Add managed registry provisioning, pruning, and readiness tracking

2026-06-08 20:44:16 +01:00
parent 5b977c1f41
commit 3a851db08f
52 changed files with 2706 additions and 116 deletions
--- a/tests/Feature/RegistryControllerTest.php
+++ b/tests/Feature/RegistryControllerTest.php
@@ -19,7 +19,8 @@ it('shows the create registry page', function () {
    $response->assertOk();
    $response->assertInertia(fn (AssertableInertia $page) => $page
        ->component('registries/Create', false)
-        ->where('registryTypes.0', RegistryType::GENERIC->value));
+        ->where('registryTypes.0', RegistryType::GENERIC->value)
+        ->where('registryTypes', fn ($types) => ! in_array(RegistryType::MANAGED->value, $types->all(), true)));
 });

 it('lists registries for an organisation', function () {
@@ -70,6 +71,66 @@ it('stores a registry for multi-server build artifacts', function () {
        ]);
 });

+it('rejects user-created managed registries and scheme-prefixed registry urls', function (array $overrides, string $field) {
+    $user = User::factory()->create();
+    $organisation = Organisation::factory()->create(['owner_id' => $user->id]);
+
+    $this->actingAs($user)->post(route('registries.store', [
+        'organisation' => $organisation->id,
+    ]), [
+        'name' => 'Registry',
+        'type' => RegistryType::GHCR->value,
+        'url' => 'ghcr.io/example',
+        'username' => 'keystone',
+        'password' => 'secret',
+        ...$overrides,
+    ])->assertSessionHasErrors($field);
+})->with([
+    'managed type' => [['type' => RegistryType::MANAGED->value], 'type'],
+    'url scheme' => [['url' => 'https://registry.example.com'], 'url'],
+]);
+
+it('does not delete managed registries through the user registry controller', function () {
+    $user = User::factory()->create();
+    $organisation = Organisation::factory()->create(['owner_id' => $user->id]);
+    $registry = $organisation->registries()->create([
+        'name' => 'Managed',
+        'type' => RegistryType::MANAGED,
+        'url' => 'registry.example.com',
+        'credentials' => ['username' => 'keystone-build', 'password' => 'secret'],
+    ]);
+
+    $this->actingAs($user)
+        ->delete(route('registries.destroy', [$organisation, $registry]))
+        ->assertForbidden();
+
+    expect($registry->fresh())->not->toBeNull();
+});
+
+it('does not update managed registries through the user registry controller', function () {
+    $user = User::factory()->create();
+    $organisation = Organisation::factory()->create(['owner_id' => $user->id]);
+    $registry = $organisation->registries()->create([
+        'name' => 'Managed',
+        'type' => RegistryType::MANAGED,
+        'url' => 'registry.example.com',
+        'credentials' => ['username' => 'keystone-build', 'password' => 'secret'],
+    ]);
+
+    $this->actingAs($user)
+        ->put(route('registries.update', [$organisation, $registry]), [
+            'name' => 'GHCR',
+            'type' => RegistryType::GHCR->value,
+            'url' => 'ghcr.io/example',
+            'username' => 'keystone',
+            'password' => 'secret',
+        ])
+        ->assertForbidden();
+
+    expect($registry->refresh()->type)->toBe(RegistryType::MANAGED)
+        ->and($registry->name)->toBe('Managed');
+});
+
 it('shows registry usage from published build artifacts', function () {
    $user = User::factory()->create();
    $organisation = Organisation::factory()->create(['owner_id' => $user->id]);