From 5741109cc9ec2b6d41b56abd3f5bc51ed7a9a228 Mon Sep 17 00:00:00 2001 From: technofab Date: Tue, 2 Sep 2025 13:22:28 +0200 Subject: [PATCH] feat: run script tests in temp dirs for slightly better sandboxing --- internal/nix/service.go | 9 +++++++++ lib/scriptHelpers.sh | 10 ---------- tests/lib_test.nix | 12 ++++++------ 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/internal/nix/service.go b/internal/nix/service.go index 3c8effd..40461f9 100644 --- a/internal/nix/service.go +++ b/internal/nix/service.go @@ -3,6 +3,7 @@ package nix import ( "bytes" "encoding/json" + "fmt" "os" "os/exec" "strings" @@ -79,6 +80,13 @@ func (s *DefaultService) BuildAndRunScript(derivation string, impureEnv bool) (e return exitCode, "", "", err } + // run scripts in a temporary directory + tempDir, err := os.MkdirTemp("", "nixtest-script-") + if err != nil { + return exitCode, "", "", &apperrors.ScriptExecutionError{Path: path, Err: fmt.Errorf("failed to create temporary directory: %w", err)} + } + defer os.RemoveAll(tempDir) + var cmdArgs []string if impureEnv { cmdArgs = []string{"bash", path} @@ -87,6 +95,7 @@ func (s *DefaultService) BuildAndRunScript(derivation string, impureEnv bool) (e } cmd := s.commandExecutor(cmdArgs[0], cmdArgs[1:]...) + cmd.Dir = tempDir var outBuf, errBuf bytes.Buffer cmd.Stdout = &outBuf cmd.Stderr = &errBuf diff --git a/lib/scriptHelpers.sh b/lib/scriptHelpers.sh index 0b59829..b1e3514 100644 --- a/lib/scriptHelpers.sh +++ b/lib/scriptHelpers.sh @@ -35,16 +35,6 @@ function assert_file_not_contains() { } } -function tmpdir() { - dir=$(mktemp -d) - trap "rm -rf $dir" EXIT - echo -n "$dir" -} -function tmpfile() { - file=$(mktemp) - trap "rm -f $file" EXIT - echo -n "$file" -} function run() { output=$($@ 2>&1) exit_code=$? diff --git a/tests/lib_test.nix b/tests/lib_test.nix index cdd8386..969e9a2 100644 --- a/tests/lib_test.nix +++ b/tests/lib_test.nix @@ -70,21 +70,21 @@ in # sh '' - ${ntlib.helpers.path [pkgs.gnugrep pkgs.mktemp]} + ${ntlib.helpers.path [pkgs.gnugrep pkgs.mktemp pkgs.coreutils]} ${ntlib.helpers.scriptHelpers} + cp -r ${./../snapshots} snapshots - TMPDIR=$(tmpdir) # start without nix & env binaries to expect errors - run "${binary} --junit=$TMPDIR/junit.xml" + run "${binary} --junit=junit.xml" assert "$exit_code -eq 2" "should exit 2" - assert "-f $TMPDIR/junit.xml" "should create junit.xml" + assert "-f junit.xml" "should create junit.xml" assert_contains "$output" "executable file not found" "nix should not be found in pure mode" # now add required deps ${ntlib.helpers.pathAdd [pkgs.nix pkgs.coreutils]} - run "${binary} --junit=$TMPDIR/junit2.xml" + run "${binary} --junit=junit2.xml" assert "$exit_code -eq 2" "should exit 2" - assert "-f $TMPDIR/junit2.xml" "should create junit2.xml" + assert "-f junit2.xml" "should create junit2.xml" assert_not_contains "$output" "executable file not found" "nix should now exist" assert_contains "$output" "suite-one" "should contain suite-one" assert_contains "$output" "8/11 (1 SKIPPED)" "should be 8/11 total"