MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-28 22:14:52 -07:00
Code Issues Packages Projects Releases Wiki Activity

test(core): install bubblewrap on Linux CI for sandbox integration tests (#23583)

Browse Source
This commit is contained in:
Emily Hedlund
2026-03-25 10:29:46 -04:00
committed by GitHub
parent 5e186bfb22
commit 109a7dc531
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yml
+6
View File
@@ -158,6 +158,12 @@ jobs:
- name: 'Build project' - name: 'Build project'
run: 'npm run build' run: 'npm run build'
- name: 'Install system dependencies'
run: |
sudo apt-get update -qq && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y -qq bubblewrap
# Ubuntu 24.04+ requires this to allow bwrap to function in CI
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 || true
- name: 'Install dependencies for testing' - name: 'Install dependencies for testing'
run: 'npm ci' run: 'npm ci'
packages/core/src/services/sandboxManager.integration.test.ts
+17 -9
View File
@@ -95,26 +95,34 @@ async function runCommand(command: SandboxedCommand) {
/** /**
* Determines if the system has the necessary binaries to run the sandbox. * Determines if the system has the necessary binaries to run the sandbox.
* Throws an error if a supported platform is missing its required tools.
*/ */
function isSandboxAvailable(): boolean { function ensureSandboxAvailable(): boolean {
if (os.platform() === 'win32') { const platform = os.platform();
if (platform === 'win32') {
// Windows sandboxing relies on icacls, which is a core system utility and // Windows sandboxing relies on icacls, which is a core system utility and
// always available. // always available.
return true; return true;
} }
if (os.platform() === 'darwin') { if (platform === 'darwin') {
return fs.existsSync('/usr/bin/sandbox-exec'); if (fs.existsSync('/usr/bin/sandbox-exec')) {
return true;
}
throw new Error(
'Sandboxing tests on macOS require /usr/bin/sandbox-exec to be present.',
);
} }
if (os.platform() === 'linux') { if (platform === 'linux') {
// TODO: Install bubblewrap (bwrap) in Linux CI environments to enable full
// integration testing.
try { try {
execSync('which bwrap', { stdio: 'ignore' }); execSync('which bwrap', { stdio: 'ignore' });
return true; return true;
} catch { } catch {
return false; throw new Error(
'Sandboxing tests on Linux require bubblewrap (bwrap) to be installed.',
);
} }
} }
@@ -129,7 +137,7 @@ describe('SandboxManager Integration', () => {
const shouldSkip = const shouldSkip =
manager instanceof NoopSandboxManager || manager instanceof NoopSandboxManager ||
manager instanceof LocalSandboxManager || manager instanceof LocalSandboxManager ||
!isSandboxAvailable(); !ensureSandboxAvailable();
describe.skipIf(shouldSkip)('Cross-platform Sandbox Behavior', () => { describe.skipIf(shouldSkip)('Cross-platform Sandbox Behavior', () => {
describe('Basic Execution', () => { describe('Basic Execution', () => {