Drop PackageCollectionsSigning

Author: finestructure

Sources/App/Controllers/API/API+PackageCollectionController.swift

@@ -14,7 +14,6 @@
 
 import Fluent
 import PackageCollectionsModel
-import PackageCollectionsSigning
 import Vapor
 
 
@@ -23,14 +22,14 @@ extension API {
     enum PackageCollectionController {
 
         @Sendable
-        static func generate(req: Request) async throws -> SignedCollection {
+        static func generate(req: Request) async throws -> PackageCollection {
             AppMetrics.apiPackageCollectionGetTotal?.inc()
 
             let dto = try req.content.decode(PostPackageCollectionDTO.self)
 
             switch dto.selection {
                 case let .author(author):
-                    return try await SignedCollection.generate(
+                    return try await PackageCollection.generate(
                         db: req.db,
                         filterBy: .author(author),
                         authorName: dto.authorName ?? "Swift Package Index",
@@ -44,7 +43,7 @@ extension API {
                     guard packageURLs.count <= 20 else {
                         throw Abort(.badRequest)
                     }
-                    return try await SignedCollection.generate(
+                    return try await PackageCollection.generate(
                         db: req.db,
                         filterBy: .urls(packageURLs),
                         authorName: dto.authorName ?? "Swift Package Index",
@@ -61,7 +60,7 @@ extension API {
 }
 
 
-extension PackageCollectionSigning.Model.SignedCollection: Vapor.Content {}
+extension PackageCollectionModel.V1.Collection: Vapor.Content {}
 
 
 extension API {

Sources/App/Controllers/PackageCollectionController.swift

@@ -17,7 +17,7 @@ import Vapor
 
 enum PackageCollectionController {
     @Sendable
-    static func generate(req: Request) async throws -> SignedCollection {
+    static func generate(req: Request) async throws -> PackageCollection {
         AppMetrics.packageCollectionGetTotal?.inc()
 
         guard let collectionType = getCollectionType(req: req) else {
@@ -27,13 +27,13 @@ enum PackageCollectionController {
         do {
             switch collectionType {
                 case let .author(owner):
-                    return try await SignedCollection.generate(
+                    return try await PackageCollection.generate(
                         db: req.db,
                         filterBy: .author(owner),
                         authorName: "\(owner) via the Swift Package Index"
                     )
                 case let .keyword(keyword):
-                    return try await SignedCollection.generate(
+                    return try await PackageCollection.generate(
                         db: req.db,
                         filterBy: .keyword(keyword),
                         authorName: "Swift Package Index",
@@ -45,7 +45,7 @@ enum PackageCollectionController {
                 case let .custom(key):
                     let collection = try await CustomCollection.find(on: req.db, key: key)
                         .unwrap(or: Abort(.notFound))
-                    return try await SignedCollection.generate(
+                    return try await PackageCollection.generate(
                         db: req.db,
                         filterBy: .customCollection(key),
                         authorName: "Swift Package Index",

Sources/App/Core/Dependencies/EnvironmentClient.swift

@@ -100,13 +100,7 @@ extension EnvironmentClient: DependencyKey {
                     .flatMap(Double.init)
                     ?? 1.0
             },
-            collectionSigningCertificateChain: {
-                [
-                    "package_collections.cer",
-                    "AppleWWDRCAG3.cer",
-                    "AppleIncRootCertificate.cer",
-                ].map { SignedCollection.certsDir.appendingPathComponent($0) }
-            },
+            collectionSigningCertificateChain: { [] },
             collectionSigningPrivateKey: {
                 Environment.get("COLLECTION_SIGNING_PRIVATE_KEY").map { Data($0.utf8) }
             },

Sources/App/Core/PackageCollection+signing.swift

@@ -15,7 +15,6 @@
 @testable import App
 
 import Dependencies
-import PackageCollectionsSigning
 import SnapshotTesting
 import Testing
 import XCTVapor
@@ -845,76 +844,76 @@ extension AllTests.ApiTests {
         }
     }
 
-    @Test(.disabled(if: !isRunningInCI() && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil,
-                    "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable"))
-    func package_collections_owner() async throws {
-        let event = App.ActorIsolated<TestEvent?>(nil)
-        try await withDependencies {
-            $0.date.now = .t0
-            $0.environment.apiSigningKey = { "secret" }
-            $0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
-            $0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
-            $0.httpClient.postPlausibleEvent = { @Sendable kind, path, _ in
-                await event.setValue(.init(kind: kind, path: path))
-            }
-        } operation: {
-            try await withApp { app in
-                // setup
-                let p1 = Package(id: .id1, url: "1")
-                try await p1.save(on: app.db)
-                try await Repository(package: p1,
-                                     defaultBranch: "main",
-                                     name: "name 1",
-                                     owner: "foo",
-                                     summary: "foo bar package").save(on: app.db)
-                let v = try Version(package: p1,
-                                    latest: .release,
-                                    packageName: "Foo",
-                                    reference: .tag(1, 2, 3),
-                                    toolsVersion: "5.0")
-                try await v.save(on: app.db)
-                try await Product(version: v, type: .library(.automatic), name: "lib")
-                    .save(on: app.db)
-
-                do {  // MUT
-                    let body: ByteBuffer = .init(string: """
-                {
-                  "revision": 3,
-                  "authorName": "author",
-                  "keywords": [
-                    "a",
-                    "b"
-                  ],
-                  "selection": {
-                    "author": {
-                      "_0": "foo"
-                    }
-                  },
-                  "collectionName": "my collection",
-                  "overview": "my overview"
-                }
-                """)
-
-                    try await app.test(.POST, "api/package-collections",
-                                       headers: .bearerApplicationJSON(try .apiToken(secretKey: "secret", tier: .tier3)),
-                                       body: body,
-                                       afterResponse: { res async throws in
-                        // validation
-                        #expect(res.status == .ok)
-                        let container = try res.content.decode(SignedCollection.self)
-                        #expect(!container.signature.signature.isEmpty)
-                        // more details are tested in PackageCollectionTests
-                        #expect(container.collection.name == "my collection")
-                    })
-                }
-
-                // ensure API event has been reported
-                await event.withValue {
-                    #expect($0 == .some(.init(kind: .pageview, path: .packageCollections)))
-                }
-            }
-        }
-    }
+//    @Test(.disabled(if: !isRunningInCI() && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil,
+//                    "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable"))
+//    func package_collections_owner() async throws {
+//        let event = App.ActorIsolated<TestEvent?>(nil)
+//        try await withDependencies {
+//            $0.date.now = .t0
+//            $0.environment.apiSigningKey = { "secret" }
+//            $0.environment.collectionSigningCertificateChain = EnvironmentClient.liveValue.collectionSigningCertificateChain
+//            $0.environment.collectionSigningPrivateKey = EnvironmentClient.liveValue.collectionSigningPrivateKey
+//            $0.httpClient.postPlausibleEvent = { @Sendable kind, path, _ in
+//                await event.setValue(.init(kind: kind, path: path))
+//            }
+//        } operation: {
+//            try await withApp { app in
+//                // setup
+//                let p1 = Package(id: .id1, url: "1")
+//                try await p1.save(on: app.db)
+//                try await Repository(package: p1,
+//                                     defaultBranch: "main",
+//                                     name: "name 1",
+//                                     owner: "foo",
+//                                     summary: "foo bar package").save(on: app.db)
+//                let v = try Version(package: p1,
+//                                    latest: .release,
+//                                    packageName: "Foo",
+//                                    reference: .tag(1, 2, 3),
+//                                    toolsVersion: "5.0")
+//                try await v.save(on: app.db)
+//                try await Product(version: v, type: .library(.automatic), name: "lib")
+//                    .save(on: app.db)
+//
+//                do {  // MUT
+//                    let body: ByteBuffer = .init(string: """
+//                {
+//                  "revision": 3,
+//                  "authorName": "author",
+//                  "keywords": [
+//                    "a",
+//                    "b"
+//                  ],
+//                  "selection": {
+//                    "author": {
+//                      "_0": "foo"
+//                    }
+//                  },
+//                  "collectionName": "my collection",
+//                  "overview": "my overview"
+//                }
+//                """)
+//
+//                    try await app.test(.POST, "api/package-collections",
+//                                       headers: .bearerApplicationJSON(try .apiToken(secretKey: "secret", tier: .tier3)),
+//                                       body: body,
+//                                       afterResponse: { res async throws in
+//                        // validation
+//                        #expect(res.status == .ok)
+//                        let container = try res.content.decode(SignedCollection.self)
+//                        #expect(!container.signature.signature.isEmpty)
+//                        // more details are tested in PackageCollectionTests
+//                        #expect(container.collection.name == "my collection")
+//                    })
+//                }
+//
+//                // ensure API event has been reported
+//                await event.withValue {
+//                    #expect($0 == .some(.init(kind: .pageview, path: .packageCollections)))
+//                }
+//            }
+//        }
+//    }
 
     @Test(.disabled(if: !isRunningInCI() && EnvironmentClient.liveValue.collectionSigningPrivateKey() == nil,
                     "Skip test for local user due to unset COLLECTION_SIGNING_PRIVATE_KEY env variable"))