Conversation
This commit introduces several refinements to the integration test suite
to enhance its reliability, isolation, and accuracy across various scenarios.
- Improve test isolation by ensuring `HOME` and `XDG_CONFIG_HOME` are explicitly
set for relevant profile and client startup tests.
- Robustly handle optional pack installations (e.g., `always-further/claude`)
in client startup tests, including verification logic to prevent failures
in CI environments.
- Correct various test assertions to align with expected behavior and system
limitations:
- Assert audit session creation for read-only paths, as these do not create
rollback snapshots.
- Update the expected behavior for broad `/sys` directory access, which
should not be granted by default.
- Clarify that Landlock's `--block-net` does not filter ICMP traffic, updating
the ping test to skip instead of fail.
- Update expected warning messages for skipped non-existent file grants.
- Refine expectations for default and verbose dry-run output, focusing on
capability provenance for optional profile paths.
- Enhance the build setup for test execution by making the determination of the
target release directory more robust.
Signed-off-by: Luke Hinds <lukehinds@gmail.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request enhances the integration test suite by improving environment isolation and updating test expectations to align with current behavior. Key updates include setting local HOME and XDG_CONFIG_HOME directories for tests, refining the handling of the claude pack in startup tests, and adjusting assertions for network filtering and system path access. Feedback was provided regarding the use of cp -R in test setup, suggesting more robust alternatives like cp -a to prevent inconsistent directory nesting in CI environments.
| REAL_LOCKFILE="${XDG_CONFIG_HOME:-$HOME/.config}/nono/packages/lockfile.json" | ||
| if [[ ! -f "$PACK_DIR/package.json" && -f "$REAL_PACK_DIR/package.json" && -f "$REAL_LOCKFILE" ]]; then | ||
| mkdir -p "$(dirname "$PACK_DIR")" | ||
| cp -R "$REAL_PACK_DIR" "$PACK_DIR" |
There was a problem hiding this comment.
The cp -R command can behave inconsistently if the destination directory already exists (it may create a nested directory). While CLIENT_HOME is intended to be fresh, using cp -a or ensuring the destination is clean before copying would be more robust for CI environments.
1 participant
This commit introduces several refinements to the integration test suite to enhance its reliability, isolation, and accuracy across various scenarios.
HOMEandXDG_CONFIG_HOMEare explicitly set for relevant profile and client startup tests.always-further/claude) in client startup tests, including verification logic to prevent failures in CI environments./sysdirectory access, which should not be granted by default.--block-netdoes not filter ICMP traffic, updating the ping test to skip instead of fail.Closes #938