test_windows.sh

#!/usr/bin/env bash
# Test synapse on Windows Server via SSH
# Mirrors the CI steps from .github/workflows/windows-build.yaml
#
# Usage:
#   ./scripts/test_windows.sh                    # run all steps
#   ./scripts/test_windows.sh --step clippy      # run only clippy
#   ./scripts/test_windows.sh --step test        # run only tests
#   ./scripts/test_windows.sh --step ebpf        # run only eBPF tests
#   ./scripts/test_windows.sh --step build       # run only release build
#   ./scripts/test_windows.sh --step fmt         # run only formatting check
#   ./scripts/test_windows.sh --step setup       # run only prerequisite install
#   ./scripts/test_windows.sh --skip-setup       # skip prerequisite install
#   ./scripts/test_windows.sh --skip-sync        # skip rsync (use existing files)
#
# Environment variables (override defaults):
#   WIN_HOST          SSH user@host            (default: gen0sec@10.10.10.1)
#   WIN_PORT          SSH port                 (default: 2222)
#   WIN_DIR           Remote synapse directory (default: C:\Users\gen0sec\Desktop\Shared\synapse)
#   SHARED_DIR        Local shared volume path (default: /root/windows/shared/synapse)
#   DENDRITE_DIR      Local dendrite source    (default: /root/dendrite)
#   FEATURES          Cargo feature flags      (default: --no-default-features)
#   REPO_ACCESS_TOKEN GitHub token for private deps
#
#   GIT_VERSION       Git for Windows version  (default: 2.49.0)
#   OPENSSL_VERSION   OpenSSL version          (default: 3_5_5)
#   SCCACHE_VERSION   sccache version          (default: 0.10.0)
#   EBPF_VERSION      eBPF for Windows version (default: 1.1.0)
#   EBPF_RELEASE_TAG  eBPF release tag         (default: Release-v${EBPF_VERSION})
#   XDP_VERSION       Windows XDP version      (default: 1.1.2)
set -euo pipefail

# ── Configuration (environment overridable) ──────────────────────────

WIN_HOST="${WIN_HOST:-gen0sec@10.10.10.1}"
WIN_PORT="${WIN_PORT:-2222}"
WIN_DIR="${WIN_DIR:-C:\\Users\\gen0sec\\Desktop\\Shared\\synapse}"
SHARED_DIR="${SHARED_DIR:-/root/windows/shared/synapse}"
DENDRITE_DIR="${DENDRITE_DIR:-/root/dendrite}"
FEATURES="${FEATURES:---no-default-features}"

# Dependency versions
GIT_VERSION="${GIT_VERSION:-2.49.0}"
OPENSSL_VERSION="${OPENSSL_VERSION:-3_5_5}"
SCCACHE_VERSION="${SCCACHE_VERSION:-0.10.0}"
EBPF_VERSION="${EBPF_VERSION:-1.1.0}"
EBPF_RELEASE_TAG="${EBPF_RELEASE_TAG:-Release-v${EBPF_VERSION}}"
XDP_VERSION="${XDP_VERSION:-1.1.2}"

# Derived URLs
GIT_URL="https://github.com/git-for-windows/git/releases/download/v${GIT_VERSION}.windows.1/Git-${GIT_VERSION}-64-bit.exe"
OPENSSL_URL="https://slproweb.com/download/Win64OpenSSL-${OPENSSL_VERSION}.msi"
SCCACHE_URL="https://github.com/mozilla/sccache/releases/download/v${SCCACHE_VERSION}/sccache-v${SCCACHE_VERSION}-x86_64-pc-windows-msvc.zip"
SCCACHE_DIR_NAME="sccache-v${SCCACHE_VERSION}-x86_64-pc-windows-msvc"
EBPF_URL="https://github.com/microsoft/ebpf-for-windows/releases/download/${EBPF_RELEASE_TAG}/ebpf-for-windows.x64.${EBPF_VERSION}.msi"
XDP_URL="https://github.com/microsoft/xdp-for-windows/releases/download/v${XDP_VERSION}/xdp-for-windows.x64.${XDP_VERSION}.msi"

# SSH and remote paths
SSH="ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=120 -o ConnectTimeout=0 -p $WIN_PORT $WIN_HOST"
EXTRA_PATH='C:\Program Files\Git\cmd;%USERPROFILE%\.cargo\bin'
WIN_TARGET_DIR='C:\Users\gen0sec\synapse-target'
OPENSSL_DIR='C:\Program Files\OpenSSL-Win64'
OPENSSL_LIB_DIR='C:\Program Files\OpenSSL-Win64\lib\VC\x64\MD'
OPENSSL_INCLUDE_DIR='C:\Program Files\OpenSSL-Win64\include'

# ── Parse arguments ──────────────────────────────────────────────────

STEP=""
SKIP_SETUP=false
SKIP_SYNC=false

while [[ $# -gt 0 ]]; do
  case "$1" in
    --step)    STEP="$2"; shift 2 ;;
    --skip-setup) SKIP_SETUP=true; shift ;;
    --skip-sync)  SKIP_SYNC=true; shift ;;
    --help|-h)
      sed -n '2,/^set /{ /^#/s/^# \?//p }' "$0"
      exit 0
      ;;
    *) echo "Unknown argument: $1"; exit 1 ;;
  esac
done

# ── Helpers ──────────────────────────────────────────────────────────

run_win() {
  # CARGO_TARGET_DIR points to a local Windows path so build artifacts are
  # never written to the SMB-mounted shared volume (avoids Access Denied errors).
  $SSH "set \"PATH=$EXTRA_PATH;%PATH%\" && set \"CARGO_NET_GIT_FETCH_WITH_CLI=true\" && set \"OPENSSL_DIR=$OPENSSL_DIR\" && set \"OPENSSL_LIB_DIR=$OPENSSL_LIB_DIR\" && set \"OPENSSL_INCLUDE_DIR=$OPENSSL_INCLUDE_DIR\" && set \"OPENSSL_STATIC=1\" && set \"OPENSSL_NO_VENDOR=1\" && set \"RUSTC_WRAPPER=sccache\" && set \"CARGO_TARGET_DIR=$WIN_TARGET_DIR\" && $1" 2>&1
}

should_run() {
  [[ -z "$STEP" ]] || [[ "$STEP" == "$1" ]]
}

# ── Sync ─────────────────────────────────────────────────────────────

if ! $SKIP_SYNC; then
  echo "=== Syncing source to shared volume ==="
  rsync -a --delete --exclude='target' --exclude='.git' /root/synapse/ "$SHARED_DIR/"
  rsync -a --delete --exclude='target' --exclude='.git' "$DENDRITE_DIR/" "${SHARED_DIR}/../dendrite/"
  chown -R 1000:1000 "$SHARED_DIR" "${SHARED_DIR}/../dendrite"
fi

# ── Setup (prerequisites) ───────────────────────────────────────────

if ! $SKIP_SETUP && should_run setup; then
  echo ""
  echo "=== [0/6] Install prerequisites (git, openssl, sccache, ebpf) ==="
  # Git
  run_win "where git >nul 2>&1 || (curl -sL -o %TEMP%\git-installer.exe ${GIT_URL} && %TEMP%\git-installer.exe /VERYSILENT /NORESTART /NOCANCEL /SP- /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /COMPONENTS=\"icons,ext\reg\shellhere,assoc,assoc_sh\")"

  # Generate setup.ps1 with version variables interpolated
  cat > "$SHARED_DIR/setup.ps1" <<PSEOF
# Versions (injected from test_windows.sh)
\$OpenSSLUrl     = '${OPENSSL_URL}'
\$SccacheUrl     = '${SCCACHE_URL}'
\$SccacheDirName = '${SCCACHE_DIR_NAME}'
\$EbpfUrl        = '${EBPF_URL}'
\$EbpfVersion    = '${EBPF_VERSION}'
\$XdpUrl         = '${XDP_URL}'
\$XdpVersion     = '${XDP_VERSION}'

# Install prebuilt OpenSSL (avoids slow from-source build)
if (-not (Test-Path 'C:\Program Files\OpenSSL-Win64\lib')) {
  Write-Host "Installing OpenSSL..."
  \$msi = "\$env:TEMP\openssl.msi"
  Stop-Process -Name msiexec -ErrorAction SilentlyContinue
  Remove-Item \$msi -Force -ErrorAction SilentlyContinue
  Write-Host "Downloading OpenSSL..."
  \$ProgressPreference = 'SilentlyContinue'
  Invoke-WebRequest -Uri \$OpenSSLUrl -OutFile \$msi
  Write-Host "Downloaded \$((Get-Item \$msi).Length / 1MB) MB. Installing..."
  Start-Process msiexec -ArgumentList '/i',\$msi,'/quiet','/norestart' -Wait
  Remove-Item \$msi -Force -ErrorAction SilentlyContinue
  Write-Host "OpenSSL installed."
}
# Install sccache (caches compiled crates across runs)
# Use Test-Path rather than Get-Command so the check works regardless of PATH.
if (-not (Test-Path "\$env:USERPROFILE\.cargo\bin\sccache.exe")) {
  Write-Host "Installing sccache..."
  # Stop any running sccache server so the binary is not locked during copy.
  Stop-Process -Name sccache -Force -ErrorAction SilentlyContinue
  \$ProgressPreference = 'SilentlyContinue'
  Invoke-WebRequest -Uri \$SccacheUrl -OutFile "\$env:TEMP\sccache.zip"
  Expand-Archive -Path "\$env:TEMP\sccache.zip" -DestinationPath "\$env:USERPROFILE\.cargo\bin" -Force
  Copy-Item "\$env:USERPROFILE\.cargo\bin\\\$SccacheDirName\sccache.exe" "\$env:USERPROFILE\.cargo\bin\sccache.exe" -Force
  Remove-Item "\$env:USERPROFILE\.cargo\bin\\\$SccacheDirName" -Recurse -Force
  Remove-Item "\$env:TEMP\sccache.zip" -Force
  Write-Host "sccache installed."
}
# Enable test signing (required for eBPF kernel driver, needs reboot to take effect)
\$tsState = bcdedit 2>&1 | Select-String 'testsigning\s+Yes'
if (-not \$tsState) {
  Write-Host "Enabling test signing for eBPF driver support..."
  bcdedit /set testsigning on 2>&1 | Out-Null
  Write-Host "Test signing enabled. A REBOOT is required before eBPF drivers can load."
  Write-Host "Run this script again after rebooting."
}
# Install eBPF for Windows (provides ebpfapi.dll, ebpfsvc service, netsh ebpf commands)
# Note: Windows XDP (xdpapi.dll) is bundled with the eBPF MSI.
if (-not (Test-Path 'C:\Program Files\ebpf-for-windows\ebpfapi.dll') -and
    -not (Test-Path 'C:\Windows\System32\ebpfapi.dll')) {
  Write-Host "Installing eBPF for Windows v\$EbpfVersion..."
  \$ProgressPreference = 'SilentlyContinue'
  \$ebpfMsi = "\$env:TEMP\ebpf-for-windows.msi"
  try {
    Invoke-WebRequest -Uri \$EbpfUrl -OutFile \$ebpfMsi
    if (Test-Path \$ebpfMsi) {
      Start-Process msiexec -ArgumentList '/i',\$ebpfMsi,'/quiet','/norestart' -Wait
      Remove-Item \$ebpfMsi -Force -ErrorAction SilentlyContinue
      Write-Host "eBPF for Windows v\$EbpfVersion installed."
    } else {
      Write-Host "WARNING: Failed to download eBPF for Windows MSI."
    }
  } catch {
    Write-Host "WARNING: Failed to install eBPF for Windows: \$_"
  }
}
# Install Windows XDP driver (provides xdpapi.dll for AF_XDP packet capture)
if (-not (Test-Path 'C:\Windows\System32\xdpapi.dll')) {
  Write-Host "Installing Windows XDP v\$XdpVersion..."
  \$ProgressPreference = 'SilentlyContinue'
  \$xdpMsi = "\$env:TEMP\xdp-for-windows.msi"
  try {
    Invoke-WebRequest -Uri \$XdpUrl -OutFile \$xdpMsi
    if (Test-Path \$xdpMsi) {
      Start-Process msiexec -ArgumentList '/i',\$xdpMsi,'/quiet','/norestart' -Wait
      Remove-Item \$xdpMsi -Force -ErrorAction SilentlyContinue
      Write-Host "Windows XDP v\$XdpVersion installed."
    } else {
      Write-Host "WARNING: Failed to download Windows XDP MSI."
    }
  } catch {
    Write-Host "WARNING: Failed to install Windows XDP: \$_"
  }
}
# Persist PATH additions via registry
foreach (\$p in @('C:\Program Files\Git\cmd')) {
  \$cur = [Environment]::GetEnvironmentVariable('Path','User')
  if (\$cur -notlike "*\$p*") {
    [Environment]::SetEnvironmentVariable('Path', \$cur + ';' + \$p, 'User')
  }
}
PSEOF
  $SSH "powershell -ExecutionPolicy Bypass -File $WIN_DIR\\setup.ps1" 2>&1

  echo ""
  echo "=== Configure git for private deps ==="
  if [ -n "${REPO_ACCESS_TOKEN:-}" ]; then
    run_win "git config --global credential.helper \"\" && git config --global url.\"https://x-access-token:${REPO_ACCESS_TOKEN}@github.com/\".insteadOf \"https://github.com/\""
  else
    echo "WARNING: REPO_ACCESS_TOKEN not set, private git deps may fail"
  fi
fi

# ── Clean stale dendrite cache ───────────────────────────────────────

if should_run fmt || should_run clippy || should_run build || should_run test || should_run ebpf || [[ -z "$STEP" ]]; then
  echo ""
  echo "=== Clean stale dendrite cache ==="
  run_win "cd $WIN_DIR && cargo clean -p dendrite 2>nul" || true
fi

# ── Step 1: Formatting ──────────────────────────────────────────────

if should_run fmt; then
  echo ""
  echo "=== [1/6] Check formatting ==="
  run_win "cd $WIN_DIR && cargo fmt -- --check"
fi

# ── Step 2: Clippy ──────────────────────────────────────────────────

if should_run clippy; then
  echo ""
  echo "=== [2/6] Clippy ($FEATURES) ==="
  run_win "cd $WIN_DIR && cargo clippy $FEATURES --all-targets -- --deny warnings"
fi

# ── Step 3: Release build ───────────────────────────────────────────

if should_run build; then
  echo ""
  echo "=== [3/6] Build static exe ($FEATURES) ==="
  run_win "cd $WIN_DIR && cargo build --profile release-windows $FEATURES"

  echo ""
  echo "=== [4/6] Verify static linking ==="
  run_win "if exist $WIN_TARGET_DIR\\release-windows\\synapse.exe (dumpbin /dependents $WIN_TARGET_DIR\\release-windows\\synapse.exe)" || echo "  (dumpbin not available, skipping)"
fi

# ── Step 5: Tests ───────────────────────────────────────────────────

if should_run test; then
  echo ""
  echo "=== [5/6] Test ($FEATURES) ==="
  run_win "cd $WIN_DIR && cargo test $FEATURES"
fi

# ── Step 6: eBPF privileged tests ───────────────────────────────────

if should_run ebpf; then
  echo ""
  echo "=== [6/6] eBPF/XDP privileged tests (requires drivers) ==="
  run_win "cd $WIN_DIR && cargo test $FEATURES --test e2e_test -- windows_ebpf --ignored" || echo "  (some eBPF tests failed or drivers not available — non-blocking)"
fi

echo ""
echo "=== All Windows checks passed ==="