Add agent test suite with race detection and fuzz testing

Author: sebastianrath

.github/workflows/workflow.yml

@@ -32,6 +32,28 @@ permissions:
   packages: write
 
 jobs:
+  agent-tests:
+    runs-on: ubuntu-latest
+    name: Agent Tests (race + fuzz)
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Unit tests with race detector
+        run: go test -race -count=1 -v ./agent/...
+
+      - name: Fuzz ParseDockerImage
+        run: go test -fuzz=FuzzParseDockerImage -fuzztime=30s ./agent
+
+      - name: Fuzz ParseShebang
+        run: go test -fuzz=FuzzParseShebang -fuzztime=30s ./agent
+
+      - name: Fuzz ResolveTemplate
+        run: go test -fuzz=FuzzResolveTemplate -fuzztime=30s ./agent
+
   build-quick:
 
     runs-on: ubuntu-latest

agent/client.go

@@ -158,7 +158,17 @@ func saveInstanceCred(serverURL, agentToken string, cred *InstanceCred) error {
 	if err != nil {
 		return err
 	}
-	return os.WriteFile(path, data, 0o600)
+	// Atomic write: temp file → fsync → rename. Prevents a crash
+	// mid-write from leaving a truncated or empty credential file.
+	tmp := path + ".tmp"
+	if err := os.WriteFile(tmp, data, 0o600); err != nil {
+		return err
+	}
+	if f, err := os.Open(tmp); err == nil {
+		_ = f.Sync()
+		f.Close()
+	}
+	return os.Rename(tmp, path)
 }
 
 // DeleteInstanceCred removes the on-disk credential file for a given