fix: resolve CI failures in docker build
- Install golangci-lint v2 via binary download instead of go install (avoids Go 1.25 requirement of golangci-lint v2.10+) - Add darwin build tags to tests that depend on macOS keychain: derivation_index_test.go, pgpunlock_test.go, validation (keychain tests) - Move generateRandomString to helpers_darwin.go (only called from darwin-only keychainunlocker.go) - Fix unchecked error returns flagged by errcheck linter - Add gnupg to builder stage for PGP-related tests - Use --ulimit memlock=-1:-1 in CI for memguard large secret tests - Add //nolint:unused for intentionally kept but currently unused test helpers
This commit is contained in:
user
clawbot
@@ -48,7 +48,7 @@ func TestMain(m *testing.M) {
|
||||
code := m.Run()
|
||||
|
||||
// Clean up the binary
|
||||
os.Remove(filepath.Join(projectRoot, "secret"))
|
||||
_ = os.Remove(filepath.Join(projectRoot, "secret"))
|
||||
|
||||
os.Exit(code)
|
||||
}
|
||||
@@ -450,10 +450,10 @@ func test02ListVaults(t *testing.T, runSecret func(...string) (string, error)) {
|
||||
|
||||
func test03CreateVault(t *testing.T, tempDir string, runSecret func(...string) (string, error)) {
|
||||
// Set environment variables for vault creation
|
||||
os.Setenv("SB_SECRET_MNEMONIC", testMnemonic)
|
||||
os.Setenv("SB_UNLOCK_PASSPHRASE", "test-passphrase")
|
||||
defer os.Unsetenv("SB_SECRET_MNEMONIC")
|
||||
defer os.Unsetenv("SB_UNLOCK_PASSPHRASE")
|
||||
_ = os.Setenv("SB_SECRET_MNEMONIC", testMnemonic)
|
||||
_ = os.Setenv("SB_UNLOCK_PASSPHRASE", "test-passphrase")
|
||||
defer func() { _ = os.Unsetenv("SB_SECRET_MNEMONIC") }()
|
||||
defer func() { _ = os.Unsetenv("SB_UNLOCK_PASSPHRASE") }()
|
||||
|
||||
// Create work vault
|
||||
output, err := runSecret("vault", "create", "work")
|
||||
@@ -489,6 +489,7 @@ func test03CreateVault(t *testing.T, tempDir string, runSecret func(...string) (
|
||||
assert.Contains(t, output, "work", "should list work vault")
|
||||
}
|
||||
|
||||
//nolint:unused // TODO: re-enable when vault import is implemented
|
||||
func test04ImportMnemonic(t *testing.T, tempDir, testMnemonic, testPassphrase string, runSecretWithEnv func(map[string]string, ...string) (string, error)) {
|
||||
// Import mnemonic into work vault
|
||||
output, err := runSecretWithEnv(map[string]string{
|
||||
@@ -1667,9 +1668,9 @@ func test19DisasterRecovery(t *testing.T, tempDir, secretPath, testMnemonic stri
|
||||
assert.Equal(t, testSecretValue, strings.TrimSpace(toolOutput), "tool output should match original")
|
||||
|
||||
// Clean up temporary files
|
||||
os.Remove(ltPrivKeyPath)
|
||||
os.Remove(versionPrivKeyPath)
|
||||
os.Remove(decryptedValuePath)
|
||||
_ = os.Remove(ltPrivKeyPath)
|
||||
_ = os.Remove(versionPrivKeyPath)
|
||||
_ = os.Remove(decryptedValuePath)
|
||||
}
|
||||
|
||||
func test20VersionTimestamps(t *testing.T, tempDir, secretPath, testMnemonic string, runSecretWithEnv func(map[string]string, ...string) (string, error)) {
|
||||
@@ -1788,7 +1789,7 @@ func test23ErrorHandling(t *testing.T, tempDir, secretPath, testMnemonic string,
|
||||
|
||||
// Add secret without mnemonic or unlocker
|
||||
unsetMnemonic := os.Getenv("SB_SECRET_MNEMONIC")
|
||||
os.Unsetenv("SB_SECRET_MNEMONIC")
|
||||
_ = os.Unsetenv("SB_SECRET_MNEMONIC")
|
||||
cmd := exec.Command(secretPath, "add", "test/nomnemonic")
|
||||
cmd.Env = []string{
|
||||
fmt.Sprintf("SB_SECRET_STATE_DIR=%s", tempDir),
|
||||
@@ -2128,7 +2129,7 @@ func test30BackupRestore(t *testing.T, tempDir, secretPath, testMnemonic string,
|
||||
versionsPath := filepath.Join(secretPath, "versions")
|
||||
if _, err := os.Stat(versionsPath); os.IsNotExist(err) {
|
||||
// This is a malformed secret directory, remove it
|
||||
os.RemoveAll(secretPath)
|
||||
_ = os.RemoveAll(secretPath)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2178,7 +2179,7 @@ func test30BackupRestore(t *testing.T, tempDir, secretPath, testMnemonic string,
|
||||
require.NoError(t, err, "restore vaults should succeed")
|
||||
|
||||
// Restore currentvault
|
||||
os.Remove(currentVaultSrc)
|
||||
_ = os.Remove(currentVaultSrc)
|
||||
restoredData := readFile(t, currentVaultDst)
|
||||
writeFile(t, currentVaultSrc, restoredData)
|
||||
|
||||
@@ -2284,6 +2285,7 @@ func verifyFileExists(t *testing.T, path string) {
|
||||
}
|
||||
|
||||
// verifyFileNotExists checks if a file does not exist at the given path
|
||||
//nolint:unused // kept for future use
|
||||
func verifyFileNotExists(t *testing.T, path string) {
|
||||
t.Helper()
|
||||
_, err := os.Stat(path)
|
||||
|
||||
Reference in New Issue
Block a user