From: Simon Ruderich <simon@ruderich.org>
Date: Sat, 1 Nov 2025 07:40:42 +0000 (+0100)
Subject: tests: run tests outside of CI when non-root
X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=a8e7e025789749d54123f208f51f21ee59f5699a;p=safcm%2Fsafcm.git

tests: run tests outside of CI when non-root

Non-root users cannot modify the system. So these tests can be safely
run even outside of the CI.
---

diff --git a/cmd/safcm/main_sync_test.go b/cmd/safcm/main_sync_test.go
index d09baf8..8bb860c 100644
--- a/cmd/safcm/main_sync_test.go
+++ b/cmd/safcm/main_sync_test.go
@@ -77,7 +77,9 @@ func TestSyncSshEndToEnd(t *testing.T) {
 	ft.CreateFile("no-changes.example.org/permissions.yaml",
 		noChangePermissions, 0644)
 
-	skipUnlessCiRun := len(os.Getenv("SAFCM_CI_RUN")) == 0
+	ciRun := len(os.Getenv("SAFCM_CI_RUN")) != 0
+	isRoot := os.Getuid() == 0
+	skipUnlessHarmless := !(ciRun || !isRoot)
 
 	tests := []struct {
 		name   string
@@ -140,8 +142,8 @@ func TestSyncSshEndToEnd(t *testing.T) {
 			nil,
 		},
 
-		// NOTE: We use -n on regular runs to prevent changing anything
-		// important on the host when running as root!
+		// NOTE: We use -n on regular runs when running as root to prevent
+		// changing anything important on the host
 
 		{
 			"no changes (dry-run)",
@@ -170,7 +172,7 @@ func TestSyncSshEndToEnd(t *testing.T) {
 		},
 		{
 			"no changes",
-			skipUnlessCiRun,
+			skipUnlessHarmless,
 			true,
 			[]string{"no-changes.example.org"},
 			`<LOG>[info]    [no-changes.example.org] remote helper upload in progress
@@ -180,7 +182,7 @@ func TestSyncSshEndToEnd(t *testing.T) {
 		},
 		{
 			"no changes (-log debug2)",
-			skipUnlessCiRun,
+			skipUnlessHarmless,
 			true,
 			[]string{"-log", "debug2", "no-changes.example.org"},
 			`<LOG>[info]    [no-changes.example.org] remote helper upload in progress
diff --git a/remote/sync/files_test.go b/remote/sync/files_test.go
index 51b9c56..2472a15 100644
--- a/remote/sync/files_test.go
+++ b/remote/sync/files_test.go
@@ -25,9 +25,17 @@ func TestSyncFiles(t *testing.T) {
 	}
 	user, uid, group, gid := ft.CurrentUserAndGroup()
 
-	skipUnlessCiRun := len(os.Getenv("SAFCM_CI_RUN")) == 0
-
-	tmpTestFilePath := "/tmp/safcm-sync-files-test-file"
+	ciRun := len(os.Getenv("SAFCM_CI_RUN")) != 0
+	isRoot := os.Getuid() == 0
+	skipUnlessHarmless := !(ciRun || !isRoot)
+
+	tmpTestFilePath := "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file"
+	_, err := os.Stat(tmpTestFilePath)
+	if err == nil {
+		// Very unlikely, but just in case
+		t.Fatalf("%q already exists, aborting to prevent data loss",
+			tmpTestFilePath)
+	}
 
 	tests := []struct {
 		name        string
@@ -243,7 +251,7 @@ func TestSyncFiles(t *testing.T) {
 			// Use numeric IDs as not all systems use root/root; for example
 			// BSDs use root/wheel.
 			"absolute paths: no change",
-			skipUnlessCiRun,
+			skipUnlessHarmless,
 			safcm.MsgSyncReq{
 				Files: map[string]*safcm.File{
 					"/": {
@@ -719,7 +727,7 @@ func TestSyncFiles(t *testing.T) {
 
 		{
 			"triggers: absolute paths",
-			skipUnlessCiRun,
+			skipUnlessHarmless,
 			safcm.MsgSyncReq{
 				Files: map[string]*safcm.File{
 					"/": {
@@ -759,7 +767,7 @@ func TestSyncFiles(t *testing.T) {
 				"/",
 				"/tmp",
 				// Don't use variable for more robust test
-				"/tmp/safcm-sync-files-test-file",
+				"/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file",
 			},
 			[]ft.File{
 				root,
@@ -767,7 +775,7 @@ func TestSyncFiles(t *testing.T) {
 			safcm.MsgSyncResp{
 				FileChanges: []safcm.FileChange{
 					{
-						Path:    "/tmp/safcm-sync-files-test-file",
+						Path:    "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file",
 						Created: true,
 						New: safcm.FileChangeInfo{
 							Mode:  0600,
@@ -782,13 +790,13 @@ func TestSyncFiles(t *testing.T) {
 			[]string{
 				`4: files: "/" (group): unchanged`,
 				`4: files: "/tmp" (group): unchanged`,
-				`4: files: "/tmp/safcm-sync-files-test-file" (group): will create`,
-				`3: files: "/tmp/safcm-sync-files-test-file" (group): creating`,
-				`4: files: "/tmp/safcm-sync-files-test-file" (group): creating temporary file "/tmp/.safcm-sync-files-test-file*"`,
-				`4: files: "/tmp/safcm-sync-files-test-file" (group): renaming "/tmp/.safcm-sync-files-test-fileRND"`,
-				`3: files: "/tmp/safcm-sync-files-test-file": queuing trigger on "/"`,
-				`3: files: "/tmp/safcm-sync-files-test-file": queuing trigger on "/tmp"`,
-				`3: files: "/tmp/safcm-sync-files-test-file": queuing trigger on "/tmp/safcm-sync-files-test-file"`,
+				`4: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file" (group): will create`,
+				`3: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file" (group): creating`,
+				`4: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file" (group): creating temporary file "/tmp/.kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file*"`,
+				`4: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file" (group): renaming "/tmp/.kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-fileRND"`,
+				`3: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file": queuing trigger on "/"`,
+				`3: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file": queuing trigger on "/tmp"`,
+				`3: files: "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file": queuing trigger on "/tmp/kjn8W3OR4LFwo4Iw7YLY5-safcm-sync-files-test-file"`,
 			},
 			nil,
 		},