From 37211dfd220e4024f0b5479d3df87923ae315585 Mon Sep 17 00:00:00 2001 From: Marco Allegretti Date: Sun, 22 Feb 2026 20:11:09 +0100 Subject: [PATCH] fix CI: fmt, skip migrate readonly test as root, fix container shell - Run cargo fmt on skip_if_root() blocks - Add skip_if_root() to migrate_atomic_version_unchanged_on_write_failure - Add libc dev-dependency to karapace-store for root check - Remove explicit shell: sh from container rustup steps (OCI exec can't find sh in PATH; default run shell works) --- .github/workflows/ci.yml | 8 +++--- Cargo.lock | 1 + crates/karapace-core/tests/integration.rs | 32 +++++++++++++++++------ crates/karapace-store/Cargo.toml | 3 +++ crates/karapace-store/tests/migration.rs | 6 +++++ 5 files changed, 38 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f91cd72..4d0a8b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -67,9 +67,9 @@ jobs: run: zypper install -y gcc make curl gzip tar xz - name: Install Rust (container) if: matrix.container != '' - shell: sh run: | - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $RUST_TOOLCHAIN --profile minimal + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${{ env.RUST_TOOLCHAIN }} --profile minimal + . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: dtolnay/rust-toolchain@stable if: matrix.container == '' @@ -150,9 +150,9 @@ jobs: - name: Install prerequisites run: ${{ matrix.setup }} - name: Install Rust - shell: sh run: | - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $RUST_TOOLCHAIN --profile minimal + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${{ env.RUST_TOOLCHAIN }} --profile minimal + . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: Swatinem/rust-cache@v2 - name: Enable user namespaces diff --git a/Cargo.lock b/Cargo.lock index 853e541..9dc1d47 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1198,6 +1198,7 @@ dependencies = [ "chrono", "fs2", "karapace-schema", + "libc", "serde", "serde_json", "tar", diff --git a/crates/karapace-core/tests/integration.rs b/crates/karapace-core/tests/integration.rs index cb6bc7d..799a784 100644 --- a/crates/karapace-core/tests/integration.rs +++ b/crates/karapace-core/tests/integration.rs @@ -1379,7 +1379,9 @@ fn gc_is_idempotent_after_partial_run() { // M6.2: Object read fails gracefully on permission denied #[test] fn object_get_fails_on_permission_denied() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let layout = StoreLayout::new(store.path()); layout.initialize().unwrap(); @@ -1401,7 +1403,9 @@ fn object_get_fails_on_permission_denied() { // M6.2: Metadata write fails gracefully on read-only store #[test] fn metadata_put_fails_on_read_only_dir() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let layout = StoreLayout::new(store.path()); layout.initialize().unwrap(); @@ -1605,7 +1609,9 @@ fn stale_running_marker_cleaned_on_engine_new() { #[test] fn build_on_readonly_objects_dir_returns_error() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let project = tempfile::tempdir().unwrap(); @@ -1630,7 +1636,9 @@ fn build_on_readonly_objects_dir_returns_error() { #[test] fn build_on_readonly_metadata_dir_returns_error() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let project = tempfile::tempdir().unwrap(); @@ -1653,7 +1661,9 @@ fn build_on_readonly_metadata_dir_returns_error() { #[test] fn commit_on_readonly_layers_dir_returns_error() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let project = tempfile::tempdir().unwrap(); let engine = Engine::new(store.path()); @@ -1692,7 +1702,9 @@ fn commit_on_readonly_layers_dir_returns_error() { #[test] fn write_failure_never_panics() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let layout = StoreLayout::new(store.path()); layout.initialize().unwrap(); @@ -2114,7 +2126,9 @@ backend = "mock" #[test] fn wal_write_fails_on_readonly_dir() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let layout = StoreLayout::new(store.path()); layout.initialize().unwrap(); @@ -2138,7 +2152,9 @@ fn wal_write_fails_on_readonly_dir() { #[test] fn build_fails_cleanly_when_wal_dir_is_readonly() { - if skip_if_root() { return; } + if skip_if_root() { + return; + } let store = tempfile::tempdir().unwrap(); let project = tempfile::tempdir().unwrap(); diff --git a/crates/karapace-store/Cargo.toml b/crates/karapace-store/Cargo.toml index ba94b52..32ea7b4 100644 --- a/crates/karapace-store/Cargo.toml +++ b/crates/karapace-store/Cargo.toml @@ -20,3 +20,6 @@ chrono.workspace = true tar.workspace = true tracing.workspace = true karapace-schema = { path = "../karapace-schema" } + +[dev-dependencies] +libc.workspace = true diff --git a/crates/karapace-store/tests/migration.rs b/crates/karapace-store/tests/migration.rs index f3e5f9f..174a357 100644 --- a/crates/karapace-store/tests/migration.rs +++ b/crates/karapace-store/tests/migration.rs @@ -218,6 +218,12 @@ fn migrate_rejects_future_version() { fn migrate_atomic_version_unchanged_on_write_failure() { use std::os::unix::fs::PermissionsExt; + // Root bypasses filesystem permission checks — skip in containers + #[allow(unsafe_code)] + if unsafe { libc::getuid() } == 0 { + return; + } + let dir = tempfile::tempdir().unwrap(); create_v1_store(dir.path(), 1);