add jq smoke check with retry

Co-authored-by: Cursor <cursoragent@cursor.com>

.gitea/workflows/deploy-my-vpn.yml

@@ -7,18 +7,44 @@ on:
 
 jobs:
   deploy:
-    runs-on: [linux, x64, server-2]
+    runs-on: ubuntu-latest
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Unit tests
+        run: |
+          python3 -m unittest discover -s tests
+
+      - name: Install jq
+        run: |
+          apt-get update -y
+          apt-get install -y jq
+
       - name: Deploy via SSH
         env:
           VPN_HOST: ${{ secrets.VPN_HOST }}
           VPN_USER: ${{ secrets.VPN_USER }}
           VPN_SSH_KEY: ${{ secrets.TEST_KEY }}
         run: |
+          set -euo pipefail
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
-          echo "$VPN_SSH_KEY" > ~/.ssh/id_ci_runner
+          printf '%s' "$VPN_SSH_KEY" > ~/.ssh/id_ci_runner
           chmod 600 ~/.ssh/id_ci_runner
-          ssh-keyscan -H "$VPN_HOST" >> ~/.ssh/known_hosts
+          VPN_USER="$(printf '%s' "$VPN_USER" | tr -d '\r\n')"
+          VPN_HOST="$(printf '%s' "$VPN_HOST" | tr -d '\r\n')"
+          echo "using user=${VPN_USER} host=${VPN_HOST}"
+          ssh-keyscan -H "$VPN_HOST" >> ~/.ssh/known_hosts || true
+          ssh-keygen -lf ~/.ssh/id_ci_runner
+          ssh -o BatchMode=yes -o ConnectTimeout=10 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_ci_runner "${VPN_USER}@${VPN_HOST}" "echo ok"
 
-          ssh -i ~/.ssh/id_ci_runner "$VPN_USER@$VPN_HOST" "cd /srv/ip-ua && git fetch --all && git reset --hard origin/main && bash deploy/my-vpn/deploy.sh"
+          ssh -o BatchMode=yes -o ConnectTimeout=10 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_ci_runner "${VPN_USER}@${VPN_HOST}" "cd /srv/ip-ua && git fetch --all && git reset --hard origin/main && bash deploy/my-vpn/deploy.sh"
+          for i in $(seq 1 10); do
+            if curl -fsS "http://${VPN_HOST}" -o /tmp/resp.json; then
+              break
+            fi
+            sleep 2
+          done
+          jq -e '.ip and .user_agent and .method and .path and .timestamp' /tmp/resp.json >/dev/null
+          echo "smoke ok"

app.py

@@ -5,20 +5,32 @@ from datetime import datetime, timezone
 from http.server import BaseHTTPRequestHandler, HTTPServer
 
 
+def build_payload(headers, client_ip, method, path, now=None):
+    if now is None:
+        now = datetime.now(timezone.utc)
+
+    forwarded = headers.get("X-Forwarded-For", "")
+    ip = forwarded.split(",")[0].strip() if forwarded else client_ip
+
+    return {
+        "ip": ip,
+        "user_agent": headers.get("User-Agent", ""),
+        "method": method,
+        "path": path,
+        "timestamp": now.isoformat(),
+        "headers": dict(headers),
+    }
+
+
 class Handler(BaseHTTPRequestHandler):
     def _write_json(self, status=200):
-        client_ip = self.headers.get("X-Forwarded-For", "").split(",")[0].strip()
+        headers = {k: v for k, v in self.headers.items()}
-        if not client_ip:
+        payload = build_payload(
-            client_ip = self.client_address[0]
+            headers=headers,
-
+            client_ip=self.client_address[0],
-        payload = {
+            method=self.command,
-            "ip": client_ip,
+            path=self.path,
-            "user_agent": self.headers.get("User-Agent", ""),
+        )
-            "method": self.command,
-            "path": self.path,
-            "timestamp": datetime.now(timezone.utc).isoformat(),
-            "headers": {k: v for k, v in self.headers.items()},
-        }
 
         data = json.dumps(payload, ensure_ascii=False).encode("utf-8")
         self.send_response(status)

tests/test_app.py

@@ -0,0 +1,40 @@
+import unittest
+from datetime import datetime, timezone
+
+from app import build_payload
+
+
+class TestBuildPayload(unittest.TestCase):
+    def test_uses_forwarded_ip(self):
+        now = datetime(2026, 2, 6, 0, 0, 0, tzinfo=timezone.utc)
+        payload = build_payload(
+            headers={"X-Forwarded-For": "10.0.0.1, 10.0.0.2", "User-Agent": "ua"},
+            client_ip="192.168.0.10",
+            method="GET",
+            path="/",
+            now=now,
+        )
+        self.assertEqual(payload["ip"], "10.0.0.1")
+        self.assertEqual(payload["user_agent"], "ua")
+        self.assertEqual(payload["method"], "GET")
+        self.assertEqual(payload["path"], "/")
+        self.assertEqual(payload["timestamp"], "2026-02-06T00:00:00+00:00")
+
+    def test_falls_back_to_client_ip(self):
+        now = datetime(2026, 2, 6, 0, 0, 0, tzinfo=timezone.utc)
+        payload = build_payload(
+            headers={"User-Agent": "ua"},
+            client_ip="192.168.0.10",
+            method="POST",
+            path="/submit",
+            now=now,
+        )
+        self.assertEqual(payload["ip"], "192.168.0.10")
+        self.assertEqual(payload["user_agent"], "ua")
+        self.assertEqual(payload["method"], "POST")
+        self.assertEqual(payload["path"], "/submit")
+        self.assertEqual(payload["timestamp"], "2026-02-06T00:00:00+00:00")
+
+
+if __name__ == "__main__":
+    unittest.main()