support forked branches in authorization check #46
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test cagent-action | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-security: | |
| name: Security Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Run security tests | |
| run: | | |
| cd tests | |
| chmod +x test-security.sh | |
| ./test-security.sh | |
| test-exploits: | |
| name: Exploit Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Run exploit tests | |
| run: | | |
| cd tests | |
| chmod +x test-exploits.sh | |
| ./test-exploits.sh | |
| test-pirate-agent: | |
| name: Pirate Agent Test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Run test | |
| id: pirate | |
| uses: ./ | |
| with: | |
| agent: agentcatalog/pirate | |
| prompt: "What do we ship today?" | |
| openai-api-key: ${{ secrets.OPENAI_API_KEY }} | |
| - name: Validate output and exit code | |
| run: | | |
| OUTPUT_FILE="${{ steps.pirate.outputs.output-file }}" | |
| # Check that exit code is 0 (success) | |
| if [ "${{ steps.pirate.outputs.exit-code }}" != "0" ]; then | |
| echo "❌ Agent failed with exit code: ${{ steps.pirate.outputs.exit-code }}" | |
| exit 1 | |
| fi | |
| echo "✅ Agent completed successfully with exit code 0" | |
| # Check that output file exists | |
| if [ ! -f "$OUTPUT_FILE" ]; then | |
| echo "❌ Output file not found: $OUTPUT_FILE" | |
| exit 1 | |
| fi | |
| echo "✅ Output file found: $OUTPUT_FILE" | |
| # Display the output for debugging | |
| echo "--- Agent Output ---" | |
| cat "$OUTPUT_FILE" | |
| echo "--- End Output ---" | |
| # Check that output contains "--- Agent: root ---" | |
| if ! grep -qF -- "--- Agent: root ---" "$OUTPUT_FILE"; then | |
| echo "❌ Output does not contain '--- Agent: root ---'" | |
| exit 1 | |
| fi | |
| echo "✅ Found '--- Agent: root ---' in output" | |
| # Check that there is text after "--- Agent: root ---" | |
| # Extract everything after "--- Agent: root ---" and check if it has non-empty content | |
| AFTER_AGENT=$(sed -n '/--- Agent: root ---/,$p' "$OUTPUT_FILE" | tail -n +2 | grep -v '^$' | grep -vF 'Cleaning up' | head -n 5) | |
| if [ -z "$AFTER_AGENT" ]; then | |
| echo "❌ No output found after '--- Agent: root ---'" | |
| exit 1 | |
| fi | |
| echo "✅ Found agent response after '--- Agent: root ---'" | |
| echo "Response preview: $(echo "$AFTER_AGENT" | head -n 1)" | |
| - name: Test should fail on invalid agent | |
| id: invalid-agent | |
| continue-on-error: true | |
| uses: ./ | |
| with: | |
| agent: agentcatalog/nonexistent | |
| prompt: "This should fail" | |
| openai-api-key: ${{ secrets.OPENAI_API_KEY }} | |
| - name: Verify invalid agent failed | |
| run: | | |
| if [ "${{ steps.invalid-agent.outputs.exit-code }}" == "0" ]; then | |
| echo "❌ Invalid agent should have failed but succeeded" | |
| exit 1 | |
| fi | |
| echo "✅ Invalid agent correctly failed" |