From 095b90b90f973b613fe2c5a74c2c87a30110bbf6 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Tue, 4 Nov 2025 23:04:44 +0000
Subject: [PATCH 1/6] Use DOCKER_HOST env var to find docker socket

---
 .../playwright-screenshots.sh                    | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/packages/element-web-playwright-common/playwright-screenshots.sh b/packages/element-web-playwright-common/playwright-screenshots.sh
index a676491..ca4525f 100755
--- a/packages/element-web-playwright-common/playwright-screenshots.sh
+++ b/packages/element-web-playwright-common/playwright-screenshots.sh
@@ -24,6 +24,20 @@ build_image() {
   docker build -t "$IMAGE_NAME" --build-arg "PLAYWRIGHT_VERSION=$PW_VERSION" "$SCRIPT_DIR"
 }
 
+# Find the docker socket on the host
+case "$DOCKER_HOST" in
+    unix://*)
+        docker_sock="${DOCKER_HOST:7}"
+        ;;
+    "")
+        docker_sock="/var/run/docker.sock"
+        ;;
+    *)
+        echo "$0: unsupported DOCKER_HOST setting '${DOCKER_HOST}'" >&2
+        exit 1;
+        ;;
+esac
+
 RUN_ARGS=(
   --rm
   --network host
@@ -33,7 +47,7 @@ RUN_ARGS=(
   # Bind mount the working directory into the container
   -v $(pwd):/work/
   # Bind mount the docker socket so we can run docker commands from the container
-  -v /var/run/docker.sock:/var/run/docker.sock
+  -v "${docker_sock}":/var/run/docker.sock
   # Bind mount /tmp so we can store temporary files
   -v /tmp/:/tmp/
   -it

From 2e45540045e5a47c623e2c5bf6a1ad2ad4d8d5a3 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Tue, 4 Nov 2025 23:46:13 +0000
Subject: [PATCH 2/6] Disable ryuk reaper in the playwright container

... thus making it possible to use `testcontainers` inside unprivileged
containers.
---
 packages/element-web-playwright-common/Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/element-web-playwright-common/Dockerfile b/packages/element-web-playwright-common/Dockerfile
index c8bf12e..e6ac702 100644
--- a/packages/element-web-playwright-common/Dockerfile
+++ b/packages/element-web-playwright-common/Dockerfile
@@ -6,4 +6,8 @@ WORKDIR /work
 # fonts-dejavu is needed for the same RTL rendering as on CI
 RUN apt-get update && apt-get -y install docker.io fonts-dejavu
 
+# Disable the ryuk resource reaper, because it doesn't work in environments
+# that disallow starting privileged containers (such as rootless containers)
+ENV TESTCONTAINERS_RYUK_DISABLED=true
+
 ENTRYPOINT ["npx", "playwright", "test", "--update-snapshots", "--reporter", "line"]

From e46bf80b53fd086db5bbc6b390510fd52a537a92 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Tue, 4 Nov 2025 23:47:09 +0000
Subject: [PATCH 3/6] playwright-screenshots: clean up output and error
 handling

Somebody wrote those `pushd` and `popd` lines without testing
them. Redirections bind tighter than `||` so those lines were always spamming
the console.

Using `set -e` is more reliable than always checking exit codes anyway.
---
 .../playwright-screenshots.sh                             | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/packages/element-web-playwright-common/playwright-screenshots.sh b/packages/element-web-playwright-common/playwright-screenshots.sh
index ca4525f..6b927f7 100755
--- a/packages/element-web-playwright-common/playwright-screenshots.sh
+++ b/packages/element-web-playwright-common/playwright-screenshots.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 # Handle symlinks here as we tend to be executed as an npm binary
 SCRIPT_PATH=$(readlink -f "$0")
 SCRIPT_DIR=$(dirname "$SCRIPT_PATH")
@@ -83,11 +85,11 @@ done
 build_image
 
 # Ensure we pass all symlinked node_modules to the container
-pushd node_modules || exit > /dev/null
+pushd node_modules > /dev/null
 SYMLINKS=$(find . -maxdepth 2 -type l -not -path "./.bin/*")
-popd || exit > /dev/null
+popd > /dev/null
 for LINK in $SYMLINKS; do
-  TARGET=$(readlink -f "node_modules/$LINK")
+  TARGET=$(readlink -f "node_modules/$LINK") || true
   if [ -d "$TARGET" ]; then
     echo "mounting linked package ${LINK:2} in container"
     RUN_ARGS+=( "-v" "$TARGET:/work/node_modules/${LINK:2}" )

From 5894e674e23e420fa631c962be6756caec0c7f59 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Tue, 4 Nov 2025 23:49:31 +0000
Subject: [PATCH 4/6] Warn about linked node modules under podman

Thanks to a podman bug, the symlink workaround doesn't work there. Let's emit a
noisy warning.
---
 .../playwright-screenshots.sh                        | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/packages/element-web-playwright-common/playwright-screenshots.sh b/packages/element-web-playwright-common/playwright-screenshots.sh
index 6b927f7..99d8d1f 100755
--- a/packages/element-web-playwright-common/playwright-screenshots.sh
+++ b/packages/element-web-playwright-common/playwright-screenshots.sh
@@ -91,6 +91,18 @@ popd > /dev/null
 for LINK in $SYMLINKS; do
   TARGET=$(readlink -f "node_modules/$LINK") || true
   if [ -d "$TARGET" ]; then
+     if docker --version | grep -q podman; then
+        echo -e "\033[31m" >&2
+        cat <<'EOF' >&2
+WARNING: `node_modules` contains symlinks, and the support for this in
+`playwright-screenshots.sh` is broken under podman due to
+https://github.com/containers/podman/issues/25947.
+
+If you get errors such as 'Error: crun: creating `<path>`', then retry this
+having `yarn unlink`ed the relevant node modules.
+EOF
+      echo -e "\033[0m" >&2
+    fi
     echo "mounting linked package ${LINK:2} in container"
     RUN_ARGS+=( "-v" "$TARGET:/work/node_modules/${LINK:2}" )
   fi

From 3b2c7b4ca24fe3a16b4e00d4cac8358778faf6a8 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Wed, 5 Nov 2025 16:22:24 +0000
Subject: [PATCH 5/6] Start Ryuk ourselves

---
 .../element-web-playwright-common/Dockerfile  |  4 ----
 .../playwright-screenshots.sh                 | 20 +++++++++++++++++++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/packages/element-web-playwright-common/Dockerfile b/packages/element-web-playwright-common/Dockerfile
index e6ac702..c8bf12e 100644
--- a/packages/element-web-playwright-common/Dockerfile
+++ b/packages/element-web-playwright-common/Dockerfile
@@ -6,8 +6,4 @@ WORKDIR /work
 # fonts-dejavu is needed for the same RTL rendering as on CI
 RUN apt-get update && apt-get -y install docker.io fonts-dejavu
 
-# Disable the ryuk resource reaper, because it doesn't work in environments
-# that disallow starting privileged containers (such as rootless containers)
-ENV TESTCONTAINERS_RYUK_DISABLED=true
-
 ENTRYPOINT ["npx", "playwright", "test", "--update-snapshots", "--reporter", "line"]
diff --git a/packages/element-web-playwright-common/playwright-screenshots.sh b/packages/element-web-playwright-common/playwright-screenshots.sh
index 99d8d1f..80de4fd 100755
--- a/packages/element-web-playwright-common/playwright-screenshots.sh
+++ b/packages/element-web-playwright-common/playwright-screenshots.sh
@@ -108,4 +108,24 @@ EOF
   fi
 done
 
+# Our Playwright fixtures use Testcontainers [1], which in uses a docker image
+# called Ryuk [2], which will clean up any dangling containers/networks/etc
+# after a timeout, if the parent process dies unexpectedly.
+#
+# To do this, Ryuk requires access to the docker socket, so Testcontainers
+# starts the Ryuk container with a bind-mount of `/var/run/docker.sock`.
+# However, we're going to be running Playwright (and hence Testcontainers)
+# itself in a container, but talking to the Docker daemon on the *host*, which
+# means that bind mounts will be relative to the *host* filesystem. In short,
+# it will try to bind-mount the *host's* `/var/run/docker.sock` rather than
+# that from inside the element-web-playwright-common container.
+#
+# To solve this problem, we start Ryuk ourselves (with the correct docker
+# socket) rather than waiting for Testcontainers to do so. Testcontainers will
+# find the running Ryuk instance and connect to it rather than start a new one.
+#
+# [1] https://testcontainers.com/
+# [2] https://github.com/testcontainers/moby-ryuk
+docker run -d --rm --label org.testcontainers.ryuk=true -v "${docker_sock}":/var/run/docker.sock -p 8080 --name="playwright-ryuk" testcontainers/ryuk:0.14.0
+
 docker run "${RUN_ARGS[@]}" "$IMAGE_NAME" "${DEFAULT_ARGS[@]}" "$@"

From 537c85a0eb53b234e4d93cfc297e5494dc9369e7 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Thu, 6 Nov 2025 11:45:58 +0000
Subject: [PATCH 6/6] Apply suggestion from @richvdh

---
 .../element-web-playwright-common/playwright-screenshots.sh     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/element-web-playwright-common/playwright-screenshots.sh b/packages/element-web-playwright-common/playwright-screenshots.sh
index 80de4fd..e137017 100755
--- a/packages/element-web-playwright-common/playwright-screenshots.sh
+++ b/packages/element-web-playwright-common/playwright-screenshots.sh
@@ -108,7 +108,7 @@ EOF
   fi
 done
 
-# Our Playwright fixtures use Testcontainers [1], which in uses a docker image
+# Our Playwright fixtures use Testcontainers [1], which uses a docker image
 # called Ryuk [2], which will clean up any dangling containers/networks/etc
 # after a timeout, if the parent process dies unexpectedly.
 #