Certain environments, e.g. Azure Pipelines, override default user
inside container with a custom one, whereas fail to pass proper
seccomp profile for the docker image.
As a result, chromium sandboxing fails.
To ease life of devops deploying tests in various CI's, this patch
disables Chromium sandbox by default.
References #4084
In version 1.4 we introduced a breaking change for the Docker behaviour since we removed the pwuser completely. In this PR I add this user again and create a symlink so that root uses the browser of the pwuser. This has also the benefit, that the users who wants to use the seccomp profile that they don't have to create this user.
Reference: https://playwright.slack.com/archives/CSUHZPVLM/p1600240776120400
Tested on root and on pwuser. Works.
References #4084
Each Ubuntu and Debian release has a code name. Ubuntu 18(bionic), Ubuntu 20(focal). This adds the Dockerfile for Ubuntu20.
Next steps and follow up changes:
- add it to the devops site, so we are sure all tests are passing, locally they did
- deploy it to the MCR, naming needs to be clarified, probably just as "focal".
This naming schema allows us in the future to add Debian support too. But we should wait until Headless WK is fixed.
Relates #3791
Relates #2758Closes#3338
- This leaves just `recordVideos` and `videoSize` options on the context.
- Videos are saved to `artifactsPath`. We also save their ids to trace.
- `context.close()` waits for the processed videos.
api(trace): introduce artifacts options
This introduces launch({ artifactsPath }) and newContext({ relativeArtifactsPath, recordTrace }) options.
- artifactsPath option controls the directory where all artifacts go. If not passed, artifacts are not collected.
- relativeArtifactsPath can be used to put context-specific artifacts into a subfolder. If not passed, shared artifactsPath is used.
- recordTrace controls trace recording.
We also expose trace types under playwright/types/trace.d.ts.
In the follow up:
- videos will be put into artifactsPath;
- downloads will be put into artifactsPath, or keep using existing downloadsPath when artifactsPath is not specified.
As discussed offline other big images like Node.js or Nginx use root as the default user and the users in the end can base-off from our image to add their security features.
Not sure if follow up docs changes are required for that.
Fix#3703Fix#3681
It turns out that the new `docker push --all-tags` is not yet available
in the latest docker distribution on Ubuntu 20.04.
This provides a helper script to tag and publish the docker image.
It turns out Github Actions have docker pre-installed.
This patch unifies the codepaths that we use to build docker image
locally and to publish it from CI.
As a result, there's no extra `--prepare-context` argument in
`//docs/docker/build.sh` that was used solely on CI.
References #2926