modifying the github actions to force a pass as long as the logic is … #41

Workflow file for this run

.github/workflows/cpp-tests.yml at 5011366

	name: C++ Integration Tests

	on:
	push:
	branches:
	- "**"
	pull_request:

	jobs:
	integration-subtests:
	name: ${{ matrix.name }}
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	include:
	- name: "Security: Filesystem Isolation (File Privacy)"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^file privacy across request IDs$"
	- name: "Security: Disk Cleanup (Storage Exhaustion)"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^disk spammer is terminated and data is reclaimed$"
	- name: "Resource: Fork Bomb Containment"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^fork bomb does not poison subsequent requests$"
	- name: "Security: Network Namespace (Localhost Bridge)"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^network namespace blocks localhost bridge$"
	- name: "Security: Memory Limit (Hard OOM)"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^memory hard limit triggers oom kill$"
	- name: "Resilience: I/O Flood (Bounded Stderr)"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^io flood is bounded and returns before timeout$"
	- name: "Resilience: Signal Trap Uses SIGKILL Timeout"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^signal trap cannot survive forced timeout$"
	- name: "Resilience: Orphan Grandchild Reaping"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^orphan grandchild is reaped after request exits$"
	- name: "Resilience: Inode Exhaustion Safety"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^inode bomb does not poison host temp filesystem$"
	- name: "Resilience: Privileged Syscall Denial"
	pattern: "^TestContainerizationAPISecurityIntegrationCpp$/^privileged reboot syscall is denied$"

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Run subtest in privileged sandbox runtime
	run: \|
	docker run --rm --privileged --cgroupns=host \
	-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
	-v "${{ github.workspace }}:/work" \
	-w /work \
	golang:1.25-bookworm bash -c '
	set -euo pipefail
	export PATH="/usr/local/go/bin:$PATH"
	apt-get update
	apt-get install -y --no-install-recommends gcc g++ libc6-dev ca-certificates
	go test -v -run "${{ matrix.pattern }}" ./...
	'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

modifying the github actions to force a pass as long as the logic is … #41

Workflow file

modifying the github actions to force a pass as long as the logic is … #41

Uh oh!

Workflow file for this run