test(ci): run e2e tests inside Docker containers

[jdx]

Summary

• Add packaging/e2e/Dockerfile (Ubuntu 26.04) with all e2e test dependencies (bash, zsh, fish, git, jq, direnv, fd-find, build-essential, python3, nushell, etc.)
• Add e2e to docker.yml build matrix so ghcr.io/jdx/mise:e2e is built and pushed to GitHub packages
• Modify e2e/run_test to optionally run tests inside Docker containers when MISE_E2E_DOCKER=1 is set
• Add docker-e2e job to test.yml (opt-in via workflow_dispatch or MISE_E2E_DOCKER_CI repo variable)

Usage

# Local (with locally built image)
docker build -t mise-e2e -f packaging/e2e/Dockerfile .
MISE_E2E_DOCKER=1 MISE_E2E_DOCKER_IMAGE=mise-e2e ./e2e/run_test cli/test_version

# Local (with pre-built image from GHCR)
MISE_E2E_DOCKER=1 ./e2e/run_test cli/test_version

# Run all tests in Docker
MISE_E2E_DOCKER=1 ./e2e/run_all_tests

Test plan

• Built Docker image locally and verified it builds successfully
• Ran cli/test_version inside Docker container — passed
• Ran cli/test_alias inside Docker container — passed (including tool install)
• Verify ghcr.io/jdx/mise:e2e image builds in docker.yml workflow
• Verify docker-e2e job runs when triggered via workflow_dispatch

🤖 Generated with Claude Code

---

Note

Medium Risk
CI behavior changes by shifting Linux e2e execution into a Docker container and introducing a new published e2e image, which may surface environment/parity issues or increase flakiness due to Docker/runtime differences.

Overview
Moves Linux e2e CI to a containerized environment. The test workflow replaces the previous coverage job with an e2e matrix job that pulls ghcr.io/jdx/mise:e2e and runs ./e2e/run_all_tests with MISE_E2E_DOCKER=1.

Adds a dedicated e2e Docker image build. The docker workflow now builds/pushes an e2e flavor using the new packaging/e2e/Dockerfile (Ubuntu-based image with shell/tooling deps).

Updates e2e harness and tests for Docker execution. e2e/run_test can now run tests inside Docker (mounting the repo and a Linux mise binary), resolve_mise_bin is shared via e2e/helpers.sh, and several e2e scripts are adjusted to avoid relying on mise being in PATH or on extra host deps (e.g., cargo init -> git init, PATH manipulation fixes, task fixture tweaks).

^{Reviewed by Cursor Bugbot for commit 1275b6a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[gemini-code-assist]

Code Review

This pull request introduces the ability to run end-to-end tests within a Docker container by adding a new run_in_docker function and a corresponding Dockerfile. Feedback includes concerns about using exec which might break CI log grouping, the duplication of the resolve_mise_bin function, and an incorrect Ubuntu version tag in the Dockerfile.

[gemini-code-assist]

Using exec here will replace the current shell process with the Docker process. This is problematic because run_in_docker is called via as_group (from e2e/style.sh), which expects to execute end_group after the function returns to properly close the GitHub Actions log group. If exec is used, end_group will never be called, breaking the log formatting in CI.

	"${docker_args[@]}" "$image" /mise-src/e2e/run_test "$TEST"

[gemini-code-assist]

The resolve_mise_bin function is duplicated exactly in e2e/run_all_tests. To improve maintainability and avoid code duplication, consider moving this function to e2e/style.sh or another shared helper script that is sourced by both files.

[gemini-code-assist]

Ubuntu 26.04 is not a released version (it would be expected in April 2026). The provided SHA a072b64036a738e55bff8f9a9682cbb893bf20c213772effc1de8dee8df1cea9 actually corresponds to ubuntu:24.04 (Noble Numbat). You should update the tag to reflect the actual version being used to avoid confusion.

FROM ubuntu:24.04@sha256:a072b64036a738e55bff8f9a9682cbb893bf20c213772effc1de8dee8df1cea9

[greptile-apps]

Greptile Summary

This PR migrates the Linux e2e test suite from bare GitHub Actions runners (with apt-get dependency installs) to standardised Docker containers (ghcr.io/jdx/mise:e2e, based on Ubuntu 26.04). A new packaging/e2e/Dockerfile defines the test environment; e2e/run_test gains a run_in_docker function that mounts the repo and the pre-built mise binary read-only and spawns a fresh container per test when MISE_E2E_DOCKER=1. A new e2e/helpers.sh extracts the resolve_mise_bin logic shared between run_test and run_all_tests. Several e2e scripts are adjusted for the read-only mount (PATH manipulation instead of binary moves, writes to $HOME vs $TEST_DIR, git init instead of cargo init, Bash instead of Ruby for the monorepo task fixture).

Key points:

• The coverage CI job is renamed e2e and switches from mise run test:coverage to ./e2e/run_all_tests — code coverage collection is no longer performed in CI, which may be intentional but is a silent drop worth confirming.
• run_in_docker correctly avoids exec so the as_group wrapper in style.sh can close the GitHub Actions log group properly.
• Node.js is deliberately installed to /opt/node (not /usr/bin) so test_backend_missing_deps can still exercise the missing-npm code path with a restricted PATH.
• Each test runs in its own fresh container, providing clean isolation at the cost of per-test container startup overhead.
• Two concerns already raised in prior review threads remain open: no GHCR login before docker pull in test.yml, and the e2e image is only built on tag pushes so it must be pre-published via workflow_dispatch before this PR can merge without breaking CI."

Confidence Score: 4/5

Safe to merge once the e2e Docker image has been manually published via workflow_dispatch — the code changes themselves are logically correct

All new findings are P2 (missing --init, dropped coverage). The critical bootstrapping and GHCR auth issues were already raised in prior threads. The Docker isolation logic is sound, the exec-vs-no-exec concern from the previous review is addressed in the current code, and the per-test container approach provides clean isolation.

.github/workflows/test.yml — code coverage is silently dropped and docker pull has no GHCR auth; packaging/e2e/Dockerfile — Node 22.22.1 tarball URL should be verified before the image is first published

Important Files Changed

Filename	Overview
packaging/e2e/Dockerfile	New Ubuntu 26.04-based e2e image with shells (bash, zsh, fish, nu), dev tools, and Node.js deliberately placed in /opt/node to preserve missing-npm test coverage
.github/workflows/docker.yml	Adds 'e2e' to the Docker build matrix so ghcr.io/jdx/mise:e2e is built and pushed on tag pushes or workflow_dispatch
.github/workflows/test.yml	Renames coverage→e2e job, removes apt dependency installs, adds docker pull + MISE_E2E_DOCKER=1 flag; code coverage collection is silently dropped
e2e/run_test	Adds run_in_docker function mounting repo+binary read-only and launching a fresh container per test; correctly avoids exec so as_group closes log groups properly
e2e/helpers.sh	New file extracting resolve_mise_bin helper shared by run_test and run_all_tests
e2e/run_all_tests	Switches to shared resolve_mise_bin from helpers.sh; no other behavioral changes
e2e/cli/test_watch	Replaces binary move with PATH filtering to work on read-only Docker mounts; copies instead of moving the binary
e2e/core/test_rust	Adds idiomatic_version_file_enable_tools setting for rust before the rust-toolchain.toml test
e2e/env/test_fish_path_move_bug	Writes test.fish to $HOME instead of $TEST_DIR to avoid write failures on the read-only Docker mount
e2e/tasks/test_task_monorepo_file_tasks	Replaces Ruby migrate.rb fixture with Bash migrate.sh since Ruby is not in the e2e Docker image
e2e/tasks/test_task_remote_git_https	Replaces cargo init with git init since the Rust toolchain is not present in the e2e Docker image
e2e/tasks/test_task_remote_git_includes	Replaces cargo init with git init for same reason as test_task_remote_git_https
e2e/tasks/test_task_remote_git_ssh	Replaces cargo init with git init for same reason as test_task_remote_git_https

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant Host as Host Runner (ubuntu-latest)
    participant GHCR as ghcr.io/jdx/mise:e2e
    participant C as Docker Container

    GHA->>Host: run_all_tests (MISE_E2E_DOCKER=1)
    Host->>GHCR: docker pull
    loop For each test in tranche
        Host->>Host: run_test $TEST_NAME
        Note over Host: MISE_E2E_DOCKER=1 → run_in_docker()
        Host->>C: docker run --rm<br/>-v repo:/mise-src:ro<br/>-v mise_bin:ro<br/>-e MISE_E2E_INSIDE_DOCKER=1
        C->>C: run_test (function)
        C->>C: setup_isolated_env()
        C->>C: within_isolated_env bash|zsh|fish $TEST_SCRIPT
        C-->>Host: exit code
    end
    Host-->>GHA: overall pass/fail

Loading

_{Reviews (10): Last reviewed commit: "Merge branch 'main' into feat/e2e-docker" | Re-trigger Greptile}

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.3 x -- echo	21.5 ± 0.3	20.8	24.5	1.00
mise x -- echo	22.0 ± 0.5	20.9	27.1	1.02 ± 0.02

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.3 env	21.0 ± 0.4	20.3	26.6	1.00
mise env	21.4 ± 0.3	20.8	23.0	1.02 ± 0.02

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.3 hook-env	21.7 ± 0.3	21.1	25.2	1.00
mise hook-env	22.3 ± 0.8	21.2	29.4	1.03 ± 0.04

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.3 ls	20.4 ± 1.2	18.6	25.6	1.05 ± 0.06
mise ls	19.5 ± 0.2	18.8	20.6	1.00

xtasks/test/perf

Command	mise-2026.4.3	mise	Variance
install (cached)	146ms	147ms	+0%
ls (cached)	77ms	77ms	+0%
bin-paths (cached)	81ms	80ms	+1%
task-ls (cached)	789ms	791ms	+0%

[cursor]

Docker image may not exist when CI runs

High Severity

The docker pull ghcr.io/jdx/mise:e2e step runs unconditionally on every PR and push to main, but the docker.yml workflow that builds and pushes this image only triggers on version tags (v[0-9]*) and workflow_dispatch. Until someone manually triggers a Docker build, this image won't exist in GHCR, causing the pull to fail and blocking all CI.

 

^{Reviewed by Cursor Bugbot for commit 055d928. Configure here.}

[jdx]

All review feedback has been addressed:

• exec issue: Fixed — removed exec so as_group/end_group works properly
• Duplicate resolve_mise_bin: Fixed — extracted into e2e/helpers.sh, sourced by both scripts
• Ubuntu 26.04: This is correct — Ubuntu 26.04 (Resolute Ringtail) is a real release (April 2026)
• GHCR auth: Fixed — added docker/login-action step before the pull
• apt-get clean ordering: Fixed — swapped to conventional ordering
• Image bootstrapping: Already built and pushed via workflow_dispatch
• Coverage removed: Intentional — we weren't using code coverage. Job renamed coverage → e2e
• Missing CI env var: Noted — can address in follow-up if it causes issues

This comment was generated by Claude Code.

[cursor]

Sourced helper overwrites caller's global variables

Low Severity

helpers.sh unconditionally sets SCRIPT_DIR and ROOT at the top level when sourced, overwriting the caller's identically-named global variables. Both run_test and run_all_tests rely on SCRIPT_DIR after sourcing this file (e.g., for TEST_SCRIPT path construction and assert.sh sourcing). Currently this is benign because all three files live in e2e/, so the computed values are identical. However, it's an unnecessary side effect — resolve_mise_bin could simply reference the caller's already-set ROOT rather than recomputing it. If helpers.sh is ever moved or sourced from a different location, SCRIPT_DIR and ROOT in the caller would be silently corrupted.

 

^{Reviewed by Cursor Bugbot for commit ca02551. Configure here.}

[jdx]

Addressed latest review feedback:

• Host binary ELF check: Added — run_in_docker now validates the binary is a Linux ELF before mounting, with a helpful error for macOS users
• GITHUB_STEP_SUMMARY lost in Docker: Acknowledged — per-test summary rows are lost since the container can't write to the host file. The header rows from run_all_tests (host-side) still appear. Can address in a follow-up by moving summary calls to the host level
• Unpinned nushell: Acceptable for now — the image is only rebuilt on tag pushes, not every CI run
• Docker image bootstrapping: Already done — image was built via workflow_dispatch and exists at ghcr.io/jdx/mise:e2e

Also fixed the two failing tests:

• test_backend_missing_deps: npm was in /usr/bin — fixed by removing npm after installing nushell
• test_vfox_file_url: unzip was missing — added to Dockerfile

Rebuilding Docker image now: https://github.com/jdx/mise/actions/runs/23983971023

This comment was generated by Claude Code.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 3 total unresolved issues (including 2 from previous reviews).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 1275b6a. Configure here.}

[cursor]

PATH filtering uses regex instead of fixed-string matching

Low Severity

The grep -v "^${mise_dir}$" treats mise_dir as a regex pattern rather than a literal string. Characters like . in directory paths (e.g., hidden directories) act as single-character wildcards, potentially filtering out unintended PATH entries. The codebase already uses the correct approach in e2e/cli/test_deactivate with grep -Fvx (fixed-string exact match), which avoids regex interpretation entirely.

Additional Locations (1)

• e2e/generate/test_generate_bootstrap#L19-L20

 

^{Reviewed by Cursor Bugbot for commit 1275b6a. Configure here.}