test(integration): skip sandbox-escape suite under act_runner
The Gitea CI runner shares the host docker socket but not its filesystem, so pipelock_tls_init's host bind-mount path for CA files is invisible to the runner container — the same constraint that already gates the other bottle-bringup integration tests. PRD 0022's test suite was missing this guard; it failed on the post-merge main build with "pipelock tls init did not produce ca files". Mirror the existing skipIf pattern at the class level. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -50,6 +50,13 @@ _FAKE_SECRETS = {
|
|||||||
|
|
||||||
|
|
||||||
@skip_unless_docker()
|
@skip_unless_docker()
|
||||||
|
@unittest.skipIf(
|
||||||
|
os.environ.get("GITEA_ACTIONS") == "true",
|
||||||
|
"skipped under act_runner: pipelock_tls_init uses a host bind mount "
|
||||||
|
"the runner container can't see, and the network topology hides "
|
||||||
|
"sibling-sidecar visibility — same constraint as the other "
|
||||||
|
"bottle-bringup integration tests",
|
||||||
|
)
|
||||||
class TestSandboxEscape(unittest.TestCase):
|
class TestSandboxEscape(unittest.TestCase):
|
||||||
"""End-to-end attacks against a real bottle. The bottle stays
|
"""End-to-end attacks against a real bottle. The bottle stays
|
||||||
up for the whole class — bringup is ~10-30s, so per-test
|
up for the whole class — bringup is ~10-30s, so per-test
|
||||||
|
|||||||
Reference in New Issue
Block a user