fix: tear down docker e2e integration stack by default#8

Open

NeerajCodz wants to merge 1 commit into

mainfrom

codex/fix-docker-e2e-script-vulnerability

NeerajCodz commented May 4, 2026

Contributor

Motivation

The E2E PowerShell script started the Docker Compose integration stack by default but did not stop it, leaving host-published development services and hard-coded dev credentials exposed after the run.
The change aims to reduce accidental network exposure of unauthenticated or default-credential services started by the script while preserving the ability to opt out of teardown.

Description

Track whether the script started the compose stack with a new $startedStack variable set to -not $SkipStart.
Wrap the main E2E workflow in a try/finally block so cleanup runs even if the script fails mid-run.
In finally, run docker compose -f docker-compose.integration.yml down when the script started the stack and -KeepRunning is not set, and preserve -KeepRunning behavior when explicitly provided.

Testing

Verified the change locally by inspecting the file diff with git diff -- scripts/e2e-docker.ps1 and committing the update, and those repository checks completed successfully.
No integration/runtime tests were executed in this environment because Docker and PowerShell were not available, so runtime teardown behavior was not executed here; CI should exercise the script in an environment with Docker/PowerShell.


          fix: tear down docker e2e stack by default

fa5a690

NeerajCodz added codex aardvark labels

— with

ChatGPT Codex Connector

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels