diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b55c91bf..0c505f7a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,6 +9,13 @@ jobs: fetch: runs-on: ubuntu-latest steps: + # Starting with Ubuntu 23+, a security feature prevents running Puppeteer + # by default. It needs to be disabled. Using the "easiest" option, see: + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + # https://github.com/puppeteer/puppeteer/pull/13196/files + - name: Disable AppArmor + run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns + - name: Checkout repo uses: actions/checkout@v4 with: diff --git a/.github/workflows/check-suggested-spec.yml b/.github/workflows/check-suggested-spec.yml index 79f38b01..8a3904fe 100644 --- a/.github/workflows/check-suggested-spec.yml +++ b/.github/workflows/check-suggested-spec.yml @@ -19,6 +19,13 @@ jobs: # We're only interested in "new spec" issues if: ${{ contains(github.event.issue.labels.*.name, 'new spec') }} steps: + # Starting with Ubuntu 23+, a security feature prevents running Puppeteer + # by default. It needs to be disabled. Using the "easiest" option, see: + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + # https://github.com/puppeteer/puppeteer/pull/13196/files + - name: Disable AppArmor + run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns + - name: Setup node.js uses: actions/setup-node@v4 with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 61ebceca..284daa53 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,6 +13,13 @@ jobs: lint: runs-on: ubuntu-latest steps: + # Starting with Ubuntu 23+, a security feature prevents running Puppeteer + # by default. It needs to be disabled. Using the "easiest" option, see: + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + # https://github.com/puppeteer/puppeteer/pull/13196/files + - name: Disable AppArmor + run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns + - name: Checkout latest version of release script uses: actions/checkout@v4 diff --git a/.github/workflows/report-new-specs.yml b/.github/workflows/report-new-specs.yml index 068e725f..d055abfd 100644 --- a/.github/workflows/report-new-specs.yml +++ b/.github/workflows/report-new-specs.yml @@ -10,6 +10,13 @@ jobs: name: Find potential new specs runs-on: ubuntu-latest steps: + # Starting with Ubuntu 23+, a security feature prevents running Puppeteer + # by default. It needs to be disabled. Using the "easiest" option, see: + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + # https://github.com/puppeteer/puppeteer/pull/13196/files + - name: Disable AppArmor + run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns + - name: Checkout latest version of release script uses: actions/checkout@v4 diff --git a/.github/workflows/submit-suggested-spec.yml b/.github/workflows/submit-suggested-spec.yml index 50199694..f5a07f45 100644 --- a/.github/workflows/submit-suggested-spec.yml +++ b/.github/workflows/submit-suggested-spec.yml @@ -19,6 +19,13 @@ jobs: # https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#get-repository-permissions-for-a-user if: ${{ github.event.comment.author_association == 'MEMBER' && contains(github.event.comment.body, '@browser-specs-bot ') }} steps: + # Starting with Ubuntu 23+, a security feature prevents running Puppeteer + # by default. It needs to be disabled. Using the "easiest" option, see: + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + # https://github.com/puppeteer/puppeteer/pull/13196/files + - name: Disable AppArmor + run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns + - name: Setup node.js uses: actions/setup-node@v4 with: