test: setup sandbox on linux (#3530)
Drop all the `--no-sandbox` bits from tests and infrastructure. Instead, configure Travis to enable user namespace clone.
This commit is contained in:
parent
10a4c8c123
commit
eb7bd9d7d3
@ -7,3 +7,11 @@ RUN apt-get update && \
|
|||||||
libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 \
|
libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 \
|
||||||
libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget && \
|
libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Add user so we don't need --no-sandbox.
|
||||||
|
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \
|
||||||
|
&& mkdir -p /home/pptruser/Downloads \
|
||||||
|
&& chown -R pptruser:pptruser /home/pptruser
|
||||||
|
|
||||||
|
# Run everything after as non-privileged user.
|
||||||
|
USER pptruser
|
||||||
|
@ -7,3 +7,11 @@ RUN apt-get update && \
|
|||||||
libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 \
|
libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 \
|
||||||
libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget && \
|
libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Add user so we don't need --no-sandbox.
|
||||||
|
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \
|
||||||
|
&& mkdir -p /home/pptruser/Downloads \
|
||||||
|
&& chown -R pptruser:pptruser /home/pptruser
|
||||||
|
|
||||||
|
# Run everything after as non-privileged user.
|
||||||
|
USER pptruser
|
||||||
|
@ -12,6 +12,7 @@ cache:
|
|||||||
- node_modules
|
- node_modules
|
||||||
# allow headful tests
|
# allow headful tests
|
||||||
before_install:
|
before_install:
|
||||||
|
- "sysctl kernel.unprivileged_userns_clone=1"
|
||||||
- "export DISPLAY=:99.0"
|
- "export DISPLAY=:99.0"
|
||||||
- "sh -e /etc/init.d/xvfb start"
|
- "sh -e /etc/init.d/xvfb start"
|
||||||
script:
|
script:
|
||||||
|
@ -55,7 +55,6 @@ module.exports.addTests = function({testRunner, expect, defaultBrowserOptions})
|
|||||||
const extensionOptions = Object.assign({}, defaultBrowserOptions, {
|
const extensionOptions = Object.assign({}, defaultBrowserOptions, {
|
||||||
headless: false,
|
headless: false,
|
||||||
args: [
|
args: [
|
||||||
'--no-sandbox',
|
|
||||||
`--disable-extensions-except=${extensionPath}`,
|
`--disable-extensions-except=${extensionPath}`,
|
||||||
`--load-extension=${extensionPath}`,
|
`--load-extension=${extensionPath}`,
|
||||||
],
|
],
|
||||||
|
@ -116,7 +116,7 @@ module.exports.addTests = function({testRunner, expect, defaultBrowserOptions})
|
|||||||
it('userDataDir argument', async({server}) => {
|
it('userDataDir argument', async({server}) => {
|
||||||
const userDataDir = await mkdtempAsync(TMP_FOLDER);
|
const userDataDir = await mkdtempAsync(TMP_FOLDER);
|
||||||
const options = Object.assign({}, defaultBrowserOptions);
|
const options = Object.assign({}, defaultBrowserOptions);
|
||||||
options.args = [`--user-data-dir=${userDataDir}`].concat(options.args);
|
options.args = [`--user-data-dir=${userDataDir}`].concat(options.args || []);
|
||||||
const browser = await puppeteer.launch(options);
|
const browser = await puppeteer.launch(options);
|
||||||
expect(fs.readdirSync(userDataDir).length).toBeGreaterThan(0);
|
expect(fs.readdirSync(userDataDir).length).toBeGreaterThan(0);
|
||||||
await browser.close();
|
await browser.close();
|
||||||
@ -209,7 +209,7 @@ module.exports.addTests = function({testRunner, expect, defaultBrowserOptions})
|
|||||||
});
|
});
|
||||||
it('should support the pipe argument', async() => {
|
it('should support the pipe argument', async() => {
|
||||||
const options = Object.assign({}, defaultBrowserOptions);
|
const options = Object.assign({}, defaultBrowserOptions);
|
||||||
options.args = ['--remote-debugging-pipe'].concat(options.args);
|
options.args = ['--remote-debugging-pipe'].concat(options.args || []);
|
||||||
const browser = await puppeteer.launch(options);
|
const browser = await puppeteer.launch(options);
|
||||||
expect(browser.wsEndpoint()).toBe('');
|
expect(browser.wsEndpoint()).toBe('');
|
||||||
const page = await browser.newPage();
|
const page = await browser.newPage();
|
||||||
@ -256,7 +256,7 @@ module.exports.addTests = function({testRunner, expect, defaultBrowserOptions})
|
|||||||
it('should have custom url when launching browser', async function({server}) {
|
it('should have custom url when launching browser', async function({server}) {
|
||||||
const customUrl = server.PREFIX + '/empty.html';
|
const customUrl = server.PREFIX + '/empty.html';
|
||||||
const options = Object.assign({}, defaultBrowserOptions);
|
const options = Object.assign({}, defaultBrowserOptions);
|
||||||
options.args = [customUrl].concat(options.args);
|
options.args = [customUrl].concat(options.args || []);
|
||||||
const browser = await puppeteer.launch(options);
|
const browser = await puppeteer.launch(options);
|
||||||
const pages = await browser.pages();
|
const pages = await browser.pages();
|
||||||
expect(pages.length).toBe(1);
|
expect(pages.length).toBe(1);
|
||||||
|
@ -47,7 +47,6 @@ const defaultBrowserOptions = {
|
|||||||
slowMo,
|
slowMo,
|
||||||
headless,
|
headless,
|
||||||
dumpio: (process.env.DUMPIO || 'false').trim().toLowerCase() === 'true',
|
dumpio: (process.env.DUMPIO || 'false').trim().toLowerCase() === 'true',
|
||||||
args: ['--no-sandbox']
|
|
||||||
};
|
};
|
||||||
|
|
||||||
let parallel = 1;
|
let parallel = 1;
|
||||||
|
@ -15,10 +15,6 @@ const {it, xit, fit} = testRunner;
|
|||||||
const {afterAll, beforeAll, afterEach, beforeEach} = testRunner;
|
const {afterAll, beforeAll, afterEach, beforeEach} = testRunner;
|
||||||
const {expect} = new Matchers();
|
const {expect} = new Matchers();
|
||||||
|
|
||||||
const defaultBrowserOptions = {
|
|
||||||
args: ['--no-sandbox']
|
|
||||||
};
|
|
||||||
|
|
||||||
beforeAll(async state => {
|
beforeAll(async state => {
|
||||||
const assetsPath = path.join(__dirname, '..', '..', 'test', 'assets');
|
const assetsPath = path.join(__dirname, '..', '..', 'test', 'assets');
|
||||||
const port = 8998;
|
const port = 8998;
|
||||||
@ -27,7 +23,7 @@ beforeAll(async state => {
|
|||||||
PREFIX: `http://localhost:${port}`,
|
PREFIX: `http://localhost:${port}`,
|
||||||
EMPTY_PAGE: `http://localhost:${port}/empty.html`,
|
EMPTY_PAGE: `http://localhost:${port}/empty.html`,
|
||||||
};
|
};
|
||||||
state.browser = await puppeteer.launch(defaultBrowserOptions);
|
state.browser = await puppeteer.launch();
|
||||||
});
|
});
|
||||||
|
|
||||||
afterAll(async state => {
|
afterAll(async state => {
|
||||||
@ -54,7 +50,7 @@ afterEach(async state => {
|
|||||||
|
|
||||||
describe('Puppeteer-Web', () => {
|
describe('Puppeteer-Web', () => {
|
||||||
it('should work over web socket', async({page, serverConfig}) => {
|
it('should work over web socket', async({page, serverConfig}) => {
|
||||||
const browser2 = await puppeteer.launch(defaultBrowserOptions);
|
const browser2 = await puppeteer.launch();
|
||||||
// Use in-page puppeteer to create a new page and navigate it to the EMPTY_PAGE
|
// Use in-page puppeteer to create a new page and navigate it to the EMPTY_PAGE
|
||||||
await page.evaluate(async(browserWSEndpoint, serverConfig) => {
|
await page.evaluate(async(browserWSEndpoint, serverConfig) => {
|
||||||
const puppeteer = require('puppeteer');
|
const puppeteer = require('puppeteer');
|
||||||
|
@ -34,7 +34,7 @@ let browser;
|
|||||||
let page;
|
let page;
|
||||||
|
|
||||||
beforeAll(async function() {
|
beforeAll(async function() {
|
||||||
browser = await puppeteer.launch({args: ['--no-sandbox']});
|
browser = await puppeteer.launch();
|
||||||
page = await browser.newPage();
|
page = await browser.newPage();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ async function run() {
|
|||||||
messages.push(...await preprocessor.runCommands(mdSources, VERSION));
|
messages.push(...await preprocessor.runCommands(mdSources, VERSION));
|
||||||
messages.push(...await preprocessor.ensureReleasedAPILinks([readme], VERSION));
|
messages.push(...await preprocessor.ensureReleasedAPILinks([readme], VERSION));
|
||||||
|
|
||||||
const browser = await puppeteer.launch({args: ['--no-sandbox']});
|
const browser = await puppeteer.launch();
|
||||||
const page = await browser.newPage();
|
const page = await browser.newPage();
|
||||||
const checkPublicAPI = require('./check_public_api');
|
const checkPublicAPI = require('./check_public_api');
|
||||||
const jsSources = await Source.readdir(path.join(PROJECT_DIR, 'lib'), '.js');
|
const jsSources = await Source.readdir(path.join(PROJECT_DIR, 'lib'), '.js');
|
||||||
|
@ -4,7 +4,6 @@ const puppeteer = require('../..');
|
|||||||
module.exports = puppeteer.launch({
|
module.exports = puppeteer.launch({
|
||||||
pipe: false,
|
pipe: false,
|
||||||
executablePath: process.env.CHROME,
|
executablePath: process.env.CHROME,
|
||||||
args: ['--no-sandbox', '--disable-dev-shm-usage']
|
|
||||||
}).then(async browser => {
|
}).then(async browser => {
|
||||||
const origin = browser.wsEndpoint().match(/ws:\/\/([0-9A-Za-z:\.]*)\//)[1];
|
const origin = browser.wsEndpoint().match(/ws:\/\/([0-9A-Za-z:\.]*)\//)[1];
|
||||||
const page = await browser.newPage();
|
const page = await browser.newPage();
|
||||||
|
Loading…
Reference in New Issue
Block a user