Protect against using user tokens for read-write checks

CI support for this variable added in alisw/ali-bot#1292.
alisw · Feb 19, 2024 · b531dbc · b531dbc
1 parent 8c02ff4
commit b531dbc
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/xjalienfs.sh b/xjalienfs.sh
@@ -41,10 +41,13 @@ for binfile in "$INSTALLROOT"/bin/*; do
 done
 rm -fv "$INSTALLROOT"/bin/*.bak
 
-# Now that alien.py is installed, we can run its tests. They need a JAliEn
-# token though, so skip them if we have none.
+# Now that alien.py is installed, we can run its tests.
 set +x   # avoid echoing tokens
-if [ -n "$JALIEN_TOKEN_CERT" ] && [ -n "$JALIEN_TOKEN_KEY" ]; then
+# Make sure we don't accidentally run read-write tests with users' JAliEn keys.
+if [ -n "$ALIBUILD_XJALIENFS_TESTS" ] &&
+     # Tests need a JAliEn token, so skip them if we have none.
+     [ -n "$JALIEN_TOKEN_CERT" ] && [ -n "$JALIEN_TOKEN_KEY" ]
+then
   PATH="$INSTALLROOT/bin:$PATH" \
   PYTHONPATH="$INSTALLROOT/lib/python/site-packages:$PYTHONPATH" \
   "$SOURCEDIR/tests/run_tests" ci-tests