From f41a844a38e82d656f9ac37dff800e1590935448 Mon Sep 17 00:00:00 2001 From: Evan Simkowitz Date: Mon, 21 Oct 2024 12:52:13 -0700 Subject: [PATCH] Attempt to fix chrome-sandbox permissions issue on Linux (#1089) Also allows for test runs of build-helper, which will not upload to staging --- .github/workflows/build-helper.yml | 17 +++++++++++++---- electron-builder.config.cjs | 4 ++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-helper.yml b/.github/workflows/build-helper.yml index 3a4a53f23..864811508 100644 --- a/.github/workflows/build-helper.yml +++ b/.github/workflows/build-helper.yml @@ -8,6 +8,7 @@ on: push: tags: - "v[0-9]+.[0-9]+.[0-9]+*" + workflow_dispatch: env: GO_VERSION: "1.22" NODE_VERSION: "20" @@ -84,12 +85,12 @@ jobs: # Windows Code Signing Setup - name: Set up certificate (Windows only) - if: matrix.platform == 'windows' + if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch' run: | echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 shell: bash - name: Set signing variables (Windows only) - if: matrix.platform == 'windows' + if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch' id: variables run: | echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" @@ -103,7 +104,7 @@ jobs: echo "C:\Program Files\DigiCert\DigiCert Keylocker Tools" >> $GITHUB_PATH shell: bash - name: Setup Keylocker KSP (Windows only) - if: matrix.platform == 'windows' + if: matrix.platform == 'windows' && github.event_name != 'workflow_dispatch' run: | curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi msiexec /i Keylockertools-windows-x64.msi /quiet /qn @@ -141,14 +142,16 @@ jobs: CSC_KEY_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} STATIC_DOCSITE_PATH: ${{env.STATIC_DOCSITE_PATH}} shell: powershell # electron-builder's Windows code signing package has some compatibility issues with pwsh, so we need to use Windows Powershell + - name: Upload to S3 staging + if: github.event_name != 'workflow_dispatch' run: task artifacts:upload env: AWS_ACCESS_KEY_ID: "${{ secrets.ARTIFACTS_KEY_ID }}" AWS_SECRET_ACCESS_KEY: "${{ secrets.ARTIFACTS_KEY_SECRET }}" AWS_DEFAULT_REGION: us-west-2 - - name: Create draft release + if: github.event_name != 'workflow_dispatch' uses: softprops/action-gh-release@v2 with: prerelease: ${{ contains(github.ref_name, '-beta') }} @@ -166,3 +169,9 @@ jobs: make/*.snap make/*.flatpak make/*.AppImage + - name: Upload build artifacts to workflow (manual runs only) + if: github.event_name == 'workflow_dispatch' + uses: actions/upload-artifact@v4 + with: + name: ${{matrix.runner}} + path: make diff --git a/electron-builder.config.cjs b/electron-builder.config.cjs index 8768fcd3d..02e05719e 100644 --- a/electron-builder.config.cjs +++ b/electron-builder.config.cjs @@ -111,6 +111,10 @@ const config = { }) .filter((f) => f.isFile() && f.name.startsWith("wavesrv")) .forEach((f) => fs.chmodSync(path.resolve(f.parentPath ?? f.path, f.name), 0o755)); // 0o755 corresponds to -rwxr-xr-x + } else if (context.electronPlatformName === "linux") { + const chromeSandboxPath = path.resolve(context.appOutDir, "Wave", "chrome-sandbox"); + fs.chmodSync(chromeSandboxPath, 0o4755); + fs.chownSync(chromeSandboxPath, 0, 0); } }, };