Skip to content

[ca] Fix permission test when running as root #6768

New issue
New issue
Closed
Closed
[ca] Fix permission test when running as root#6768
Assignees
mnkiefercopilot-swe-agent
@github-actions

Description

@github-actions
github-actions
bot
opened on Dec 17, 2025

Summary

This PR fixes a test failure that occurs when running tests as root (e.g., in Docker containers).

CI Failures Discovered

The CI workflow run #163 failed with the following test error:

  • TestCopyMarkdownFiles_ErrorScenarios/permission_denied_on_target_directory - Expected an error when writing to a read-only directory, but got none

Root Cause

The test failure occurs because:

  1. The test creates a read-only directory (chmod 0444) and expects write operations to fail
  2. When running as root, Unix permission checks are bypassed - root can write to read-only directories
  3. This is a common issue with permission-based tests in containerized environments

Fixes Applied

1. Test Fix

  • File: pkg/cli/commands_utils_test.go
  • Change: Added root user check to skip permission test when os.Geteuid() == 0
  • Rationale: Permission tests cannot reliably work when running as root, so they should be skipped in that environment

2. Workflow Recompilation

  • Recompiled all workflow lock files to ensure they're up to date with the latest changes
  • 32 lock files were updated during recompilation

Verification

All CI checks now pass:

  • make fmt - Code formatting passed
  • make lint - All linters passed (golangci-lint, prettier, etc.)
  • make test-unit - All unit tests passed (including the fixed test)
  • make test-js - All JavaScript tests passed (2218 tests)
  • make recompile - All 116 workflows compiled successfully

Related

  • Triggered by: CI Run #163
  • Test file: pkg/cli/commands_utils_test.go
  • Similar pattern: This is a well-known testing pattern - permission tests should skip when running as root

Testing

The fix was validated by:

  1. Running the specific failing test - now properly skips when root
  2. Running all unit tests - all pass
  3. Running all JavaScript tests - all pass
  4. Recompiling all workflows - successful

AI generated by Hourly CI Cleaner

Note

This was originally intended as a pull request, but the git push operation failed.

Workflow Run: View run details and download patch artifact

The patch file is available as an artifact (aw.patch) in the workflow run linked above.
To apply the patch locally:

# Download the artifact from the workflow run https://github.com/githubnext/gh-aw/actions/runs/20314221260
# (Use GitHub MCP tools if gh CLI is not available)
gh run download 20314221260 -n aw.patch
# Apply the patch
git am aw.patch
Show patch preview (500 of 860 lines) 
From 33d22e655cfdac9b0d4f9e2508af5c85c43ab170 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Dec 2025 11:07:37 -0800
Subject: [PATCH 1/2] Add generic int/bool config parsers with overflow
 protection (#6759)

* Initial plan

* Add ParseIntFromConfig and ParseBoolFromConfig generic helpers

- Add ParseIntFromConfig to handle int, int64, float64, and uint64 types
- Add ParseBoolFromConfig to handle boolean values
- Add comprehensive unit tests (13 test cases for int, 10 for bool)
- All tests pass and code is properly formatted

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>

* Fix integer overflow security vulnerabilities in config parsers

- Add overflow protection in ParseIntFromConfig for uint64 to int conversions
- Add overflow protection in parseExpiresFromConfig for uint64 to int conversions
- Add test case for uint64 overflow scenario
- Fixes gosec G115 (CWE-190) integer overflow issues

Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com>
---
 docs/src/content/docs/labs.mdx              |   1 +
 pkg/workflow/config_helpers.go              |  70 ++++++
 pkg/workflow/config_parsing_helpers_test.go | 228 ++++++++++++++++++++
 3 files changed, 299 insertions(+)

diff --git a/docs/src/content/docs/labs.mdx b/docs/src/content/docs/labs.mdx
index b6771e0..1257b8a 100644
--- a/docs/src/content/docs/labs.mdx
+++ b/docs/src/content/docs/labs.mdx
@@ -22,6 +22,7 @@ These are experimental agentic workflows used by the GitHub Next team to learn,
 | [Breaking Change Checker](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/breaking-change-checker.md) | copilot | [![Breaking Change Checker](https://github.com/githubnext/gh-aw/actions/workflows/breaking-change-checker.lock.yml/badge.svg)](https://github.com/githu
... (truncated)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions