search

guidepup / setup

Setup your environment for screen reader test automation.
https://guidepup.dev
MIT License
5 stars 2 forks source link

Help debugging -Failed to enable "Do not disturb" mode- #8

Closed joan-domingo closed 1 year ago

joan-domingo commented 1 year ago

Hi,

I've tried guidepup/setup for Github actions and I got it working. Very nice!

My question though is because I'm trying to get it running in a Self-managed Gitlab. VoiceOver AppleScript Control is Enabled, so that's fine but when it runs the setup command I get:

$ npx @guidepup/setup --ci --record
[!] Error: Failed to enable "Do not disturb" mode
Unable to complete environment setup
Please refer to https://github.com/guidepup/guidepup/tree/main/guides for guides to manual environment setup

And the recording directory is empty.

Do you have any ideas, hints or suggestions?

Thank you!

cmorten commented 1 year ago

Hey @joan-domingo 👋

For the self-managed Gitlab agent, what is the MacOS version? 🙂

joan-domingo commented 1 year ago

Hi @cmorten,

we are using macOS 12.6.1

cmorten commented 1 year ago

Hmm, going to need a bit more information / investigation - my personal mac is on 12.6.1 currently and can see the DND setting and the recording working just fine...

The recording should help work out what is going on here - we should be getting a .mov file generated into the ./recordings/ directory for the current working directory... if you run ls -la ./recordings immediately after the npx command in CI what are you getting (not so familiar with gitlab so good to identify if the issue with the recording is with the script, or trying to get the artifacts out of gitlab!)

cmorten commented 1 year ago

Actually seeing this failure on GitHub runners, hoping #9 might be a goer.

cmorten commented 1 year ago

@joan-domingo can you check if https://github.com/guidepup/setup/releases/tag/0.6.4 resolves the issue?

joan-domingo commented 1 year ago

@cmorten It might take a while for me to test it but I'll let you know. Thank you!

joan-domingo commented 1 year ago

It's still happening to me but I'm pretty sure the issue is on my side. I noticed that I can't record the screen nor take screenshots in Gitlab while this is possible in Github. So I believe it's related to missing permissions.

cmorten commented 1 year ago

It's still happening to me but I'm pretty sure the issue is on my side. I noticed that I can't record the screen nor take screenshots in Gitlab while this is possible in Github. So I believe it's related to missing permissions.

Ah! You might be onto something - with GitHub there are a host of permissions that are baked into the agent, see https://github.com/actions/runner-images/blob/main/images/macos/provision/configuration/configure-tccdb-macos.sh, we later onto that from this CLI to further enable VoiceOver and browser automation, but potentially the GitLab agent doesn’t have any of these permissions setup.

Ingesting these perms (kTCCServiceScreenCapture being pertinent for screen recording) hopefully might do the trick.

Is the agent you’re using on GitLab a custom built one or is it one they provide? Not too familiar with GitLab (yet) but seen there is a new beta macOS agent out? Curious if it’s open source or closed source - it might be we need to feature request some stuff to them depending on whether their agents have SIP enabled or not.

Update: for future reference looks like GitLab macos resources are available at:

cmorten commented 1 year ago

Pertinent code in this repo to extend https://github.com/guidepup/setup/blob/main/src/macOS/updateTccDb.ts

cmorten commented 1 year ago

Hmm I can't read, we already have a lot of this setup for screen-capture etc. https://github.com/guidepup/setup/blob/main/src/macOS/updateTccDb.ts#L54

Perhaps a case of working out what GitLab is using as the runner, i.e. the equivalent of /usr/local/opt/runner/runprovisioner.sh for GitHub?

joan-domingo commented 1 year ago

Hi, thanks for all the help and suggestions. This topic is new to me, so correct me if I say something wrong.

Is the agent you’re using on GitLab a custom built one or is it one they provide? Not too familiar with GitLab (yet) but seen there is a new beta macOS agent out? Curious if it’s open source or closed source - it might be we need to feature request some stuff to them depending on whether their agents have SIP enabled or not.

I tried the hosted one (with a trial period) from Gitlab but SIP is disabled. You can also apply for an open source project if you provide them with a few requirements.

I'm using a custom build or runner from my company. And I found a way to print the configuration:

$ csrutil status
System Integrity Protection status: unknown (Custom Configuration).
Configuration:
    Apple Internal: disabled
    Kext Signing: enabled
    Filesystem Protections: disabled
    Debugging Restrictions: enabled
    DTrace Restrictions: enabled
    NVRAM Protections: enabled
    BaseSystem Verification: enabled

Also tried to update just kTCCServiceScreenCapture with "'kTCCServiceScreenCapture','/bin/bash',1,2,3,1,NULL,NULL,NULL,'UNUSED',NULL,0,1599831148" but it doesn't work. So I guess the user doesn't have full access or something like that. I think it must be that because after running the update DB commands, this is what I see:

kTCCServiceScreenCapture|/usr/local/Cellar/gitlab-runner/15.5.1/bin/gitlab-runner|1|0|4|1|��||0|UNUSED||0|1674308773
kTCCServiceAccessibility|com.apple.dt.Xcode-Helper|0|2|1|1||||UNUSED||0|1674464677000
kTCCServiceDeveloperTool|com.apple.Terminal|0|2|1|1||||UNUSED||0|1674464677000
kTCCServiceAccessibility|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED||0|1566321319
kTCCServicePostEvent|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED||0|1566321326
kTCCServiceSystemPolicyAllFiles|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED||0|1583997993
kTCCServiceSystemPolicyAllFiles|/bin/bash|1|2|0|1||||UNUSED||0|1583997993
kTCCServiceSystemPolicyAllFiles|/usr/libexec/sshd-keygen-wrapper|1|0|4|1|��||0|UNUSED||0|1639660695
kTCCServiceAccessibility|/usr/libexec/sshd-keygen-wrapper|1|2|4|1|��||0|UNUSED||0|1644564233
kTCCServiceAccessibility|com.apple.Terminal|0|2|0|1|��|||UNUSED||0|1591180502
kTCCServiceAccessibility|/bin/bash|1|2|0|1||||UNUSED||0|1583997993
kTCCServiceMicrophone|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED|||1576661342
kTCCServiceScreenCapture|/bin/bash|1|2|0|1||||UNUSED||0|1599831148
kTCCServiceAccessibility|/Library/Application Support/Veertu/Anka/addons/ankarund|1|2|4|1|��||0|UNUSED||0|1644565949
kTCCServiceSystemPolicyAllFiles|com.microsoft.wdav|0|2|4|1||||UNUSED||0|1643970979
kTCCServiceSystemPolicyAllFiles|com.microsoft.wdav.epsext|0|2|4|1||||UNUSED||0|1643970979

Perhaps a case of working out what GitLab is using as the runner, i.e. the equivalent of /usr/local/opt/runner/runprovisioner.sh for GitHub? you mean this? /usr/local/Cellar/gitlab-runner/15.5.1/bin/gitlab-runner

joan-domingo commented 1 year ago

now I just realized after seeing my logs that some lines have the /usr/local/opt/runner/runprovisioner.sh from Gitlab and this won't work of course.

cmorten commented 1 year ago

You can also apply for an open source project if you provide them with a few requirements.

Might see if can get that going for this project so can run CI against it for regression.

Took a punt in https://github.com/guidepup/setup/pull/11 based on what could see of the GitLab setup. This might be enough (hard to say 😅) for their hosted CI, but for custom agents it might not be quite right. Namely have gone for /usr/local/bin/gitlab-runner but looks like your agent is setup with the runner at /usr/local/Cellar/gitlab-runner/15.5.1/bin/gitlab-runner...

Perhaps need to go for something like... $(which gitlab-runner) (but JS) and let the PATH determine the runner's location? 🤔 Will give a whirl

cmorten commented 1 year ago

Can you give https://github.com/guidepup/setup/releases/tag/0.7.0 a whirl?