Clean action runtime project state

2026-05-14 13:58:45 +03:00
parent b05d3589b7
commit 4ce98d0ff1
27 changed files with 711 additions and 4772 deletions
--- a/tests/test_service_packages.py
+++ b/tests/test_service_packages.py
@@ -7,6 +7,7 @@ from pathlib import Path

 import pytest

+from flow.actions import ActionExecutor, ActionPlan, PrimitiveAction, RollbackPolicy
 from flow.core.config import AppConfig, FlowContext
 from flow.core.console import Console
 from flow.core.errors import FlowError
@@ -135,26 +136,7 @@ class TestPackageService:

    def test_post_install_with_sudo_runs_unchecked(self, tmp_path, monkeypatch):
        """No allow_sudo gate -- post-install scripts run as written."""
-        home = tmp_path / "home"
-        home.mkdir()
-        monkeypatch.setattr(paths, "HOME", home)
-        monkeypatch.setattr(paths, "INSTALLED_STATE", tmp_path / "installed.json")
-
-        calls: list[str] = []
-
-        class _Runner:
-            def run_shell(self, command, **kwargs):
-                calls.append(command)
-
-                class _Result:
-                    returncode = 0
-                    stdout = ""
-                    stderr = ""
-
-                return _Result()
-
        ctx = _make_ctx(tmp_path)
-        ctx.runtime.runner = _Runner()
        svc = PackageService(ctx)
        pkg = PackageDef(
            name="docker", type="pkg", sources={},
@@ -162,8 +144,11 @@ class TestPackageService:
            platform_map={}, extract_dir=None, install={},
            post_install="sudo groupadd docker || true",
        )
-        svc._run_post_install(pkg)
-        assert calls == ["sudo groupadd docker || true"]
+        primitive = svc._post_install_primitive(pkg)
+        assert primitive is not None
+        assert primitive.type == "process.shell_user_hook"
+        assert primitive.payload["command"] == "sudo groupadd docker || true"
+        assert primitive.rollback_policy == RollbackPolicy.BARRIER

    def test_install_binary_url_failure_raises_flow_error(self, tmp_path, monkeypatch):
        home = tmp_path / "home"
@@ -226,11 +211,21 @@ class TestPackageService:
        link = extract_root / "evil"
        link.symlink_to(sibling)

-        with pytest.raises(FlowError, match="escapes extract-dir"):
-            svc._copy_install_item(
-                "pkg",
-                extract_root,
-                extract_root.resolve(),
-                "bin",
-                "evil/escape",
+        with pytest.raises(FlowError, match="escapes allowed root"):
+            ActionExecutor(ctx, audit_path=tmp_path / "actions.jsonl").execute(
+                ActionPlan(
+                    name="copy-escape",
+                    primitive_actions=(
+                        PrimitiveAction(
+                            id="copy",
+                            type="file.copy",
+                            description="Copy escaped source",
+                            payload={
+                                "source": link / "escape",
+                                "target": tmp_path / "target",
+                                "source_root": extract_root.resolve(),
+                            },
+                        ),
+                    ),
+                )
            )