hermes-agent/tests/docker
Ben Barclay 1466eab4ee
test(docker): wait for cont-init to finish before privilege-drop shim tests (#54026)
The docker-exec privilege-drop shim tests started a sleep container and
released the fixture as soon as `docker exec <c> true` returned 0. On
s6-overlay that succeeds almost immediately — ~0.05s in measurement —
long before the `01-hermes-setup` cont-init hook (docker/stage2-hook.sh)
has finished seeding + `chown hermes:hermes` config.yaml and running the
Python config migration (cont-init only fully settles at ~9.8s under
arm64 QEMU emulation).

`test_shim_opt_out_keeps_root` wipes config.yaml, writes it as root with
HERMES_DOCKER_EXEC_AS_ROOT=1, and asserts root:root ownership. When the
fixture released the test inside that ~10s window, stage2-hook's
boot-time `chown hermes:hermes config.yaml` raced the root-written file
and reset it to hermes:hermes — failing the assertion. The window is
invisible on native amd64 (stage2-hook completes in a blink) but wide
open under the arm64 build's QEMU emulation, which is why only build-arm64
flaked while build-amd64 stayed green.

Replace the responsiveness poll with a wait on the canonical
'cont-init finished' signal: $HERMES_HOME/logs/container-boot.log gaining
a `profile=default` line, written by 02-reconcile-profiles which s6 runs
strictly after 01-hermes-setup. Mirrors the readiness pattern already
used in test_container_restart.py. Also bumps the readiness timeout 20s->60s
to cover slow emulation.

No production code change — test-only hardening of a timing race.
2026-06-28 17:06:26 +10:00
..
__init__.py test(docker): add conftest fixtures for docker harness 2026-05-24 18:05:14 -07:00
conftest.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_config_migration.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_container_restart.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_dashboard.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_docker_exec_privilege_drop.py test(docker): wait for cont-init to finish before privilege-drop shim tests (#54026) 2026-06-28 17:06:26 +10:00
test_dump_build_sha.py change(ci): docker-publish.yml -> docker.yml 2026-06-26 19:15:18 -07:00
test_gateway_bootstrap_state.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_gateway_run_supervised.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_home_override_scripts.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_immutable_install.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_immutable_install_permissions.py Harden hosted Docker install tree against self-modification (#47490) 2026-06-18 09:09:21 +10:00
test_license_file_present.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_log_dir_seed.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_main_invocation.py test(docker): lock baseline behavior for Phase 0 harness 2026-05-24 18:05:14 -07:00
test_profile_gateway.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_puid_pgid_remap.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_s6_profile_gateway_integration.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_smoke.py change(ci): migrate docker smoketests to real tests 2026-06-26 19:15:18 -07:00
test_stage2_browser_discovery.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_tini_compat_shim.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_toplevel_chown.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_tui_passthrough.py test(docker): make tty-passthrough probe robust to container boot-log noise (#38665) 2026-06-04 13:19:13 +10:00
test_tui_prebuilt_bundle.py fix(docker): point TUI launcher at prebuilt bundle via HERMES_TUI_DIR (#37923) 2026-06-03 15:30:45 +10:00
test_user_flag_guard.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00
test_zombie_reaping.py refactor(ci): rewrite docker tests to check built container 2026-06-26 19:15:18 -07:00