test: harden Parallels update smoke

2026-05-06 18:50:42 +00:00 · 2026-04-16 08:16:34 -07:00
parent 628b454eff
commit 1a98090bf3
4 changed files with 303 additions and 23 deletions
--- a/scripts/e2e/lib/parallels-macos-common.sh
+++ b/scripts/e2e/lib/parallels-macos-common.sh
@@ -34,6 +34,59 @@ parallels_macos_current_user_available() {
  prlctl exec "$vm_name" --current-user /usr/bin/whoami >/dev/null 2>&1
 }

+parallels_macos_desktop_user_exec_with_secret_file() {
+  local vm_name="$1"
+  local user_flag="$2"
+  local user_name="$3"
+  local home="$4"
+  local path_value="$5"
+  local api_key_env="$6"
+  local api_key_value="$7"
+  shift 7
+
+  local secret_path
+  secret_path="/tmp/openclaw-secret-${api_key_env:-env}-$RANDOM-$RANDOM"
+
+  if [[ -n "$api_key_env" && -n "$api_key_value" ]]; then
+    if [[ "$user_flag" == "current-user" ]]; then
+      printf '%s' "$api_key_value" | /usr/bin/base64 | prlctl exec "$vm_name" \
+        --current-user /usr/bin/base64 -D -o "$secret_path"
+    else
+      printf '%s' "$api_key_value" | /usr/bin/base64 | prlctl exec "$vm_name" \
+        /usr/bin/sudo -H -u "$user_name" /usr/bin/base64 -D -o "$secret_path"
+    fi
+  fi
+
+  local wrapper
+  wrapper='
+set -e
+if [ -n "${OPENCLAW_SECRET_ENV_NAME:-}" ] && [ -n "${OPENCLAW_SECRET_FILE:-}" ] && [ -f "$OPENCLAW_SECRET_FILE" ]; then
+  secret_value="$(cat "$OPENCLAW_SECRET_FILE")"
+  rm -f "$OPENCLAW_SECRET_FILE"
+  export "${OPENCLAW_SECRET_ENV_NAME}=${secret_value}"
+fi
+exec "$@"
+'
+
+  if [[ "$user_flag" == "current-user" ]]; then
+    prlctl exec "$vm_name" --current-user /usr/bin/env \
+      "PATH=$path_value" \
+      "OPENCLAW_SECRET_ENV_NAME=$api_key_env" \
+      "OPENCLAW_SECRET_FILE=$secret_path" \
+      /bin/bash -c "$wrapper" openclaw-secret-env "$@"
+    return
+  fi
+
+  prlctl exec "$vm_name" /usr/bin/sudo -u "$user_name" /usr/bin/env \
+    "HOME=$home" \
+    "USER=$user_name" \
+    "LOGNAME=$user_name" \
+    "PATH=$path_value" \
+    "OPENCLAW_SECRET_ENV_NAME=$api_key_env" \
+    "OPENCLAW_SECRET_FILE=$secret_path" \
+    /bin/bash -c "$wrapper" openclaw-secret-env "$@"
+}
+
 parallels_macos_desktop_user_exec() {
  local vm_name="$1"
  local api_key_env="$2"
@@ -41,7 +94,15 @@ parallels_macos_desktop_user_exec() {
  shift 3

  if parallels_macos_current_user_available "$vm_name"; then
-    prlctl exec "$vm_name" --current-user /usr/bin/env "$api_key_env=$api_key_value" "$@"
+    parallels_macos_desktop_user_exec_with_secret_file \
+      "$vm_name" \
+      "current-user" \
+      "" \
+      "" \
+      "/opt/homebrew/bin:/opt/homebrew/opt/node/bin:/opt/homebrew/sbin:/usr/bin:/bin:/usr/sbin:/sbin" \
+      "$api_key_env" \
+      "$api_key_value" \
+      "$@"
    return
  fi

@@ -53,11 +114,13 @@ parallels_macos_desktop_user_exec() {
  }
  home="$(parallels_macos_resolve_desktop_home "$vm_name" "$user")"
  printf 'warn: macOS --current-user unavailable; using root sudo fallback for %s\n' "$user" >&2
-  prlctl exec "$vm_name" /usr/bin/sudo -u "$user" /usr/bin/env \
-    "HOME=$home" \
-    "USER=$user" \
-    "LOGNAME=$user" \
-    "PATH=/opt/homebrew/bin:/opt/homebrew/opt/node/bin:/opt/homebrew/sbin:/usr/bin:/bin:/usr/sbin:/sbin" \
-    "$api_key_env=$api_key_value" \
+  parallels_macos_desktop_user_exec_with_secret_file \
+    "$vm_name" \
+    "sudo" \
+    "$user" \
+    "$home" \
+    "/opt/homebrew/bin:/opt/homebrew/opt/node/bin:/opt/homebrew/sbin:/usr/bin:/bin:/usr/sbin:/sbin" \
+    "$api_key_env" \
+    "$api_key_value" \
    "$@"
 }