From df23a6244a62deb80f6dba45e207cae5171796d7 Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Wed, 10 Dec 2025 10:50:36 +0000 Subject: [PATCH 1/4] Fix test skip mechanism to handle empty env vars The ifEnvVarNotSet function was only checking for undefined, but in CI environments variables can be set to empty strings. This caused tests to run when they should have been skipped, resulting in 401 errors. Now checks for both undefined and empty string values. Co-authored-by: Ona --- components/gitpod-protocol/src/util/skip-if.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/gitpod-protocol/src/util/skip-if.ts b/components/gitpod-protocol/src/util/skip-if.ts index c3585983aca028..8909babc8a3c1b 100644 --- a/components/gitpod-protocol/src/util/skip-if.ts +++ b/components/gitpod-protocol/src/util/skip-if.ts @@ -5,13 +5,14 @@ */ /** - * Skips a Mocha TestSuite if a certain env var is not set and prints its + * Skips a Mocha TestSuite if a certain env var is not set or empty * @param name The name of the env var the TestSuite depends on being present */ export function ifEnvVarNotSet(name: string): boolean { - const skip = process.env[name] === undefined; + const value = process.env[name]; + const skip = value === undefined || value === ""; if (skip) { - console.log(`Skipping suite because env var '${name}' is not set`); + console.log(`Skipping suite because env var '${name}' is not set or empty`); } return skip; } From b60ed6cf8982de199091a00abfa1dcf485e3df5b Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Thu, 11 Dec 2025 12:03:42 +0000 Subject: [PATCH 2/4] [content-service] Fix outdated test expectations --- .../content-service/pkg/git/git_test.go | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/components/content-service/pkg/git/git_test.go b/components/content-service/pkg/git/git_test.go index de96b4aef47bde..03dd7041410c88 100644 --- a/components/content-service/pkg/git/git_test.go +++ b/components/content-service/pkg/git/git_test.go @@ -38,7 +38,7 @@ func TestGitStatus(t *testing.T) { &Status{ porcelainStatus: porcelainStatus{ BranchOID: "(initial)", - BranchHead: "master", + BranchHead: "main", }, }, nil, @@ -53,7 +53,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, LatestCommit: notEmpty, @@ -73,7 +73,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"another-file"}, }, @@ -94,7 +94,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UncommitedFiles: []string{"first-file"}, }, @@ -118,7 +118,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, UnpushedCommits: []string{notEmpty}, @@ -170,7 +170,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"this/is/a/nested/test/first-file"}, }, @@ -247,7 +247,7 @@ func TestGitStatusFromFiles(t *testing.T) { &Status{ porcelainStatus: porcelainStatus{ BranchOID: "(initial)", - BranchHead: "master", + BranchHead: "main", }, }, nil, @@ -262,7 +262,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, LatestCommit: notEmpty, @@ -282,7 +282,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"another-file"}, }, @@ -303,7 +303,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UncommitedFiles: []string{"first-file"}, }, @@ -327,7 +327,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, UnpushedCommits: []string{notEmpty}, @@ -379,7 +379,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"this/is/a/nested/test/first-file"}, }, @@ -437,7 +437,7 @@ func TestGitStatusFromFiles(t *testing.T) { } gitout, err = client.GitWithOutput(ctx, &errNoCommitsYet, "log", "--pretty=%H", "-n", "1") - if err != nil && !strings.Contains(err.Error(), "fatal: your current branch 'master' does not have any commits yet") { + if err != nil && !strings.Contains(err.Error(), "fatal: your current branch 'main' does not have any commits yet") { t.Errorf("error calling GitWithOutput: %v", err) return } From 17ed34ea54284a7f10add4201307d8259ba05624 Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Thu, 11 Dec 2025 12:05:47 +0000 Subject: [PATCH 3/4] [dev] Drop "--ignore-scripts" for yarn, as we rely on it in a number of places --- .devcontainer/Dockerfile | 6 ------ dev/image/Dockerfile | 6 ------ 2 files changed, 12 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index a4bc0289260934..a53ce16e5589b7 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -336,12 +336,6 @@ RUN curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | && nvm install v${NODE_VERSION} \ && nvm alias default v${NODE_VERSION}" -# Disable npm/yarn lifecycle scripts by default (security hardening) -# To allow specific packages, use: npm rebuild or yarn rebuild -RUN npm config set ignore-scripts true --location=global && \ - npm config set ignore-scripts true --location=user && \ - echo 'ignore-scripts true' >> ~/.yarnrc - # Disable npx (security hardening - prevents arbitrary package execution) # Remove npx from NVM and replace with stub that prints warning RUN rm -f /usr/bin/npx /usr/local/bin/npx && \ diff --git a/dev/image/Dockerfile b/dev/image/Dockerfile index 39432fb7543968..ab0f80ee39d882 100644 --- a/dev/image/Dockerfile +++ b/dev/image/Dockerfile @@ -129,12 +129,6 @@ RUN bash -c ". .nvm/nvm.sh \ && nvm install $GITPOD_NODE_VERSION" ENV PATH=/home/gitpod/.nvm/versions/node/v${GITPOD_NODE_VERSION}/bin:$PATH -# Disable npm/yarn lifecycle scripts by default (security hardening) -# To allow specific packages, use: npm rebuild or yarn rebuild -RUN npm config set ignore-scripts true --location=global && \ - npm config set ignore-scripts true --location=user && \ - echo 'ignore-scripts true' >> ~/.yarnrc - # Disable npx (security hardening - prevents arbitrary package execution) RUN sudo rm -f /usr/bin/npx /usr/local/bin/npx /home/gitpod/.nvm/versions/node/v${GITPOD_NODE_VERSION}/bin/npx && \ echo '#!/bin/sh' | sudo tee /usr/local/bin/npx > /dev/null && \ From efae4dde946803a1e8817b70920d9afa281ccffa Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Thu, 11 Dec 2025 13:05:33 +0000 Subject: [PATCH 4/4] [dev] Use new dev-image throughout CI: dev-environment:fix-skip-if-empty-env-vars-gha.22 --- .github/actions/deploy-gitpod/Dockerfile | 2 +- .github/actions/deploy-monitoring-satellite/Dockerfile | 2 +- .github/actions/preview-create/Dockerfile | 2 +- .github/workflows/branch-build.yml | 6 +++--- .github/workflows/build.yml | 6 +++--- .github/workflows/code-nightly.yml | 2 +- .github/workflows/ide-integration-tests.yml | 4 ++-- .github/workflows/jetbrains-auto-update-template.yml | 2 +- .github/workflows/jetbrains-integration-test.yml | 2 +- .github/workflows/preview-env-check-regressions.yml | 2 +- .github/workflows/preview-env-delete.yml | 2 +- .github/workflows/preview-env-gc.yml | 2 +- .github/workflows/workspace-integration-tests.yml | 4 ++-- .gitpod.yml | 2 +- 14 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/actions/deploy-gitpod/Dockerfile b/.github/actions/deploy-gitpod/Dockerfile index bb3ccc9e7d0f3f..2a05bca9d76dbe 100644 --- a/.github/actions/deploy-gitpod/Dockerfile +++ b/.github/actions/deploy-gitpod/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/deploy-monitoring-satellite/Dockerfile b/.github/actions/deploy-monitoring-satellite/Dockerfile index bb3ccc9e7d0f3f..2a05bca9d76dbe 100644 --- a/.github/actions/deploy-monitoring-satellite/Dockerfile +++ b/.github/actions/deploy-monitoring-satellite/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile index bb3ccc9e7d0f3f..2a05bca9d76dbe 100644 --- a/.github/actions/preview-create/Dockerfile +++ b/.github/actions/preview-create/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/workflows/branch-build.yml b/.github/workflows/branch-build.yml index 8708e1f6631779..b0091087466584 100644 --- a/.github/workflows/branch-build.yml +++ b/.github/workflows/branch-build.yml @@ -107,7 +107,7 @@ jobs: cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} runs-on: ubuntu-latest-16-cores container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 @@ -180,7 +180,7 @@ jobs: ports: - 6379:6379 container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root env: DB_HOST: "mysql" @@ -516,7 +516,7 @@ jobs: environment: branch-build runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root if: needs.configuration.outputs.with_integration_tests != '' && needs.configuration.outputs.is_scheduled_run != 'true' concurrency: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20a90e3c5828a6..bb43993d4c062f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -110,7 +110,7 @@ jobs: cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} runs-on: ubuntu-latest-16-cores container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 @@ -183,7 +183,7 @@ jobs: ports: - 6379:6379 container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root env: DB_HOST: "mysql" @@ -519,7 +519,7 @@ jobs: environment: main-build runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root if: needs.configuration.outputs.with_integration_tests != '' && needs.configuration.outputs.is_scheduled_run != 'true' concurrency: diff --git a/.github/workflows/code-nightly.yml b/.github/workflows/code-nightly.yml index 064d1aa6dc6ca2..fe116b47d01e43 100644 --- a/.github/workflows/code-nightly.yml +++ b/.github/workflows/code-nightly.yml @@ -11,7 +11,7 @@ jobs: build: runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index 97d80aca45224e..648a3657b59728 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -36,7 +36,7 @@ jobs: name: Configuration runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root outputs: name: ${{ steps.configuration.outputs.name }} @@ -125,7 +125,7 @@ jobs: needs: [configuration, infrastructure] runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root volumes: - /var/tmp:/var/tmp diff --git a/.github/workflows/jetbrains-auto-update-template.yml b/.github/workflows/jetbrains-auto-update-template.yml index d29cd08266bf7d..66bf2dee428d6a 100644 --- a/.github/workflows/jetbrains-auto-update-template.yml +++ b/.github/workflows/jetbrains-auto-update-template.yml @@ -15,7 +15,7 @@ jobs: update-jetbrains: runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/jetbrains-integration-test.yml b/.github/workflows/jetbrains-integration-test.yml index f8dce4376ba57b..dea0c85bd2fbe5 100644 --- a/.github/workflows/jetbrains-integration-test.yml +++ b/.github/workflows/jetbrains-integration-test.yml @@ -34,7 +34,7 @@ on: jobs: jetbrains-smoke-test-linux: container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root runs-on: ubuntu-latest steps: diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index adbd902ac7e90d..0b2e427ebd5fd8 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -92,7 +92,7 @@ jobs: if: ${{ needs.configuration.outputs.skip == 'false' }} runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root volumes: - /var/tmp:/var/tmp diff --git a/.github/workflows/preview-env-delete.yml b/.github/workflows/preview-env-delete.yml index 01d7dfdeeccd0b..8b8d6213ffabd7 100644 --- a/.github/workflows/preview-env-delete.yml +++ b/.github/workflows/preview-env-delete.yml @@ -15,7 +15,7 @@ jobs: if: github.event.ref_type == 'branch' || github.event.inputs.name != '' runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index 0645b719be86b7..d3dc24d16a4a52 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -11,7 +11,7 @@ jobs: name: "Find stale preview environments" runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root outputs: names: ${{ steps.set-matrix.outputs.names }} diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index 340dfb271b78cb..9938b60c3e774e 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -52,7 +52,7 @@ jobs: name: Configuration runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root outputs: name: ${{ steps.configuration.outputs.name }} @@ -158,7 +158,7 @@ jobs: needs: [configuration, infrastructure] runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 diff --git a/.gitpod.yml b/.gitpod.yml index 565189aa16679c..dfe743bdc9f2f5 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -1,4 +1,4 @@ -image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 workspaceLocation: gitpod/gitpod-ws.code-workspace checkoutLocation: gitpod ports: