security(ci): run test-tool inside Docker container

[jdx]

Summary

• Run mise test-tool inside ghcr.io/jdx/mise:e2e Docker container to isolate tool install scripts from the CI runner
• Prevents tool scripts from accessing runner secrets (ACTIONS_RUNTIME_TOKEN, etc.) and host environment
• Only GITHUB_TOKEN (pooled) is passed into the container
• GITHUB_STEP_SUMMARY is bind-mounted so job summaries still work
• Grace period check (release branch only) runs on the host since it needs gh CLI and only queries APIs

Test plan

• Verify test-tool jobs pass in CI with Docker
• Verify retry logic still works for failing tools
• Verify GITHUB_STEP_SUMMARY is populated correctly through the bind mount

🤖 Generated with Claude Code

---

Note

Medium Risk
Moderate risk: changes the registry.yml CI execution environment and retry behavior, which could cause unexpected test failures/flakiness or summary parsing issues, but it’s scoped to CI and not production runtime.

Overview
Registry CI now runs tool tests inside Docker. The test-tool job pulls ghcr.io/jdx/mise:e2e and executes mise test-tool (and the retry run) via docker run, bind-mounting the workspace, the built mise binary, and GITHUB_STEP_SUMMARY, and passing only a pooled GITHUB_TOKEN into the container.

Retry/grace-period handling is reworked. The workflow now captures retry failures explicitly (failing PRs after a retry), while release branches run mise run test-tool-retry --check-only --grace-period on remaining failures; xtasks/test-tool-retry.py adds --check-only to skip reruns and only apply the grace-period evaluation.

^{Reviewed by Cursor Bugbot for commit 5f398e8. Bugbot is set up for automated code reviews on this repo. Configure here.}

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[greptile-apps]

Greptile Summary

This PR moves mise test-tool execution into a ghcr.io/jdx/mise:e2e Docker container to prevent tool install scripts from accessing runner secrets (ACTIONS_RUNTIME_TOKEN, etc.), passing only a pooled GITHUB_TOKEN into the container. It also restructures the retry/grace-period flow, splitting it into an explicit retry step (Docker) and a host-only grace-period check, and adds a --check-only flag to test-tool-retry.py to skip the actual retry and jump straight to the grace-period evaluation.

Confidence Score: 5/5

Safe to merge — Docker isolation is well-structured, the stale-summary contamination bug from the previous review is properly addressed with the wc -l/tail offset, and the new --check-only path is logically correct for its only call site.

No P0 or P1 issues found. The retry step correctly snapshots summary line count before re-running and reads only the new tail. Security boundary (pooled token only in container, real token only on host for gh API calls) is sound. One P2 style suggestion about missing flag validation in the Python script.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/registry.yml	Adds Docker container isolation for tool testing, fixes the stale-summary contamination bug in the retry step using wc -l/tail offset, and separates non-release failures (exit 1) from release-branch grace-period checks (host-only with real token)
xtasks/test-tool-retry.py	Adds --check-only flag to skip the retry run and go directly to grace-period evaluation; only used on the release branch host step to avoid running a second Docker container
tasks.md	Documentation-only update adding --check-only flag description to test-tool-retry usage

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions Runner
    participant D1 as Docker (e2e container)
    participant D2 as Docker (e2e container retry)
    participant H as Host (grace-period check)

    GHA->>GHA: fetch-token → POOL_TOKEN
    GHA->>GHA: docker pull ghcr.io/jdx/mise:e2e
    GHA->>D1: docker run (POOL_TOKEN as GITHUB_TOKEN, ro workspace mount)
    D1->>D1: mise test-tool [--all | tools]
    D1-->>GHA: writes Failed Tools → $GITHUB_STEP_SUMMARY (bind-mount)
    GHA->>GHA: grep "Failed Tools" → failed_tools output

    alt failed_tools != ""
        GHA->>GHA: wc -l $GITHUB_STEP_SUMMARY → summary_lines
        GHA->>D2: docker run (retry failed tools only)
        D2-->>GHA: appends new Failed Tools to $GITHUB_STEP_SUMMARY
        GHA->>GHA: tail -n +(summary_lines+1) → new failed_tools

        alt still failing AND NOT release branch
            GHA->>GHA: exit 1
        else still failing AND release branch
            GHA->>H: mise run test-tool-retry --check-only --grace-period (real GITHUB_TOKEN)
            H->>H: check_grace_period() via gh API
        end
    end

Loading

_{Reviews (4): Last reviewed commit: "[autofix.ci] apply automated fixes" | Re-trigger Greptile}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 86bb7d7. Configure here.}

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.8 x -- echo	24.2 ± 0.5	23.5	26.4	1.00
mise x -- echo	24.9 ± 1.2	23.9	38.9	1.03 ± 0.05

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.8 env	23.9 ± 1.1	22.8	35.0	1.00
mise env	24.2 ± 0.5	23.4	29.6	1.01 ± 0.05

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.8 hook-env	24.1 ± 0.4	23.5	28.8	1.00
mise hook-env	24.5 ± 0.3	23.8	26.1	1.02 ± 0.02

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.4.8 ls	21.3 ± 0.5	20.7	29.3	1.00
mise ls	21.8 ± 0.3	21.0	25.1	1.02 ± 0.03

xtasks/test/perf

Command	mise-2026.4.8	mise	Variance
install (cached)	155ms	155ms	+0%
ls (cached)	80ms	81ms	-1%
bin-paths (cached)	85ms	85ms	+0%
task-ls (cached)	806ms	776ms	+3%