65 lines
2.3 KiB
Bash
Executable File
65 lines
2.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Restricted-profile CI lane:
|
|
# - isolates HOME/XDG paths into a throwaway directory
|
|
# - forces workspace/config roots away from developer machine defaults
|
|
# - runs capability-aware tests that should not require external network access
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
|
|
cd "${REPO_ROOT}"
|
|
|
|
TMP_ROOT="$(mktemp -d "${TMPDIR:-/tmp}/zeroclaw-restricted-profile.XXXXXX")"
|
|
cleanup() {
|
|
rm -rf "${TMP_ROOT}"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
RESTRICTED_HOME="${TMP_ROOT}/home"
|
|
RESTRICTED_WORKSPACE="${TMP_ROOT}/workspace-root"
|
|
mkdir -p "${RESTRICTED_HOME}" "${RESTRICTED_WORKSPACE}"
|
|
chmod 700 "${RESTRICTED_HOME}" "${RESTRICTED_WORKSPACE}"
|
|
|
|
ORIGINAL_HOME="${HOME:-}"
|
|
if [ -z "${RUSTUP_HOME:-}" ] && [ -n "${ORIGINAL_HOME}" ]; then
|
|
export RUSTUP_HOME="${ORIGINAL_HOME}/.rustup"
|
|
fi
|
|
if [ -z "${CARGO_HOME:-}" ] && [ -n "${ORIGINAL_HOME}" ]; then
|
|
export CARGO_HOME="${ORIGINAL_HOME}/.cargo"
|
|
fi
|
|
if [ -n "${CARGO_HOME:-}" ] && [ -d "${CARGO_HOME}/bin" ]; then
|
|
case ":${PATH}:" in
|
|
*":${CARGO_HOME}/bin:"*) ;;
|
|
*) export PATH="${CARGO_HOME}/bin:${PATH}" ;;
|
|
esac
|
|
fi
|
|
|
|
export HOME="${RESTRICTED_HOME}"
|
|
export USERPROFILE="${RESTRICTED_HOME}"
|
|
export XDG_CONFIG_HOME="${RESTRICTED_HOME}/.config"
|
|
export XDG_CACHE_HOME="${RESTRICTED_HOME}/.cache"
|
|
export XDG_DATA_HOME="${RESTRICTED_HOME}/.local/share"
|
|
export ZEROCLAW_WORKSPACE="${RESTRICTED_WORKSPACE}"
|
|
mkdir -p "${XDG_CONFIG_HOME}" "${XDG_CACHE_HOME}" "${XDG_DATA_HOME}"
|
|
|
|
# Keep credential/network assumptions explicit for this lane.
|
|
unset GEMINI_OAUTH_CLIENT_ID GEMINI_OAUTH_CLIENT_SECRET OPENAI_API_KEY ANTHROPIC_API_KEY
|
|
unset HTTP_PROXY HTTPS_PROXY ALL_PROXY
|
|
export NO_PROXY="127.0.0.1,localhost"
|
|
|
|
tests=(
|
|
"skills::tests::load_skills_with_config_reads_open_skills_dir_without_network"
|
|
"onboard::wizard::tests::run_models_refresh_uses_fresh_cache_without_network"
|
|
"onboard::wizard::tests::quick_setup_respects_zero_claw_workspace_env_layout"
|
|
"config::schema::tests::load_or_init_workspace_override_uses_workspace_root_for_config"
|
|
)
|
|
|
|
echo "Running restricted-profile hermetic subset (${#tests[@]} tests)"
|
|
for test_name in "${tests[@]}"; do
|
|
echo "==> cargo test --locked --lib ${test_name}"
|
|
cargo test --locked --lib "${test_name}"
|
|
done
|
|
|
|
echo "Restricted-profile hermetic subset completed successfully."
|