From 8ae94384f22d421953b85c32bf1c790582786005 Mon Sep 17 00:00:00 2001 From: Mathieu Larose Date: Wed, 11 Mar 2026 13:28:08 -0400 Subject: [PATCH] Enable sudo test --- .github/workflows/ci.yml | 2 +- Makefile | 8 ++++---- tests/audit.sh | 4 ++-- tests/block-dns-any.sh | 4 ++-- tests/block.sh | 18 +++++++++--------- tests/docker-block.sh | 4 ++-- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b8f6cae..6e7c652 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: test-integration-block-dns-any, test-integration-docker-block, ] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 10 permissions: contents: write diff --git a/Makefile b/Makefile index 40cbc11..deeff1f 100644 --- a/Makefile +++ b/Makefile @@ -21,19 +21,19 @@ test.integration: test.integration.block test.integration.audit test.integration .PHONY: test.integration.block test.integration.block: - sudo bash tests/block.sh + bash tests/block.sh .PHONY: test.integration.audit test.integration.audit: - sudo bash tests/audit.sh + bash tests/audit.sh .PHONY: test.integration.docker-block test.integration.docker-block: - sudo bash tests/docker-block.sh + bash tests/docker-block.sh .PHONY: test.integration.block-dns-any test.integration.block-dns-any: - sudo bash tests/block-dns-any.sh + bash tests/block-dns-any.sh # All tests - For local development with no agent running .PHONY: test diff --git a/tests/audit.sh b/tests/audit.sh index 0c057a0..b010716 100644 --- a/tests/audit.sh +++ b/tests/audit.sh @@ -6,10 +6,10 @@ set -x SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" -mkdir -p /var/log/gha-agent +sudo mkdir -p /var/log/gha-agent # Start the agent in audit mode -"$PROJECT_DIR/agent" \ +sudo "$PROJECT_DIR/agent" \ --egress-policy=audit \ --dns-policy=allowed-domains-only \ --allowed-domains="*.google.com" \ diff --git a/tests/block-dns-any.sh b/tests/block-dns-any.sh index b84eb8a..8f81072 100644 --- a/tests/block-dns-any.sh +++ b/tests/block-dns-any.sh @@ -6,10 +6,10 @@ set -x SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" -mkdir -p /var/log/gha-agent +sudo mkdir -p /var/log/gha-agent # Start the agent with dns-policy=any -"$PROJECT_DIR/agent" \ +sudo "$PROJECT_DIR/agent" \ --egress-policy=block \ --dns-policy=any \ --allowed-domains="*.google.com" \ diff --git a/tests/block.sh b/tests/block.sh index 93921cc..da4e443 100644 --- a/tests/block.sh +++ b/tests/block.sh @@ -6,10 +6,10 @@ set -x SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" -mkdir -p /var/log/gha-agent +sudo mkdir -p /var/log/gha-agent # Start the agent -"$PROJECT_DIR/agent" \ +sudo "$PROJECT_DIR/agent" \ --egress-policy=block \ --dns-policy=allowed-domains-only \ --allowed-domains="*.google.com" \ @@ -69,15 +69,15 @@ if ! timeout 5 dig @1.1.1.1 www.google.com; then exit 1 fi -# # === Sudo Tests === -# echo "=== Sudo Tests ===" +# === Sudo Tests === +echo "=== Sudo Tests ===" -# if sudo -n true 2>/dev/null; then -# echo "Expected sudo to fail, but it succeeded" -# exit 1 -# fi +if sudo -n true 2>/dev/null; then + echo "Expected sudo to fail, but it succeeded" + exit 1 +fi echo "" echo "==========================================" echo "Block mode tests passed successfully!" -echo "==========================================" \ No newline at end of file +echo "==========================================" diff --git a/tests/docker-block.sh b/tests/docker-block.sh index 995a18e..c164eec 100644 --- a/tests/docker-block.sh +++ b/tests/docker-block.sh @@ -6,10 +6,10 @@ set -x SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" -mkdir -p /var/log/gha-agent +sudo mkdir -p /var/log/gha-agent # Start the agent -"$PROJECT_DIR/agent" \ +sudo "$PROJECT_DIR/agent" \ --egress-policy=block \ --dns-policy=allowed-domains-only \ --allowed-domains="*.docker.io,docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com,production.cloudflare.docker.com,www.google.com" \