flake: TestValidate/regular

[flake-investigator]

CI Run Link: https://github.com/coder/coder/actions/runs/27788155477
Failed Jobs:

• https://github.com/coder/coder/actions/runs/27788155477/job/82230124745 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27788155477/job/82230124749 (test-go-pg-17)

Commit Info:

• SHA: 56eb705b8cc5e38bdc07c6772e687592dda846df
• Author: Hugo Dutka
• coder/coder@56eb705

Error Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.01s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

Root Cause:
TestValidate/regular runs in offline mode and relies on rootCertPool() for trust. On Linux, rootCertPool() returns x509.SystemCertPool() (see coderd/azureidentity/roots_other.go). The Azure PKCS7 payload in the test failed to chain to a trusted root in the runner’s system trust store, producing x509: certificate signed by unknown authority. This suggests a system root store mismatch/rotation or missing Azure root (possibly related to the recent change that embeds roots only on darwin).

Precise Assignment Analysis:

• git blame is not available via the API; used file history instead.
• git log --oneline -10 --follow coderd/azureidentity/azureidentity_test.go → 132fa87 (Spike Curtis) "fix: only embed Azure roots on darwin"
• git log --oneline -10 --follow coderd/azureidentity/azureidentity.go → 132fa87 (Spike Curtis) "fix: only embed Azure roots on darwin"
  Assigning to spikecurtis as the most recent meaningful modifier of root-trust behavior for this test/component.

Related Issues:

• coderd/azureidentity TestValidate/regular fails on MacOS #101 (macOS standards-compliance error; different failure mode)

Classification:
A. Flaky Test / certificate trust chain mismatch on Linux runners.

Reproduction:

• go test ./coderd/azureidentity -run TestValidate/regular -count=1

[linear-code]

ENG-2940

[flake-investigator]

New occurrence:

CI Run Link: https://github.com/coder/coder/actions/runs/27788207654
Failed Jobs:

• https://github.com/coder/coder/actions/runs/27788207654/job/82234902121 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27788207654/job/82234902099 (test-go-pg-17)

Commit Info:

• SHA: ba860271b04455c5d2ee7a1772a82f1ba21ffee5
• Author: Hugo Dutka
• coder/coder@ba86027

Failure date: 2026-06-18

Error Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.04s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence:

CI Run: https://github.com/coder/coder/actions/runs/27798536108
Failed Jobs:

• https://github.com/coder/coder/actions/runs/27798536108/job/82263589444 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27798536108/job/82263589422 (test-go-pg-17)

Commit:

• SHA: 0d573587e8f4d386ec07782c8db944ab94ee01a6
• Author: Andrew Aquino
• coder/coder@0d57358

Failure date: 2026-06-19

Error evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.02s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence in CI:

• CI Run: https://github.com/coder/coder/actions/runs/27812808586
• Failed Jobs:
  • https://github.com/coder/coder/actions/runs/27812808586/job/82306873594 (test-go-pg ubuntu-latest)
  • https://github.com/coder/coder/actions/runs/27812808586/job/82306873656 (test-go-pg-17)
• Commit: 19aa9f56160688c8155c383eb53db8e9c526cbbf (author: Susana Ferreira)
• Failure date: 2026-06-19

Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.03s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence (2026-06-19 08:22 UTC)

CI Run: https://github.com/coder/coder/actions/runs/27813419708
Failed Jobs:

• https://github.com/coder/coder/actions/runs/27813419708/job/82310282332 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27813419708/job/82310282295 (test-go-pg-17)

Commit:

• SHA: fec21e1a28423c6a29c378207281c1dfcfa57500
• Author: Susana Ferreira
• coder/coder@fec21e1

Error Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence in CI run:

• CI Run: https://github.com/coder/coder/actions/runs/27814466297
• Failed Jobs:
  • https://github.com/coder/coder/actions/runs/27814466297/job/82313390990 (test-go-pg ubuntu-latest)
  • https://github.com/coder/coder/actions/runs/27814466297/job/82313390953 (test-go-pg-17)
• Commit: b0b698c64366124aa0b656e1dba70da056b32c66 (Susana Ferreira)
• Failure date: 2026-06-19

Error evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.04s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence in CI run https://github.com/coder/coder/actions/runs/27817240229

Failed jobs:

• https://github.com/coder/coder/actions/runs/27817240229/job/82321463747 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27817240229/job/82321463634 (test-go-pg-17)

Commit: 4aa2482e937041c7ee3483819fc72c096e1a0c00 (Susana Ferreira)
Failure time: 2026-06-19T09:31:38Z–09:33:59Z

Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.01s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence:

CI Run Link: https://github.com/coder/coder/actions/runs/27818438063
Failed Jobs:

• https://github.com/coder/coder/actions/runs/27818438063/job/82325470298 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27818438063/job/82325470259 (test-go-pg-17)

Commit Info:

• SHA: a2b680ab2979064727adcf8a3b77d0ddf21d849b
• Author: Marcin Tojek
• coder/coder@a2b680a

Failure Date: 2026-06-19

Error Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.02s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

[flake-investigator]

New occurrence on 2026-06-19:

CI Run Link: https://github.com/coder/coder/actions/runs/27821924309
Failed Jobs:

• https://github.com/coder/coder/actions/runs/27821924309/job/82336902954 (test-go-pg ubuntu-latest)
• https://github.com/coder/coder/actions/runs/27821924309/job/82336902956 (test-go-pg-17)

Commit Info:

• SHA: fc83d771899e8b5cf1f728b3319808aa8e6ac24a
• Author: Cian Johnston
• coder/coder@fc83d77

Error Evidence:

=== FAIL: coderd/azureidentity TestValidate/regular (0.02s)
    azureidentity_test.go:58:
        Error:       Received unexpected error:
                     verify pkcs7:
                         github.com/coder/coder/v2/coderd/azureidentity.Validate
                             /home/runner/work/coder/coder/coderd/azureidentity/azureidentity.go:265
                       - pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

Failure date/time: 2026-06-19 11:12-11:14 UTC (job timestamps).

[johnstcn]

Temporarily disabled test.