From 8751d1f108746c2b080a8041914fdb2425b4b036 Mon Sep 17 00:00:00 2001
From: Haochen Tong <i@hexchain.org>
Date: Wed, 29 Jan 2025 13:04:19 +0800
Subject: [PATCH 1/3] Revert "use ubuntu 22"

This reverts commit cc0cdb66ce9346748c1d4f0c1d06b0e0b5a7f5c0.
---
 .github/workflows/release-build.yml     | 8 ++++----
 .github/workflows/release-publish.yml   | 2 +-
 .github/workflows/release-recurring.yml | 4 ++--
 .github/workflows/release-start.yml     | 2 +-
 .github/workflows/sast.yml              | 2 +-
 .github/workflows/test-cli.yml          | 4 ++--
 .github/workflows/test.yml              | 2 +-
 .github/workflows/update-changelog.yml  | 2 +-
 8 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index 2dc0bd8db0f..30f1eb20bab 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
   # shared kong github action for security checking
   generate-sbom-and-upload-assets:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       packages: write
       contents: write # publish sbom to GH releases/tag assets
@@ -47,10 +47,10 @@ jobs:
           - os: windows-latest
             csc_link_secret: ''
             csc_key_password_secret: ''
-          - os: ubuntu-22.04
+          - os: ubuntu-24.04
             csc_link_secret: ''
             csc_key_password_secret: ''
-          - os: ubuntu-22.04-arm
+          - os: ubuntu-24.04-arm
             csc_link_secret: ''
             csc_key_password_secret: ''
     steps:
@@ -250,7 +250,7 @@ jobs:
   update-pull-request:
     timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
     needs: build-and-upload-release-artifacts
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Get release version
         id: release_version
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index c8a39e6f468..3a00940014a 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -20,7 +20,7 @@ env:
 jobs:
   publish:
     timeout-minutes: 15
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       NOTARY_REPOSITORY: ${{ env.NOTARY_REPOSITORY }}
       INSO_BINARY_ARTIFACTS_SUBJECTS_AS_FILE: ${{ steps.cli_binary_hashes.outputs.handle }}
diff --git a/.github/workflows/release-recurring.yml b/.github/workflows/release-recurring.yml
index b5c80375ac8..f661effa51c 100644
--- a/.github/workflows/release-recurring.yml
+++ b/.github/workflows/release-recurring.yml
@@ -30,9 +30,9 @@ jobs:
             build-targets: zip
           - os: windows-latest
             build-targets: portable
-          - os: ubuntu-22.04
+          - os: ubuntu-24.04
             build-targets: tar.gz
-          - os: ubuntu-22.04-arm
+          - os: ubuntu-24.04-arm
             build-targets: tar.gz
     steps:
       - name: Checkout branch
diff --git a/.github/workflows/release-start.yml b/.github/workflows/release-start.yml
index 9476d8d4e89..afdc333abf5 100644
--- a/.github/workflows/release-start.yml
+++ b/.github/workflows/release-start.yml
@@ -19,7 +19,7 @@ on:
 jobs:
   setup-release-branch:
     timeout-minutes: 5
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index 6b9f39d682f..171f89fb01c 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -13,7 +13,7 @@ jobs:
   semgrep:
     timeout-minutes: 5
     name: Semgrep SAST
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       # required for all workflows
       security-events: write
diff --git a/.github/workflows/test-cli.yml b/.github/workflows/test-cli.yml
index 7742857d6b7..5af2e7a21dd 100644
--- a/.github/workflows/test-cli.yml
+++ b/.github/workflows/test-cli.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   Test:
     timeout-minutes: 10
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
@@ -53,7 +53,7 @@ jobs:
         shell: bash
         run: |
           INSO_VERSION="$(jq .version packages/insomnia-inso/package.json -rj)-run.${{ github.run_number }}"
-          PKG_NAME="inso-ubuntu-22.04-$INSO_VERSION"
+          PKG_NAME="inso-ubuntu-24.04-$INSO_VERSION"
           echo "pkg-name=$PKG_NAME" >> $GITHUB_OUTPUT
           echo "inso-version=$INSO_VERSION" >> $GITHUB_OUTPUT
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7d37db8feff..33d51917a2e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   Test:
     timeout-minutes: 20
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml
index 778c70d44db..52060f8783d 100644
--- a/.github/workflows/update-changelog.yml
+++ b/.github/workflows/update-changelog.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   update:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     permissions:
       # Give the default GITHUB_TOKEN write permission to commit and push the

From 7ac3f0a3a9dcfd7e840cf3e8f8c6b8425f8dd17f Mon Sep 17 00:00:00 2001
From: Haochen Tong <i@hexchain.org>
Date: Tue, 28 Jan 2025 21:58:50 +0800
Subject: [PATCH 2/3] fix: smoke test failure on ubuntu 24.04

---
 .github/workflows/release-recurring.yml | 2 +-
 .github/workflows/test.yml              | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-recurring.yml b/.github/workflows/release-recurring.yml
index f661effa51c..cb12936167f 100644
--- a/.github/workflows/release-recurring.yml
+++ b/.github/workflows/release-recurring.yml
@@ -59,7 +59,7 @@ jobs:
       # See https://github.com/electron/electron/issues/42510#issuecomment-2171583086
       - if: ${{ runner.os == 'Linux' }}
         name: Lift unprivileged user namespace restrictions
-        run: sudo sysctl kernel/apparmor_restrict_unprivileged_userns=0
+        run: sudo sysctl kernel/unprivileged_userns_clone=1 kernel/apparmor_restrict_unprivileged_userns=0
 
       - name: Test critical path on packaged electron app
         run: npm run test:package -w packages/insomnia-smoke-test -- --project=Critical
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 33d51917a2e..a12ef7a3398 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -45,6 +45,10 @@ jobs:
       - name: Unit Tests
         run: npm test
 
+      # See https://github.com/electron/electron/issues/42510#issuecomment-2171583086
+      - name: Lift unprivileged user namespace restrictions
+        run: sudo sysctl kernel/unprivileged_userns_clone=1 kernel/apparmor_restrict_unprivileged_userns=0
+
       - name: Build app for smoke tests
         run: NODE_OPTIONS='--max_old_space_size=6144' npm run app-build
 

From 170102774872366ac6b41c743c782b74da3289a0 Mon Sep 17 00:00:00 2001
From: Haochen Tong <i@hexchain.org>
Date: Wed, 29 Jan 2025 13:11:19 +0800
Subject: [PATCH 3/3] fix: rpm/deb/snap packaging on aarch64 linux

---
 .github/workflows/release-build.yml | 38 +++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index 30f1eb20bab..9c07069afbe 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -71,18 +71,40 @@ jobs:
         run: |
           echo "INSO_VERSION=$(jq .version ./packages/${{ env.INSO_PACKAGE_NAME }}/package.json -rj)" >> $GITHUB_ENV
 
-      - name: Package app (Linux ARM64 only)
+      - name: Install dependencies (Linux only)
+        if: runner.os == 'Linux'
+        run: |
+          # install snapcraft
+          sudo snap install snapcraft --classic
+
+          # install fpm for electron-builder
+          sudo gem install fpm
+          fpm --version
+
+      - name: Apply runner system workarounds (ARM64 Linux only)
         if: runner.os == 'Linux' && runner.arch == 'ARM64'
-        shell: bash
-        run: BUILD_TARGETS='tar.gz' npm run app-package
-        env:
-          NODE_OPTIONS: '--max_old_space_size=6144'
+        run: |
+          # install LXD for snap building
+          sudo snap install lxd
 
-      - name: Package app (Linux X64 only)
-        if: runner.os == 'Linux' && runner.arch == 'X64'
+          # initialize lxd default profile
+          sudo lxd init --auto
+
+          # add runner user to lxd group
+          sudo gpasswd -a $USER lxd
+
+          # workaround network issues when docker is started before lxc
+          sudo iptables  -I DOCKER-USER -i lxdbr0 -j ACCEPT
+          sudo iptables  -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+      - name: Package app (Linux only)
+        if: runner.os == 'Linux'
         shell: bash
-        run: npm run app-package
+        # run with sudo to let the lxd group membership take effect
+        run: sudo --user $USER --preserve-env -- bash -c 'npm run app-package'
         env:
+          # https://github.com/electron-userland/electron-builder/issues/6116
+          USE_SYSTEM_FPM: 'true'
           NODE_OPTIONS: '--max_old_space_size=6144'
 
       # If this step fails its possible apple has new license terms which need to be accepted by logging into https://developer.apple.com/account