Can't run gemnasium integration tests on Mac OS X
Summary
As mentioned here, it's not currently possible to run the gemnasium_image_spec.rb in its entirety on Mac OS X.
Steps to reproduce
-
Clone the gemnasium repo:
$ git clone git@gitlab.com:gitlab-org/security-products/analyzers/gemnasium.git && cd gemnasium -
Patch the
gemnasium_image_spec.rbto produce debugging output:$ patch -p1 << 'EOF' diff --git a/spec/gemnasium_image_spec.rb b/spec/gemnasium_image_spec.rb index d6870d10..df724814 100644 --- a/spec/gemnasium_image_spec.rb +++ b/spec/gemnasium_image_spec.rb @@ -63,7 +63,8 @@ describe "running image" do script: script, offline: offline, variables: global_vars.merge(variables), - mount_points: mount_points + mount_points: mount_points, + debug: true ) end EOF -
Run the integration tests against with js-npm with lockfile v1 when offline and gemnasium-db update NOT disabled and GEMNASIUM_DB_REMOTE_URL is set:
$ docker run -it --rm -v "$PWD:$PWD" -w "$PWD" \ -e TMP_IMAGE=registry.gitlab.com/security-products/gemnasium:6.1.11 \ -v /var/run/docker.sock:/var/run/docker.sock \ registry.gitlab.com/gitlab-org/security-products/analyzers/integration-test:1 \ rspec spec/gemnasium_image_spec.rb:669Output
Docker command to execute: docker run -t --rm -v /Users/adam/Documents/programming/gitlab/gitlab-org/security-products/analyzers/gemnasium2/qa/fixtures/minimal-gemnasium-db/git-dir:/minimal-gemnasium-db/.git -v /Users/adam/Documents/programming/gitlab/gitlab-org/security-products/analyzers/gemnasium2/qa/fixtures/minimal-gemnasium-db/npm:/minimal-gemnasium-db/npm -v /Users/adam/Documents/programming/gitlab/gitlab-org/security-products/analyzers/gemnasium2/tmp/test-6926/js-npm/default/running-image/with-test-project/with-js-npm/with-lockfile-v1/when-offline/and-gemnasium-db-update-not-disabled/and-gemnasium_db_remote_url-is-set/created-report/behaves-like-non-empty-report/version/:/app -w /app --network none --env GEMNASIUM_DB_REF_NAME="v1.2.142" --env SECURE_LOG_LEVEL="debug" --env GEMNASIUM_DB_REMOTE_URL="/minimal-gemnasium-db" registry.gitlab.com/security-products/gemnasium:6.1.11 WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested XXXXXXXXXXXXXXXX BEGIN Docker run log XXXXXXXXXXXXXXXX [INFO] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/cmd/gemnasium/main.go:79] ▶ GitLab Gemnasium analyzer v6.1.11 [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/common/v3@v3.4.0/cacert/cacert.go:65] ▶ CA cert bundle not imported: empty bundle or empty target path [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/finder/finder.go:64] ▶ inspect directory: . [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/finder/detect.go:70] ▶ electing npm for npm based on lock file package-lock.json [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/finder/detect.go:92] ▶ rejecting package.json as handled by yarn [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/finder/detect.go:92] ▶ rejecting package.json as handled by pnpm [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/cmd/gemnasium/main.go:452] ▶ Exporting dependencies for /app/package.json [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/cmd/gemnasium/main.go:458] ▶ No builder found for package manager npm [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/advisory/repo.go:132] ▶ /usr/bin/git -C /gemnasium-db config --global safe.directory /gemnasium-db [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/advisory/repo.go:132] ▶ /usr/bin/git -C /gemnasium-db remote set-url origin /minimal-gemnasium-db [DEBU] [Gemnasium] [2025-09-23T17:15:58Z] [/go/src/app/advisory/repo.go:132] ▶ /usr/bin/git -C /gemnasium-db fetch --force --tags origin v1.2.142 fatal: detected dubious ownership in repository at '/minimal-gemnasium-db/.git' To add an exception for this directory, call: git config --global --add safe.directory /minimal-gemnasium-db/.git fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. exit status 128 XXXXXXXXXXXXXXXX END Docker run log XXXXXXXXXXXXXXXX FFF Failures: 1) running image with test project with js-npm with lockfile v1 when offline and gemnasium-db update NOT disabled and GEMNASIUM_DB_REMOTE_URL is set created report behaves like non-empty report version is expected to exist "/Users/adam/Documents/programming/gitlab/gitlab-org/security-products/analyzers/gemnasium2/tmp/test-..._url-is-set/created-report/behaves-like-non-empty-report/version/gl-dependency-scanning-report.json" Failure/Error: DEFAULT_FAILURE_NOTIFIER = lambda { |failure, _opts| raise failure } Expected report '/Users/adam/Documents/programming/gitlab/gitlab-org/security-products/analyzers/gemnasium2/tmp/test-6926/js-npm/default/running-image/with-test-project/with-js-npm/with-lockfile-v1/when-offline/and-gemnasium-db-update-not-disabled/and-gemnasium_db_remote_url-is-set/created-report/behaves-like-non-empty-report/version/gl-dependency-scanning-report.json' to exist Shared Example Group: "non-empty report" called from ./spec/gemnasium_image_spec.rb:668 # /usr/bin/rspec:25:in `load' # /usr/bin/rspec:25:in `<main>'
Notice the error in step 3:
fatal: detected dubious ownership in repository at '/minimal-gemnasium-db/.git'
To add an exception for this directory, call:
git config --global --add safe.directory /minimal-gemnasium-db/.git
fatal: Could not read from remote repository.This is due to the fact that the integration test mounts qa/fixtures/minimal-gemnasium-db/git-dir from the host machine to the Docker container at /minimal-gemnasium-db/.git, but does not call git config --global --add safe.directory /minimal-gemnasium-db/.git on this directory.
What is the current bug behavior?
gemnasium_image_spec.rb cannot be run on a Mac OS X machine.
What is the expected correct behavior?
gemnasium_image_spec.rb should run successfully on a Mac OS X machine.
Possible fixes
Add a script block to call git config --global --add safe.directory /minimal-gemnasium-db/.git before executing the tests.
/cc @hacks4oats
Edited by Adam Cohen