dir="$1"
+	mkdir -p "$dir"

-    cat > "$dir/sudo" <<'SCRIPT'
+	cat >"$dir/sudo" <<'SCRIPT'
 #!/usr/bin/env bash
 if [[ "$1" == "-n" || "$1" == "-v" ]]; then
    exit 0
 fi
 exec "$@"
 SCRIPT
-    chmod +x "$dir/sudo"
+	chmod +x "$dir/sudo"

-    cat > "$dir/bioutil" <<'SCRIPT'
+	cat >"$dir/bioutil" <<'SCRIPT'
 #!/usr/bin/env bash
 if [[ "$1" == "-r" ]]; then
    echo "Touch ID: 1"
@@ -41,138 +41,152 @@ if [[ "$1" == "-r" ]]; then
 fi
 exit 0
 SCRIPT
-    chmod +x "$dir/bioutil"
+	chmod +x "$dir/bioutil"
 }

 setup() {
-    rm -rf "$HOME/.config"
-    mkdir -p "$HOME"
+	rm -rf "$HOME/.config"
+	mkdir -p "$HOME"
 }

@test "mole --help prints command overview" {
-    run env HOME="$HOME" "$PROJECT_ROOT/mole" --help
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"mo clean"* ]]
-    [[ "$output" == *"mo analyze"* ]]
+	run env HOME="$HOME" "$PROJECT_ROOT/mole" --help
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"mo clean"* ]]
+	[[ "$output" == *"mo analyze"* ]]
 }

@test "mole --version reports script version" {
-    expected_version="$(grep '^VERSION=' "$PROJECT_ROOT/mole" | head -1 | sed 's/VERSION=\"\(.*\)\"/\1/')"
-    run env HOME="$HOME" "$PROJECT_ROOT/mole" --version
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"$expected_version"* ]]
+	expected_version="$(grep '^VERSION=' "$PROJECT_ROOT/mole" | head -1 | sed 's/VERSION=\"\(.*\)\"/\1/')"
+	run env HOME="$HOME" "$PROJECT_ROOT/mole" --version
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"$expected_version"* ]]
 }

@test "mole unknown command returns error" {
-    run env HOME="$HOME" "$PROJECT_ROOT/mole" unknown-command
-    [ "$status" -ne 0 ]
-    [[ "$output" == *"Unknown command: unknown-command"* ]]
+	run env HOME="$HOME" "$PROJECT_ROOT/mole" unknown-command
+	[ "$status" -ne 0 ]
+	[[ "$output" == *"Unknown command: unknown-command"* ]]
 }

@test "touchid status reports current configuration" {
-    run env HOME="$HOME" "$PROJECT_ROOT/mole" touchid status
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"Touch ID"* ]]
+	run env HOME="$HOME" "$PROJECT_ROOT/mole" touchid status
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"Touch ID"* ]]
 }

@test "mo optimize command is recognized" {
-    run bash -c "grep -q '\"optimize\")' '$PROJECT_ROOT/mole'"
-    [ "$status" -eq 0 ]
+	run bash -c "grep -q '\"optimize\")' '$PROJECT_ROOT/mole'"
+	[ "$status" -eq 0 ]
 }

@test "mo analyze binary is valid" {
-    if [[ -f "$PROJECT_ROOT/bin/analyze-go" ]]; then
-        [ -x "$PROJECT_ROOT/bin/analyze-go" ]
-        run file "$PROJECT_ROOT/bin/analyze-go"
-        [[ "$output" == *"Mach-O"* ]] || [[ "$output" == *"executable"* ]]
-    else
-        skip "analyze-go binary not built"
-    fi
+	if [[ -f "$PROJECT_ROOT/bin/analyze-go" ]]; then
+		[ -x "$PROJECT_ROOT/bin/analyze-go" ]
+		run file "$PROJECT_ROOT/bin/analyze-go"
+		[[ "$output" == *"Mach-O"* ]] || [[ "$output" == *"executable"* ]]
+	else
+		skip "analyze-go binary not built"
+	fi
 }

@test "mo clean --debug creates debug log file" {
-    mkdir -p "$HOME/.config/mole"
-    run env HOME="$HOME" TERM="xterm-256color" MOLE_TEST_MODE=1 MO_DEBUG=1 "$PROJECT_ROOT/mole" clean --dry-run
-    [ "$status" -eq 0 ]
-    MOLE_OUTPUT="$output"
+	mkdir -p "$HOME/.config/mole"
+	run env HOME="$HOME" TERM="xterm-256color" MOLE_TEST_MODE=1 MO_DEBUG=1 "$PROJECT_ROOT/mole" clean --dry-run
+	[ "$status" -eq 0 ]
+	MOLE_OUTPUT="$output"

-    DEBUG_LOG="$HOME/.config/mole/mole_debug_session.log"
-    [ -f "$DEBUG_LOG" ]
+	DEBUG_LOG="$HOME/.config/mole/mole_debug_session.log"
+	[ -f "$DEBUG_LOG" ]

-    run grep "Mole Debug Session" "$DEBUG_LOG"
-    [ "$status" -eq 0 ]
+	run grep "Mole Debug Session" "$DEBUG_LOG"
+	[ "$status" -eq 0 ]

-    [[ "$MOLE_OUTPUT" =~ "Debug session log saved to" ]]
+	[[ "$MOLE_OUTPUT" =~ "Debug session log saved to" ]]
 }

@test "mo clean without debug does not show debug log path" {
-    mkdir -p "$HOME/.config/mole"
-    run env HOME="$HOME" TERM="xterm-256color" MOLE_TEST_MODE=1 MO_DEBUG=0 "$PROJECT_ROOT/mole" clean --dry-run
-    [ "$status" -eq 0 ]
+	mkdir -p "$HOME/.config/mole"
+	run env HOME="$HOME" TERM="xterm-256color" MOLE_TEST_MODE=1 MO_DEBUG=0 "$PROJECT_ROOT/mole" clean --dry-run
+	[ "$status" -eq 0 ]

-    [[ "$output" != *"Debug session log saved to"* ]]
+	[[ "$output" != *"Debug session log saved to"* ]]
 }

@test "mo clean --debug logs system info" {
-    mkdir -p "$HOME/.config/mole"
-    run env HOME="$HOME" TERM="xterm-256color" MOLE_TEST_MODE=1 MO_DEBUG=1 "$PROJECT_ROOT/mole" clean --dry-run
-    [ "$status" -eq 0 ]
+	mkdir -p "$HOME/.config/mole"
+	run env HOME="$HOME" TERM="xterm-256color" MOLE_TEST_MODE=1 MO_DEBUG=1 "$PROJECT_ROOT/mole" clean --dry-run
+	[ "$status" -eq 0 ]

-    DEBUG_LOG="$HOME/.config/mole/mole_debug_session.log"
+	DEBUG_LOG="$HOME/.config/mole/mole_debug_session.log"

-    run grep "User:" "$DEBUG_LOG"
-    [ "$status" -eq 0 ]
+	run grep "User:" "$DEBUG_LOG"
+	[ "$status" -eq 0 ]

-    run grep "Architecture:" "$DEBUG_LOG"
-    [ "$status" -eq 0 ]
+	run grep "Architecture:" "$DEBUG_LOG"
+	[ "$status" -eq 0 ]
 }

@test "touchid status reflects pam file contents" {
-    pam_file="$HOME/pam_test"
-    cat > "$pam_file" <<'EOF'
+	pam_file="$HOME/pam_test"
+	cat >"$pam_file" <<'EOF'
 auth       sufficient     pam_opendirectory.so
 EOF

-    run env MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" status
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"not configured"* ]]
+	run env MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" status
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"not configured"* ]]

-    cat > "$pam_file" <<'EOF'
+	cat >"$pam_file" <<'EOF'
 auth       sufficient     pam_tid.so
 EOF

-    run env MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" status
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"enabled"* ]]
+	run env MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" status
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"enabled"* ]]
 }

@test "enable_touchid inserts pam_tid line in pam file" {
-    pam_file="$HOME/pam_enable"
-    cat > "$pam_file" <<'EOF'
+	pam_file="$HOME/pam_enable"
+	cat >"$pam_file" <<'EOF'
 auth       sufficient     pam_opendirectory.so
 EOF

-    fake_bin="$HOME/fake-bin"
-    create_fake_utils "$fake_bin"
+	fake_bin="$HOME/fake-bin"
+	create_fake_utils "$fake_bin"

-    run env PATH="$fake_bin:$PATH" MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" enable
-    [ "$status" -eq 0 ]
-    grep -q "pam_tid.so" "$pam_file"
-    [[ -f "${pam_file}.mole-backup" ]]
+	run env PATH="$fake_bin:$PATH" MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" enable
+	[ "$status" -eq 0 ]
+	grep -q "pam_tid.so" "$pam_file"
+	[[ -f "${pam_file}.mole-backup" ]]
 }

@test "disable_touchid removes pam_tid line" {
-    pam_file="$HOME/pam_disable"
-    cat > "$pam_file" <<'EOF'
+	pam_file="$HOME/pam_disable"
+	cat >"$pam_file" <<'EOF'
 auth       sufficient     pam_tid.so
 auth       sufficient     pam_opendirectory.so
 EOF

-    fake_bin="$HOME/fake-bin-disable"
-    create_fake_utils "$fake_bin"
+	fake_bin="$HOME/fake-bin-disable"
+	create_fake_utils "$fake_bin"

-    run env PATH="$fake_bin:$PATH" MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" disable
-    [ "$status" -eq 0 ]
-    run grep "pam_tid.so" "$pam_file"
-    [ "$status" -ne 0 ]
+	run env PATH="$fake_bin:$PATH" MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" disable
+	[ "$status" -eq 0 ]
+	run grep "pam_tid.so" "$pam_file"
+	[ "$status" -ne 0 ]
+}
+
+@test "touchid enable --dry-run does not modify pam file" {
+	pam_file="$HOME/pam_enable_dry_run"
+	cat >"$pam_file" <<'EOF'
+auth       sufficient     pam_opendirectory.so
+EOF
+
+	run env MOLE_PAM_SUDO_FILE="$pam_file" "$PROJECT_ROOT/bin/touchid.sh" enable --dry-run
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"DRY RUN MODE"* ]]
+
+	run grep "pam_tid.so" "$pam_file"
+	[ "$status" -ne 0 ]
 }