diff --git a/.github/actions/checkout/action.yml b/.github/actions/checkout/action.yml index 241e93c67bfa..e9481a3eaca6 100644 --- a/.github/actions/checkout/action.yml +++ b/.github/actions/checkout/action.yml @@ -16,7 +16,7 @@ runs: shell: bash run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Get Depot Tools shell: bash run: | diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5fa22cbdf360..7df8ce2353cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -109,11 +109,15 @@ jobs: # Build Jobs - These cascade into testing jobs macos-x64: + permissions: + contents: read + issues: read + pull-requests: read uses: ./.github/workflows/pipeline-electron-build-and-test.yml needs: checkout-macos with: build-runs-on: macos-14-xlarge - test-runs-on: macos-14-xlarge + test-runs-on: macos-13 target-platform: macos target-arch: x64 is-release: false @@ -123,11 +127,15 @@ jobs: secrets: inherit macos-arm64: + permissions: + contents: read + issues: read + pull-requests: read uses: ./.github/workflows/pipeline-electron-build-and-test.yml needs: checkout-macos with: build-runs-on: macos-14-xlarge - test-runs-on: macos-14-xlarge + test-runs-on: macos-14 target-platform: macos target-arch: arm64 is-release: false @@ -137,6 +145,10 @@ jobs: secrets: inherit linux-x64: + permissions: + contents: read + issues: read + pull-requests: read uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml needs: checkout-linux with: @@ -153,6 +165,10 @@ jobs: secrets: inherit linux-arm: + permissions: + contents: read + issues: read + pull-requests: read uses: ./.github/workflows/pipeline-electron-build-and-test.yml needs: checkout-linux with: @@ -169,6 +185,10 @@ jobs: secrets: inherit linux-arm64: + permissions: + contents: read + issues: read + pull-requests: read uses: ./.github/workflows/pipeline-electron-build-and-test.yml needs: checkout-linux with: diff --git a/.github/workflows/pipeline-electron-build-and-test.yml b/.github/workflows/pipeline-electron-build-and-test.yml index f61fa6a07da4..37b79751bec1 100644 --- a/.github/workflows/pipeline-electron-build-and-test.yml +++ b/.github/workflows/pipeline-electron-build-and-test.yml @@ -54,6 +54,11 @@ concurrency: group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }} +permissions: + contents: read + issues: read + pull-requests: read + jobs: build: uses: ./.github/workflows/pipeline-segment-electron-build.yml diff --git a/.github/workflows/pipeline-electron-docs-only.yml b/.github/workflows/pipeline-electron-docs-only.yml index f5b67d9a9729..5086393f96f2 100644 --- a/.github/workflows/pipeline-electron-docs-only.yml +++ b/.github/workflows/pipeline-electron-docs-only.yml @@ -27,7 +27,7 @@ jobs: - name: Install Dependencies run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Run TS/JS compile shell: bash run: | diff --git a/.github/workflows/pipeline-electron-lint.yml b/.github/workflows/pipeline-electron-lint.yml index ebb62ecb6fa3..ed48a2cd1554 100644 --- a/.github/workflows/pipeline-electron-lint.yml +++ b/.github/workflows/pipeline-electron-lint.yml @@ -27,7 +27,7 @@ jobs: - name: Install Dependencies run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Setup third_party Depot Tools shell: bash run: | diff --git a/.github/workflows/pipeline-segment-electron-build.yml b/.github/workflows/pipeline-segment-electron-build.yml index c8ab252849fb..a433c1a1d4ea 100644 --- a/.github/workflows/pipeline-segment-electron-build.yml +++ b/.github/workflows/pipeline-segment-electron-build.yml @@ -89,7 +89,7 @@ jobs: - name: Install Dependencies run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Install AZCopy if: ${{ inputs.target-platform == 'macos' }} run: brew install azcopy diff --git a/.github/workflows/pipeline-segment-electron-test.yml b/.github/workflows/pipeline-segment-electron-test.yml index 5386eedb654c..a59bbe72f3f9 100644 --- a/.github/workflows/pipeline-segment-electron-test.yml +++ b/.github/workflows/pipeline-segment-electron-test.yml @@ -24,9 +24,16 @@ on: concurrency: group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }} + +permissions: + contents: read + issues: read + pull-requests: read + env: ELECTRON_OUT_DIR: Default ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }} + ELECTRON_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: test: @@ -36,7 +43,7 @@ jobs: fail-fast: false matrix: build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || fromJSON('["linux"]') }} - shard: ${{ inputs.target-platform == 'macos' && fromJSON('[1]') || fromJSON('[1, 2, 3]') }} + shard: ${{ inputs.target-platform == 'macos' && fromJSON('[1, 2]') || fromJSON('[1, 2, 3]') }} env: BUILD_TYPE: ${{ matrix.build-type }} TARGET_ARCH: ${{ inputs.target-arch }} @@ -45,6 +52,39 @@ jobs: if: ${{ inputs.target-arch == 'arm' }} run: | cp $(which node) /mnt/runner-externals/node20/bin/ + - name: Add TCC permissions on macOS + if: ${{ inputs.target-platform == 'macos' }} + run: | + configure_user_tccdb () { + local values=$1 + local dbPath="$HOME/Library/Application Support/com.apple.TCC/TCC.db" + local sqlQuery="INSERT OR REPLACE INTO access VALUES($values);" + sqlite3 "$dbPath" "$sqlQuery" + } + + configure_sys_tccdb () { + local values=$1 + local dbPath="/Library/Application Support/com.apple.TCC/TCC.db" + local sqlQuery="INSERT OR REPLACE INTO access VALUES($values);" + sudo sqlite3 "$dbPath" "$sqlQuery" + } + + userValuesArray=( + "'kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159" + "'kTCCServiceCamera','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159" + "'kTCCServiceBluetoothAlways','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159" + ) + for values in "${userValuesArray[@]}"; do + # Sonoma and higher have a few extra values + # Ref: https://github.com/actions/runner-images/blob/main/images/macos/scripts/build/configure-tccdb-macos.sh + if [ "$OSTYPE" = "darwin23" ]; then + configure_user_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}" + configure_sys_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}" + else + configure_user_tccdb "$values" + configure_sys_tccdb "$values" + fi + done - name: Checkout Electron uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 with: @@ -53,7 +93,7 @@ jobs: - name: Install Dependencies run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Get Depot Tools timeout-minutes: 5 run: | @@ -97,6 +137,7 @@ jobs: # cd src/electron # ./script/codesign/generate-identity.sh - name: Run Electron Tests + shell: bash env: MOCHA_REPORTER: mocha-multi-reporters ELECTRON_TEST_RESULTS_DIR: junit @@ -107,11 +148,12 @@ jobs: run: | cd src/electron # Get which tests are on this shard - tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'macos' && 1 || 3 }}) + tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'macos' && 2 || 3 }}) # Run tests if [ "`uname`" = "Darwin" ]; then - node script/yarn test --runners=main --trace-uncaught --enable-logging + echo "About to start tests" + node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files else chown :builduser .. && chmod g+w .. chown -R :builduser . && chmod -R g+w . diff --git a/.github/workflows/pipeline-segment-node-nan-test.yml b/.github/workflows/pipeline-segment-node-nan-test.yml index 5f0bb5a474ee..fcc3df19782f 100644 --- a/.github/workflows/pipeline-segment-node-nan-test.yml +++ b/.github/workflows/pipeline-segment-node-nan-test.yml @@ -57,7 +57,7 @@ jobs: - name: Install Dependencies run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Get Depot Tools timeout-minutes: 5 run: | @@ -121,7 +121,7 @@ jobs: - name: Install Dependencies run: | cd src/electron - node script/yarn install + node script/yarn install --frozen-lockfile - name: Get Depot Tools timeout-minutes: 5 run: | diff --git a/script/actions/move-artifacts.sh b/script/actions/move-artifacts.sh index e4030b300ccd..eff0ba747239 100755 --- a/script/actions/move-artifacts.sh +++ b/script/actions/move-artifacts.sh @@ -51,7 +51,6 @@ move_src_dirs_if_exist() { src/out/Default/overlapped-checker \ src/out/Default/ffmpeg \ src/out/Default/hunspell_dictionaries \ - src/electron \ src/third_party/electron_node \ src/third_party/nan \ src/cross-arch-snapshots \ diff --git a/spec/api-app-spec.ts b/spec/api-app-spec.ts index 491f1cc859b1..277cf3808400 100644 --- a/spec/api-app-spec.ts +++ b/spec/api-app-spec.ts @@ -595,7 +595,7 @@ describe('app module', () => { }); }); - ifdescribe(process.platform !== 'linux' && !process.mas)('app.get/setLoginItemSettings API', function () { + ifdescribe(process.platform !== 'linux' && !process.mas && (process.platform !== 'darwin' || process.arch === 'arm64'))('app.get/setLoginItemSettings API', function () { const isMac = process.platform === 'darwin'; const isWin = process.platform === 'win32'; diff --git a/spec/api-protocol-spec.ts b/spec/api-protocol-spec.ts index 122cc4e84f0d..3ba77351d839 100644 --- a/spec/api-protocol-spec.ts +++ b/spec/api-protocol-spec.ts @@ -1749,7 +1749,7 @@ describe('protocol module', () => { const end = Date.now(); return end - begin; })(); - expect(interceptedTime).to.be.lessThan(rawTime * 1.5); + expect(interceptedTime).to.be.lessThan(rawTime * 1.6); }); }); }); diff --git a/spec/lib/codesign-helpers.ts b/spec/lib/codesign-helpers.ts index 58c08b1e0555..ca5caa514746 100644 --- a/spec/lib/codesign-helpers.ts +++ b/spec/lib/codesign-helpers.ts @@ -8,7 +8,7 @@ const fixturesPath = path.resolve(__dirname, '..', 'fixtures'); export const shouldRunCodesignTests = process.platform === 'darwin' && - !(process.env.CI && process.arch === 'arm64') && + !process.env.CI && !process.mas && !features.isComponentBuild();