From d5363807a0cefd0d7b84b007715d3ca693d694e7 Mon Sep 17 00:00:00 2001 From: Stefan Frijters Date: Tue, 1 Oct 2024 22:02:33 +0200 Subject: [PATCH] Try ubuntu-latest with a hack for CI --- .github/workflows/compile-check-blink.yml | 24 ++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/workflows/compile-check-blink.yml b/.github/workflows/compile-check-blink.yml index 1a477e8..5d5f1ec 100644 --- a/.github/workflows/compile-check-blink.yml +++ b/.github/workflows/compile-check-blink.yml @@ -8,7 +8,7 @@ on: - 'README.md' jobs: nix-flake-check: - runs-on: ubuntu-22.04 # Work around https://github.com/containers/bubblewrap/issues/632 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v29 @@ -16,6 +16,28 @@ jobs: github_access_token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/magic-nix-cache-action@v8 + - name: AppArmor fixes + # Work around https://github.com/containers/bubblewrap/issues/632 + # Inspiration from https://github.com/chainguard-dev/melange/issues/1508#issue-2536640978 + run: | + # Get the path to arduino-cli wrapper script that the devshell uses (ignore the user output for the devshell by using tail) + arduino_cli_path="$(nix develop --command which arduino-cli | tail -n1)" + # Get the path to the bwrap executable that the arduino-cli wrapper uses by grepping for the command inside the wrapper script + bwrap_path="$(grep "/bwrap" "${arduino_cli_path}")" + + cat << EOF | sudo tee /etc/apparmor.d/local-bwrap + abi , + include + + profile local-bwrap ${bwrap_path} flags=(unconfined) { + userns, + + # Site-specific additions and overrides. See local/README for details. + include if exists + } + EOF + sudo systemctl reload apparmor + - name: Compile test run: | nix develop --command make -C blink compile