Monthly Archives: May 2026

SWTBot Tests Failing on GitHub Actions macOS Because of “Welcome to Mac” (Setup Assistant Analytics)

The first workaround

My first attempt was to dismiss the Analytics dialog before starting the SWTBot tests:

- name: Dismiss macOS Analytics setup dialog
  if: runner.os == 'macOS'
  shell: bash
  run: |
    for i in {1..30}; do
      if pgrep -x "Setup Assistant" >/dev/null; then
        echo "Found macOS Setup Assistant; trying to dismiss it"
        osascript <<'APPLESCRIPT' || true
        tell application "System Events"
          if exists process "Setup Assistant" then
            tell process "Setup Assistant"
              set frontmost to true
              delay 0.2
              try
                click button "Continue" of window 1
              on error
                key code 36
              end try
            end tell
          end if
        end tell
    APPLESCRIPT
        sleep 2
        pgrep -x "Setup Assistant" >/dev/null || exit 0
      fi
      sleep 1
    done

- name: Dismiss macOS Analytics setup dialog

if: runner.os == 'macOS'

shell: bash

run: |

for i in {1..30}; do

if pgrep -x "Setup Assistant" >/dev/null; then

echo "Found macOS Setup Assistant; trying to dismiss it"

osascript <<'APPLESCRIPT' || true

tell application "System Events"

if exists process "Setup Assistant" then

tell process "Setup Assistant"

set frontmost to true

delay 0.2

try

click button "Continue" of window 1

on error

key code 36

end try

end tell

end if

end tell

APPLESCRIPT

sleep 2

pgrep -x "Setup Assistant" >/dev/null || exit 0

sleep 1

done

This looked reasonable, but then the failure changed.

The new screenshot showed another Setup Assistant page:

This time it was the “Welcome to Mac” screen.

So the script was managing to click something, but Setup Assistant was still not completely gone. SWTBot was still losing focus before the actual Eclipse application could be tested.

The final workaround

The most robust fix was to avoid heredocs entirely and pass the AppleScript using repeated osascript -e arguments.

Here is the workflow step I now use:

- name: Remove macOS Setup Assistant
  if: runner.os == 'macOS'
  shell: bash
  run: |
    for i in {1..10}; do
      if ! pgrep -x "Setup Assistant" >/dev/null; then
        echo "Setup Assistant is not running"
        exit 0
      fi

      echo "Setup Assistant is running; trying to dismiss it"

      osascript \
        -e 'tell application "System Events"' \
        -e 'if exists process "Setup Assistant" then' \
        -e 'tell process "Setup Assistant"' \
        -e 'set frontmost to true' \
        -e 'delay 0.2' \
        -e 'try' \
        -e 'perform action "AXPress" of button "Continue" of window 1' \
        -e 'end try' \
        -e 'delay 0.5' \
        -e 'end tell' \
        -e 'key code 36' \
        -e 'end if' \
        -e 'end tell' >/dev/null 2>&1 || true

      sleep 2
    done

    echo "Setup Assistant did not go away; killing it"
    pkill -9 -x "Setup Assistant" || true
    sleep 2

    if pgrep -x "Setup Assistant" >/dev/null; then
      echo "::error::Setup Assistant is still running"
      exit 1
    fi

- name: Remove macOS Setup Assistant

if: runner.os == 'macOS'

shell: bash

run: |

for i in {1..10}; do

if ! pgrep -x "Setup Assistant" >/dev/null; then

echo "Setup Assistant is not running"

exit 0

echo "Setup Assistant is running; trying to dismiss it"

osascript \

-e 'tell application "System Events"' \

-e 'if exists process "Setup Assistant" then' \

-e 'tell process "Setup Assistant"' \

-e 'set frontmost to true' \

-e 'delay 0.2' \

-e 'try' \

-e 'perform action "AXPress" of button "Continue" of window 1' \

-e 'end try' \

-e 'delay 0.5' \

-e 'end tell' \

-e 'key code 36' \

-e 'end if' \

-e 'end tell' >/dev/null 2>&1 || true

sleep 2

done

echo "Setup Assistant did not go away; killing it"

pkill -9 -x "Setup Assistant" || true

sleep 2

if pgrep -x "Setup Assistant" >/dev/null; then

echo "::error::Setup Assistant is still running"

exit 1

This does three things:

It checks whether Setup Assistant is running.
It tries to press the visible Continue button.
If Setup Assistant still refuses to disappear, it kills the process before the UI tests start.

After adding this step before launching Eclipse, the SWTBot tests started passing again.

Why this matters for SWTBot

SWTBot tests are particularly sensitive to focus problems.

They do not just test some isolated backend logic. They drive a real UI. If another native macOS window appears in front of the Eclipse workbench, the test can fail in confusing ways:

WidgetNotFoundException
TimeoutException
Could not find shell
Could not find button

WidgetNotFoundException

TimeoutException

Could not find shell

Could not find button

The actual problem may have nothing to do with SWTBot or Eclipse. The test may simply be interacting with the wrong application.

That is why screenshots from failed UI tests are invaluable. Without the screenshot, I would probably have spent a lot more time debugging Eclipse, SWTBot, or my own application.

Running Homebrew Commands with sudo on Linux and macOS

The simple one-command solution

A quick workaround is to resolve the command path before calling sudo:

sudo "$(which nethogs)"

1 2	sudo "$(which nethogs)"

This works because which nethogs is evaluated by your normal shell, using your normal PATH, before sudo runs.

So instead of asking sudo to find nethogs, you give it the full path directly.

A shell function for one command

You can wrap that in a function:

nethogs() {
  sudo "$(which nethogs)" "$@"
}

nethogs() {

sudo "$(which nethogs)" "$@"

}

This lets you run:

nethogs
nethogs eth0
nethogs -d 5

nethogs

nethogs eth0

nethogs -d 5

and still preserve arguments correctly.

A general `brew-sudo` helper

A better cross-platform approach is to define a small helper that asks Homebrew for its prefix, checks both bin and sbin, and then runs the matching executable with sudo.

brew-sudo() {
  if [ "$#" -eq 0 ]; then
    echo "usage: brew-sudo <command> [args...]" >&2
    return 2
  fi

  cmd="$1"
  shift

  prefix="$(brew --prefix)" || return

  for dir in bin sbin; do
    exe="$prefix/$dir/$cmd"
    if [ -x "$exe" ]; then
      sudo "$exe" "$@"
      return $?
    fi
  done

  echo "brew-sudo: $cmd not found in $prefix/bin or $prefix/sbin" >&2
  return 127
}

brew-sudo() {

if [ "$#" -eq 0 ]; then

echo "usage: brew-sudo <command> [args...]" >&2

return 2

cmd="$1"

shift

prefix="$(brew --prefix)" || return

for dir in bin sbin; do

exe="$prefix/$dir/$cmd"

if [ -x "$exe" ]; then

sudo "$exe" "$@"

return $?

done

echo "brew-sudo: $cmd not found in $prefix/bin or $prefix/sbin" >&2

return 127

}

Now you can run Homebrew-installed commands with root privileges like this:

brew-sudo nethogs
brew-sudo nethogs eth0
brew-sudo some-command --some-option

brew-sudo nethogs

brew-sudo nethogs eth0

brew-sudo some-command --some-option

This works across Linux and macOS because brew --prefix returns the correct Homebrew prefix for the current system.

Defining command-specific wrappers

You can then define convenient wrappers in terms of brew-sudo:

nethogs() {
  brew-sudo nethogs "$@"
}

nethogs() {

brew-sudo nethogs "$@"

}

This gives you the best of both worlds:

nethogs
nethogs eth0
nethogs -d 5

nethogs

nethogs eth0

nethogs -d 5

while internally resolving to something like:

sudo /home/linuxbrew/.linuxbrew/sbin/nethogs "$@"

1 2	sudo /home/linuxbrew/.linuxbrew/sbin/nethogs "$@"

on Linux, or the corresponding Homebrew path on macOS.

Full version

Put this in a shell file sourced by both bash and zsh, or copy it into both ~/.bashrc and ~/.zshrc:

brew-sudo() {
  if [ "$#" -eq 0 ]; then
    echo "usage: brew-sudo <command> [args...]" >&2
    return 2
  fi

  cmd="$1"
  shift

  prefix="$(brew --prefix)" || return

  for dir in bin sbin; do
    exe="$prefix/$dir/$cmd"
    if [ -x "$exe" ]; then
      sudo "$exe" "$@"
      return $?
    fi
  done

  echo "brew-sudo: $cmd not found in $prefix/bin or $prefix/sbin" >&2
  return 127
}

nethogs() {
  brew-sudo nethogs "$@"
}

brew-sudo() {

if [ "$#" -eq 0 ]; then

echo "usage: brew-sudo <command> [args...]" >&2

return 2

cmd="$1"

shift

prefix="$(brew --prefix)" || return

for dir in bin sbin; do

exe="$prefix/$dir/$cmd"

if [ -x "$exe" ]; then

sudo "$exe" "$@"

return $?

done

echo "brew-sudo: $cmd not found in $prefix/bin or $prefix/sbin" >&2

return 127

}

nethogs() {

brew-sudo nethogs "$@"

}

A note on `sudo` and Homebrew

This approach does NOT run brew itself with sudo. It only uses brew --prefix to locate Homebrew’s installation directory, then runs a specific Homebrew-installed executable with sudo.

That distinction matters: running brew install or brew upgrade with sudo is generally the wrong approach, but running a tool like nethogs with sudo is appropriate when the tool itself needs root privileges.

Alternative: adding Homebrew to `/etc/sudoers`

Another possible solution is to teach sudo about Homebrew’s executable directories.

On many systems, sudo uses a restricted path configured in /etc/sudoers, often through a setting called secure_path. You can inspect and edit it with:

sudo visudo

1 2	sudo visudo

You may see a line like this:

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

1 2	Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

One could add Homebrew’s bin and sbin directories there. For example, on Linuxbrew:

Defaults secure_path="/home/linuxbrew/.linuxbrew/sbin:/home/linuxbrew/.linuxbrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

1 2	Defaults secure_path="/home/linuxbrew/.linuxbrew/sbin:/home/linuxbrew/.linuxbrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Or on Apple Silicon macOS:

Defaults secure_path="/opt/homebrew/sbin:/opt/homebrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

1 2	Defaults secure_path="/opt/homebrew/sbin:/opt/homebrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

After that, this may work directly:

sudo nethogs

1 2	sudo nethogs

However, this approach has a security tradeoff.

It does not give users new sudo permissions by itself. A user still needs to be allowed to run commands with sudo in the first place. But it does make Homebrew-installed commands part of sudo’s command lookup path.

That can be undesirable because Homebrew prefixes are often writable by the normal user, or by users in an admin group. In general, root’s PATH should avoid directories that non-root users can modify. Otherwise, it becomes easier to run a user-controlled executable as root accidentally.

For that reason, I prefer the wrapper approach shown above.

Bootstrapping chezmoi from HTTPS to SSH After First Apply

The goal

I wanted chezmoi apply to do this at the end of the first run:

detect that the repo remote is using HTTPS
convert it to the SSH form
update origin automatically

For example:

from https://github.com/username/dotfiles.git
to git@github.com:username/dotfiles.git

My first attempt

My first version used a run_once_after_... script that called chezmoi source-path to find the source repo:

#!/bin/sh
set -eu

repo_dir="$(chezmoi source-path)"
cd "$repo_dir"

url="$(git remote get-url origin 2>/dev/null || true)"

case "$url" in
  https://github.com/*)
    ssh_url="$(printf '%s\n' "$url" \
      | sed -E 's#^https://github\.com/([^/]+)/(.+)$#git@github.com:\1/\2#')"
    git remote set-url origin "$ssh_url"
    ;;
esac

#!/bin/sh

set -eu

repo_dir="$(chezmoi source-path)"

cd "$repo_dir"

url="$(git remote get-url origin 2>/dev/null || true)"

case "$url" in

https://github.com/*)

ssh_url="$(printf '%s\n' "$url" \

| sed -E 's#^https://github\.com/([^/]+)/(.+)$#git@github.com:\1/\2#')"

git remote set-url origin "$ssh_url"

;;

esac

But when I ran chezmoi apply, I got this:

chezmoi: timeout obtaining persistent state lock, is another instance of chezmoi running?
chezmoi: .chezmoiscripts/switch-origin-to-ssh.sh: exit status 1

chezmoi: timeout obtaining persistent state lock, is another instance of chezmoi running?

chezmoi: .chezmoiscripts/switch-origin-to-ssh.sh: exit status 1

Why this fails

The problem is that the script is being run by chezmoi apply.

So if the script itself runs another chezmoi command, the second process tries to acquire the same persistent state lock that the original chezmoi apply already holds.

In other words:

chezmoi apply starts
it runs your script
your script runs chezmoi source-path
the nested chezmoi process waits on the lock
eventually it times out

The fix

The solution is to avoid calling chezmoi inside the script.

Instead, make the script a template and use {{ .chezmoi.sourceDir }} to inject the source directory path when chezmoi renders the script.

Here is the working version.

Working script

Create this file:

.chezmoiscripts/run_once_after_switch-origin-to-ssh.sh.tmpl

1 2	.chezmoiscripts/run_once_after_switch-origin-to-ssh.sh.tmpl

Contents:

#!/bin/sh
set -eu

repo_dir='{{ .chezmoi.sourceDir }}'
cd "$repo_dir"

url="$(git remote get-url origin 2>/dev/null || true)"

case "$url" in
  https://github.com/*)
    ssh_url="$(printf '%s\n' "$url" \
      | sed -E 's#^https://github\.com/([^/]+)/(.+)$#git@github.com:\1/\2#')"
    git remote set-url origin "$ssh_url"
    echo "Switched origin to $ssh_url"
    ;;
  *)
    echo "origin already uses SSH or is not a GitHub HTTPS URL: $url"
    ;;
esac

#!/bin/sh

set -eu

repo_dir='{{ .chezmoi.sourceDir }}'

cd "$repo_dir"

url="$(git remote get-url origin 2>/dev/null || true)"

case "$url" in

https://github.com/*)

ssh_url="$(printf '%s\n' "$url" \

| sed -E 's#^https://github\.com/([^/]+)/(.+)$#git@github.com:\1/\2#')"

git remote set-url origin "$ssh_url"

echo "Switched origin to $ssh_url"

;;

echo "origin already uses SSH or is not a GitHub HTTPS URL: $url"

;;

esac

Why this works

There are two important details here.

1. The script is a template

The .tmpl suffix tells chezmoi to render the file before executing it.

That means this line:

repo_dir='{{ .chezmoi.sourceDir }}'

1 2	repo_dir='{{ .chezmoi.sourceDir }}'

gets replaced with the actual source directory path ahead of time.

No extra chezmoi process is needed.

2. The script runs after “apply”, and only once

Because the file name starts with run_once_after_, chezmoi runs it after the apply phase, and only once per machine unless the script changes.

That makes it a good fit for first-boot setup tasks like this one.

A note about the working directory

One subtle point: chezmoi scripts do not run in the source repo by default.

So even though we know the source directory, we still need to explicitly run:

cd "$repo_dir"

1 2	cd "$repo_dir"

before calling git remote get-url or git remote set-url.

Resetting the script state

If you need to test the script again after it has already run successfully, you can clear chezmoi’s script state:

chezmoi state delete-bucket --bucket=scriptState

1 2	chezmoi state delete-bucket --bucket=scriptState

That lets run_once_ scripts execute again.

Final thoughts

This ended up being a neat example of a general chezmoi rule:

If a script is already running inside chezmoi apply, avoid launching chezmoi again from that script.

When you need chezmoi-specific information in a script, templating is often the better solution.

For my bootstrap flow, this gives me the best of both worlds:

clone over HTTPS when no SSH key exists yet
install SSH keys during the first apply
automatically switch the dotfiles repo to SSH at the end

Exactly what I wanted.

If you use a similar bootstrap flow, hopefully, this saves you from the persistent state lock timeout.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Lorenzo Bettini

My Home Page

Monthly Archives: May 2026

SWTBot Tests Failing on GitHub Actions macOS Because of “Welcome to Mac” (Setup Assistant Analytics)

The first workaround

The final workaround

Why this matters for SWTBot

Running Homebrew Commands with sudo on Linux and macOS

The simple one-command solution

A shell function for one command

A general `brew-sudo` helper

Defining command-specific wrappers

Full version

A note on `sudo` and Homebrew

Alternative: adding Homebrew to `/etc/sudoers`

Bootstrapping chezmoi from HTTPS to SSH After First Apply

The goal

My first attempt

Why this fails

The fix

Working script

Why this works

1. The script is a template

2. The script runs after “apply”, and only once

A note about the working directory

Resetting the script state

Final thoughts

The first workaround

The final workaround

Why this matters for SWTBot

The simple one-command solution

A shell function for one command

A general brew-sudo helper

Defining command-specific wrappers

Full version

A note on sudo and Homebrew

Alternative: adding Homebrew to /etc/sudoers

The goal

My first attempt

Why this fails

The fix

Working script

Why this works

1. The script is a template

2. The script runs after “apply”, and only once

A note about the working directory

Resetting the script state

Final thoughts

A general `brew-sudo` helper

A note on `sudo` and Homebrew

Alternative: adding Homebrew to `/etc/sudoers`