create([ 'deploy_key_installed_at' => now(), ]); app(GenerateDeployKey::class)->execute($application, [ 'public' => 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAITestPublicKey keystone', 'private' => "-----BEGIN OPENSSH PRIVATE KEY-----\ntest\n-----END OPENSSH PRIVATE KEY-----", 'fingerprint' => 'SHA256:test-fingerprint', ]); expect($application->refresh()) ->deploy_key_public->toStartWith('ssh-ed25519') ->deploy_key_private->toContain('OPENSSH PRIVATE KEY') ->deploy_key_fingerprint->toBe('SHA256:test-fingerprint') ->deploy_key_installed_at->toBeNull(); }); it('verifies repository access with git ls-remote and a temporary ssh command', function () { Process::fake([ '*' => Process::result(output: "abc123\trefs/heads/main\n"), ]); $application = Application::factory()->create([ 'repository_url' => 'git@example.com:org/repo.git', 'default_branch' => 'main', ]); app(GenerateDeployKey::class)->execute($application, [ 'public' => 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAITestPublicKey keystone', 'private' => "-----BEGIN OPENSSH PRIVATE KEY-----\ntest\n-----END OPENSSH PRIVATE KEY-----", 'fingerprint' => 'SHA256:test-fingerprint', ]); $verified = app(VerifyRepositoryAccess::class)->execute($application->refresh()); expect($verified)->toBeTrue() ->and($application->refresh()->deploy_key_installed_at)->not->toBeNull(); Process::assertRan(function ($process): bool { $command = is_array($process->command) ? implode(' ', $process->command) : $process->command; return str_contains($command, 'git') && str_contains($command, 'ls-remote') && str_contains($command, 'git@example.com:org/repo.git') && ($process->environment['GIT_SSH_COMMAND'] ?? null) !== null; }); });