From 45b2df55ebe7878ca466c9337d0b7cd72aa97872 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 15 Jan 2026 23:25:27 +0000 Subject: [PATCH 1/2] Initial plan From 1b090091f42456f14e411cc89af0d17783767850 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 15 Jan 2026 23:41:17 +0000 Subject: [PATCH 2/2] test: add Docker-in-Docker removal regression tests Add tests to verify Docker CLI is not available in agent container after PR #205 removed Docker-in-Docker support. Tests verify: - docker command not available - docker run fails gracefully - docker-compose not available - docker socket not mounted Note: Tests currently fail against pre-built registry images which still have Docker installed. Tests will pass once new images are built from current code, or when using buildLocal (pending NodeSource fix). Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- tests/integration/no-docker.test.ts | 94 +++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 tests/integration/no-docker.test.ts diff --git a/tests/integration/no-docker.test.ts b/tests/integration/no-docker.test.ts new file mode 100644 index 000000000..8f2949e61 --- /dev/null +++ b/tests/integration/no-docker.test.ts @@ -0,0 +1,94 @@ +/** + * Docker-in-Docker Removal Regression Tests + * Tests for PR #205: https://github.com/githubnext/gh-aw-firewall/pull/205 + * + * These tests verify that Docker commands fail gracefully after Docker-in-Docker + * support was removed in v0.9.1. The agent container should NOT have: + * - docker-cli installed + * - Docker socket mounted + * - Docker daemon running + * + * IMPORTANT: These tests require container images built from commit 8d81fe4 or later. + * If using registry images (ghcr.io/githubnext/gh-aw-firewall), ensure they have been + * rebuilt after PR #205 was merged. Otherwise, use `buildLocal: true` in test options + * to build fresh images from the current codebase. + * + * Known Issue: Building locally may fail due to NodeSource repository issues. + * If tests fail with "docker found" errors, the images need to be rebuilt and published. + */ + +/// + +import { describe, test, expect, beforeAll, afterAll } from '@jest/globals'; +import { createRunner, AwfRunner } from '../fixtures/awf-runner'; +import { cleanup } from '../fixtures/cleanup'; + +describe('Docker-in-Docker removal (PR #205)', () => { + let runner: AwfRunner; + + beforeAll(async () => { + // Run cleanup before tests to ensure clean state + await cleanup(false); + runner = createRunner(); + }); + + afterAll(async () => { + // Clean up after all tests + await cleanup(false); + }); + + test('docker command should not be available', async () => { + const result = await runner.runWithSudo('which docker', { + allowDomains: ['github.com'], + logLevel: 'debug', + timeout: 30000, + }); + + // Should fail because docker-cli is not installed + expect(result).toFail(); + expect(result.exitCode).not.toBe(0); + }, 120000); + + test('docker run should fail gracefully', async () => { + const result = await runner.runWithSudo('docker run alpine echo hello', { + allowDomains: ['github.com'], + logLevel: 'debug', + timeout: 30000, + }); + + // Should fail because docker command doesn't exist + expect(result).toFail(); + expect(result.exitCode).not.toBe(0); + // The stderr should contain some indication that docker is not found + expect(result.stderr).toMatch(/docker|not found|command not found/i); + }, 120000); + + test('docker-compose should not be available', async () => { + const result = await runner.runWithSudo('which docker-compose', { + allowDomains: ['github.com'], + logLevel: 'debug', + timeout: 30000, + }); + + // Should fail because docker-compose is not installed + expect(result).toFail(); + expect(result.exitCode).not.toBe(0); + }, 120000); + + test('verify docker socket is not mounted', async () => { + const result = await runner.runWithSudo( + 'test -S /var/run/docker.sock && echo "mounted" || echo "not mounted"', + { + allowDomains: ['github.com'], + logLevel: 'debug', + timeout: 30000, + } + ); + + // Command should succeed (it always echoes something) + expect(result).toSucceed(); + expect(result.exitCode).toBe(0); + // But the socket should NOT be mounted + expect(result.stdout).toContain('not mounted'); + }, 120000); +});