Enable macOS app sandbox via entitlements #2485
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: | |
pull_request: {} | |
push: | |
branches: [develop, staging, master] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
fetch: | |
uses: ./.github/workflows/build_prepare.yaml | |
with: | |
config: ${{ github.event.pull_request.base.ref == 'develop' && 'element.io/nightly' || 'element.io/release' }} | |
version: ${{ github.event.pull_request.base.ref == 'develop' && 'develop' || '' }} | |
windows: | |
needs: fetch | |
name: Windows | |
uses: ./.github/workflows/build_windows.yaml | |
strategy: | |
matrix: | |
arch: [x64, ia32] | |
with: | |
arch: ${{ matrix.arch }} | |
linux: | |
needs: fetch | |
name: "Linux (${{ matrix.arch }}) (sqlcipher: ${{ matrix.sqlcipher }})" | |
uses: ./.github/workflows/build_linux.yaml | |
strategy: | |
matrix: | |
sqlcipher: [system, static] | |
arch: [amd64, arm64] | |
with: | |
config: ${{ github.event.pull_request.base.ref == 'develop' && 'element.io/nightly' || 'element.io/release' }} | |
sqlcipher: ${{ matrix.sqlcipher }} | |
arch: ${{ matrix.arch }} | |
macos: | |
needs: fetch | |
name: macOS | |
uses: ./.github/workflows/build_macos.yaml | |
secrets: inherit | |
with: | |
sign: true | |
test: | |
needs: | |
- macos | |
- linux | |
- windows | |
strategy: | |
matrix: | |
include: | |
- name: macOS Universal | |
os: macos-latest | |
artifact: macos | |
executable: "/Users/runner/Applications/Element.app/Contents/MacOS/Element" | |
# We need to mount the DMG and copy the app to the Applications folder as a mounted DMG is | |
# read-only and thus would not allow us to override the fuses as is required for Playwright. | |
prepare_cmd: | | |
hdiutil attach ./dist/*.dmg -mountpoint /Volumes/Element && | |
rsync -a /Volumes/Element/Element.app ~/Applications/ && | |
hdiutil detach /Volumes/Element | |
- name: "Linux (amd64) (sqlcipher: system)" | |
os: ubuntu-latest | |
artifact: linux-amd64-sqlcipher-system | |
executable: "/opt/Element/element-desktop" | |
prepare_cmd: "sudo apt install ./dist/*.deb" | |
- name: "Linux (amd64) (sqlcipher: static)" | |
os: ubuntu-latest | |
artifact: linux-amd64-sqlcipher-static | |
executable: "/opt/Element/element-desktop" | |
prepare_cmd: "sudo apt install ./dist/*.deb" | |
- name: "Linux (arm64) (sqlcipher: system)" | |
os: dind-l-arm64 | |
artifact: linux-arm64-sqlcipher-system | |
executable: "/opt/Element/element-desktop" | |
prepare_cmd: "sudo apt install -y ./dist/*.deb" | |
- name: "Linux (arm64) (sqlcipher: static)" | |
os: dind-l-arm64 | |
artifact: linux-arm64-sqlcipher-static | |
executable: "/opt/Element/element-desktop" | |
prepare_cmd: "sudo apt install -y ./dist/*.deb" | |
- name: Windows (x86) | |
os: windows-latest | |
artifact: win-ia32 | |
executable: "./dist/win-ia32-unpacked/Element.exe" | |
- name: Windows (x64) | |
os: windows-latest | |
artifact: win-x64 | |
executable: "./dist/win-unpacked/Element.exe" | |
name: Test ${{ matrix.name }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
# Workaround for self-hosted runners lacking yarn | |
- name: Install Yarn | |
if: runner.environment == 'self-hosted' | |
run: | | |
sudo apt-get -qq update | |
sudo apt-get install -y curl | |
curl -fsSL --create-dirs -o $HOME/bin/yarn https://github.com/yarnpkg/yarn/releases/download/v1.22.19/yarn-1.22.19.js | |
chmod +x $HOME/bin/yarn | |
echo "$HOME/bin" >> $GITHUB_PATH | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: "yarn" | |
- name: Install Deps | |
run: "yarn install --frozen-lockfile" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.artifact }} | |
path: dist | |
- name: Prepare for tests | |
run: ${{ matrix.prepare_cmd }} | |
if: matrix.prepare_cmd | |
# We previously disabled the `EnableNodeCliInspectArguments` fuse, but Playwright requires | |
# it to be enabled to test Electron apps, so turn it back on. | |
- name: Set EnableNodeCliInspectArguments fuse enabled | |
run: $RUN_AS npx @electron/fuses write --app ${{ matrix.executable }} EnableNodeCliInspectArguments=on | |
shell: bash | |
env: | |
# We need sudo on Linux as it is installed in /opt/ | |
RUN_AS: ${{ runner.os == 'Linux' && 'sudo' || '' }} | |
- name: Run tests | |
uses: coactions/setup-xvfb@6b00cf1889f4e1d5a48635647013c0508128ee1a | |
timeout-minutes: 5 | |
with: | |
run: "yarn test ${{ runner.os != 'Linux' && '--ignore-snapshots' || '' }}" | |
env: | |
ELEMENT_DESKTOP_EXECUTABLE: ${{ matrix.executable }} | |
- name: Upload HTML report | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.artifact }}-test | |
path: playwright/html-report | |
retention-days: 14 |