From 8ab744bf8729b2694167ea5a1f260f53ad63a9cb Mon Sep 17 00:00:00 2001 From: Qasim Date: Mon, 22 Jun 2026 11:32:00 -0400 Subject: [PATCH] TW-5665: disable system keyring in TestValidateDefaultGrant The test reached the real macOS keychain via NewDefaultGrantStore -> SystemKeyring.IsAvailable, which spawns the 'security' binary. On the release CI runner the keychain is locked, so the subprocess blocked until the 10-minute test timeout, failing the v3.1.26 release. Set NYLAS_DISABLE_KEYRING=true so the test uses the encrypted-file fallback, matching the convention in grantstore_test.go and remote_resources_test.go. --- internal/cli/common/client_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/cli/common/client_test.go b/internal/cli/common/client_test.go index c1cef07..c8d5add 100644 --- a/internal/cli/common/client_test.go +++ b/internal/cli/common/client_test.go @@ -460,6 +460,8 @@ func TestGrantFromDefault(t *testing.T) { func TestValidateDefaultGrant(t *testing.T) { // Isolate any self-heal write to a throwaway cache location. t.Setenv("HOME", t.TempDir()) + // Avoid touching the real system keychain (hangs on locked CI runners). + t.Setenv("NYLAS_DISABLE_KEYRING", "true") ctx := context.Background() t.Run("removed default returns a clear, actionable error", func(t *testing.T) {