From dd6d1ea64b3c3a97ae688adb84f804a82ddacb6f Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 24 Jul 2025 14:19:32 +1000
Subject: [PATCH] Provide open port for private address test

---
 spec/jobs/webhook_delivery_job_spec.rb | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/spec/jobs/webhook_delivery_job_spec.rb b/spec/jobs/webhook_delivery_job_spec.rb
index 5383f5e87c..247c3b2f13 100644
--- a/spec/jobs/webhook_delivery_job_spec.rb
+++ b/spec/jobs/webhook_delivery_job_spec.rb
@@ -43,15 +43,18 @@ RSpec.describe WebhookDeliveryJob do
   # update this to confirm the response isn't exposed.
   describe "server side request forgery" do
     describe "private addresses" do
+      before(:all) do
+        # Open port to await connections.
+        # Will free port when process ends. Can't free it before.
+        TCPServer.new(3001)
+      end
       private_addresses = [
-        "http://127.0.0.1/all_the_secrets",
-        "http://localhost/all_the_secrets",
+        "http://127.0.0.1:3001/all_the_secrets",
+        "http://localhost:3001/all_the_secrets",
       ]
 
       private_addresses.each do |url|
         it "rejects private address #{url}" do
-          # Github Actions doesn't allow local connections.
-          pending if ENV["CI"]
           expect {
             WebhookDeliveryJob.perform_now(url, event, data)
           }.to raise_error(PrivateAddressCheck::PrivateConnectionAttemptedError)