didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

test(integration): skip sandbox-escape suite under act_runner
test / unit (pull_request) Successful in 18s
Details
test / integration (pull_request) Successful in 1m10s
Details

Browse Source 
The Gitea CI runner shares the host docker socket but not its
filesystem, so pipelock_tls_init's host bind-mount path for CA
files is invisible to the runner container — the same constraint
that already gates the other bottle-bringup integration tests.

PRD 0022's test suite was missing this guard; it failed on the
post-merge main build with "pipelock tls init did not produce ca
files". Mirror the existing skipIf pattern at the class level.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-05-26 23:03:57 -04:00
parent 20f83ff0f3
commit 5c17fcdf90
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/integration/test_sandbox_escape.py
+7
View File
@@ -50,6 +50,13 @@ _FAKE_SECRETS = {
@skip_unless_docker()
@unittest.skipIf(
os.environ.get("GITEA_ACTIONS") == "true",
"skipped under act_runner: pipelock_tls_init uses a host bind mount "
"the runner container can't see, and the network topology hides "
"sibling-sidecar visibility — same constraint as the other "
"bottle-bringup integration tests",
)
class TestSandboxEscape(unittest.TestCase):
"""End-to-end attacks against a real bottle. The bottle stays
up for the whole class — bringup is ~10-30s, so per-test