From 642cf2be9409ebf9d04f543fd23b7c08a4488782 Mon Sep 17 00:00:00 2001
From: undergroundwires <git@undergroundwires.dev>
Date: Sat, 12 Oct 2024 00:43:45 +0200
Subject: [PATCH] Fix CI/CD runtime checks failing on Ubuntu 24.04

GitHub runners now use Ubuntu 24.04, which introduces new restrictions
on unprivileged user namespaces affecting AppImages. This causes
runtime checks to fail when running Electron applications, producing
errors like:

```
[5475:1011/121711.489417:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_privacv1kcOj/chrome-sandbox is owned by root and has mode 4755.
```

This commit modifies CI workflow to disable the restrictions during
runtime checks. This allows the runtime checks to pass by permitting
unprivileged user namespaces.

This works around the issue without requiring changes to the AppImage
itself. A more permanent solution may be needed in the future.

Related key Electron issues:

- electron/electron$41066
- electron/electron$42510
- electron-userland/electron-builder$844
---
 .../checks.desktop-runtime-errors.yaml        | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/checks.desktop-runtime-errors.yaml b/.github/workflows/checks.desktop-runtime-errors.yaml
index 1c5a924e..9a6c9c66 100644
--- a/.github/workflows/checks.desktop-runtime-errors.yaml
+++ b/.github/workflows/checks.desktop-runtime-errors.yaml
@@ -31,7 +31,7 @@ jobs:
         uses: ./.github/actions/install-imagemagick
       -
         name: Configure Ubuntu
-        if: contains(matrix.os, 'ubuntu') # macOS runner is missing Docker
+        if: contains(matrix.os, 'ubuntu')
         shell: bash
         run: |-
           sudo apt update
@@ -61,9 +61,32 @@ jobs:
 
           # Install xdotool and xprop (from x11-utils) for window title capturing
           sudo apt install -y xdotool x11-utils
+
+          # Workaround for Electron apps failing to initialize on Ubuntu 24.04 due to AppArmor restrictions
+          # Disables unprivileged user namespaces restriction to allow Electron apps to run
+          # Reference: https://github.com/electron/electron/issues/42510
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
+          # Install Vulkan support
+          sudo apt install libvulkan1 mesa-vulkan-drivers vulkan-tools
+          # Install additional X11 libraries
+          sudo apt-get install -y libgtk-3-0 libx11-xcb1 libxcb-dri3-0 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxi6 libxrandr2 libxss1 libxtst6 libnss3
+          # Install additional Mesa drivers
+          sudo apt-get install -y mesa-utils libosmesa6-dev
+      - name: Check Vulkan
+        if: contains(matrix.os, 'ubuntu')
+        run: |
+          vulkaninfo || echo "Vulkan not available"
+      - name: Check OpenGL
+        if: contains(matrix.os, 'ubuntu')
+        run: |
+          glxinfo | grep "OpenGL"
+          glxinfo | grep "direct rendering"
       -
         name: Test
         shell: bash
+        env:
+          ELECTRON_DISABLE_SANDBOX: true
         run: |-
           export SCREENSHOT=true
           npm run check:desktop