[universal] - Issue universal config change for non-root default codespace user and installing google chrome browser reuse sandboc to run puppeteer cli in universal image #1287
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -133,6 +133,19 @@ check "zsh" zsh --version | |
| check "RAILS_DEVELOPMENT_HOSTS is set correctly" echo $RAILS_DEVELOPMENT_HOSTS | grep ".githubpreview.dev,.preview.app.github.dev,.app.github.dev" | ||
|
|
||
| # Check that we can run a puppeteer node app. | ||
| # installing google chrome for puppeteer | ||
| cd / | ||
| sudo wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb | ||
| sudo dpkg -i google-chrome-stable_current_amd64.deb | ||
|
|
||
| cd /opt/google/chrome/ | ||
| sudo chown root:root chrome-sandbox | ||
| sudo chmod 4755 chrome-sandbox | ||
| sudo cp -p chrome-sandbox /usr/local/sbin/chrome-devel-sandbox | ||
|
|
||
| # export CHROME_DEVEL_SANDBOX env variable | ||
| export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox | ||
| cd /workspaces/images/src/universal/test-project/ | ||
| yarn | ||
| check "run-puppeteer" node puppeteer.js | ||
|
There was a problem hiding this comment. Will this command work on the container when the user runs it? There was a problem hiding this comment. Hi @eljog , My idea was that the main objective behind this particular test "run-puppeteer" was to demonstrate that puppeteer cli library can be used in a node app & the same cane be executed in the universal image. So I changed it in the test.sh alone considering that & also due to the fact that as part of the solution I am downloading & installing google chrome in the image which increases the image size if done as part of the build. Now I have changed that. Following points are needed to be considered for this change.
Kindly let me know in case of any concerns on this. With Regards, There was a problem hiding this comment. My concern is more about the user experience here. Tagging other maintainers for their thoughts. @chrmarti @bamurtaugh There was a problem hiding this comment.
Hi @eljog , Actually right now in the image built on top of ubuntu-24.04 runner image in CI, no sandbox is available to reuse for puppeteer node app which forces us to install chrome as it comes with sandbox & also due to enhanced security feature of ubuntu-24.04, its not possible to create sandbox without enabling user namespace cloning which still has some vulnerabilities. puppeteer/puppeteer#12818 (comment) With Regards, |
||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I know why this need to be a
postStartCommand?postStartCommandre runs on every time container is restarted. We need to do this work only onceThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @eljog ,
Indeed it would be executed during every restart. Initially I saw that as part of configurations in one of the features of universal image, git-lfs has already got postCreateCommand used in devcontainer-feature.json. So I avoided the postCreateCommand option & opted for postStartCommand.
However, I have checked now that for a devcontainer configuration if the same lifecycle hook such as postCreateCommand is used in both devcontainer-feature.json & devcontainer.json, then the commands provided in the devcontainer-feature.json would be executed first followed by the commands in devcontainer.json. So I changed that & tested the same now. Kindly let me know in case of any further concerns on this.
With Regards,
Kaniska