From 913600249f4b36fc7cd9ef7114790e8ecc7483f5 Mon Sep 17 00:00:00 2001
From: "Ilia.Shulgin" <ilia.shulgin@jetbrains.com>
Date: Tue, 5 May 2026 14:42:04 +0200
Subject: [PATCH] Add missing sandboxing e2e configuration for publish workflow

---
 .github/workflows/e2e.yml     | 2 +-
 .github/workflows/publish.yml | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 219fb61..c70840e 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/setup-node@v6
         with:
           node-version: '24'
-      - name: Condfigure sandboxing
+      - name: Configure sandboxing
         run: |
           sudo apt-get update
           sudo apt-get install --yes bubblewrap
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5c8f7e3..53f92b5 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -18,6 +18,14 @@ jobs:
       - uses: actions/setup-node@v6
         with:
           node-version: '24'
+      - name: Configure sandboxing
+        run: |
+          sudo apt-get update
+          sudo apt-get install --yes bubblewrap
+          sudo sysctl -w kernel.unprivileged_userns_clone=1
+          if [ -f /proc/sys/kernel/apparmor_restrict_unprivileged_userns ]; then
+            sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+          fi
       - run: npm ci
       - run: npm run typecheck
       - run: npm test