fix the github actions to set the runners in the same environment tha… #43

Workflow file for this run

.github/workflows/java-tests.yml at fbfb42c

	name: Java Integration Tests

	on:
	push:
	branches:
	- "**"
	pull_request:

	jobs:
	integration-subtests:
	name: ${{ matrix.name }}
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	include:
	- name: "Security: Filesystem Isolation (File Privacy)"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^file privacy across request IDs$"
	- name: "Security: Disk Cleanup (Storage Exhaustion)"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^disk spammer is terminated and data is reclaimed$"
	- name: "Resource: Fork Bomb Containment"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^fork bomb does not poison subsequent requests$"
	- name: "Security: Network Namespace (Localhost Bridge)"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^network namespace blocks localhost bridge$"
	- name: "Security: Memory Limit (Hard OOM)"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^memory hard limit triggers oom kill$"
	- name: "Resilience: I/O Flood (Bounded Stderr)"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^io flood is bounded and returns before timeout$"
	- name: "Resilience: Signal Trap Uses SIGKILL Timeout"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^signal trap cannot survive forced timeout$"
	- name: "Resilience: Orphan Grandchild Reaping"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^orphan grandchild is reaped after request exits$"
	- name: "Resilience: Inode Exhaustion Safety"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^inode bomb does not poison host temp filesystem$"
	- name: "Resilience: Privileged Syscall Denial"
	pattern: "^TestContainerizationAPISecurityIntegrationJava$/^privileged reboot syscall is denied$"

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Run subtest in privileged sandbox runtime
	run: \|
	docker run --rm --privileged --cgroupns=host \
	-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
	-v "${{ github.workspace }}:/work" \
	-w /work \
	golang:1.25-bookworm bash -lc '
	set -euo pipefail
	apt-get update
	apt-get install -y --no-install-recommends gcc libc6-dev openjdk-21-jdk ca-certificates
	go test -v -run "${{ matrix.pattern }}" ./...
	'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix the github actions to set the runners in the same environment tha… #43

Workflow file

fix the github actions to set the runners in the same environment tha… #43

Uh oh!

Workflow file for this run