release-it 19.0.0-next.1 → 19.0.0-next.3

package/test/gitlab.js

@@ -1,7 +1,6 @@
 import fs from 'node:fs';
-import test from 'ava';
-import sinon from 'sinon';
-import nock from 'nock';
+import test, { before, after, afterEach, beforeEach, describe } from 'node:test';
+import assert from 'node:assert/strict';
 import { Agent } from 'undici';
 import Git from '../lib/plugin/git/Git.js';
 import GitLab from '../lib/plugin/gitlab/GitLab.js';
@@ -13,405 +12,444 @@ import {
   interceptPublish,
   interceptAsset,
   interceptAssetGeneric,
-  interceptMilestones
+  interceptMilestones,
+  interceptMembers
 } from './stub/gitlab.js';
+import { mockFetch } from './util/mock.js';
 
-const tokenHeader = 'Private-Token';
-const tokenRef = 'GITLAB_TOKEN';
+describe('GitLab', () => {
+  const tokenHeader = 'Private-Token';
+  const tokenRef = 'GITLAB_TOKEN';
+  const certificateAuthorityFileRef = 'CI_SERVER_TLS_CA_FILE';
 
-test.serial('should validate token', async t => {
-  const tokenRef = 'MY_GITLAB_TOKEN';
-  const pushRepo = 'https://gitlab.com/user/repo';
-  const options = { gitlab: { release: true, tokenRef, tokenHeader, pushRepo } };
-  const gitlab = factory(GitLab, { options });
-  delete process.env[tokenRef];
+  const [mocker, api, example, local] = mockFetch([
+    'https://gitlab.com/api/v4',
+    'https://gitlab.example.org/api/v4',
+    'https://localhost:3000/api/v4'
+  ]);
 
-  await t.throwsAsync(gitlab.init(), {
-    message: /^Environment variable "MY_GITLAB_TOKEN" is required for GitLab releases/
+  before(() => {
+    mocker.mockGlobal();
   });
-  process.env[tokenRef] = '123';
 
-  interceptUser(undefined, { reqheaders: { 'private-token': '123' } });
-  interceptCollaborator(undefined, { reqheaders: { 'private-token': '123' } });
-  await t.notThrowsAsync(gitlab.init());
-});
+  let originalEnv;
+  beforeEach(() => {
+    originalEnv = process.env;
+    process.env = { ...originalEnv };
 
-test.serial('should support CI Job token header', async t => {
-  const tokenRef = 'CI_JOB_TOKEN';
-  const tokenHeader = 'Job-Token';
-  process.env[tokenRef] = 'j0b-t0k3n';
-  const pushRepo = 'https://gitlab.com/user/repo';
-  const options = { git: { pushRepo }, gitlab: { release: true, tokenRef, tokenHeader } };
-  const gitlab = factory(GitLab, { options });
+    process.env[tokenRef] = '123';
+  });
 
-  interceptPublish(undefined, { reqheaders: { 'job-token': '1' } });
+  afterEach(() => {
+    if (originalEnv !== undefined) process.env = originalEnv;
+    mocker.clearAll();
+  });
 
-  await t.notThrowsAsync(gitlab.init());
+  after(() => {
+    mocker.unmockGlobal();
+  });
 
-  delete process.env[tokenRef];
-});
+  test('should validate token', async () => {
+    const tokenRef = 'MY_GITLAB_TOKEN';
+    const pushRepo = 'https://gitlab.com/user/repo';
+    const options = { gitlab: { release: true, tokenRef, tokenHeader, pushRepo } };
+    const gitlab = factory(GitLab, { options });
+    delete process.env[tokenRef];
 
-test.serial('should upload assets and release', async t => {
-  const pushRepo = 'https://gitlab.com/user/repo';
-  const options = {
-    git: { pushRepo },
-    gitlab: {
-      tokenRef,
-      release: true,
-      releaseName: 'Release ${version}',
-      releaseNotes: 'echo Custom notes',
-      assets: 'test/resources/file-v${version}.txt',
-      milestones: ['${version}', '${latestVersion} UAT']
-    }
-  };
-  const gitlab = factory(GitLab, { options });
-  sinon.stub(gitlab, 'getLatestVersion').resolves('2.0.0');
-
-  const git = factory(Git);
-  const ref = (await git.getBranchName()) ?? 'HEAD';
-
-  interceptUser();
-  interceptCollaborator();
-  interceptMilestones({
-    query: { title: '2.0.1' },
-    milestones: [
-      {
-        id: 17,
-        iid: 3,
-        title: '2.0.1'
-      }
-    ]
+    await assert.rejects(gitlab.init(), /Environment variable "MY_GITLAB_TOKEN" is required for GitLab releases/);
+
+    process.env[tokenRef] = '123';
+
+    interceptUser(api, { headers: { 'private-token': '123' } });
+    interceptCollaborator(api, { headers: { 'private-token': '123' } });
+    await assert.doesNotReject(gitlab.init());
   });
-  interceptMilestones({
-    query: { title: '2.0.0 UAT' },
-    milestones: [
-      {
-        id: 42,
-        iid: 4,
-        title: '2.0.0 UAT'
-      }
-    ]
+
+  test('should support CI Job token header', async () => {
+    const tokenRef = 'CI_JOB_TOKEN';
+    const tokenHeader = 'Job-Token';
+    process.env[tokenRef] = 'j0b-t0k3n';
+    const pushRepo = 'https://gitlab.com/user/repo';
+    const options = { git: { pushRepo }, gitlab: { release: true, tokenRef, tokenHeader } };
+    const gitlab = factory(GitLab, { options });
+
+    interceptPublish(api, { headers: { 'job-token': '1' } });
+
+    await assert.doesNotReject(gitlab.init());
+
+    delete process.env[tokenRef];
   });
-  interceptAsset();
-  interceptPublish({
-    body: {
-      name: 'Release 2.0.1',
-      ref,
-      tag_name: '2.0.1',
-      tag_message: 'Release 2.0.1',
-      description: 'Custom notes',
-      assets: {
-        links: [
-          {
-            name: 'file-v2.0.1.txt',
-            url: `${pushRepo}/uploads/7e8bec1fe27cc46a4bc6a91b9e82a07c/file-v2.0.1.txt`
-          }
-        ]
-      },
-      milestones: ['2.0.1', '2.0.0 UAT']
-    }
+
+  test('should upload assets and release', async t => {
+    const pushRepo = 'https://gitlab.com/user/repo';
+    const options = {
+      git: { pushRepo },
+      gitlab: {
+        tokenRef,
+        release: true,
+        releaseName: 'Release ${version}',
+        releaseNotes: 'echo Custom notes',
+        assets: 'test/resources/file-v${version}.txt',
+        milestones: ['${version}', '${latestVersion} UAT']
+      }
+    };
+    const gitlab = factory(GitLab, { options });
+    t.mock.method(gitlab, 'getLatestVersion', () => Promise.resolve('2.0.0'));
+
+    const git = factory(Git);
+    const ref = (await git.getBranchName()) ?? 'HEAD';
+
+    interceptUser(api);
+    interceptCollaborator(api);
+    interceptMilestones(api, { query: { title: '2.0.1' }, milestones: [{ id: 17, iid: 3, title: '2.0.1' }] });
+    interceptMilestones(api, { query: { title: '2.0.0 UAT' }, milestones: [{ id: 42, iid: 4, title: '2.0.0 UAT' }] });
+    interceptAsset(api);
+    interceptPublish(api, {
+      body: {
+        name: 'Release 2.0.1',
+        ref,
+        tag_name: '2.0.1',
+        tag_message: 'Release 2.0.1',
+        description: 'Custom notes',
+        assets: {
+          links: [
+            { name: 'file-v2.0.1.txt', url: `${pushRepo}/uploads/7e8bec1fe27cc46a4bc6a91b9e82a07c/file-v2.0.1.txt` }
+          ]
+        },
+        milestones: ['2.0.1', '2.0.0 UAT']
+      }
+    });
+
+    await runTasks(gitlab);
+
+    assert.equal(gitlab.assets[0].url, `${pushRepo}/uploads/7e8bec1fe27cc46a4bc6a91b9e82a07c/file-v2.0.1.txt`);
+    const { isReleased, releaseUrl } = gitlab.getContext();
+    assert(isReleased);
+    assert.equal(releaseUrl, `${pushRepo}/-/releases/2.0.1`);
   });
 
-  await runTasks(gitlab);
+  test('should upload assets with ID-based URLs', async t => {
+    const host = 'https://gitlab.com';
+    const pushRepo = `${host}/user/repo`;
+    const options = {
+      git: { pushRepo },
+      gitlab: {
+        tokenRef,
+        release: true,
+        assets: 'test/resources/file-v${version}.txt',
+        useIdsForUrls: true
+      }
+    };
 
-  t.is(gitlab.assets[0].url, `${pushRepo}/uploads/7e8bec1fe27cc46a4bc6a91b9e82a07c/file-v2.0.1.txt`);
-  const { isReleased, releaseUrl } = gitlab.getContext();
-  t.true(isReleased);
-  t.is(releaseUrl, `${pushRepo}/-/releases/2.0.1`);
-});
+    const gitlab = factory(GitLab, { options });
+    t.mock.method(gitlab, 'getLatestVersion', () => Promise.resolve('2.0.0'));
 
-test.serial('should upload assets with ID-based URLs too', async t => {
-  const host = 'https://gitlab.com';
-  const pushRepo = `${host}/user/repo`;
-  const options = {
-    git: { pushRepo },
-    gitlab: {
-      tokenRef,
-      release: true,
-      assets: 'test/resources/file-v${version}.txt',
-      useIdsForUrls: true
-    }
-  };
-  const gitlab = factory(GitLab, { options });
-  sinon.stub(gitlab, 'getLatestVersion').resolves('2.0.0');
-
-  interceptUser();
-  interceptCollaborator();
-  interceptAsset();
-  interceptPublish();
-
-  await runTasks(gitlab);
-
-  t.is(gitlab.assets[0].url, `${host}/-/project/1234/uploads/7e8bec1fe27cc46a4bc6a91b9e82a07c/file-v2.0.1.txt`);
-});
+    interceptUser(api);
+    interceptCollaborator(api);
+    interceptAsset(api);
+    interceptPublish(api);
 
-test.serial('should upload assets to generic repo', async t => {
-  const host = 'https://gitlab.com';
-  const pushRepo = `${host}/user/repo`;
-  const options = {
-    git: { pushRepo },
-    gitlab: {
-      tokenRef,
-      release: true,
-      assets: 'test/resources/file-v${version}.txt',
-      useGenericPackageRepositoryForAssets: true,
-      genericPackageRepositoryName: 'release-it'
-    }
-  };
-  const gitlab = factory(GitLab, { options });
-  sinon.stub(gitlab, 'getLatestVersion').resolves('2.0.0');
-
-  interceptUser();
-  interceptCollaborator();
-  interceptAssetGeneric();
-  interceptPublish();
-
-  await runTasks(gitlab);
-
-  t.is(gitlab.assets[0].url, `${host}/api/v4/projects/user%2Frepo/packages/generic/release-it/2.0.1/file-v2.0.1.txt`);
-});
+    await runTasks(gitlab);
+
+    assert.equal(
+      gitlab.assets[0].url,
+      `${host}/-/project/1234/uploads/7e8bec1fe27cc46a4bc6a91b9e82a07c/file-v2.0.1.txt`
+    );
+  });
 
-test.serial('should throw when release milestone is missing', async t => {
-  const pushRepo = 'https://gitlab.com/user/repo';
-  const options = {
-    git: { pushRepo },
-    gitlab: {
-      tokenRef,
-      release: true,
-      milestones: ['${version}', '${latestVersion} UAT']
-    }
-  };
-  const gitlab = factory(GitLab, { options });
-  sinon.stub(gitlab, 'getLatestVersion').resolves('2.0.0');
-
-  interceptUser();
-  interceptCollaborator();
-  interceptMilestones({
-    query: { title: '2.0.1' },
-    milestones: [
-      {
-        id: 17,
-        iid: 3,
-        title: '2.0.1'
+  test('should upload assets to generic repo', async t => {
+    const host = 'https://gitlab.com';
+    const pushRepo = `${host}/user/repo`;
+    const options = {
+      git: { pushRepo },
+      gitlab: {
+        tokenRef,
+        release: true,
+        assets: 'test/resources/file-v${version}.txt',
+        useGenericPackageRepositoryForAssets: true,
+        genericPackageRepositoryName: 'release-it'
       }
-    ]
+    };
+    const gitlab = factory(GitLab, { options });
+    t.mock.method(gitlab, 'getLatestVersion', () => Promise.resolve('2.0.0'));
+
+    interceptUser(api);
+    interceptCollaborator(api);
+    interceptAssetGeneric(api);
+    interceptPublish(api);
+
+    await runTasks(gitlab);
+
+    assert.equal(
+      gitlab.assets[0].url,
+      `${host}/api/v4/projects/user%2Frepo/packages/generic/release-it/2.0.1/file-v2.0.1.txt`
+    );
   });
-  interceptMilestones({
-    query: { title: '2.0.0 UAT' },
-    milestones: []
+
+  test('should throw when release milestone is missing', async t => {
+    const pushRepo = 'https://gitlab.com/user/repo';
+    const options = {
+      git: { pushRepo },
+      gitlab: {
+        tokenRef,
+        release: true,
+        milestones: ['${version}', '${latestVersion} UAT']
+      }
+    };
+    const gitlab = factory(GitLab, { options });
+    t.mock.method(gitlab, 'getLatestVersion', () => Promise.resolve('2.0.0'));
+
+    interceptUser(api);
+    interceptCollaborator(api);
+    interceptMilestones(api, { query: { title: '2.0.1' }, milestones: [{ id: 17, iid: 3, title: '2.0.1' }] });
+    interceptMilestones(api, { query: { title: '2.0.0 UAT' }, milestones: [] });
+
+    await assert.rejects(
+      runTasks(gitlab),
+      /Missing one or more milestones in GitLab. Creating a GitLab release will fail./
+    );
   });
 
-  await t.throwsAsync(runTasks(gitlab), {
-    message: /^Missing one or more milestones in GitLab. Creating a GitLab release will fail./
+  test('should release to self-managed host', async t => {
+    const host = 'https://gitlab.example.org';
+    const options = {
+      git: { pushRepo: `${host}/user/repo` },
+      gitlab: { releaseName: 'Release ${version}', releaseNotes: 'echo readme', tokenRef }
+    };
+    const gitlab = factory(GitLab, { options });
+    t.mock.method(gitlab, 'getLatestVersion', () => Promise.resolve('1.0.0'));
+
+    interceptUser(example);
+    interceptCollaborator(example);
+    interceptPublish(example);
+
+    await runTasks(gitlab);
+
+    const { origin, baseUrl } = gitlab.getContext();
+    assert.equal(origin, host);
+    assert.equal(baseUrl, `${host}/api/v4`);
   });
-});
 
-test.serial('should release to self-managed host', async t => {
-  const host = 'https://gitlab.example.org';
-  const scope = nock(host);
-  scope.post('/api/v4/projects/user%2Frepo/releases').reply(200, {});
-  const options = {
-    git: { pushRepo: `${host}/user/repo` },
-    gitlab: { releaseName: 'Release ${version}', releaseNotes: 'echo readme', tokenRef }
-  };
-  const gitlab = factory(GitLab, { options });
-  sinon.stub(gitlab, 'getLatestVersion').resolves('1.0.0');
-
-  interceptUser({ host });
-  interceptCollaborator({ host });
-
-  await runTasks(gitlab);
-
-  const { origin, baseUrl } = gitlab.getContext();
-  t.is(origin, host);
-  t.is(baseUrl, `${host}/api/v4`);
-});
+  test('should release to sub-grouped repo', async () => {
+    const options = { gitlab: { tokenRef }, git: { pushRepo: 'git@gitlab.com:group/sub-group/repo.git' } };
+    const gitlab = factory(GitLab, { options });
 
-test.serial('should release to sub-grouped repo', async t => {
-  const scope = nock('https://gitlab.com');
-  scope.post('/api/v4/projects/group%2Fsub-group%2Frepo/releases').reply(200, {});
-  const options = { gitlab: { tokenRef }, git: { pushRepo: 'git@gitlab.com:group/sub-group/repo.git' } };
-  const gitlab = factory(GitLab, { options });
+    interceptUser(api, { owner: 'sub-group' });
+    interceptCollaborator(api, { owner: 'sub-group', group: 'group' });
+    interceptPublish(api, { owner: 'group', project: 'sub-group%2Frepo' });
 
-  interceptUser({ owner: 'sub-group' });
-  interceptCollaborator({ owner: 'sub-group', group: 'group' });
+    await runTasks(gitlab);
 
-  await runTasks(gitlab);
+    const { isReleased, releaseUrl } = gitlab.getContext();
+    assert(isReleased);
+    assert.match(releaseUrl, /https:\/\/gitlab.com\/group\/sub-group(\/|%2F)repo\/-\/releases\//);
+  });
 
-  const { isReleased, releaseUrl } = gitlab.getContext();
-  t.true(isReleased);
-  t.regex(releaseUrl, /https:\/\/gitlab.com\/group\/sub-group\/repo\/-\/releases\//);
-});
+  test('should throw for unauthenticated user', async () => {
+    const host = 'https://gitlab.com';
+    const pushRepo = `${host}/user/repo`;
+    const options = { gitlab: { tokenRef, pushRepo, host } };
+    const gitlab = factory(GitLab, { options });
 
-test.serial('should throw for unauthenticated user', async t => {
-  const host = 'https://gitlab.com';
-  const pushRepo = `${host}/user/repo`;
-  const options = { gitlab: { tokenRef, pushRepo, host } };
-  const gitlab = factory(GitLab, { options });
-  const scope = nock(host);
-  scope.get(`/api/v4/user`).reply(401);
+    api.get('/user', { status: 401 });
 
-  await t.throwsAsync(runTasks(gitlab), {
-    message: /^Could not authenticate with GitLab using environment variable "GITLAB_TOKEN"/
+    await assert.rejects(
+      runTasks(gitlab),
+      /Could not authenticate with GitLab using environment variable "GITLAB_TOKEN"/
+    );
   });
-});
 
-test.serial('should throw for non-collaborator', async t => {
-  const host = 'https://gitlab.com';
-  const pushRepo = `${host}/john/repo`;
-  const options = { gitlab: { tokenRef, pushRepo, host } };
-  const gitlab = factory(GitLab, { options });
-  const scope = nock(host);
-  scope.get(`/api/v4/projects/john%2Frepo/members/all/1`).reply(200, { username: 'emma' });
-  interceptUser({ owner: 'john' });
+  test('should throw for non-collaborator', async () => {
+    const host = 'https://gitlab.com';
+    const pushRepo = `${host}/john/repo`;
+    const options = { gitlab: { tokenRef, pushRepo, host } };
+    const gitlab = factory(GitLab, { options });
 
-  await t.throwsAsync(runTasks(gitlab), { message: /^User john is not a collaborator for john\/repo/ });
-});
+    interceptMembers(api, { owner: 'emma' });
+    interceptUser(api, { owner: 'john' });
 
-test.serial('should throw for insufficient access level', async t => {
-  const host = 'https://gitlab.com';
-  const pushRepo = `${host}/john/repo`;
-  const options = { gitlab: { tokenRef, pushRepo, host } };
-  const gitlab = factory(GitLab, { options });
-  const scope = nock(host);
-  scope.get(`/api/v4/projects/john%2Frepo/members/all/1`).reply(200, { username: 'john', access_level: 10 });
-  interceptUser({ owner: 'john' });
+    await assert.rejects(runTasks(gitlab), /User john is not a collaborator for john\/repo/);
+  });
 
-  await t.throwsAsync(runTasks(gitlab), { message: /^User john is not a collaborator for john\/repo/ });
-});
+  test('should throw for insufficient access level', async () => {
+    const host = 'https://gitlab.com';
+    const pushRepo = `${host}/john/repo`;
+    const options = { gitlab: { tokenRef, pushRepo, host } };
+    const gitlab = factory(GitLab, { options });
 
-test('should not make requests in dry run', async t => {
-  const [host, owner, repo] = ['https://gitlab.example.org', 'user', 'repo'];
-  const pushRepo = `${host}/${owner}/${repo}`;
-  const options = { 'dry-run': true, git: { pushRepo }, gitlab: { releaseName: 'R', tokenRef } };
-  const gitlab = factory(GitLab, { options });
-  sinon.stub(gitlab, 'getLatestVersion').resolves('1.0.0');
+    interceptMembers(api, { owner: 'john', access_level: 10 });
+    interceptUser(api, { owner: 'john' });
 
-  await runTasks(gitlab);
+    await assert.rejects(runTasks(gitlab), /User john is not a collaborator for john\/repo/);
+  });
 
-  const { isReleased, releaseUrl } = gitlab.getContext();
+  test('should not make requests in dry run', async t => {
+    const [host, owner, repo] = ['https://gitlab.example.org', 'user', 'repo'];
+    const pushRepo = `${host}/${owner}/${repo}`;
+    const options = { 'dry-run': true, git: { pushRepo }, gitlab: { releaseName: 'R', tokenRef } };
+    const gitlab = factory(GitLab, { options });
+    t.mock.method(gitlab, 'getLatestVersion', () => Promise.resolve('1.0.0'));
 
-  t.is(gitlab.log.exec.args[2][0], 'gitlab releases#uploadAssets');
-  t.is(gitlab.log.exec.args[3][0], 'gitlab releases#createRelease "R" (1.0.1)');
-  t.true(isReleased);
-  t.is(releaseUrl, `${pushRepo}/-/releases/1.0.1`);
-});
+    await runTasks(gitlab);
 
-test('should skip checks', async t => {
-  const options = { gitlab: { tokenRef, skipChecks: true, release: true, milestones: ['v1.0.0'] } };
-  const gitlab = factory(GitLab, { options });
+    const { isReleased, releaseUrl } = gitlab.getContext();
 
-  await t.notThrowsAsync(gitlab.init());
-  await t.notThrowsAsync(gitlab.beforeRelease());
+    assert.equal(gitlab.log.exec.mock.calls[2].arguments[0], 'gitlab releases#uploadAssets');
+    assert.equal(gitlab.log.exec.mock.calls[3].arguments[0], 'gitlab releases#createRelease "R" (1.0.1)');
+    assert(isReleased);
+    assert.equal(releaseUrl, `${pushRepo}/-/releases/1.0.1`);
+  });
 
-  t.is(gitlab.log.exec.args.filter(entry => /checkReleaseMilestones/.test(entry[0])).length, 0);
-});
+  test('should skip checks', async () => {
+    const options = { gitlab: { tokenRef, skipChecks: true, release: true, milestones: ['v1.0.0'] } };
+    const gitlab = factory(GitLab, { options });
 
-test.serial('should not create fetch agent', t => {
-  const options = { gitlab: {} };
-  const gitlab = factory(GitLab, { options });
+    await assert.doesNotReject(gitlab.init());
+    await assert.doesNotReject(gitlab.beforeRelease());
 
-  t.deepEqual(gitlab.certificateAuthorityOption, {});
-});
+    assert.equal(
+      gitlab.log.exec.mock.calls
+        .flatMap(call => call.arguments)
+        .filter(entry => /checkReleaseMilestones/.test(entry[0])).length,
+      0
+    );
+  });
 
-test.serial('should create fetch agent if secure == false', t => {
-  const options = { gitlab: { secure: false } };
-  const gitlab = factory(GitLab, { options });
-  const { dispatcher } = gitlab.certificateAuthorityOption;
+  test('should not create fetch agent', () => {
+    const options = { gitlab: {} };
+    const gitlab = factory(GitLab, { options });
 
-  t.true(dispatcher instanceof Agent, "Fetch dispatcher should be an instance of undici's Agent class");
+    assert.deepEqual(gitlab.certificateAuthorityOption, {});
+  });
 
-  const kOptions = Object.getOwnPropertySymbols(dispatcher).find(symbol => symbol.description === 'options');
-  t.deepEqual(dispatcher[kOptions].connect, { rejectUnauthorized: false, ca: undefined });
-});
+  test('should create fetch agent if secure == false', () => {
+    const options = { gitlab: { secure: false } };
+    const gitlab = factory(GitLab, { options });
+    const { dispatcher } = gitlab.certificateAuthorityOption;
 
-test.serial('should create fetch agent if certificateAuthorityFile', t => {
-  const sandbox = sinon.createSandbox();
-  sandbox.stub(fs, 'readFileSync').returns('test certificate');
+    assert(dispatcher instanceof Agent, "Fetch dispatcher should be an instance of undici's Agent class");
 
-  const options = { gitlab: { certificateAuthorityFile: 'cert.crt' } };
-  const gitlab = factory(GitLab, { options });
-  const { dispatcher } = gitlab.certificateAuthorityOption;
+    const kOptions = Object.getOwnPropertySymbols(dispatcher).find(symbol => symbol.description === 'options');
+    assert.deepEqual(dispatcher[kOptions].connect, { rejectUnauthorized: false, ca: undefined });
+  });
 
-  t.true(dispatcher instanceof Agent, "Fetch dispatcher should be an instance of undici's Agent class");
+  test('should create fetch agent if certificateAuthorityFile', t => {
+    const readFileSync = t.mock.method(fs, 'readFileSync', () => 'test certificate');
 
-  const kOptions = Object.getOwnPropertySymbols(dispatcher).find(symbol => symbol.description === 'options');
-  t.deepEqual(dispatcher[kOptions].connect, { rejectUnauthorized: undefined, ca: 'test certificate' });
+    const options = { gitlab: { certificateAuthorityFile: 'cert.crt' } };
+    const gitlab = factory(GitLab, { options });
+    const { dispatcher } = gitlab.certificateAuthorityOption;
 
-  sandbox.restore();
-});
+    assert(dispatcher instanceof Agent, "Fetch dispatcher should be an instance of undici's Agent class");
 
-test.serial('should throw for insecure connections to self-hosted instances', async t => {
-  const host = 'https://localhost:3000';
+    const kOptions = Object.getOwnPropertySymbols(dispatcher).find(symbol => symbol.description === 'options');
+    assert.deepEqual(dispatcher[kOptions].connect, { rejectUnauthorized: undefined, ca: 'test certificate' });
+
+    readFileSync.mock.restore();
+  });
 
-  const options = {
-    git: { pushRepo: `${host}/user/repo` },
-    gitlab: { host, tokenRef, origin: host }
-  };
-  const gitlab = factory(GitLab, { options });
-  const server = new GitlabTestServer();
+  test('should create fetch agent if CI_SERVER_TLS_CA_FILE env is set', t => {
+    const readFileSync = t.mock.method(fs, 'readFileSync', () => 'test certificate');
+    process.env[certificateAuthorityFileRef] = 'ca.crt';
 
-  t.teardown(async () => {
-    nock.disableNetConnect();
-    await server.stop();
+    const options = { gitlab: {} };
+    const gitlab = factory(GitLab, { options });
+    const { dispatcher } = gitlab.certificateAuthorityOption;
+
+    assert(dispatcher instanceof Agent, "Fetch dispatcher should be an instance of undici's Agent class");
+
+    const kOptions = Object.getOwnPropertySymbols(dispatcher).find(symbol => symbol.description === 'options');
+    assert.deepEqual(dispatcher[kOptions].connect, { rejectUnauthorized: undefined, ca: 'test certificate' });
+
+    readFileSync.mock.restore();
   });
 
-  await server.run();
-  nock.enableNetConnect();
+  test('should create fetch agent if certificateAuthorityFileRef env is set', t => {
+    const readFileSync = t.mock.method(fs, 'readFileSync', () => 'test certificate');
+    process.env['GITLAB_CA_FILE'] = 'custom-ca.crt';
+
+    const options = { gitlab: { certificateAuthorityFileRef: 'GITLAB_CA_FILE' } };
+    const gitlab = factory(GitLab, { options });
+    const { dispatcher } = gitlab.certificateAuthorityOption;
 
-  await t.throwsAsync(gitlab.init(), {
-    message: /^Could not authenticate with GitLab using environment variable "GITLAB_TOKEN"/
+    assert(dispatcher instanceof Agent, "Fetch dispatcher should be an instance of undici's Agent class");
+
+    const kOptions = Object.getOwnPropertySymbols(dispatcher).find(symbol => symbol.description === 'options');
+    assert.deepEqual(dispatcher[kOptions].connect, { rejectUnauthorized: undefined, ca: 'test certificate' });
+
+    readFileSync.mock.restore();
   });
-});
 
-test.serial('should succesfully connect to self-hosted instance if insecure connection allowed', async t => {
-  const host = 'https://localhost:3000';
-
-  const options = {
-    git: { pushRepo: `${host}/user/repo` },
-    gitlab: {
-      host,
-      tokenRef,
-      origin: host,
-      secure: false
-    }
-  };
-  const gitlab = factory(GitLab, { options });
-  const server = new GitlabTestServer();
-
-  t.teardown(async () => {
-    nock.disableNetConnect();
-    await server.stop();
+  test('should throw for insecure connections to self-hosted instances', async t => {
+    const host = 'https://localhost:3000';
+
+    const options = {
+      git: { pushRepo: `${host}/user/repo` },
+      gitlab: { host, tokenRef, origin: host }
+    };
+    const gitlab = factory(GitLab, { options });
+    const server = new GitlabTestServer();
+
+    t.after(async () => {
+      await server.stop();
+    });
+
+    await server.run();
+
+    await assert.rejects(gitlab.init(), /Could not authenticate with GitLab using environment variable "GITLAB_TOKEN"/);
   });
 
-  await server.run();
-  nock.enableNetConnect();
+  test('should succesfully connect to self-hosted instance if insecure connection allowed', async t => {
+    const host = 'https://localhost:3000';
 
-  await t.notThrowsAsync(gitlab.init());
-});
+    const options = {
+      git: { pushRepo: `${host}/user/repo` },
+      gitlab: {
+        host,
+        tokenRef,
+        origin: host,
+        secure: false
+      }
+    };
+    const gitlab = factory(GitLab, { options });
+    const server = new GitlabTestServer();
 
-test.serial('should succesfully connect to self-hosted instance with valid CA file', async t => {
-  const host = 'https://localhost:3000';
-
-  const options = {
-    git: { pushRepo: `${host}/user/repo` },
-    gitlab: {
-      host,
-      tokenRef,
-      origin: host,
-      certificateAuthorityFile: 'test/util/https-server/client/my-private-root-ca.cert.pem'
-    }
-  };
-  const gitlab = factory(GitLab, { options });
-  const server = new GitlabTestServer();
-
-  t.teardown(async () => {
-    nock.disableNetConnect();
-    await server.stop();
+    t.after(async () => {
+      await server.stop();
+    });
+
+    await server.run();
+
+    interceptUser(local);
+    interceptCollaborator(local);
+
+    await assert.doesNotReject(gitlab.init());
   });
 
-  await server.run();
-  nock.enableNetConnect();
+  test('should succesfully connect to self-hosted instance with valid CA file', async t => {
+    const host = 'https://localhost:3000';
+
+    const options = {
+      git: { pushRepo: `${host}/user/repo` },
+      gitlab: {
+        host,
+        tokenRef,
+        origin: host,
+        certificateAuthorityFile: 'test/util/https-server/client/my-private-root-ca.cert.pem'
+      }
+    };
+    const gitlab = factory(GitLab, { options });
+    const server = new GitlabTestServer();
 
-  await t.notThrowsAsync(gitlab.init());
+    t.after(async () => {
+      await server.stop();
+    });
+
+    await server.run();
+
+    interceptUser(local);
+    interceptCollaborator(local);
+
+    await assert.doesNotReject(gitlab.init());
+  });
 });