Bump to 3.0.1 #346
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a GitHub workflow defining a set of jobs with a set of steps. | |
| # ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
| # | |
| name: Test | |
| on: | |
| pull_request: | |
| push: | |
| branches-ignore: | |
| - "dependabot/**" | |
| - "pre-commit-ci-update-config" | |
| tags: ["**"] | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| # Both TigerVNC and TurboVNC reports "the input device is not a TTY" if | |
| # started without a TTY. GitHub Actions environments doesn't come with one, | |
| # so this provides one. | |
| # | |
| # ref: https://github.com/actions/runner/issues/241#issuecomment-842566950 | |
| # | |
| shell: script --quiet --return --log-out /dev/null --command "bash -e {0}" | |
| jobs: | |
| image-test: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - vncserver: tigervnc | |
| - vncserver: turbovnc | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Cache playwright binaries | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/ms-playwright | |
| key: ${{ runner.os }}-playwright | |
| - name: Build image | |
| run: | | |
| docker build --progress=plain --build-arg vncserver=${{ matrix.vncserver }} -t test . | |
| - name: (inside container) vncserver -help | |
| run: | | |
| # -help flag is not available for TurboVNC, but it emits the -help | |
| # equivalent information anyhow if passed -help, but also errors. Due | |
| # to this, we fallback to use the errorcode of vncserver -list. | |
| docker run test bash -c "vncserver -help || vncserver -list > /dev/null" | |
| - name: Test vncserver | |
| run: | | |
| # TigerVNC needs to be configured with -rfbport -1 to not open a TCP | |
| # port, while TurboVNC doesn't support being passed -1 and won't open | |
| # a TCP port anyhow. | |
| rfbport_arg="-rfbport -1" | |
| if [ "${{ matrix.vncserver }}" == "turbovnc" ]; then rfbport_arg=""; fi | |
| container_id=$(docker run -d -it test vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbunixpath /tmp/vncserver.socket $rfbport_arg) | |
| sleep 1 | |
| echo "::group::Install netcat, a test dependency" | |
| docker exec --user root $container_id bash -c ' | |
| apt update | |
| apt install -y netcat-openbsd | |
| ' | |
| echo "::endgroup::" | |
| docker exec -it $container_id timeout --preserve-status 1 nc -vU /tmp/vncserver.socket 2>&1 | tee -a /dev/stderr | \ | |
| grep --quiet RFB && echo "Passed test" || { echo "Failed test" && TEST_OK=false; } | |
| echo "::group::Security - Verify TCP ports wasn't opened" | |
| ports=(5800 5801 5900 5901) | |
| for port in "${ports[@]}" | |
| do | |
| docker exec -it $container_id timeout --preserve-status 1 nc -vz localhost $port | tee -a /dev/stderr | \ | |
| grep --quiet succeeded && { echo "Failed security check - port $port open" && SECURITY_OK=false; } || echo "Passed security check - port $port not opened" | |
| done | |
| echo "::endgroup::" | |
| echo "::group::vncserver logs" | |
| docker exec $container_id bash -c 'cat ~/.vnc/*.log' | |
| echo "::endgroup::" | |
| docker stop $container_id > /dev/null | |
| if [ "$TEST_OK" == "false" ]; then | |
| echo "Test failed!" | |
| exit 1 | |
| fi | |
| if [ "$SECURITY_OK" == "false" ]; then | |
| echo "Security check failed!" | |
| exit 1 | |
| fi | |
| - name: Install playwright | |
| run: | | |
| python -mpip install -r dev-requirements.txt | |
| python -mplaywright install --with-deps | |
| - name: Playwright browser test | |
| run: | | |
| container_id=$(docker run -d -it -p 8888:8888 -e JUPYTER_TOKEN=secret test) | |
| sleep 3 | |
| export CONTAINER_ID=$container_id | |
| export JUPYTER_HOST=http://localhost:8888 | |
| export JUPYTER_TOKEN=secret | |
| export VNCSERVER=${{ matrix.vncserver }} | |
| python -mpytest -vs | |
| echo "::group::jupyter_server logs" | |
| docker logs $container_id | |
| echo "::endgroup::" | |
| echo "::group::vncserver logs" | |
| docker exec $container_id bash -c 'cat ~/.vnc/*.log' | |
| echo "::endgroup::" | |
| timeout 5 docker stop $container_id > /dev/null && echo "Passed SIGTERM test" || { echo "Failed SIGTERM test" && TEST_OK=false; } | |
| if [ "$TEST_OK" == "false" ]; then | |
| echo "One or more tests failed!" | |
| exit 1 | |
| fi | |
| - name: Upload screenshot | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: screenshots-${{ matrix.vncserver }} | |
| path: screenshots/* | |
| if-no-files-found: error |