Safari Technology Preview is stuck at version 125

[foolip]

The latest update of Safari Technology Preview version used in WPT was in #29133 back in May.

After that, STP began requiring macOS 11, which for a long time wasn't available on Azure Pipelines. When it finally became available, my attempt to upgrade in #30256 failed because installing certificates is no longer possible due to SIP. (WPT uses a "web-platform.test" domain and many subdomains.)

At this point there's seemingly nothing that can be done about the situation without some change to macOS or Safari itself.

I'm filing this issue to give it greater visibility/linkability, since I've gotten the question multiple times recently, and Jen asked on Twitter today.

cc @gsnedders @jensimmons

[foolip]

Since there have been frequent issues with running web-platform-tests against Safari in a CI system over the years, I'll take this chance to summarize what WPT needs and what has tended to break so far:

• sudo safaridriver --enable has to work and make it possible for the user (not root) to start Safari via safaridriver. Different workarounds have been needed over time as this has only rarely worked without issue.
• The Safari instance launched by safaridriver has to recognize a custom certificate root and certificate, used for the web-platform.test domain. This was possible using sudo security add-trusted-cert until macOS 11. But if there was a way to provide the certificate to safaridriver and it was only valid for automated testing, that would solve the problem too.
• The WebDriver implementation has to be pretty solid. There hasn't been a problem recently, but infrastructure/ tests don't work with Safari Technology Preview 68 #13800 is an example from a few years ago.

The way that WPT has to use Safari is different from a web developer running tests on their own machine. It seems to me like this can only be fixed by testing Safari in public CI systems in the macOS and Safari release process, because once a problem is in a stable release, we end up blocked for a very long time.

Finally, Azure Pipelines and other public CI systems take time to support a new version of macOS, and we as the web-platform-tests project have no influence over this. However, as long as Safari supports the two latest versions of macOS, this isn't a big problem as long as upgrading isn't blocked like it is now.

[foolip]

In web-platform-tests/wpt.fyi#2668, @stephenmcgruer made https://staging.wpt.fyi/compat2021?feature=summary&use_webkitgtk as a stop-gap to allow us to see the trends of Compat 2021 with WebKitGTK standing in for Safari.

[Schweinepriester]

https://webkit.org/blog/12040/release-notes-for-safari-technology-preview-135/

Added support for the acceptInsecureCerts capability (r285164)

Might that be something? Immediately thought of this issue :)

EDIT: Ah, @gsnedders is already trying it out, apologies 0:-)

[gsnedders]

EDIT: Ah, @gsnedders is already trying it out, apologies 0:-)

It's almost like I was twiddling my thumbs waiting for STP 135 to go live 🙃 (and it turns out I'd forgotten about a bunch of bash/zsh differences, but hey)

But yeah, now have a full manually triggered run underway using STP 135, and I don't suspect that's going to go badly wrong, but we'll just have to wait and see.

[gsnedders]

And we have STP135 on wpt.fyi. Not on the homepage because there's no aligned Edge run.