From 0f586241e84ea9e1b79bbbafc880e41e018168e8 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Mon, 14 Jul 2025 15:45:25 +0200 Subject: [PATCH 1/3] CI: run browser tests also on Windows --- .github/workflows/tests.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 62a87a9f..c89cc919 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -63,8 +63,7 @@ jobs: matrix: # run on all main platforms to test platform-specific code, if present # (e.g. webkit's WebCrypto API implementation is different in macOS vs Linux) - # TODO: windows-latest fails to fetch resources from the wtr server; investigate if the problem is with path declaration or permissions - runner: ['ubuntu-latest', 'macos-latest'] + runner: ['ubuntu-latest', 'macos-latest', 'windows-latest'] runs-on: ${{ matrix.runner }} steps: @@ -79,6 +78,7 @@ jobs: dist test/lib key: cache-${{ github.sha }} + enableCrossOsArchive: true - name: Install dependencies # cannot use `--ignore-scripts` since playwright seems to use it to set ENV vars @@ -88,13 +88,15 @@ jobs: - name: Get Playwright version and cache location id: playwright-version + if: ${{ matrix.runner != 'windows-latest' }} # setting env vars does not work in windows, it'd require custom handling run: | - PLAYWRIGHT_VERSION=$(npm ls playwright --depth=0 | grep playwright | sed 's/.*@//') + PLAYWRIGHT_VERSION=$(npx playwright --version | sed 's/^Version //') echo "version=$PLAYWRIGHT_VERSION" >> $GITHUB_OUTPUT PLAYWRIGHT_CACHE=${{ fromJSON('{"ubuntu-latest": "~/.cache/ms-playwright", "macos-latest": "~/Library/Caches/ms-playwright"}')[matrix.runner] }} echo "playwright_cache=$PLAYWRIGHT_CACHE" >> $GITHUB_OUTPUT - name: Check for cached browsers id: cache-playwright-browsers + if: ${{ matrix.runner != 'windows-latest' }} uses: actions/cache@v4 with: path: ${{ steps.playwright-version.outputs.playwright_cache }} From faeceec49e585fc6df1aeb5541a72d8d2f0027e5 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Mon, 14 Jul 2025 18:44:26 +0200 Subject: [PATCH 2/3] CI: set `fail-on-cache-miss` for cached build folders --- .github/workflows/tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c89cc919..2fef76fc 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -52,7 +52,7 @@ jobs: dist test/lib key: cache-${{ github.sha }} - # ignore cache miss, since it was taken care of the `build` step and it should never occur here + fail-on-cache-miss: true # sanity check for runner issues or misconfigurations - run: npm test test-browsers-latest: @@ -79,6 +79,7 @@ jobs: test/lib key: cache-${{ github.sha }} enableCrossOsArchive: true + fail-on-cache-miss: true # sanity check for runner issues or misconfigurations - name: Install dependencies # cannot use `--ignore-scripts` since playwright seems to use it to set ENV vars From c1ea7ca4646c0564123509fc89f9f18f5132ff11 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Tue, 15 Jul 2025 13:50:06 +0200 Subject: [PATCH 3/3] Tests: update ECDH negative test expectations to match WebKit Windows behavior AES-KW unwrapping failure does not throw an OperationError there, instead it returns an empty buffer, which then fails to be PKCS5 decoded. --- test/crypto/ecdh.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/crypto/ecdh.js b/test/crypto/ecdh.js index de17e9a8..e44c8a32 100644 --- a/test/crypto/ecdh.js +++ b/test/crypto/ecdh.js @@ -91,13 +91,13 @@ export default () => describe('ECDH key exchange @lightweight', function () { 'secp256k1', 2, 7, secp256k1_value, secp256k1_point, secp256k1_invalid_point, secp256k1_data, [] )).to.be.rejectedWith(/Public key is not valid for specified curve|Failed to translate Buffer to a EC_POINT|bad point/).notify(done); }); - it('Invalid key data integrity', function (done) { + it('Invalid key data integrity', async function () { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); } - expect(decrypt_message( + await expect(decrypt_message( 'secp256k1', 2, 7, secp256k1_value, secp256k1_point, secp256k1_point, secp256k1_data, [] - )).to.be.rejectedWith(/Key Data Integrity failed/).notify(done); + )).to.be.rejectedWith(/Key Data Integrity faile|Invalid padding/); // invalid padding thrown by webkit on Windows }); const Q1 = new Uint8Array([ @@ -160,7 +160,7 @@ export default () => describe('ECDH key exchange @lightweight', function () { const { publicKey: V, wrappedKey: C } = await ecdh.encrypt(oid, kdfParams, data, Q1, fingerprint1); await expect( ecdh.decrypt(oid, kdfParams, V, C, Q2, d2, fingerprint1) - ).to.be.rejectedWith(/Key Data Integrity failed/); + ).to.be.rejectedWith(/Key Data Integrity failed|Invalid padding/); // invalid padding thrown by webkit on Windows }); it('Invalid fingerprint', async function () { @@ -171,7 +171,7 @@ export default () => describe('ECDH key exchange @lightweight', function () { const { publicKey: V, wrappedKey: C } = await ecdh.encrypt(oid, kdfParams, data, Q2, fingerprint1); await expect( ecdh.decrypt(oid, kdfParams, V, C, Q2, d2, fingerprint2) - ).to.be.rejectedWith(/Key Data Integrity failed/); + ).to.be.rejectedWith(/Key Data Integrity failed|Invalid padding/); // invalid padding thrown by webkit on Windows }); it('Successful exchange x25519 (legacy)', async function () {