feat: add Forgejo webhook trigger support with AWS Secrets Manager

app/main_test.go

@@ -2,6 +2,9 @@ package main
 
 import (
 	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"os"
 	"os/exec"
@@ -12,6 +15,57 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 )
 
+func TestVerifySignature_Valid(t *testing.T) {
+	secret := "mysecret"
+	body := "{\"message\":\"example\"}"
+
+	// Compute the expected signature for the valid scenario.
+	mac := hmac.New(sha256.New, []byte(secret))
+	mac.Write([]byte(body))
+	expectedSig := hex.EncodeToString(mac.Sum(nil))
+
+	// Prepare the signature header in the "sha256=<signature>" format.
+	signatureHeader := "sha256=" + expectedSig
+
+	if !verifySignature(secret, body, signatureHeader) {
+		t.Errorf("Expected true for valid signature, got false")
+	}
+}
+
+func TestVerifySignature_InvalidSignature(t *testing.T) {
+	secret := "mysecret"
+	body := "{\"message\":\"example\"}"
+
+	// Use an intentionally incorrect signature.
+	signatureHeader := "sha256=invalidsignature"
+
+	if verifySignature(secret, body, signatureHeader) {
+		t.Errorf("Expected false for an invalid signature, but got true")
+	}
+}
+
+func TestVerifySignature_MissingPrefix(t *testing.T) {
+	secret := "mysecret"
+	body := "{\"message\":\"example\"}"
+
+	// Provide a header that does not start with "sha256="
+	signatureHeader := "invalidprefix"
+
+	if verifySignature(secret, body, signatureHeader) {
+		t.Errorf("Expected false when header is missing the required prefix, got true")
+	}
+}
+
+func TestVerifySignature_EmptyHeader(t *testing.T) {
+	secret := "mysecret"
+	body := "{\"message\":\"example\"}"
+	signatureHeader := ""
+
+	if verifySignature(secret, body, signatureHeader) {
+		t.Errorf("Expected false when header is empty, got true")
+	}
+}
+
 func TestLoadConfig_Success(t *testing.T) {
 	// Set up environment variables for the test.
 	os.Setenv("REPO_URL", "https://example.com/repo.git")