revisions of isolation-check

2025-10-06 12:56:24 -04:00
parent de68b8e5e8
commit 096fd28c36
1 changed files with 11 additions and 0 deletions
--- a/.gitea/workflows/isolation-check.yaml
+++ b/.gitea/workflows/isolation-check.yaml
@@ -28,10 +28,12 @@ jobs:
      - name: Dumping environment variables
        continue-on-error: true
        run: |
+          set +e
          echo "--- Check for parent variables ---"
          printenv | grep -Pi 'GITEA_RUNNER_REGISTRATION_FILE|GITEA_RUNNER_REGISTRATION_TOKEN_FILE|GITEA_RUNNER_REGISTRATION_TOKEN'
          echo "--- List all variables ---"
          printenv
+          true

      - name: Network routes and interfaces
        run: |
@@ -45,6 +47,7 @@ jobs:
      - name: LAN reachability test
        continue-on-error: true
        run: |
+          set +e
          echo "=== LAN REACHABILITY ==="
          for subnet in 192.168.0.1 192.168.1.1 10.0.0.1 172.16.0.1 172.17.0.1 \
          172.18.0.1 172.19.0.1 172.20.0.1 172.21.0.1 172.22.0.1 172.23.0.1 \
@@ -62,12 +65,15 @@ jobs:
      - name: Check external IP
        continue-on-error: true
        run: |
+          set +e
          echo "--- Checking external IP (https://ifconfig.me)"
          curl -s https://ifconfig.me
+          true

      - name: Host reachability sanity check
        continue-on-error: true
        run: |
+          set +e
          echo "=== OUTBOUND TEST ==="
          curl -fsSL https://google.com >/dev/null && echo "Internet access OK" || echo "No internet access?"
 
@@ -80,6 +86,7 @@ jobs:
      - name: Process visibility
        continue-on-error: true
        run: |
+          set +e
          echo "=== PROCESS VISIBILITY ==="
          ps aux | head -20
          ps aux | grep -E "dockerd|systemd|sshd|python" \
@@ -89,6 +96,7 @@ jobs:
      - name: Privilege and device access
        continue-on-error: true
        run: |
+          set +e
          echo "=== PRIVILEGE CHECK ==="
          id -Gn
          ls -l /dev | head -30
@@ -100,6 +108,7 @@ jobs:
      - name: File system sanity check
        continue-on-error: true
        run: |
+          set +e
          echo "=== FILESYSTEM ==="
          ls -1 /
          echo
@@ -109,6 +118,7 @@ jobs:
      - name: Capability check
        continue-on-error: true
        run: |
+          set +e
          echo "=== CAPABILITIES ==="
          capsh --print 2>/dev/null || echo "capsh not available"
          dmesg 2>&1 | head -5 && echo "!! dmesg readable !!" || echo "dmesg not accessible (good)"
@@ -116,6 +126,7 @@ jobs:
      - name: Mount Info
        continue-on-error: true
        run: |
+          set +e
          echo "=== Mount Info ==="
          findmnt -a