diff --git a/__tests__/docker/install.test.itg.ts b/__tests__/docker/install.test.itg.ts
index e94b5d83..01c20eb3 100644
--- a/__tests__/docker/install.test.itg.ts
+++ b/__tests__/docker/install.test.itg.ts
@@ -15,7 +15,7 @@
*/
import path from 'path';
-import {jest, describe, expect, test} from '@jest/globals';
+import {jest, describe, expect, test, beforeEach, afterEach} from '@jest/globals';
import {Install} from '../../src/docker/install';
import {Docker} from '../../src/docker/docker';
@@ -24,7 +24,17 @@ import {Docker} from '../../src/docker/docker';
const tmpDir = path.join(process.env.TEMP || '/tmp', 'docker-install-jest');
describe('install', () => {
- jest.retryTimes(2, {logErrorsBeforeRetry: true});
+ const originalEnv = process.env;
+ beforeEach(() => {
+ jest.resetModules();
+ process.env = {
+ ...originalEnv,
+ SIGN_QEMU_BINARY: '1'
+ };
+ });
+ afterEach(() => {
+ process.env = originalEnv;
+ });
// prettier-ignore
test.each(['v24.0.5'])(
'install docker %s', async (version) => {
@@ -40,5 +50,5 @@ describe('install', () => {
await Docker.printInfo();
await install.tearDown();
})()).resolves.not.toThrow();
- }, 100000);
+ }, 600000);
});
diff --git a/src/docker/assets.ts b/src/docker/assets.ts
index 6ebed435..89f46e90 100644
--- a/src/docker/assets.ts
+++ b/src/docker/assets.ts
@@ -336,3 +336,14 @@ mounts: []
# Default: {}
env: {}
`;
+
+export const qemuEntitlements = `
+
+
+
+
+ com.apple.security.hypervisor
+
+
+
+`;
diff --git a/src/docker/install.ts b/src/docker/install.ts
index 3a348e23..0e5f0b51 100644
--- a/src/docker/install.ts
+++ b/src/docker/install.ts
@@ -29,7 +29,7 @@ import * as tc from '@actions/tool-cache';
import {Context} from '../context';
import {Exec} from '../exec';
import {Util} from '../util';
-import {colimaYamlData, dockerServiceLogsPs1, setupDockerLinuxSh, setupDockerWinPs1} from './assets';
+import {colimaYamlData, dockerServiceLogsPs1, qemuEntitlements, setupDockerLinuxSh, setupDockerWinPs1} from './assets';
import {GitHubRelease} from '../types/github';
export interface InstallOpts {
@@ -147,6 +147,21 @@ export class Install {
core.info(colimaCfg);
});
+ const qemuArch = await Install.qemuArch();
+ await core.group('QEMU version', async () => {
+ await Exec.exec(`qemu-system-${qemuArch} --version`);
+ });
+
+ // https://github.com/abiosoft/colima/issues/786#issuecomment-1693629650
+ if (process.env.SIGN_QEMU_BINARY === '1') {
+ await core.group('Signing QEMU binary with entitlements', async () => {
+ const qemuEntitlementsFile = path.join(Context.tmpDir(), 'qemu-entitlements.xml');
+ core.info(`Writing entitlements to ${qemuEntitlementsFile}`);
+ fs.writeFileSync(qemuEntitlementsFile, qemuEntitlements);
+ await Exec.exec(`codesign --sign - --entitlements ${qemuEntitlementsFile} --force /usr/local/bin/qemu-system-${qemuArch}`);
+ });
+ }
+
// colima is already started on the runner so env var added in download
// method is not expanded to the running process.
const envs = Object.assign({}, process.env, {
@@ -154,6 +169,7 @@ export class Install {
}) as {
[key: string]: string;
};
+
await core.group('Starting colima', async () => {
try {
await Exec.exec('colima', ['start', '--very-verbose'], {env: envs});
@@ -377,6 +393,20 @@ export class Install {
});
}
+ private static async qemuArch(): Promise {
+ switch (os.arch()) {
+ case 'x64': {
+ return 'x86_64';
+ }
+ case 'arm64': {
+ return 'aarch64';
+ }
+ default: {
+ return os.arch();
+ }
+ }
+ }
+
public static async getRelease(version: string): Promise {
const url = `https://raw.githubusercontent.com/docker/actions-toolkit/main/.github/docker-releases.json`;
const http: httpm.HttpClient = new httpm.HttpClient('docker-actions-toolkit');