update

2026-05-18 03:14:15 +03:00
parent 8ae59e40b2
commit 082468e2bd
13 changed files with 291 additions and 95 deletions
--- a/tests/e2e/init.py
+++ b/tests/e2e/init.py
@@ -1 +1,6 @@
-"""End-to-end tests gated by FLOW_RUN_E2E=1."""
+"""End-to-end tests gated by FLOW_RUN_E2E=1.
+
+These tests run Flow inside a disposable container and mount only a read-only
+fixture repo plus container-local XDG state, so host dotfiles/config are not
+modified.
+"""
--- a/tests/e2e/test_dotfiles_e2e.py
+++ b/tests/e2e/test_dotfiles_e2e.py
@@ -10,13 +10,14 @@ import os
 import shutil
 import subprocess
 from pathlib import Path
+import textwrap

 import pytest


 REPO_ROOT = Path(__file__).resolve().parents[2]
 CONTAINERFILE = Path(__file__).parent / "Containerfile"
-EXAMPLE_REPO = REPO_ROOT / "example" / "dotfiles-repo"
+EXAMPLE_DIR = REPO_ROOT / "example"
 IMAGE_TAG = "flow-e2e:test"


@@ -34,15 +35,69 @@ def _pick_runtime() -> str | None:
    return None


-@pytest.mark.skipif(
-    os.environ.get("FLOW_RUN_E2E") != "1",
-    reason="set FLOW_RUN_E2E=1 to run",
-)
-def test_dotfiles_init_and_link_in_container():
-    runtime = _pick_runtime()
-    if runtime is None:
+def _flow_script(*commands: str) -> str:
+    """Build a reusable flow sandbox script for container execution."""
+    return textwrap.dedent(
+        """
+        set -euo pipefail
+
+        export XDG_CONFIG_HOME="/tmp/flow-config"
+        export XDG_DATA_HOME="/tmp/flow-data"
+        export XDG_STATE_HOME="/tmp/flow-state"
+        export TARGET_HOSTNAME="flow-e2e"
+        export USER_EMAIL="e2e@example.com"
+        export PYTHONPATH="/opt/flow-src/src:${PYTHONPATH:-}"
+
+        rm -rf "$XDG_CONFIG_HOME" "$XDG_DATA_HOME" "$XDG_STATE_HOME"
+        mkdir -p "$XDG_CONFIG_HOME" "$XDG_DATA_HOME" "$XDG_STATE_HOME"
+
+        cp -r /example/dotfiles-repo "$HOME/dotfiles-src"
+        cp -r /example/module-repos "$HOME/module-repos"
+        cd "$HOME/module-repos/nvim-config"
+        git init -q -b main
+        git -c user.email="$USER_EMAIL" -c user.name="Flow E2E" add -A
+        git -c user.email="$USER_EMAIL" -c user.name="Flow E2E" commit -q -m initial
+
+        cd "$HOME/dotfiles-src"
+        git init -q -b main
+        git -c user.email="$USER_EMAIL" -c user.name="Flow E2E" add -A
+        git -c user.email="$USER_EMAIL" -c user.name="Flow E2E" commit -q -m initial
+        cd "$HOME"
+        """
+    ).strip() + "\n" + "\n".join(commands) + "\n"
+
+
+def _run_in_e2e_container(runtime: str, script: str) -> subprocess.CompletedProcess[str]:
+    return subprocess.run(
+        [
+            runtime,
+            "run",
+            "--rm",
+            "-v",
+            f"{EXAMPLE_DIR}:/example:ro",
+            IMAGE_TAG,
+            "-c",
+            script,
+        ],
+        capture_output=True,
+        text=True,
+    )
+
+
+@pytest.fixture(scope="session")
+def runtime() -> str:
+    if os.environ.get("FLOW_RUN_E2E") != "1":
+        pytest.skip("set FLOW_RUN_E2E=1 to run")
+
+    selected_runtime = _pick_runtime()
+    if selected_runtime is None:
        pytest.skip("neither podman nor docker is available")

+    return selected_runtime
+
+
+@pytest.fixture(scope="session")
+def image(runtime: str):
    build = subprocess.run(
        [
            runtime, "build",
@@ -57,49 +112,67 @@ def test_dotfiles_init_and_link_in_container():
        pytest.fail(f"image build failed:\n{build.stdout}\n{build.stderr}")

    try:
-        # Run flow inside the container against the mounted example repo.
-        # `flow dotfiles init` clones, so we need a real git remote — turn
-        # the read-only example mount into a bare-ish working repo first.
-        # --skip system avoids the _root/ paths which would try to sudo-link
-        # over /etc/hostname; we already cover the link path on non-system
-        # packages.
-        script = (
-            "set -eux; "
-            "cp -r /example /home/flowuser/dotfiles-src; "
-            "cd /home/flowuser/dotfiles-src; "
-            "git init -q -b main; "
-            "git -c user.email=e2e@example.com -c user.name=e2e add -A; "
-            "git -c user.email=e2e@example.com -c user.name=e2e commit -q -m initial; "
-            "cd /home/flowuser; "
-            "flow dotfiles init --repo /home/flowuser/dotfiles-src; "
-            "flow dotfiles link --profile linux-auto --skip system; "
-            # Verify real symlinks were created and point into the dotfiles dir.
-            "test -L /home/flowuser/.zshrc; "
-            "test -L /home/flowuser/.gitconfig; "
-            "readlink /home/flowuser/.zshrc | grep -q '/dotfiles/_shared/zsh/.zshrc'; "
-            "readlink /home/flowuser/.gitconfig | grep -q '/dotfiles/_shared/git/.gitconfig'; "
-            # Idempotency: rerun should be a no-op.
-            "flow dotfiles link --profile linux-auto --skip system; "
-            "flow dotfiles status"
-        )
-        result = subprocess.run(
-            [
-                runtime, "run", "--rm",
-                "-v", f"{EXAMPLE_REPO}:/example:ro",
-                IMAGE_TAG,
-                "-c", script,
-            ],
-            capture_output=True,
-            text=True,
-        )
-        assert result.returncode == 0, (
-            f"e2e run failed (rc={result.returncode}):\n"
-            f"stdout: {result.stdout}\n"
-            f"stderr: {result.stderr}"
-        )
+        yield IMAGE_TAG
    finally:
        subprocess.run(
            [runtime, "rmi", "-f", IMAGE_TAG],
            capture_output=True,
            text=True,
        )
+
+
+@pytest.mark.skipif(
+    os.environ.get("FLOW_RUN_E2E") != "1",
+    reason="set FLOW_RUN_E2E=1 to run",
+)
+def test_dotfiles_init_and_link_in_container(runtime: str, image: str):
+    result = _run_in_e2e_container(
+        runtime,
+        _flow_script(
+            "flow dotfiles init --repo \"$HOME/dotfiles-src\"",
+            "flow dotfiles link --profile linux-auto --skip _root",
+            "test -L \"$HOME/.zshrc\"",
+            "test -L \"$HOME/.gitconfig\"",
+            "readlink \"$HOME/.zshrc\" | grep -q '/dotfiles/_shared/zsh/.zshrc'",
+            "readlink \"$HOME/.gitconfig\" | grep -q '/dotfiles/_shared/git/.gitconfig'",
+            "flow dotfiles link --profile linux-auto --skip _root",
+            "flow dotfiles status",
+        ),
+    )
+    assert result.returncode == 0, (
+        f"e2e run failed (rc={result.returncode}):\n"
+        f"stdout: {result.stdout}\n"
+        f"stderr: {result.stderr}"
+    )
+
+
+@pytest.mark.skipif(
+    os.environ.get("FLOW_RUN_E2E") != "1",
+    reason="set FLOW_RUN_E2E=1 to run",
+)
+def test_cli_paths_run_in_disposable_container(runtime: str, image: str):
+    result = _run_in_e2e_container(
+        runtime,
+        _flow_script(
+            "flow --version | tee /tmp/version.txt",
+            "grep -q \"flow\" /tmp/version.txt",
+            "flow --help | tee /tmp/help.txt",
+            "test -s /tmp/help.txt",
+            "flow completion zsh | tee /tmp/completion.zsh",
+            "test -s /tmp/completion.zsh",
+            "flow dotfiles init --repo \"$HOME/dotfiles-src\"",
+            "flow dotfiles link --profile linux-auto --skip _root",
+            "flow dotfiles status",
+            "flow packages list --all | tee /tmp/packages.txt",
+            "test -s /tmp/packages.txt",
+            "flow packages install --profile linux-auto --dry-run | tee /tmp/package-dry-run.txt",
+            "test -s /tmp/package-dry-run.txt",
+            "flow setup show linux-auto | tee /tmp/setup.txt",
+            "test -s /tmp/setup.txt",
+        ),
+    )
+    assert result.returncode == 0, (
+        f"e2e run failed (rc={result.returncode}):\n"
+        f"stdout: {result.stdout}\n"
+        f"stderr: {result.stderr}"
+    )
--- a/tests/test_service_dotfiles.py
+++ b/tests/test_service_dotfiles.py
@@ -119,6 +119,31 @@ class TestDotfilesServiceLink:
        # Local file outside mount path should be linked
        assert (home / ".local" / "bin" / "nvim-wrapper").is_symlink()

+    def test_module_mount_rejects_local_files_inside_mount_path(self, tmp_path, monkeypatch):
+        home = tmp_path / "home"
+        home.mkdir()
+
+        dotfiles = tmp_path / "dotfiles"
+        pkg_dir = dotfiles / "_shared" / "nvim"
+        config_dir = pkg_dir / ".config" / "nvim"
+        config_dir.mkdir(parents=True)
+        (config_dir / "_module.yaml").write_text(yaml.dump({
+            "source": "github:test/nvim-config",
+            "ref": {"branch": "main"},
+        }))
+        (config_dir / "init.lua").write_text("-- local file conflicts with module mount")
+
+        monkeypatch.setattr(paths, "HOME", home)
+        monkeypatch.setattr(paths, "DOTFILES_DIR", dotfiles)
+        monkeypatch.setattr(paths, "MODULES_DIR", tmp_path / "modules")
+        monkeypatch.setattr(paths, "LINKED_STATE", tmp_path / "state" / "linked.json")
+
+        ctx = _make_ctx(tmp_path)
+        svc = DotfilesService(ctx)
+
+        with pytest.raises(PlanConflict, match=".config/nvim/init.lua"):
+            svc._discover_packages(profile=None)
+
    def test_unlink_removes_symlinks(self, tmp_path, monkeypatch):
        home = tmp_path / "home"
        home.mkdir()
@@ -698,12 +723,12 @@ class TestDotfilesServiceRootPaths:
    """`_root/` paths require sudo; verify the service routes them via the
    sudo branch of FileSystem.create_symlink (without actually invoking sudo)."""

-    def test_root_paths_route_via_sudo(self, tmp_path, monkeypatch):
+    def test_layer_root_paths_route_via_sudo(self, tmp_path, monkeypatch):
        home = tmp_path / "home"
        home.mkdir()

        dotfiles = tmp_path / "dotfiles"
-        pkg_dir = dotfiles / "_shared" / "system" / "_root" / "etc"
+        pkg_dir = dotfiles / "_shared" / "_root" / "etc"
        pkg_dir.mkdir(parents=True)
        (pkg_dir / "ourfile").write_text("managed by flow")

@@ -738,7 +763,7 @@ class TestDotfilesServiceRootPaths:
        svc.link(dry_run=True)
        assert not Path("/etc/ourfile").exists()  # we did not actually touch /etc

-    def test_root_paths_can_be_skipped(self, tmp_path, monkeypatch):
+    def test_nested_root_marker_rejected(self, tmp_path, monkeypatch):
        home = tmp_path / "home"
        home.mkdir()

@@ -746,7 +771,28 @@ class TestDotfilesServiceRootPaths:
        pkg_dir = dotfiles / "_shared" / "system" / "_root" / "etc"
        pkg_dir.mkdir(parents=True)
        (pkg_dir / "hostname").write_text("flow-host")
+
+        monkeypatch.setattr(paths, "HOME", home)
+        monkeypatch.setattr(paths, "DOTFILES_DIR", dotfiles)
+        monkeypatch.setattr(paths, "MODULES_DIR", tmp_path / "modules")
+        monkeypatch.setattr(paths, "LINKED_STATE", tmp_path / "state" / "linked.json")
+
+        ctx = _make_ctx(tmp_path)
+        svc = DotfilesService(ctx)
+
+        with pytest.raises(PlanConflict, match="_shared/system/_root"):
+            svc._discover_packages(profile=None)
+
+    def test_root_paths_can_be_skipped(self, tmp_path, monkeypatch):
+        home = tmp_path / "home"
+        home.mkdir()
+
+        dotfiles = tmp_path / "dotfiles"
+        pkg_dir = dotfiles / "_shared" / "_root" / "etc"
+        pkg_dir.mkdir(parents=True)
+        (pkg_dir / "hostname").write_text("flow-host")
        # Non-root file in the same package shouldn't be skipped
+        (dotfiles / "_shared" / "system" / "README").parent.mkdir(parents=True)
        (dotfiles / "_shared" / "system" / "README").write_text("notes")

        monkeypatch.setattr(paths, "HOME", home)