[Test Coverage] Add branch-coverage tests for container-cleanup.ts#3316
Conversation
Cover previously untested branches in container-cleanup.ts: - sanitizeDockerComposeYaml: null/non-object YAML, missing services, array services, service without environment, array-form env entries with no '=' separator - cleanup(): cli-proxy log preservation (with/without proxyLogsDir), api-proxy-logs inside proxyLogsDir, sessionStateDir specified but missing, auditDir specified but missing, empty default audit dir, unmountSslTmpfs invocation when ssl/ dir exists Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Pull request overview
Adds targeted Jest branch-coverage tests for src/container-cleanup.ts, focusing on diagnostic compose sanitization and cleanup preservation paths.
Changes:
- Adds edge-case tests for
collectDiagnosticLogsvia compose YAML sanitization. - Adds cleanup branch tests for proxy logs, audit/session directories, and SSL cleanup behavior.
Show a summary per file
| File | Description |
|---|---|
src/container-cleanup-branches.test.ts |
New branch-coverage test suite for container cleanup and diagnostics behavior. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (3)
src/container-cleanup-branches.test.ts:92
- This test only checks that the sanitized compose file exists, so it would still pass if the invalid service entry were mishandled as long as any file is written. Assert the resulting YAML still contains the valid service and does not throw/drop expected content to make this branch meaningful.
expect(fs.existsSync(path.join(diagnosticsDir, 'docker-compose.yml'))).toBe(true);
src/container-cleanup-branches.test.ts:83
- Like the no-services case, this only checks that a diagnostics compose file exists. To actually protect the services-as-array branch, assert that the dumped YAML still represents the array-form services content instead of accepting any written file.
expect(fs.existsSync(path.join(diagnosticsDir, 'docker-compose.yml'))).toBe(true);
src/container-cleanup-branches.test.ts:104
- This assertion does not prove the service without an environment field was preserved; an empty sanitized file would also contain no [REDACTED] marker. Assert that the expected service/image remains in the output so this branch guards against accidental content loss.
expect(sanitized).not.toContain('[REDACTED]');
- Files reviewed: 1/1 changed files
- Comments generated: 4
| * - cleanup() branches for cli-proxy logs, audit dir, session state, and SSL | ||
| */ | ||
|
|
||
| import { cleanup, collectDiagnosticLogs } from './docker-manager'; |
| fs.writeFileSync(path.join(testDir, 'docker-compose.yml'), 'version: "3"\n'); | ||
| await collectDiagnosticLogs(testDir); | ||
| const diagnosticsDir = path.join(testDir, 'diagnostics'); | ||
| expect(fs.existsSync(path.join(diagnosticsDir, 'docker-compose.yml'))).toBe(true); |
| fs.mkdirSync(cliProxyLogsDir, { recursive: true }); | ||
| fs.writeFileSync(path.join(cliProxyLogsDir, 'difc-proxy.log'), 'audit entry\n'); | ||
|
|
||
| await cleanup(testDir, false); | ||
|
|
||
| const timestamp = path.basename(testDir).replace('awf-', ''); | ||
| const destination = path.join(os.tmpdir(), `cli-proxy-logs-${timestamp}`); | ||
| expect(fs.existsSync(destination)).toBe(true); |
|
|
||
| await cleanup(testDir, false); | ||
|
|
||
| expect(unmountSslTmpfs).toHaveBeenCalledWith(sslDir); |
|
@copilot address review feedback |
Smoke Test: Copilot BYOK (Offline) Mode
Running in BYOK offline mode ( Overall: PARTIAL — BYOK inference ✅, but pre-computed test data was not injected (template variables unexpanded) and GitHub MCP returned 401.
|
Smoke Test Results✅ Playwright: GitHub page title confirmed (contains "GitHub") Result: FAIL (1 test failed)
|
🔬 Smoke Test Results — Copilot Engine
Overall: PASS 🎉 Triggered by
|
|
Smoke test Codex: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Chroot Version Comparison
Result: 1/3 tests passed — Python and Node.js versions differ between host and chroot.
|
Smoke Test: GitHub Actions Services Connectivity
Overall: FAIL
|
Gemini Engine Smoke Test Results
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
lpcox
deleted the
test-coverage/container-cleanup-branches-cc9348c78baaf1ba
branch
Summary
Adds targeted branch-coverage tests for
src/container-cleanup.ts, the file with the lowest coverage among well-exercised modules (77.56% lines / 79.24% branches before this PR).What changed
New test file:
src/container-cleanup-branches.test.tsBranches now covered
sanitizeDockerComposeYaml(called insidecollectDiagnosticLogs)null/ non-object → returns raw stringserviceskeyservicesis an array instead of an objectnull/ non-objectenvironmentfield (else branch)=separator (skip logic)cleanup()proxyLogsDirset andcliProxyLogsDirexists →chmodproxyLogsDir, non-empty dir → moved to/tmpproxyLogsDir, empty dir → not movedproxyLogsDirset and non-empty →chmodsessionStateDirspecified but does not exist → nochmodsessionStateDirspecified and exists →chmodauditDirspecified but does not exist → nochmodssl/directory exists inworkDir→unmountSslTmpfscalledssl/directory does not exist →unmountSslTmpfsNOT calledCoverage impact
Before:
container-cleanup.ts– 77.56% lines / 79.24% branchesExpected after: ~88–92% lines / ~90–94% branches
(Overall project coverage increase: ~+0.5% statements)
Security relevance
sanitizeDockerComposeYamlcorrectly handles malformed inputs without leaking secrets (injection-resistance)cleanupSslKeyMaterial+unmountSslTmpfsare invoked when SSL key material exists, ensuring keys are not left on disksessionStateDirandauditDirpermission-fixing paths to ensure log artifacts are readable after cleanupNo bugs found
All uncovered branches were defensive error-handling paths that behaved correctly once exercised. No pre-existing bugs were identified.