From ea7695d9d001de8a1e178e3728cc353ba904431b Mon Sep 17 00:00:00 2001 From: didericis Date: Sat, 9 May 2026 02:19:06 -0400 Subject: [PATCH] test: skip docker-topology-sensitive tests under Gitea Actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two integration tests fail when run inside act_runner because the job container shares the host's docker socket — networks created on the host daemon aren't always visible in-process, and ports published by sibling containers aren't reachable on the job's 127.0.0.1. Skip them when GITEA_ACTIONS=true. Document the limitation in docs/ci.md as a follow-up to revisit. Assisted-by: Claude Code --- docs/ci.md | 18 ++++++++++++++++++ tests/test_orphan_cleanup.py | 5 +++++ tests/test_pipelock_sidecar_smoke.py | 5 +++++ 3 files changed, 28 insertions(+) diff --git a/docs/ci.md b/docs/ci.md index 2ddcf4a..01c9392 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -9,6 +9,24 @@ It runs `tests/run_tests.py` (full suite — unit + integration) on: Integration tests need Docker on the runner; they skip cleanly via `tests/_docker.skip_unless_docker` when no daemon is reachable. +A small subset of integration tests skip when running specifically +under Gitea Actions (`GITEA_ACTIONS=true`), because `act_runner` runs +the job inside a container with the host's `/var/run/docker.sock` +mounted in. That topology breaks two assumptions those tests make: + +- networks created via the host daemon aren't always visible to a + same-process `docker network ls` call from inside the job container, + and +- ports published by sibling containers land on the host's loopback, + not on the job container's `127.0.0.1` — so HTTP probes against + `http://127.0.0.1:` from inside the job time out. + +The affected tests (`test_orphan_cleanup.test_create_and_remove`, +`test_pipelock_sidecar_smoke.test_smoke`) still run locally where the +test process and Docker daemon share a host. Making them work in CI +is a follow-up: either re-write them to discover container IPs via +`docker inspect`, or reconfigure the runner with host networking. + ## Branch protection on `main` Branch protection is **not** captured in tree — Gitea applies it via diff --git a/tests/test_orphan_cleanup.py b/tests/test_orphan_cleanup.py index bb2382e..847f63b 100644 --- a/tests/test_orphan_cleanup.py +++ b/tests/test_orphan_cleanup.py @@ -36,6 +36,11 @@ class TestOrphanCleanup(unittest.TestCase): # Returning True == idempotent success. self.assertTrue(network_remove(f"claude-bottle-net-{self.slug}-does-not-exist")) + @unittest.skipIf( + os.environ.get("GITEA_ACTIONS") == "true", + "skipped under act_runner: docker socket mount topology breaks " + "in-process visibility of networks created on the host daemon", + ) def test_create_and_remove(self): self.internal_name = network_create_internal(self.slug) self.egress_name = network_create_egress(self.slug) diff --git a/tests/test_pipelock_sidecar_smoke.py b/tests/test_pipelock_sidecar_smoke.py index 8cffd76..8fe5101 100644 --- a/tests/test_pipelock_sidecar_smoke.py +++ b/tests/test_pipelock_sidecar_smoke.py @@ -31,6 +31,11 @@ class TestPipelockSidecarSmoke(unittest.TestCase): ) shutil.rmtree(self.work_dir, ignore_errors=True) + @unittest.skipIf( + os.environ.get("GITEA_ACTIONS") == "true", + "skipped under act_runner: published port is on the host's " + "loopback, not reachable from the job container's 127.0.0.1", + ) def test_smoke(self): yaml_path = self.work_dir / "pipelock.yaml" pipelock_write_yaml(fixture_minimal(), "dev", yaml_path)