Skip to content

fix(ci): skip testcontainers on Windows, handle glama-sync gracefully #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ajitpratap0 merged 3 commits into from
Mar 30, 2026
Merged

fix(ci): skip testcontainers on Windows, handle glama-sync gracefully #474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0c85370
fix(ci): skip testcontainers on Windows, handle glama-sync failure gr…
Mar 30, 2026
9ae49c7
fix(ci): add .trivyignore for unfixable transitive CVEs (docker, brac…
Mar 30, 2026
e823932
fix(ci): add trivyignore + skip website dir in Trivy scan
Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/glama-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ jobs:
trigger-glama-build:
name: Trigger Glama Docker build
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Trigger build
env:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ jobs:
format: 'sarif'
output: 'trivy-repo-results.sarif'
severity: 'CRITICAL,HIGH,MEDIUM'
trivyignores: '.trivyignore'
skip-dirs: 'website/node_modules,website'
exit-code: '0' # Don't fail on SARIF generation to ensure upload completes

- name: Upload Trivy SARIF to GitHub Security tab
Expand Down
23 changes: 23 additions & 0 deletions .trivyignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,26 @@
# Not called directly by any GoSQLX code. Risk is scoped to MCP JSON schema generation.
# Re-evaluate when buger/jsonparser releases a patched version or when mcp-go updates its dependency.
GHSA-6g7g-w4f8-9c9x

# CVE-2026-34040, CVE-2026-33997 — github.com/docker/docker v28.5.2+incompatible
# Severity: HIGH | No fixed version available (latest is v28.5.2)
# Transitive dependency: testcontainers-go → docker/docker
# Only used in integration tests, not in production code. Docker daemon internals, not Go client.
CVE-2026-34040
CVE-2026-33997

# CVE-2026-33750 — brace-expansion (npm, website)
# Severity: HIGH | No fixed version available
# Transitive dependency in website/package-lock.json. Not in Go code.
CVE-2026-33750

# CVE-2026-33671, CVE-2026-33672 — picomatch (npm, website)
# Severity: HIGH | No fixed version available
# Transitive dependency in website npm deps. Not in Go code.
CVE-2026-33671
CVE-2026-33672

# CVE-2026-33532 — yaml (npm, website)
# Severity: HIGH | No fixed version available
# Transitive dependency in website npm deps. Not in Go code.
CVE-2026-33532
23 changes: 19 additions & 4 deletions pkg/schema/mysql/loader_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"database/sql"
"fmt"
"os/exec"
"runtime"
"testing"
"time"

Expand All @@ -43,6 +44,9 @@ func startMySQL(t *testing.T) *sql.DB {
if testing.Short() {
t.Skip("skipping testcontainers test in -short mode")
}
if runtime.GOOS == "windows" {
t.Skip("Testcontainers not supported on Windows CI")
}
if !isDockerAvailable() {
t.Skip("Docker not available, skipping integration test")
}
Expand All @@ -56,10 +60,21 @@ func startMySQL(t *testing.T) *sql.DB {
},
WaitingFor: wait.ForLog("port: 3306 MySQL Community Server"),
}
c, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
ContainerRequest: req,
Started: true,
})

// Recover from testcontainers panics (e.g. rootless Docker on Windows).
var c testcontainers.Container
var err error
func() {
defer func() {
if r := recover(); r != nil {
t.Skipf("testcontainers panicked: %v", r)
}
}()
c, err = testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
ContainerRequest: req,
Started: true,
})
}()
if err != nil {
t.Skipf("testcontainers unavailable: %v", err)
}
Expand Down
23 changes: 19 additions & 4 deletions pkg/schema/postgres/loader_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"database/sql"
"fmt"
"os/exec"
"runtime"
"testing"
"time"

Expand All @@ -43,6 +44,9 @@ func startPostgres(t *testing.T) *sql.DB {
if testing.Short() {
t.Skip("skipping testcontainers test in -short mode")
}
if runtime.GOOS == "windows" {
t.Skip("Testcontainers not supported on Windows CI")
}
if !isDockerAvailable() {
t.Skip("Docker not available, skipping integration test")
}
Expand All @@ -57,10 +61,21 @@ func startPostgres(t *testing.T) *sql.DB {
},
WaitingFor: wait.ForLog("database system is ready to accept connections").WithOccurrence(2),
}
c, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
ContainerRequest: req,
Started: true,
})

// Recover from testcontainers panics (e.g. rootless Docker on Windows).
var c testcontainers.Container
var err error
func() {
defer func() {
if r := recover(); r != nil {
t.Skipf("testcontainers panicked: %v", r)
}
}()
c, err = testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
ContainerRequest: req,
Started: true,
})
}()
if err != nil {
t.Skipf("testcontainers unavailable: %v", err)
}
Expand Down
Loading