Enterprise network informations device posture #1561
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Builds | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - enterprise-main | |
| jobs: | |
| package-tests: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| testing/enterprise/ | |
| python/sites/enterprise-tests.txt | |
| sparse-checkout-cone-mode: false | |
| - name: "generate requirements.txt" | |
| run: | | |
| grep "^pypi:" python/sites/enterprise-tests.txt | sed -e "s/^pypi://g" > testing/enterprise/requirements.txt | |
| echo "mozfile==3.0.0" >> testing/enterprise/requirements.txt | |
| echo "mozlog==8.0.0" >> testing/enterprise/requirements.txt | |
| echo "mozterm==1.0.0" >> testing/enterprise/requirements.txt | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: enterprise-tests | |
| path: testing/enterprise/ | |
| compression-level: 0 | |
| linux-build-vm: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| outputs: | |
| instance_name: ${{ steps.create_vm.outputs.instance_name }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: create_vm | |
| uses: ./.github/actions/create-vm | |
| with: | |
| instance_kind: "linux-build" | |
| gcp_machine_type: "c4d-highcpu-48" | |
| extra_labels: "build,LinuxNative" | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| linux-build-vm-clean: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ linux-build-vm, linux-build-opt ] | |
| if: "always()" | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: delete_vm | |
| uses: ./.github/actions/delete-vm | |
| with: | |
| instance_name: ${{ needs.linux-build-vm.outputs.instance_name }} | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| linux-test-vm: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ linux-build-opt ] | |
| outputs: | |
| instance_name: ${{ steps.create_vm.outputs.instance_name }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: create_vm | |
| uses: ./.github/actions/create-vm | |
| with: | |
| instance_kind: "linux-test" | |
| gcp_machine_type: "c4d-highcpu-2" | |
| extra_labels: "test,LinuxNative" | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| linux-test-vm-clean: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ linux-test-vm, linux-test ] | |
| if: "always()" | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: delete_vm | |
| uses: ./.github/actions/delete-vm | |
| with: | |
| instance_name: ${{ needs.linux-test-vm.outputs.instance_name }} | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| linux-build-opt: | |
| runs-on: [ self-hosted, LinuxNative, X64 ] | |
| timeout-minutes: 30 | |
| needs: linux-build-vm | |
| env: | |
| MOZCONFIG: ${{ github.workspace }}/build/unix/mozconfig.ci.enterprise | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: "check mozconfig" | |
| run: | | |
| ls -hal $MOZCONFIG | |
| cat $MOZCONFIG | |
| - name: setup | |
| run: | | |
| rustup default 1.89 | |
| - name: build | |
| run: ./mach build | |
| - name: package | |
| env: | |
| RUN_FIND_DUPES: 1 | |
| run: | | |
| ./mach package | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-linux-amd64 | |
| path: obj-*/dist/firefox-*.tar* | |
| compression-level: 0 | |
| - name: "package gcp-eu" | |
| env: | |
| RUN_FIND_DUPES: 1 | |
| run: | | |
| sed -i.bak "s|https://console.enterfox.eu|https://console-gcp-eu.enterfox.eu|g" browser/branding/enterprise/pref/firefox-enterprise.js | |
| ./mach package | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-linux-amd64-gcpEU | |
| path: obj-*/dist/firefox-*.tar* | |
| compression-level: 0 | |
| linux-test: | |
| runs-on: [self-hosted, LinuxNative, X64] | |
| timeout-minutes: 20 | |
| needs: [ linux-test-vm, package-tests ] | |
| steps: | |
| - name: "download firefox build" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: firefox-linux-amd64 | |
| - name: "download enterprise tests" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: enterprise-tests | |
| - name: "unpack firefox build" | |
| id: unpack | |
| run: | | |
| tar xf ./obj-*/dist/firefox-*.tar* | |
| RUNTIME_PATH=$(find . -type f -name "firefox") | |
| echo "runtime_path=$RUNTIME_PATH" >> "$GITHUB_OUTPUT" | |
| - name: "install python" | |
| run: | | |
| python3 -m venv venv_tests | |
| - name: "install deps" | |
| run: | | |
| curl -sSL https://github.com/mozilla/geckodriver/releases/download/v0.36.0/geckodriver-v0.36.0-linux64.tar.gz | tar -zxf - | |
| . venv_tests/bin/activate | |
| pip3 install -r requirements.txt | |
| - name: "test firefox start" | |
| run: | | |
| RUNTIME_VERSION=$(${{ steps.unpack.outputs.runtime_path }} --version | awk '{ print $3 }') | |
| sed -e "s/#RUNTIME_VERSION#/${RUNTIME_VERSION}/g" < firefox_start.json.in > firefox_start.json | |
| mkdir -p ./profiles/ | |
| . venv_tests/bin/activate | |
| python3 test_firefox_start.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser starts from felt using CLI argument" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_starts_fromCli.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser starts from felt using environment variable" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_starts_fromEnv.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser about:config is blocked" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_about_config_blocked.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test device posture" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_device_posture.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser signout" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_signout.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser safe mode" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_safe_mode.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser external link" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 xvfb-run python3 test_felt_browser_external_link.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser fxa" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_fxa.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser restart is a quit" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_restart_is_quit.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser restart works" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_restart_works.py ${{ steps.unpack.outputs.runtime_path }} $PWD/geckodriver $PWD/profiles/ | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-tests-results | |
| path: | | |
| geckodriver.log | |
| screenshot_*.png | |
| compression-level: 0 | |
| if: "always()" | |
| windows-build-vm: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| outputs: | |
| instance_name: ${{ steps.create_vm.outputs.instance_name }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: create_vm | |
| uses: ./.github/actions/create-vm | |
| with: | |
| instance_kind: "windows-build" | |
| gcp_machine_type: "c4d-highcpu-48" | |
| extra_labels: "build,WinCross" | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| windows-build-vm-clean: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ windows-build-vm, windows-build-opt ] | |
| if: "always()" | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: delete_vm | |
| uses: ./.github/actions/delete-vm | |
| with: | |
| instance_name: ${{ needs.windows-build-vm.outputs.instance_name }} | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| windows-test-vm: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ windows-build-opt ] | |
| outputs: | |
| instance_name: ${{ steps.create_vm.outputs.instance_name }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: create_vm | |
| uses: ./.github/actions/create-vm | |
| with: | |
| instance_kind: "windows-test" | |
| gcp_machine_type: "c4d-highcpu-8" | |
| gcp_disk_size: "100" | |
| gcp_disk_source: "disk-2025-dc-v20250813-20250902102015" | |
| gcp_metadata_startup: "--metadata-from-file=windows-startup-script-ps1=./repo-checkout/.github/workflows/windows-startup.ps1" | |
| extra_labels: "test,WinNative" | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| windows-test-vm-clean: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ windows-test-vm, windows-test ] | |
| if: "always()" | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: delete_vm | |
| uses: ./.github/actions/delete-vm | |
| with: | |
| instance_name: ${{ needs.windows-test-vm.outputs.instance_name }} | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| windows-build-opt: | |
| runs-on: [ self-hosted, WinCross, X64 ] | |
| timeout-minutes: 30 | |
| needs: windows-build-vm | |
| env: | |
| MOZCONFIG: ${{ github.workspace }}/build/win64/mozconfig.ci.enterprise | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v5 | |
| - name: "check mozconfig" | |
| run: | | |
| ls -hal $MOZCONFIG | |
| cat $MOZCONFIG | |
| - name: setup | |
| run: | | |
| rustup default 1.89 | |
| rustup target add x86_64-pc-windows-msvc | |
| mkdir fetches | |
| cd fetches | |
| ../mach artifact toolchain --from-build linux64-upx | |
| cd .. | |
| PATH=$PWD/fetches/upx/bin/:$PATH upx --version | |
| - name: build | |
| run: | | |
| ./mach build | |
| - name: package | |
| env: | |
| RUN_FIND_DUPES: 1 | |
| run: ./mach package | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-windows-amd64 | |
| path: obj-*/dist/firefox-*.en-US.win64.zip | |
| compression-level: 0 | |
| - name: "repackage installer" | |
| run: | | |
| ZIP_FILE=$(find obj-*/dist/ -type f -name "firefox-*.win64.zip") | |
| INSTALLER=$(echo "$ZIP_FILE" | sed -e "s/.zip$/.installer.exe/g") | |
| SETUP_EXE=$(find obj-* -type f -name "setup.exe") | |
| PATH=$PWD/fetches/upx/bin/:$PATH ./mach repackage installer -o $INSTALLER --package-name "firefox" --package $ZIP_FILE --tag browser/installer/windows/app.tag --setupexe $SETUP_EXE --sfx-stub other-licenses/7zstub/firefox/7zSD.Win32.sfx --use-upx | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-windows-installer-amd64 | |
| path: obj-*/dist/firefox-*.en-US.win64.installer.exe | |
| compression-level: 0 | |
| - name: "package gcp-eu" | |
| env: | |
| RUN_FIND_DUPES: 1 | |
| run: | | |
| sed -i.bak "s|https://console.enterfox.eu|https://console-gcp-eu.enterfox.eu|g" browser/branding/enterprise/pref/firefox-enterprise.js | |
| ./mach package | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-windows-amd64-gcpEU | |
| path: obj-*/dist/firefox-*.en-US.win64.zip | |
| compression-level: 0 | |
| - name: "repackage installer gcp-eu" | |
| run: | | |
| ZIP_FILE=$(find obj-*/dist/ -type f -name "firefox-*.win64.zip") | |
| INSTALLER=$(echo "$ZIP_FILE" | sed -e "s/.zip$/.installer.exe/g") | |
| SETUP_EXE=$(find obj-* -type f -name "setup.exe") | |
| PATH=$PWD/fetches/upx/bin/:$PATH ./mach repackage installer -o $INSTALLER --package-name "firefox" --package $ZIP_FILE --tag browser/installer/windows/app.tag --setupexe $SETUP_EXE --sfx-stub other-licenses/7zstub/firefox/7zSD.Win32.sfx --use-upx | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-windows-installer-amd64-gcpEU | |
| path: obj-*/dist/firefox-*.en-US.win64.installer.exe | |
| compression-level: 0 | |
| windows-test: | |
| runs-on: [self-hosted, WinNative, X64] | |
| timeout-minutes: 20 | |
| needs: [ windows-test-vm, package-tests ] | |
| steps: | |
| - name: "download firefox build" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: firefox-windows-amd64 | |
| - name: "download enterprise tests" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: enterprise-tests | |
| - name: "unpack firefox build" | |
| id: unpack | |
| run: | | |
| $zipFile = Get-ChildItem -Path .\obj-*\dist\firefox-*.win64.zip | Select-Object -First 1 -ExpandProperty FullName | |
| C:\mozilla-build\bin\unzip.exe $zipFile | |
| $firefoxPath = Get-ChildItem -Path .\firefox\firefox.exe | Select-Object -First 1 -ExpandProperty FullName | |
| echo "firefox_path=$firefoxPath" >> $Env:GITHUB_OUTPUT | |
| Invoke-WebRequest -Uri https://github.com/mozilla/geckodriver/releases/download/v0.36.0/geckodriver-v0.36.0-win32.zip -OutFile geckodriver-v0.36.0-win32.zip | |
| C:\mozilla-build\bin\unzip.exe geckodriver-v0.36.0-win32.zip | |
| $geckodriverPath = Join-Path -Path $PWD -ChildPath "geckodriver.exe" | |
| echo "geckodriver_path=$geckodriverPath" >> $Env:GITHUB_OUTPUT | |
| $profilesPath = Join-Path -Path $PWD -ChildPath "profiles" | |
| New-Item -ItemType Directory -Force -Path $profilesPath | |
| echo "profiles_path=$profilesPath" >> $Env:GITHUB_OUTPUT | |
| - name: "install python" | |
| run: | | |
| python3 -m venv venv_tests | |
| . venv_tests\Scripts\activate | |
| pip3 install -r requirements.txt | |
| - name: "test firefox start" | |
| run: | | |
| $runtimeVersion = (Get-Content ".\firefox\application.ini") -match "^Version=" | ForEach-Object { $_.Split('=')[1] } | |
| (Get-Content firefox_start.json.in) -replace '#RUNTIME_VERSION#', $runtimeVersion | Set-Content firefox_start.json | |
| . venv_tests\Scripts\activate | |
| python3 test_firefox_start.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser starts from felt using CLI arg" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_starts_fromCli.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser starts from felt using environment variable" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_starts_fromEnv.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser about:config is blocked" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_about_config_blocked.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test device posture" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_device_posture.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser signout" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_signout.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser fxa" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_fxa.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| ### This is failing on our GCP workers in a non debuggable way. | |
| ### GitHub Actions Windows workers are fine and TaskCluster. | |
| # - name: "test browser safe mode" | |
| # run: | | |
| # . venv_tests\Scripts\activate | |
| # $Env:MOZ_LOG="console:5" | |
| # python3 test_felt_browser_safe_mode.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| # | |
| - name: "test browser external link" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_external_link.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser restart is a quit" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_restart_is_quit.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser restart works" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_restart_works.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-tests-results | |
| path: | | |
| screenshot_*.png | |
| geckodriver.log | |
| compression-level: 0 | |
| if: "always()" | |
| windows-test-gha: | |
| runs-on: windows-2025 | |
| timeout-minutes: 20 | |
| needs: [ windows-build-opt, package-tests ] | |
| steps: | |
| - name: "download firefox build" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: firefox-windows-amd64 | |
| - name: "download enterprise tests" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: enterprise-tests | |
| - name: "install MozillaBuild" | |
| run: | | |
| $client = New-Object system.net.WebClient | |
| $client.DownloadFile("https://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-Latest.exe", "C:\MozillaBuildSetup.exe") | |
| Start-Process "C:\MozillaBuildSetup.exe" -ArgumentList "/S" -Wait -NoNewWindow -PassThru -RedirectStandardOutput "C:\MozillaBuild_install.log" -RedirectStandardError "C:\MozillaBuild_install.err" | |
| - name: "unpack firefox build" | |
| id: unpack | |
| run: | | |
| $zipFile = Get-ChildItem -Path .\obj-*\dist\firefox-*.win64.zip | Select-Object -First 1 -ExpandProperty FullName | |
| C:\mozilla-build\bin\unzip.exe $zipFile | |
| $firefoxPath = Get-ChildItem -Path .\firefox\firefox.exe | Select-Object -First 1 -ExpandProperty FullName | |
| echo "firefox_path=$firefoxPath" >> $Env:GITHUB_OUTPUT | |
| Invoke-WebRequest -Uri https://github.com/mozilla/geckodriver/releases/download/v0.36.0/geckodriver-v0.36.0-win32.zip -OutFile geckodriver-v0.36.0-win32.zip | |
| C:\mozilla-build\bin\unzip.exe geckodriver-v0.36.0-win32.zip | |
| $geckodriverPath = Join-Path -Path $PWD -ChildPath "geckodriver.exe" | |
| echo "geckodriver_path=$geckodriverPath" >> $Env:GITHUB_OUTPUT | |
| $profilesPath = Join-Path -Path $PWD -ChildPath "profiles" | |
| New-Item -ItemType Directory -Force -Path $profilesPath | |
| echo "profiles_path=$profilesPath" >> $Env:GITHUB_OUTPUT | |
| - name: "install python" | |
| run: | | |
| python3 -m venv venv_tests | |
| . venv_tests\Scripts\activate | |
| pip3 install -r requirements.txt | |
| - name: "test firefox start" | |
| run: | | |
| $runtimeVersion = (Get-Content ".\firefox\application.ini") -match "^Version=" | ForEach-Object { $_.Split('=')[1] } | |
| (Get-Content firefox_start.json.in) -replace '#RUNTIME_VERSION#', $runtimeVersion | Set-Content firefox_start.json | |
| . venv_tests\Scripts\activate | |
| python3 test_firefox_start.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - name: "test browser safe mode" | |
| run: | | |
| . venv_tests\Scripts\activate | |
| $Env:MOZ_LOG="console:5" | |
| python3 test_felt_browser_safe_mode.py "${{ steps.unpack.outputs.firefox_path }}" "${{ steps.unpack.outputs.geckodriver_path }}" "${{ steps.unpack.outputs.profiles_path }}" | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-tests-gha-results | |
| path: | | |
| screenshot_*.png | |
| geckodriver.log | |
| compression-level: 0 | |
| if: "always()" | |
| windows-msi: | |
| runs-on: windows-2025 | |
| timeout-minutes: 20 | |
| needs: [ windows-build-opt ] | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v5 | |
| - name: "download firefox installer" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: firefox-windows-installer-amd64 | |
| - name: "install MozillaBuild" | |
| run: | | |
| $client = New-Object system.net.WebClient | |
| $client.DownloadFile("https://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-Latest.exe", "C:\MozillaBuildSetup.exe") | |
| Start-Process "C:\MozillaBuildSetup.exe" -ArgumentList "/S" -Wait -NoNewWindow -PassThru -RedirectStandardOutput "C:\MozillaBuild_install.log" -RedirectStandardError "C:\MozillaBuild_install.err" | |
| - name: "download wix-3.14.0" | |
| run: | | |
| mkdir fetches | |
| cd fetches | |
| ../mach artifact toolchain --from-build fetch-wix-3.14.0 | |
| cd .. | |
| - name: "repackage msi" | |
| run: | | |
| $runtimeVersion = Get-Content ".\browser\config\version_display.txt" | |
| $installerFile = Get-ChildItem -Path .\obj-*\dist\firefox-*.win64.installer.exe | |
| $installerMSI = "$($installerFile.DirectoryName)\firefox-$runtimeVersion.en-US.win64.installer.msi" | |
| ./mach repackage msi --wsx browser/installer/windows/msi/installer.wxs --version $runtimeVersion --locale en-US --arch x86_64 --candle fetches\candle.exe --light fetches\light.exe --setupexe $installerFile --output $installerMSI | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-windows-installer-msi-amd64 | |
| path: obj-*/dist/firefox-*.en-US.win64.installer.msi | |
| compression-level: 0 | |
| windows-msi-gcpEU: | |
| runs-on: windows-2025 | |
| timeout-minutes: 20 | |
| needs: [ windows-build-opt ] | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v5 | |
| - name: "download firefox installer gcpEU" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: firefox-windows-installer-amd64-gcpEU | |
| - name: "install MozillaBuild" | |
| run: | | |
| $client = New-Object system.net.WebClient | |
| $client.DownloadFile("https://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-Latest.exe", "C:\MozillaBuildSetup.exe") | |
| Start-Process "C:\MozillaBuildSetup.exe" -ArgumentList "/S" -Wait -NoNewWindow -PassThru -RedirectStandardOutput "C:\MozillaBuild_install.log" -RedirectStandardError "C:\MozillaBuild_install.err" | |
| - name: "download wix-3.14.0" | |
| run: | | |
| mkdir fetches | |
| cd fetches | |
| ../mach artifact toolchain --from-build fetch-wix-3.14.0 | |
| cd .. | |
| - name: "repackage msi gcp-eu" | |
| run: | | |
| $runtimeVersion = Get-Content ".\browser\config\version_display.txt" | |
| $installerFile = Get-ChildItem -Path .\obj-*\dist\firefox-*.win64.installer.exe | |
| $installerMSI = "$($installerFile.DirectoryName)\firefox-$runtimeVersion.en-US.win64.installer.msi" | |
| ./mach repackage msi --wsx browser/installer/windows/msi/installer.wxs --version $runtimeVersion --locale en-US --arch x86_64 --candle fetches\candle.exe --light fetches\light.exe --setupexe $installerFile --output $installerMSI | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-windows-installer-msi-amd64-gcpEU | |
| path: obj-*/dist/firefox-*.en-US.win64.installer.msi | |
| compression-level: 0 | |
| macOS-build-vm: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| outputs: | |
| instance_name: ${{ steps.create_vm.outputs.instance_name }} | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: create_vm | |
| uses: ./.github/actions/create-vm | |
| with: | |
| instance_kind: "macos-build" | |
| extra_labels: "build,MacCross,ARM64" | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| macOS-build-vm-clean: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| environment: Credentials | |
| needs: [ macOS-build-vm, macOS-build-opt ] | |
| if: "always()" | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: | | |
| .github/actions/ | |
| sparse-checkout-cone-mode: false | |
| - id: delete_vm | |
| uses: ./.github/actions/delete-vm | |
| with: | |
| instance_name: ${{ needs.macOS-build-vm.outputs.instance_name }} | |
| gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}" | |
| github_runner_token: "${{ secrets.GH_RUNNER_TOKEN }}" | |
| macOS-build-opt: | |
| runs-on: [ self-hosted, MacCross, ARM64 ] | |
| timeout-minutes: 30 | |
| needs: macos-build-vm | |
| env: | |
| MOZCONFIG: ${{ github.workspace }}/build/macosx/mozconfig.ci.enterprise | |
| steps: | |
| - name: "clean state" | |
| id: clean | |
| run: | | |
| rm -fr ./* | |
| - name: checkout | |
| uses: actions/checkout@v5 | |
| - name: "check mozconfig" | |
| run: | | |
| ls -hal $MOZCONFIG | |
| cat $MOZCONFIG | |
| - name: setup | |
| run: | | |
| rustup default 1.89 | |
| rustup target add aarch64-apple-darwin | |
| - name: build | |
| run: | | |
| export PATH=$HOME/.cargo/bin:$PATH | |
| ./mach build | |
| - name: "package unsigned" | |
| env: | |
| RUN_FIND_DUPES: 1 | |
| run: | | |
| export PATH=$HOME/.cargo/bin:$PATH | |
| ./mach package | |
| DMG_FILE=$(find obj-*/dist/ -type f -name "*.mac.dmg") | |
| DMG_UNSIGNED=$(echo "$DMG_FILE" | sed -e "s/.dmg$/.unsigned.dmg/g") | |
| cp "$DMG_FILE" "$DMG_UNSIGNED" | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-macOS-unsigned-aarch64 | |
| path: obj-*/dist/firefox-*.unsigned.dmg* | |
| compression-level: 0 | |
| - name: "signature and repackage" | |
| run: | | |
| export PATH=$HOME/.cargo/bin:$PATH | |
| echo -n "$(uuidgen)" > firefoxEnterprise_pass.p12 | |
| DMG_FILE=$(find obj-*/dist/ -type f -name "*.mac.dmg") | |
| DMG_SIGNED=$(echo "$DMG_FILE" | sed -e "s/.dmg$/.signed.dmg/g") | |
| PKG_SIGNED=$(echo "$DMG_FILE" | sed -e "s/.dmg$/.signed.pkg/g") | |
| HFSPLUS_FILE="$(basename $DMG_FILE .dmg).hfsplus" | |
| OBJDIR=$(find obj-* -maxdepth 0 -type d) | |
| rcodesign generate-self-signed-certificate --person-name FirefoxEnterprise --p12-file firefoxEnterprise.p12 --p12-password "$(cat firefoxEnterprise_pass.p12)" | |
| ~/.mozbuild/dmg/dmg extract $DMG_FILE $OBJDIR/dist/$HFSPLUS_FILE | |
| mkdir $OBJDIR/dist/hfs/ | |
| pushd $OBJDIR/dist/hfs/ | |
| ~/.mozbuild/dmg/hfsplus ../$HFSPLUS_FILE extractall | |
| popd | |
| APP_FILE="$(find obj-*/dist/hfs/ -maxdepth 1 -type d -name '*.app')" | |
| ./mach macos-sign -v -c nightly -e developer -r -f firefoxEnterprise.p12 -p firefoxEnterprise_pass.p12 -a "${APP_FILE}" | |
| APP_FILENAME="$(basename "$APP_FILE")" | |
| tar -Jcf $OBJDIR/dist/nightly_signed.tar.gz -C $OBJDIR/dist/hfs/ .background .DS_Store .VolumeIcon.icns "$APP_FILENAME" | |
| ./mach repackage dmg -i $PWD/$OBJDIR/dist/nightly_signed.tar.gz -o $PWD/$DMG_SIGNED | |
| ./mach repackage pkg -i $PWD/$OBJDIR/dist/nightly_signed.tar.gz -o $PWD/$PKG_SIGNED | |
| rm $OBJDIR/dist/nightly_signed.tar.gz | |
| rm -fr $OBJDIR/dist/hfs/ | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-macOS-signed-aarch64_dmg | |
| path: obj-*/dist/firefox-*.signed.dmg* | |
| compression-level: 0 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-macOS-signed-aarch64_pkg | |
| path: obj-*/dist/firefox-*.signed.pkg* | |
| compression-level: 0 | |
| - name: "package gcp-eu" | |
| env: | |
| RUN_FIND_DUPES: 1 | |
| run: | | |
| sed -i.bak "s|https://console.enterfox.eu|https://console-gcp-eu.enterfox.eu|g" browser/branding/enterprise/pref/firefox-enterprise.js | |
| ./mach package | |
| - name: "signature and repackage for gcp-eu" | |
| run: | | |
| export PATH=$HOME/.cargo/bin:$PATH | |
| echo -n "$(uuidgen)" > firefoxEnterprise_pass.p12 | |
| DMG_FILE=$(find obj-*/dist/ -type f -name "*.mac.dmg") | |
| DMG_SIGNED=$(echo "$DMG_FILE" | sed -e "s/.dmg$/.signed.dmg/g") | |
| PKG_SIGNED=$(echo "$DMG_FILE" | sed -e "s/.dmg$/.signed.pkg/g") | |
| HFSPLUS_FILE="$(basename $DMG_FILE .dmg).hfsplus" | |
| OBJDIR=$(find obj-* -maxdepth 0 -type d) | |
| rcodesign generate-self-signed-certificate --person-name FirefoxEnterprise --p12-file firefoxEnterprise.p12 --p12-password "$(cat firefoxEnterprise_pass.p12)" | |
| ~/.mozbuild/dmg/dmg extract $DMG_FILE $OBJDIR/dist/$HFSPLUS_FILE | |
| mkdir $OBJDIR/dist/hfs/ | |
| pushd $OBJDIR/dist/hfs/ | |
| ~/.mozbuild/dmg/hfsplus ../$HFSPLUS_FILE extractall | |
| popd | |
| APP_FILE="$(find obj-*/dist/hfs/ -maxdepth 1 -type d -name '*.app')" | |
| ./mach macos-sign -v -c nightly -e developer -r -f firefoxEnterprise.p12 -p firefoxEnterprise_pass.p12 -a "${APP_FILE}" | |
| APP_FILENAME="$(basename "$APP_FILE")" | |
| tar -Jcf $OBJDIR/dist/nightly_signed.tar.gz -C $OBJDIR/dist/hfs/ .background .DS_Store .VolumeIcon.icns "$APP_FILENAME" | |
| ./mach repackage dmg -i $PWD/$OBJDIR/dist/nightly_signed.tar.gz -o $PWD/$DMG_SIGNED | |
| ./mach repackage pkg -i $PWD/$OBJDIR/dist/nightly_signed.tar.gz -o $PWD/$PKG_SIGNED | |
| rm $OBJDIR/dist/nightly_signed.tar.gz | |
| rm -fr $OBJDIR/dist/hfs/ | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-macOS-signed-aarch64-gcpEU_dmg | |
| path: obj-*/dist/firefox-*.signed.dmg* | |
| compression-level: 0 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: firefox-macOS-signed-aarch64-gcpEU_pkg | |
| path: obj-*/dist/firefox-*.signed.pkg* | |
| compression-level: 0 | |
| macOS-test: | |
| timeout-minutes: 20 | |
| runs-on: [self-hosted, MacNative, ARM64] | |
| needs: [ macOS-build-opt, package-tests ] | |
| steps: | |
| - name: "clean state" | |
| id: clean | |
| run: | | |
| rm -fr ./* | |
| - name: "download firefox build" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: firefox-macOS-signed-aarch64_dmg | |
| - name: "download enterprise tests" | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: enterprise-tests | |
| - name: "attach" | |
| id: attach | |
| run: | | |
| DMG_FILE=$(find ./obj-aarch64-apple-darwin/dist -type f -name "firefox*.dmg") | |
| MOUNT_DIR=$(hdiutil attach "${DMG_FILE}" | grep "/Volumes" | sed -e "s/.*\/Volumes/\/Volumes/g") | |
| echo "Mounted ${DMG_FILE} at ${MOUNT_DIR}" | |
| echo "mount_dir='${MOUNT_DIR}'" >> "$GITHUB_OUTPUT" | |
| RUNTIME_PATH=$(find "${MOUNT_DIR}" -type f -name "firefox") | |
| echo "runtime_path=$RUNTIME_PATH" >> "$GITHUB_OUTPUT" | |
| codesign -vv "$MOUNT_DIR/Firefox Enterprise.app" | |
| - name: "install python" | |
| run: | | |
| python3 -m venv venv_tests | |
| - name: "install deps" | |
| run: | | |
| curl -sSL https://github.com/mozilla/geckodriver/releases/download/v0.36.0/geckodriver-v0.36.0-macos-aarch64.tar.gz | tar -xf - | |
| . venv_tests/bin/activate | |
| pip3 install -r requirements.txt | |
| - name: "test firefox start" | |
| run: | | |
| RUNTIME_VERSION=$("${{ steps.attach.outputs.runtime_path }}" --version | awk '{ print $3 }') | |
| sed -e "s/#RUNTIME_VERSION#/${RUNTIME_VERSION}/g" < firefox_start.json.in > firefox_start.json | |
| mkdir -p ./profiles/ | |
| . venv_tests/bin/activate | |
| python3 test_firefox_start.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser starts from felt using CLI argument" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_starts_fromCli.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser starts from felt using environment variable" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_starts_fromEnv.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser about:config is blocked" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_about_config_blocked.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test device posture" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_device_posture.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser signout" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_signout.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser fxa" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_fxa.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser safe mode" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_safe_mode.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser external link" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_external_link.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser restart is a quit" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_restart_is_quit.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - name: "test browser restart works" | |
| run: | | |
| . venv_tests/bin/activate | |
| MOZ_LOG=console:5 python3 test_felt_browser_restart_works.py "${{ steps.attach.outputs.runtime_path }}" $PWD/geckodriver $PWD/profiles/ | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: macOS-tests-results | |
| path: | | |
| geckodriver.log | |
| screenshot_*.png | |
| compression-level: 0 | |
| if: "always()" | |
| - name: "detach" | |
| if: "always()" | |
| run: | | |
| pkill -f "${{ steps.attach.outputs.runtime_path }}" || echo "Already dead" | |
| hdiutil unmount -force -whole ${{ steps.attach.outputs.mount_dir }} | |
| rm -fr ./obj-aarch64-apple-darwin/ | |
| lints: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 10 | |
| - name: Cache lint dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo | |
| ~/.npm | |
| ~/.mozbuild | |
| node_modules | |
| key: lint-${{ runner.os }}-${{ hashFiles('package-lock.json', 'Cargo.lock') }} | |
| restore-keys: | | |
| lint-${{ runner.os }}- | |
| - name: Run lint checks | |
| run: | | |
| ./mach lint --outgoing ${{ github.event.pull_request.base.sha }} --warnings=soft |