Browse Source

fix(supply-chain-defense): Gate phone-home-monitor tests to Windows

The phone-home-monitor.ps1 Sysmon/Event-Log tool is Windows-only, but its
test block gated on pwsh presence alone. GitHub ubuntu runners ship pwsh,
so the Windows script ran under Linux pwsh and crashed at load (10 assertions
'got 1'), reddening CI. Completes the OS gate (pwsh AND Windows), matching
the repo's net-ops/mac-ops platform-gating. Validated on Windows (107/0);
skips on Linux. Cross-platform replay would need the .ps1 itself made
Linux-pwsh-clean — a separate follow-up.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
0xDarkMatter 3 weeks ago
parent
commit
b3c5cdc10b
1 changed files with 6 additions and 2 deletions
  1. 6 2
      skills/supply-chain-defense/tests/run.sh

+ 6 - 2
skills/supply-chain-defense/tests/run.sh

@@ -266,7 +266,11 @@ fi
 # ── phone-home-monitor.ps1 (offline replay + contract) ─────────────────────
 # ── phone-home-monitor.ps1 (offline replay + contract) ─────────────────────
 echo "-- phone-home-monitor.ps1 --"
 echo "-- phone-home-monitor.ps1 --"
 PHM="$SCRIPTS/phone-home-monitor.ps1"
 PHM="$SCRIPTS/phone-home-monitor.ps1"
-if command -v pwsh >/dev/null 2>&1; then
+# Windows-only Sysmon monitor — gate on Windows, not just pwsh presence:
+# GitHub ubuntu runners ship pwsh, where this Windows-EventLog script crashes
+# at load. Validated on Windows (Git Bash / MSYS / Cygwin), skipped elsewhere.
+case "$(uname -s 2>/dev/null)" in MINGW*|MSYS*|CYGWIN*) _PHM_WIN=1 ;; *) _PHM_WIN=0 ;; esac
+if command -v pwsh >/dev/null 2>&1 && [[ "$_PHM_WIN" == 1 ]]; then
   PHMW="$PHM"
   PHMW="$PHM"
   command -v cygpath >/dev/null 2>&1 && PHMW="$(cygpath -w "$PHM")"
   command -v cygpath >/dev/null 2>&1 && PHMW="$(cygpath -w "$PHM")"
   out="$(pwsh -NoProfile -File "$PHMW" --help 2>&1)"; rc=$?
   out="$(pwsh -NoProfile -File "$PHMW" --help 2>&1)"; rc=$?
@@ -308,7 +312,7 @@ JSONF
     expect_has  "hint names SwiftOnSecurity config" "SwiftOnSecurity" "$out"
     expect_has  "hint names SwiftOnSecurity config" "SwiftOnSecurity" "$out"
   fi
   fi
 else
 else
-  echo "  SKIP  pwsh not found (Windows-only script)"
+  echo "  SKIP  phone-home-monitor.ps1 needs pwsh on Windows (Sysmon/Event-Log tool)"
 fi
 fi
 
 
 # ── postinstall-audit.py (on-disk behavioural scan, incremental cache) ─────
 # ── postinstall-audit.py (on-disk behavioural scan, incremental cache) ─────