technofab/nixtest
1
0
Fork 0
mirror of https://gitlab.com/TECHNOFAB/nixtest.git synced 2025-12-12 02:00:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: run script tests in temp dirs for slightly better sandboxing

Browse source
This commit is contained in:
technofab 2025-09-02 13:22:28 +02:00
parent c9298b91f4
commit 5741109cc9
No known key found for this signature in database
3 changed files with 15 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

9
internal/nix/service.go
View file

@ -3,6 +3,7 @@ package nix
import ( import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"fmt"
"os" "os"
"os/exec" "os/exec"
"strings" "strings"
@ -79,6 +80,13 @@ func (s *DefaultService) BuildAndRunScript(derivation string, impureEnv bool) (e
return exitCode, "", "", err return exitCode, "", "", err
} }
// run scripts in a temporary directory
tempDir, err := os.MkdirTemp("", "nixtest-script-")
if err != nil {
return exitCode, "", "", &apperrors.ScriptExecutionError{Path: path, Err: fmt.Errorf("failed to create temporary directory: %w", err)}
}
defer os.RemoveAll(tempDir)
var cmdArgs []string var cmdArgs []string
if impureEnv { if impureEnv {
cmdArgs = []string{"bash", path} cmdArgs = []string{"bash", path}
@ -87,6 +95,7 @@ func (s *DefaultService) BuildAndRunScript(derivation string, impureEnv bool) (e
} }
cmd := s.commandExecutor(cmdArgs[0], cmdArgs[1:]...) cmd := s.commandExecutor(cmdArgs[0], cmdArgs[1:]...)
cmd.Dir = tempDir
var outBuf, errBuf bytes.Buffer var outBuf, errBuf bytes.Buffer
cmd.Stdout = &outBuf cmd.Stdout = &outBuf
cmd.Stderr = &errBuf cmd.Stderr = &errBuf

10
lib/scriptHelpers.sh
View file

@ -35,16 +35,6 @@ function assert_file_not_contains() {
} }
} }
function tmpdir() {
dir=$(mktemp -d)
trap "rm -rf $dir" EXIT
echo -n "$dir"
}
function tmpfile() {
file=$(mktemp)
trap "rm -f $file" EXIT
echo -n "$file"
}
function run() { function run() {
output=$($@ 2>&1) output=$($@ 2>&1)
exit_code=$? exit_code=$?

12
tests/lib_test.nix
View file

@ -70,21 +70,21 @@
in in
# sh # sh
'' ''
${ntlib.helpers.path [pkgs.gnugrep pkgs.mktemp]} ${ntlib.helpers.path [pkgs.gnugrep pkgs.mktemp pkgs.coreutils]}
${ntlib.helpers.scriptHelpers} ${ntlib.helpers.scriptHelpers}
cp -r ${./../snapshots} snapshots
TMPDIR=$(tmpdir)
# start without nix & env binaries to expect errors # start without nix & env binaries to expect errors
run "${binary} --junit=$TMPDIR/junit.xml" run "${binary} --junit=junit.xml"
assert "$exit_code -eq 2" "should exit 2" assert "$exit_code -eq 2" "should exit 2"
assert "-f $TMPDIR/junit.xml" "should create junit.xml" assert "-f junit.xml" "should create junit.xml"
assert_contains "$output" "executable file not found" "nix should not be found in pure mode" assert_contains "$output" "executable file not found" "nix should not be found in pure mode"
# now add required deps # now add required deps
${ntlib.helpers.pathAdd [pkgs.nix pkgs.coreutils]} ${ntlib.helpers.pathAdd [pkgs.nix pkgs.coreutils]}
run "${binary} --junit=$TMPDIR/junit2.xml" run "${binary} --junit=junit2.xml"
assert "$exit_code -eq 2" "should exit 2" assert "$exit_code -eq 2" "should exit 2"
assert "-f $TMPDIR/junit2.xml" "should create junit2.xml" assert "-f junit2.xml" "should create junit2.xml"
assert_not_contains "$output" "executable file not found" "nix should now exist" assert_not_contains "$output" "executable file not found" "nix should now exist"
assert_contains "$output" "suite-one" "should contain suite-one" assert_contains "$output" "suite-one" "should contain suite-one"
assert_contains "$output" "8/11 (1 SKIPPED)" "should be 8/11 total" assert_contains "$output" "8/11 (1 SKIPPED)" "should be 8/11 total"