ci(e2e): constrain apt host tool installs

cv · cv · commit 36c94d44171e · 2026-06-26T16:33:45.000-07:00
diff --git a/.github/actions/install-apt-packages/action.yaml b/.github/actions/install-apt-packages/action.yaml
@@ -46,9 +46,13 @@ runs:
           echo "::warning::apt-get update attempt ${attempt} failed; retrying." >&2
           sleep $((attempt * 5))
         done
-        # Keep runner setup small and predictable. The explicit package list
-        # plus --no-install-recommends intentionally: (1) minimizes attack
-        # surface, (2) reduces install time, (3) avoids pulling unnecessary
-        # recommended packages, and (4) makes callers request every additional
-        # host tool explicitly.
+        # Trust model: this CI-only action intentionally trusts the apt sources
+        # configured on GitHub/NVIDIA Ubuntu runners for small host tools.
+        # Callers must pass fixed, reviewed package literals from trusted
+        # workflow YAML, not target-ref, workflow_dispatch, matrix, or
+        # script-derived values. Keep runner setup small and predictable; the
+        # explicit package list plus --no-install-recommends intentionally:
+        # (1) minimizes attack surface, (2) reduces install time, (3) avoids
+        # pulling unnecessary recommended packages, and (4) makes callers
+        # request every additional host tool explicitly.
         sudo apt-get install -y --no-install-recommends "${packages[@]}"
diff --git a/.github/workflows/nightly-e2e.yaml b/.github/workflows/nightly-e2e.yaml
@@ -224,7 +224,6 @@ jobs:
       always_artifact_name: "cloud-onboard-traces"
       always_artifact_path: "/tmp/nemoclaw-trace-summary/"
       always_artifact_trace_source_path: "/tmp/nemoclaw-traces/"
-      apt_packages: expect
       env_json: '{"NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE":"1","NEMOCLAW_NON_INTERACTIVE":"1","NEMOCLAW_POLICY_MODE":"custom","NEMOCLAW_POLICY_PRESETS":"npm,pypi","NEMOCLAW_RECREATE_SANDBOX":"1","NEMOCLAW_SANDBOX_NAME":"e2e-cloud-onboard","NEMOCLAW_TRACE_DIR":"/tmp/nemoclaw-traces"}'
       checked_out_ref_env: "NEMOCLAW_PUBLIC_INSTALL_REF"
       nvidia_api_key: true
diff --git a/test/e2e-script-workflow.test.ts b/test/e2e-script-workflow.test.ts
@@ -1013,7 +1013,7 @@ describe("E2E reusable workflow contract", () => {
     expect(installStepIndex).toBeLessThan(stepIndex("Export CI inference environment"));
     expect(installStepIndex).toBeLessThan(stepIndex("Run E2E script"));
 
-    expect(nightlyWorkflow.jobs["cloud-onboard-e2e"].with?.apt_packages).toBe("expect");
+    expect(nightlyWorkflow.jobs["cloud-onboard-e2e"].with?.apt_packages).toBeUndefined();
     expect(nightlyWorkflow.jobs["network-policy-e2e"].with?.apt_packages).toBe("expect");
     expect(
       nightlyWorkflow.jobs["issue-4434-tui-unreachable-inference-e2e"].steps?.find(
@@ -1084,6 +1084,42 @@ describe("E2E reusable workflow contract", () => {
     }
   });
 
+  it("keeps apt package requests tied to reviewed host-tool consumers", () => {
+    const reviewedAptPackageLiterals = new Set(["expect", "expect iptables"]);
+    const reusableExpectConsumers: Record<string, string> = {};
+
+    for (const [name, job] of Object.entries(nightlyWorkflow.jobs)) {
+      const aptPackages = job.with?.apt_packages;
+      if (aptPackages !== undefined) {
+        expect(reviewedAptPackageLiterals.has(aptPackages), name).toBe(true);
+        expect(aptPackages, name).not.toMatch(
+          /\$\{\{|matrix\.|inputs\.|github\.event\.inputs|env\./,
+        );
+        if (aptPackages.split(/\s+/).includes("expect")) {
+          reusableExpectConsumers[name] = String(job.with?.script ?? "");
+        }
+      }
+
+      for (const step of job.steps ?? []) {
+        if (!String(step.uses ?? "").includes("install-apt-packages")) continue;
+
+        const packages = String(step.with?.packages ?? "");
+        expect(reviewedAptPackageLiterals.has(packages), `${name}:${step.name ?? ""}`).toBe(true);
+        expect(packages, `${name}:${step.name ?? ""}`).not.toMatch(
+          /\$\{\{|matrix\.|inputs\.|github\.event\.inputs|env\./,
+        );
+      }
+    }
+
+    expect(reusableExpectConsumers).toEqual({
+      "network-policy-e2e": "test/e2e/test-network-policy.sh",
+    });
+    for (const [name, script] of Object.entries(reusableExpectConsumers)) {
+      const scriptText = readFileSync(new URL(`../${script}`, import.meta.url), "utf8");
+      expect(scriptText, name).toContain("command -v expect");
+    }
+  });
+
   it("keeps the apt package validator scoped to simple host tool packages", () => {
     for (const packageName of [
       "expect",
