From 6eb13c9f799af8dd6472e039314de02e5cfa8e8a Mon Sep 17 00:00:00 2001
From: Deluan <deluan@navidrome.org>
Date: Sat, 17 Feb 2024 14:11:09 -0500
Subject: [PATCH] Run Test job in ci-goreleaser container

---
 .github/workflows/pipeline.yml         | 54 +++++++----------------
 scanner/metadata/taglib/taglib_test.go | 61 +++++++++++++++++++-------
 2 files changed, 60 insertions(+), 55 deletions(-)

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index d4f2d1b6..0080f343 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -8,24 +8,18 @@ on:
   pull_request:
     branches:
       - master
+
 jobs:
   go-lint:
     name: Lint Go code
     runs-on: ubuntu-latest
+    container: deluan/ci-goreleaser:1.22.0-2
     steps:
-      - name: Update ubuntu repo
-        run: sudo apt-get update
-
-      - name: Install taglib
-        run: sudo apt-get install libtag1-dev
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: 1.22.x
-
       - uses: actions/checkout@v4
 
+      - name: Config workspace folder as trusted
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE;  git describe --dirty --always --tags
+
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v4
         with:
@@ -47,26 +41,15 @@ jobs:
           fi
 
   go:
-    name: Test with Go ${{ matrix.go_version }}
+    name: Test Go code
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go_version: [1.22.x, 1.21.x]
+    container: deluan/ci-goreleaser:1.22.0-2
     steps:
-      - name: Update ubuntu repo
-        run: sudo apt-get update
-
-      - name: Install taglib
-        run: sudo apt-get install libtag1-dev ffmpeg
-
       - name: Check out code into the Go module directory
         uses: actions/checkout@v4
 
-      - name: Set up Go ${{ matrix.go_version }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go_version }}
-          cache: true
+      - name: Config workspace folder as trusted
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE;  git describe --dirty --always --tags
 
       - name: Download dependencies
         if: steps.cache-go.outputs.cache-hit != 'true'
@@ -120,39 +103,32 @@ jobs:
     name: Build binaries
     needs: [js, go, go-lint]
     runs-on: ubuntu-latest
+    container: deluan/ci-goreleaser:1.22.0-2
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Config workspace folder as trusted
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE;  git describe --dirty --always --tags
+
       - uses: actions/download-artifact@v4
         with:
           name: js-bundle
           path: ui/build
 
-      - name: Config /github/workspace folder as trusted
-        uses: docker://deluan/ci-goreleaser:1.22.0-2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          args: /bin/bash -c "git config --global --add safe.directory /github/workspace;  git describe --dirty --always --tags"
-
       - name: Run GoReleaser - SNAPSHOT
         if: startsWith(github.ref, 'refs/tags/') != true
-        uses: docker://deluan/ci-goreleaser:1.22.0-2
+        run: goreleaser release --clean --skip=publish --snapshot
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          args: goreleaser release --clean --skip=publish --snapshot
 
       - name: Run GoReleaser - RELEASE
         if: startsWith(github.ref, 'refs/tags/')
-        uses: docker://deluan/ci-goreleaser:1.22.0-2
+        run: goreleaser release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          args: goreleaser release --clean
 
       - uses: actions/upload-artifact@v4
         with:
diff --git a/scanner/metadata/taglib/taglib_test.go b/scanner/metadata/taglib/taglib_test.go
index 56c1e5f2..29d9938f 100644
--- a/scanner/metadata/taglib/taglib_test.go
+++ b/scanner/metadata/taglib/taglib_test.go
@@ -4,6 +4,7 @@ import (
 	"io/fs"
 	"os"
 
+	"github.com/navidrome/navidrome/core/playback/mpv"
 	"github.com/navidrome/navidrome/scanner/metadata"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -11,18 +12,9 @@ import (
 
 var _ = Describe("Extractor", func() {
 	var e *Extractor
-	// This file will have 0222 (no read) permission during these tests
-	var accessForbiddenFile = "tests/fixtures/test_no_read_permission.ogg"
 
 	BeforeEach(func() {
 		e = &Extractor{}
-
-		err := os.Chmod(accessForbiddenFile, 0222)
-		Expect(err).ToNot(HaveOccurred())
-		DeferCleanup(func() {
-			err = os.Chmod(accessForbiddenFile, 0644)
-			Expect(err).ToNot(HaveOccurred())
-		})
 	})
 
 	Describe("Parse", func() {
@@ -30,11 +22,9 @@ var _ = Describe("Extractor", func() {
 			mds, err := e.Parse(
 				"tests/fixtures/test.mp3",
 				"tests/fixtures/test.ogg",
-				accessForbiddenFile,
 			)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(mds).To(HaveLen(2))
-			Expect(mds).ToNot(HaveKey(accessForbiddenFile))
 
 			m := mds["tests/fixtures/test.mp3"]
 			Expect(m).To(HaveKeyWithValue("title", []string{"Song", "Song"}))
@@ -171,20 +161,59 @@ var _ = Describe("Extractor", func() {
 			// ffmpeg -f lavfi -i "sine=frequency=800:duration=1" test.wv
 			Entry("correctly parses wv (wavpak) tags", "test.wv", "1.00", "1", "3.43 dB", "0.125061", "3.43 dB", "0.125061", false),
 
-			// TODO - these breaks in the pipeline as it uses TabLib 1.11. Once Ubuntu 24.04 is released we can uncomment these tests
+			// TODO - these break in the pipeline as it uses TabLib 1.11. Once Ubuntu 24.04 is released we can uncomment these tests
 			// ffmpeg -f lavfi -i "sine=frequency=1000:duration=1" test.wav
 			// Entry("correctly parses wav tags", "test.wav", "1.00", "1", "3.06 dB", "0.125056", "3.06 dB", "0.125056", true),
 
 			// ffmpeg -f lavfi -i "sine=frequency=1400:duration=1" test.aiff
 			// Entry("correctly parses aiff tags", "test.aiff", "1.00", "1", "2.00 dB", "0.124972", "2.00 dB", "0.124972", true),
 		)
+
+		// Skip these tests when running as root
+		Context("Access Forbidden", func() {
+			var accessForbiddenFile string
+			var RegularUserContext = XContext
+			var isRegularUser = os.Getuid() != 0
+			if isRegularUser {
+				RegularUserContext = Context
+			}
+
+			// Only run permission tests if we are not root
+			RegularUserContext("when run without root privileges", func() {
+				BeforeEach(func() {
+					accessForbiddenFile = mpv.TempFileName("access_forbidden", ".mp3")
+
+					f, err := os.OpenFile(accessForbiddenFile, os.O_WRONLY|os.O_CREATE, 0222)
+					Expect(err).ToNot(HaveOccurred())
+
+					DeferCleanup(func() {
+						Expect(f.Close()).To(Succeed())
+						Expect(os.Remove(accessForbiddenFile)).To(Succeed())
+					})
+				})
+
+				It("correctly handle unreadable file due to insufficient read permission", func() {
+					_, err := e.extractMetadata(accessForbiddenFile)
+					Expect(err).To(MatchError(os.ErrPermission))
+				})
+
+				It("skips the file if it cannot be read", func() {
+					files := []string{
+						"tests/fixtures/test.mp3",
+						"tests/fixtures/test.ogg",
+						accessForbiddenFile,
+					}
+					mds, err := e.Parse(files...)
+					Expect(err).NotTo(HaveOccurred())
+					Expect(mds).To(HaveLen(2))
+					Expect(mds).ToNot(HaveKey(accessForbiddenFile))
+				})
+			})
+		})
+
 	})
 
 	Describe("Error Checking", func() {
-		It("correctly handle unreadable file due to insufficient read permission", func() {
-			_, err := e.extractMetadata(accessForbiddenFile)
-			Expect(err).To(MatchError(os.ErrPermission))
-		})
 		It("returns a generic ErrPath if file does not exist", func() {
 			testFilePath := "tests/fixtures/NON_EXISTENT.ogg"
 			_, err := e.extractMetadata(testFilePath)