Remove external service dependencies in migration tests

[silverwind]

Fix #36859

Replace live third-party API calls in migration tests with a fixture-based HTTP mock server. Fixtures are committed so tests run offline by default; live recording is gated per service on an API-token env var.

---

This PR was written with the help of Claude Opus 4.7

[wxiaoguang]

But you shouldn't use it to test itself.

What if the API breaks? The tests succeed, but it causes problems when released.

[silverwind]

So just write a HTTP-level mock that replicates what gitea.com currently does? I'll try that.

[wxiaoguang]

I think yes. Maybe the work can start without waiting for gitea.com, indeed there are other tests needing such feature, e.g.: gitlab, github

[TheFox0x7]

There was a tool that could record the traffic and mock the replies from the server... I'm trying to find it since it be interesting for this.

[silverwind]

I don't think we need such tools. Just a proper HTTP mock in go should do and AI can determine exactly what's needed for this test to pass.

[TheFox0x7]

Found it. Not sure if it'll be useful but linking just in case https://keploy.io/docs/keploy-explained/why-keploy/

[silverwind]

Here's the repo: https://github.com/keploy/keploy. Seems interesting but definitely out of scope for gitea right now.

[wxiaoguang]

Can be done like this https://codeberg.org/forgejo/forgejo/commits/branch/forgejo/models/unittest/mock_http.go

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/models/unittest/mock_http.go

The license is still MIT, so can just copy

[silverwind]

Can be done like this

That server has some sort of "live mode" toggle based on the presence of an auth token where it rewrites test fixtures. Essentially it's similar to snapshot testing (but more manual), which you had rejected earlier.

Current approach now has the minimal JSON responses inline using httptest.Server, if think it's sufficient. But if you really want we can also implement this "live mode" stuff.

[wxiaoguang]

Essentially it's similar to snapshot testing (but more manual), which you had rejected earlier.

Really? Which comment? I think there are some misunderstandings.

[silverwind]

Essentially it's similar to snapshot testing (but more manual), which you had rejected earlier.

Really? Which comment? I think there are some misunderstandings.

#36238 (review)

[wxiaoguang]

Essentially it's similar to snapshot testing (but more manual), which you had rejected earlier.

Really? Which comment? I think there are some misunderstandings.

#36238 (review)

I think I have explained clearly:

Because many Gitea maintainers are too lazy to write correct tests, not that experienced as typescript-go developers.

If you use "go-snaps", then the test data causing failure will just be blindly updated to make tests pass.

But here, if you have the mock server with live mode, you first test against the live servers, then capture the test data. Nobody can blindly update the test data.

They are totally different.

[silverwind]

Not that different to me, but let's see what Claude comes up if I implement that pattern.

[wxiaoguang]

The difference is whether you have a trust source which can provide the facts!!

Mocked data with live server: the live server is the trust source.

Your "go-snaps": you can blindly use the untrusted test output to update the test data without verifying them in many cases.

I hope you can understand the difference.

[silverwind]

Rewrite still in progress. Once tidbit that was noticed is the Forgejo test does not actually test the cloning of the repo so it's incomplete.

[silverwind]

Implemented that mechansim, now we can run

GITEA_TOKEN=<token> go test -run Test_MigrateFromGiteaToGitea ./tests/integration/ -tags='bindata sqlite sqlite_unlock_notify'

To record and update the test fixtures.

[silverwind]

I also checked other tests for external dependencies and there are a few:

Test	File	External Service	Gate
TestGitHubDownloadRepo	github_test.go	github.com	GITHUB_READ_TOKEN
TestGitlabDownloadRepo	gitlab_test.go	gitlab.com	GITLAB_READ_TOKEN
TestGiteaDownloadRepo	gitea_downloader_test.go	gitea.com	GITEA_TEST_OFFICIAL_SITE_TOKEN
TestCodebaseDownloadRepo	codebase_test.go	codebasehq.com	CODEBASE_CLONE_USER + 3 more
TestGogsDownloadRepo	gogs_test.go	try.gogs.io	GOGS_READ_TOKEN
TestOneDevDownloadRepo	onedev_test.go	code.onedev.io	HTTP reachability check

Maybe we should also use GITEA_TEST_OFFICIAL_SITE_TOKEN in this test instead of GITEA_TOKEN (too generic name).

[silverwind]

All migration tests now follow this scheme. If a token is provided they go into live mode, otherwise they use the recorded fixtures.

• The Gogs, OneDev and Codebase fixtures were fabricated (either repo was deleted or no access)
• Gitea, GitLab and GitHub were recorded.

None of the remaining integration tests have dependencies on external services now (only local services like database etc).

[bircni]

Updates on that?

[TheFox0x7]

@silverwind Can you rerun/fix the gitlab test so the asserts aren't removed?
Blocking until then so it won't get merged with missing asserts compared to main

[silverwind]

@silverwind Can you rerun/fix the gitlab test so the asserts aren't removed? Blocking until then so it won't get merged with missing asserts compared to main

Done in 9c7c1d0. Ready for review.

[silverwind]

@TheFox0x7 please re-check.

[TheFox0x7]

We get PR 6 but test reviews on PR 1

I know you can't exactly control which gets pulled from gitlab but the previous one was more comprehensive and should be kept IMO - so maybe or fetch two and compare the closed and unmerged and the approved and merged one?

There's also the date change in reviews but I have no idea why it happened (both seem wrong to me) so it's probably fine.

[silverwind]

Done in cfbe630 and re-reviewed all other fixtures, all successful.

[TheFox0x7]

Not exactly what I had in mind but on reading the raw gitlab test code instead of a diff I think issue assert covers what I wanted so it's fine as is IMO.