Merge pull request #171 from thawn/copilot/fix-pdf-creation-error

thawn · web-flow · commit 9a1d5e74bf8f · 2026-01-04T23:25:59.000+01:00
Fix PDF generation in Docker containers by adding --no-sandbox flag
diff --git a/src/ttmp32gme/print_handler.py b/src/ttmp32gme/print_handler.py
@@ -19,6 +19,30 @@
 logger = logging.getLogger(__name__)
 
 
+def is_running_in_container() -> bool:
+    """Check if the application is running inside a container (Docker/Podman).
+
+    Returns:
+        True if running in a container, False otherwise
+    """
+    # Check for .dockerenv file (Docker)
+    if Path("/.dockerenv").exists():
+        return True
+
+    # Check /proc/1/cgroup for container runtime indicators
+    try:
+        with open("/proc/1/cgroup", "r") as f:
+            content = f.read()
+            # Look for docker, containerd, or other container runtimes
+            if "docker" in content or "containerd" in content or "lxc" in content:
+                return True
+    except (FileNotFoundError, PermissionError):
+        # /proc/1/cgroup doesn't exist or can't be read (not Linux or no permissions)
+        pass
+
+    return False
+
+
 def format_tracks(
     album: Dict[str, Any], oid_map: Dict[str, Dict[str, int]], db_handler: DBHandler
 ) -> str:
@@ -296,6 +320,14 @@ def create_pdf(
         f"http://localhost:{port}/pdf",
     ]
 
+    # Add --no-sandbox flag when running in containers (Docker/Podman)
+    # This is necessary because containers typically don't have the required
+    # Linux capabilities for Chromium's sandbox to work
+    if is_running_in_container():
+        # Insert after chromium path (first element) but before other args
+        args.insert(1, "--no-sandbox")
+        logger.debug("Running in container, adding --no-sandbox flag to Chromium")
+
     logger.info(f"Creating PDF with {found_name}: {' '.join(args)}")
 
     try:
diff --git a/tests/unit/test_print_handler.py b/tests/unit/test_print_handler.py
@@ -3,7 +3,7 @@
 import sqlite3
 import tempfile
 from pathlib import Path
-from unittest.mock import MagicMock, Mock, patch
+from unittest.mock import MagicMock, Mock, mock_open, patch
 
 import pytest
 
@@ -17,6 +17,7 @@
     format_print_button,
     format_track_control,
     format_tracks,
+    is_running_in_container,
 )
 
 
@@ -407,6 +408,96 @@ def test_create_pdf_tries_multiple_names(
             assert result == pdf_file
             assert mock_popen.called
 
+    @patch("ttmp32gme.print_handler.is_running_in_container")
+    @patch("ttmp32gme.print_handler.time.sleep")
+    @patch("ttmp32gme.print_handler.get_executable_path")
+    @patch("ttmp32gme.print_handler.subprocess.Popen")
+    @patch("ttmp32gme.print_handler.tempfile.mkstemp")
+    @patch("ttmp32gme.print_handler.os.close")
+    def test_create_pdf_in_container_adds_no_sandbox(
+        self,
+        mock_os_close,
+        mock_mkstemp,
+        mock_popen,
+        mock_get_exec,
+        mock_sleep,
+        mock_is_container,
+    ):
+        """Test PDF creation adds --no-sandbox flag when running in container."""
+        chromium_path = "/usr/bin/chromium"
+        mock_get_exec.return_value = chromium_path
+        mock_is_container.return_value = True  # Simulate running in container
+
+        # Mock the process - poll() returns None (still running)
+        mock_process = MagicMock()
+        mock_process.poll.return_value = None
+        mock_process.stderr.read.return_value = ""  # No errors in stderr
+        mock_popen.return_value = mock_process
+
+        with tempfile.TemporaryDirectory() as tmpdir:
+            # Mock tempfile.mkstemp to return a path in our temp directory
+            pdf_file = Path(tmpdir) / "ttmp32gme_print_test.pdf"
+            mock_mkstemp.return_value = (999, str(pdf_file))
+
+            # Create the PDF file so the function succeeds
+            pdf_file.write_text("fake pdf content")
+
+            result = create_pdf(10020)
+
+            assert result is not None
+            assert result == pdf_file
+            assert mock_popen.called
+
+            # Verify --no-sandbox flag is present in arguments
+            call_args = mock_popen.call_args[0][0]
+            assert "--no-sandbox" in call_args
+            # Verify it's positioned right after chromium path
+            chromium_index = call_args.index(chromium_path)
+            assert call_args[chromium_index + 1] == "--no-sandbox"
+
+    @patch("ttmp32gme.print_handler.is_running_in_container")
+    @patch("ttmp32gme.print_handler.time.sleep")
+    @patch("ttmp32gme.print_handler.get_executable_path")
+    @patch("ttmp32gme.print_handler.subprocess.Popen")
+    @patch("ttmp32gme.print_handler.tempfile.mkstemp")
+    @patch("ttmp32gme.print_handler.os.close")
+    def test_create_pdf_not_in_container_no_sandbox_flag(
+        self,
+        mock_os_close,
+        mock_mkstemp,
+        mock_popen,
+        mock_get_exec,
+        mock_sleep,
+        mock_is_container,
+    ):
+        """Test PDF creation does NOT add --no-sandbox flag when not in container."""
+        mock_get_exec.return_value = "/usr/bin/chromium"
+        mock_is_container.return_value = False  # Simulate NOT running in container
+
+        # Mock the process - poll() returns None (still running)
+        mock_process = MagicMock()
+        mock_process.poll.return_value = None
+        mock_process.stderr.read.return_value = ""  # No errors in stderr
+        mock_popen.return_value = mock_process
+
+        with tempfile.TemporaryDirectory() as tmpdir:
+            # Mock tempfile.mkstemp to return a path in our temp directory
+            pdf_file = Path(tmpdir) / "ttmp32gme_print_test.pdf"
+            mock_mkstemp.return_value = (999, str(pdf_file))
+
+            # Create the PDF file so the function succeeds
+            pdf_file.write_text("fake pdf content")
+
+            result = create_pdf(10020)
+
+            assert result is not None
+            assert result == pdf_file
+            assert mock_popen.called
+
+            # Verify --no-sandbox flag is NOT present in arguments
+            call_args = mock_popen.call_args[0][0]
+            assert "--no-sandbox" not in call_args
+
 
 class TestFormatPrintButton:
     """Test format_print_button function."""
@@ -444,3 +535,98 @@ def test_format_print_button_linux_with_chromium(self, mock_get_exec, mock_syste
 
         assert "Print This Page</button>" in result
         assert "Save as PDF</button>" in result
+
+
+class TestIsRunningInContainer:
+    """Test is_running_in_container function."""
+
+    @patch("ttmp32gme.print_handler.Path")
+    def test_dockerenv_exists(self, mock_path):
+        """Test container detection when .dockerenv file exists."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = True
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is True
+        mock_path.assert_called_once_with("/.dockerenv")
+
+    @patch("builtins.open", new_callable=mock_open, read_data="12:pids:/docker/abc123")
+    @patch("ttmp32gme.print_handler.Path")
+    def test_docker_in_cgroup(self, mock_path, mock_file):
+        """Test container detection from /proc/1/cgroup with docker."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = False
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is True
+        mock_file.assert_called_once_with("/proc/1/cgroup", "r")
+
+    @patch(
+        "builtins.open",
+        new_callable=mock_open,
+        read_data="12:pids:/system.slice/containerd.service",
+    )
+    @patch("ttmp32gme.print_handler.Path")
+    def test_containerd_in_cgroup(self, mock_path, mock_file):
+        """Test container detection from /proc/1/cgroup with containerd."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = False
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is True
+
+    @patch(
+        "builtins.open", new_callable=mock_open, read_data="12:pids:/lxc/container123"
+    )
+    @patch("ttmp32gme.print_handler.Path")
+    def test_lxc_in_cgroup(self, mock_path, mock_file):
+        """Test container detection from /proc/1/cgroup with lxc."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = False
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is True
+
+    @patch("builtins.open", new_callable=mock_open, read_data="12:pids:/init.scope")
+    @patch("ttmp32gme.print_handler.Path")
+    def test_not_in_container(self, mock_path, mock_file):
+        """Test container detection returns False on normal system."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = False
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is False
+
+    @patch("builtins.open", side_effect=FileNotFoundError())
+    @patch("ttmp32gme.print_handler.Path")
+    def test_cgroup_not_found(self, mock_path, mock_file):
+        """Test container detection when /proc/1/cgroup doesn't exist."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = False
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is False
+
+    @patch("builtins.open", side_effect=PermissionError())
+    @patch("ttmp32gme.print_handler.Path")
+    def test_cgroup_permission_error(self, mock_path, mock_file):
+        """Test container detection when /proc/1/cgroup can't be read."""
+        mock_dockerenv = Mock()
+        mock_dockerenv.exists.return_value = False
+        mock_path.return_value = mock_dockerenv
+
+        result = is_running_in_container()
+
+        assert result is False
