Closed joan-domingo closed 1 year ago
Hey @joan-domingo 👋
For the self-managed Gitlab agent, what is the MacOS version? 🙂
Hi @cmorten,
we are using macOS 12.6.1
Hmm, going to need a bit more information / investigation - my personal mac is on 12.6.1 currently and can see the DND setting and the recording working just fine...
The recording should help work out what is going on here - we should be getting a .mov
file generated into the ./recordings/
directory for the current working directory... if you run ls -la ./recordings
immediately after the npx
command in CI what are you getting (not so familiar with gitlab so good to identify if the issue with the recording is with the script, or trying to get the artifacts out of gitlab!)
Actually seeing this failure on GitHub runners, hoping #9 might be a goer.
@joan-domingo can you check if https://github.com/guidepup/setup/releases/tag/0.6.4 resolves the issue?
@cmorten It might take a while for me to test it but I'll let you know. Thank you!
It's still happening to me but I'm pretty sure the issue is on my side. I noticed that I can't record the screen nor take screenshots in Gitlab while this is possible in Github. So I believe it's related to missing permissions.
It's still happening to me but I'm pretty sure the issue is on my side. I noticed that I can't record the screen nor take screenshots in Gitlab while this is possible in Github. So I believe it's related to missing permissions.
Ah! You might be onto something - with GitHub there are a host of permissions that are baked into the agent, see https://github.com/actions/runner-images/blob/main/images/macos/provision/configuration/configure-tccdb-macos.sh, we later onto that from this CLI to further enable VoiceOver and browser automation, but potentially the GitLab agent doesn’t have any of these permissions setup.
Ingesting these perms (kTCCServiceScreenCapture being pertinent for screen recording) hopefully might do the trick.
Is the agent you’re using on GitLab a custom built one or is it one they provide? Not too familiar with GitLab (yet) but seen there is a new beta macOS agent out? Curious if it’s open source or closed source - it might be we need to feature request some stuff to them depending on whether their agents have SIP enabled or not.
Update: for future reference looks like GitLab macos resources are available at:
Pertinent code in this repo to extend https://github.com/guidepup/setup/blob/main/src/macOS/updateTccDb.ts
Hmm I can't read, we already have a lot of this setup for screen-capture etc. https://github.com/guidepup/setup/blob/main/src/macOS/updateTccDb.ts#L54
Perhaps a case of working out what GitLab is using as the runner, i.e. the equivalent of /usr/local/opt/runner/runprovisioner.sh
for GitHub?
Hi, thanks for all the help and suggestions. This topic is new to me, so correct me if I say something wrong.
Is the agent you’re using on GitLab a custom built one or is it one they provide? Not too familiar with GitLab (yet) but seen there is a new beta macOS agent out? Curious if it’s open source or closed source - it might be we need to feature request some stuff to them depending on whether their agents have SIP enabled or not.
I tried the hosted one (with a trial period) from Gitlab but SIP is disabled. You can also apply for an open source project if you provide them with a few requirements.
I'm using a custom build or runner from my company. And I found a way to print the configuration:
$ csrutil status
System Integrity Protection status: unknown (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: enabled
Filesystem Protections: disabled
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
BaseSystem Verification: enabled
Also tried to update just kTCCServiceScreenCapture
with "'kTCCServiceScreenCapture','/bin/bash',1,2,3,1,NULL,NULL,NULL,'UNUSED',NULL,0,1599831148"
but it doesn't work. So I guess the user doesn't have full access or something like that. I think it must be that because after running the update DB commands, this is what I see:
kTCCServiceScreenCapture|/usr/local/Cellar/gitlab-runner/15.5.1/bin/gitlab-runner|1|0|4|1|��||0|UNUSED||0|1674308773
kTCCServiceAccessibility|com.apple.dt.Xcode-Helper|0|2|1|1||||UNUSED||0|1674464677000
kTCCServiceDeveloperTool|com.apple.Terminal|0|2|1|1||||UNUSED||0|1674464677000
kTCCServiceAccessibility|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED||0|1566321319
kTCCServicePostEvent|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED||0|1566321326
kTCCServiceSystemPolicyAllFiles|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED||0|1583997993
kTCCServiceSystemPolicyAllFiles|/bin/bash|1|2|0|1||||UNUSED||0|1583997993
kTCCServiceSystemPolicyAllFiles|/usr/libexec/sshd-keygen-wrapper|1|0|4|1|��||0|UNUSED||0|1639660695
kTCCServiceAccessibility|/usr/libexec/sshd-keygen-wrapper|1|2|4|1|��||0|UNUSED||0|1644564233
kTCCServiceAccessibility|com.apple.Terminal|0|2|0|1|��|||UNUSED||0|1591180502
kTCCServiceAccessibility|/bin/bash|1|2|0|1||||UNUSED||0|1583997993
kTCCServiceMicrophone|/usr/local/opt/runner/runprovisioner.sh|1|2|0|1||||UNUSED|||1576661342
kTCCServiceScreenCapture|/bin/bash|1|2|0|1||||UNUSED||0|1599831148
kTCCServiceAccessibility|/Library/Application Support/Veertu/Anka/addons/ankarund|1|2|4|1|��||0|UNUSED||0|1644565949
kTCCServiceSystemPolicyAllFiles|com.microsoft.wdav|0|2|4|1||||UNUSED||0|1643970979
kTCCServiceSystemPolicyAllFiles|com.microsoft.wdav.epsext|0|2|4|1||||UNUSED||0|1643970979
Perhaps a case of working out what GitLab is using as the runner, i.e. the equivalent of /usr/local/opt/runner/runprovisioner.sh for GitHub? you mean this?
/usr/local/Cellar/gitlab-runner/15.5.1/bin/gitlab-runner
now I just realized after seeing my logs that some lines have the /usr/local/opt/runner/runprovisioner.sh
from Gitlab and this won't work of course.
You can also apply for an open source project if you provide them with a few requirements.
Might see if can get that going for this project so can run CI against it for regression.
Took a punt in https://github.com/guidepup/setup/pull/11 based on what could see of the GitLab setup. This might be enough (hard to say 😅) for their hosted CI, but for custom agents it might not be quite right. Namely have gone for /usr/local/bin/gitlab-runner
but looks like your agent is setup with the runner at /usr/local/Cellar/gitlab-runner/15.5.1/bin/gitlab-runner
...
Perhaps need to go for something like... $(which gitlab-runner)
(but JS) and let the PATH
determine the runner's location? 🤔 Will give a whirl
Can you give https://github.com/guidepup/setup/releases/tag/0.7.0 a whirl?
Hi,
I've tried
guidepup/setup
for Github actions and I got it working. Very nice!My question though is because I'm trying to get it running in a Self-managed Gitlab. VoiceOver AppleScript Control is Enabled, so that's fine but when it runs the setup command I get:
And the recording directory is empty.
Do you have any ideas, hints or suggestions?
Thank you!