habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

web: lint package-lock.json file (#10157)

Browse Source 
* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: replace ad-hoc test for package-lock.json file with a tool

Testing to see if a package-lock entry has a `resolved` field hasn't
been a reliable test of that entry's validity for several years
now.  The best options we have now are to ensure that every download
occurs over https, and that every download only happens from fully
vetted sources such as NPM and Github. [Liran Tal's Lockfile-Lint
tool](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/)
does this for package-lock.json files made with NPM or Yarn.

* web: update CI workflows to use `lockfile-lint` for validity checking

* Still getting familiar with the workflows thing.

* ci: refactor ci-web linting

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* try again

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* and again

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* rework ci-website

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Ken Sternberg
2024-06-27 10:42:59 -07:00
committed by GitHub
parent 861992f576
commit cb4bc5bd87
6 changed files with 2897 additions and 5266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
.github/workflows/ci-web.yml vendored
View File

@ -12,14 +12,32 @@ on:
- version-*
jobs:
lint-eslint:
lint:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
command:
- lint
- lint:lockfile
- tsc
- prettier-check
project:
- web
- tests/wdio
include:
- command: lit-analyse
project: web
extra_setup: |
# lit-analyse doesn't understand path rewrites, so make it
# belive it's an actual module
cd node_modules/@goauthentik
ln -s ../../src/ web
exclude:
- command: lint:lockfile
project: tests/wdio
- command: tsc
project: tests/wdio
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
@ -28,85 +46,17 @@ jobs:
cache: "npm"
cache-dependency-path: ${{ matrix.project }}/package-lock.json
- working-directory: ${{ matrix.project }}/
run: npm ci
- name: Generate API
run: make gen-client-ts
- name: Eslint
working-directory: ${{ matrix.project }}/
run: npm run lint
lint-lockfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- working-directory: web/
run: |
[ -z "$(jq -r '.packages | to_entries[] | select((.key | startswith("node_modules")) and (.value | has("resolved") | not)) | .key' < package-lock.json)" ]
lint-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: web/package.json
cache: "npm"
cache-dependency-path: web/package-lock.json
- working-directory: web/
run: npm ci
- name: Generate API
run: make gen-client-ts
- name: TSC
working-directory: web/
run: npm run tsc
lint-prettier:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
project:
- web
- tests/wdio
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: ${{ matrix.project }}/package.json
cache: "npm"
cache-dependency-path: ${{ matrix.project }}/package-lock.json
- working-directory: ${{ matrix.project }}/
run: npm ci
- name: Generate API
run: make gen-client-ts
- name: prettier
working-directory: ${{ matrix.project }}/
run: npm run prettier-check
lint-lit-analyse:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: web/package.json
cache: "npm"
cache-dependency-path: web/package-lock.json
- working-directory: web/
run: |
npm ci
# lit-analyse doesn't understand path rewrites, so make it
# belive it's an actual module
cd node_modules/@goauthentik
ln -s ../../src/ web
${{ matrix.extra_setup }}
- name: Generate API
run: make gen-client-ts
- name: lit-analyse
working-directory: web/
run: npm run lit-analyse
- name: Lint
working-directory: ${{ matrix.project }}/
run: npm run ${{ matrix.command }}
ci-web-mark:
needs:
- lint-lockfile
- lint-eslint
- lint-prettier
- lint-lit-analyse
- lint-build
- lint
runs-on: ubuntu-latest
steps:
- run: echo mark

27
.github/workflows/ci-website.yml vendored
View File

@ -12,27 +12,21 @@ on:
- version-*
jobs:
lint-lockfile:
lint:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
command:
- lint:lockfile
- prettier-check
steps:
- uses: actions/checkout@v4
- working-directory: website/
run: |
[ -z "$(jq -r '.packages | to_entries[] | select((.key | startswith("node_modules")) and (.value | has("resolved") | not)) | .key' < package-lock.json)" ]
lint-prettier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: website/package.json
cache: "npm"
cache-dependency-path: website/package-lock.json
- working-directory: website/
run: npm ci
- name: prettier
- name: Lint
working-directory: website/
run: npm run prettier-check
run: npm run ${{ matrix.command }}
test:
runs-on: ubuntu-latest
steps:
@ -69,8 +63,7 @@ jobs:
run: npm run ${{ matrix.job }}
ci-website-mark:
needs:
- lint-lockfile
- lint-prettier
- lint
- test
- build
runs-on: ubuntu-latest

7907
web/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

4
web/package.json
View File

@ -15,11 +15,12 @@
"build-proxy": "run-s build-locales esbuild:build-proxy",
"watch": "run-s build-locales esbuild:watch",
"lint": "cross-env NODE_OPTIONS='--max_old_space_size=65536' eslint . --max-warnings 0 --fix",
"lint:lockfile": "lockfile-lint --path package.json --type npm --allowed-hosts npm --validate-https",
"lint:precommit": "bun scripts/eslint-precommit.mjs",
"lint:spelling": "node scripts/check-spelling.mjs",
"lit-analyse": "lit-analyzer src",
"postinstall": "bash scripts/patch-spotlight.sh",
"precommit": "npm-run-all --parallel tsc lit-analyse lint:spelling --sequential lint:precommit prettier",
"precommit": "npm-run-all --parallel tsc lit-analyse lint:spelling lint:lockfile --sequential lint:precommit prettier",
"prequick": "run-s tsc:execute lit-analyse lint:precommit lint:spelling",
"prettier-check": "prettier --check .",
"prettier": "prettier --write .",
@ -118,6 +119,7 @@
"github-slugger": "^2.0.0",
"glob": "^10.4.2",
"lit-analyzer": "^2.0.3",
"lockfile-lint": "^4.14.0",
"npm-run-all": "^4.1.5",
"prettier": "^3.3.2",
"pseudolocale": "^2.0.0",

113
website/package-lock.json generated
View File

@ -35,6 +35,7 @@
"@docusaurus/tsconfig": "^3.4.0",
"@docusaurus/types": "^3.3.2",
"@types/react": "^18.3.3",
"lockfile-lint": "^4.14.0",
"prettier": "3.3.2",
"typescript": "~5.5.2"
},
@ -3854,6 +3855,41 @@
"version": "4.2.2",
"license": "Apache-2.0"
},
"node_modules/@yarnpkg/parsers": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/@yarnpkg/parsers/-/parsers-3.0.2.tgz",
"integrity": "sha512-/HcYgtUSiJiot/XWGLOlGxPYUG65+/31V8oqk17vZLW1xlCoR4PampyePljOxY2n8/3jz9+tIFzICsyGujJZoA==",
"dev": true,
"dependencies": {
"js-yaml": "^3.10.0",
"tslib": "^2.4.0"
},
"engines": {
"node": ">=18.12.0"
}
},
"node_modules/@yarnpkg/parsers/node_modules/argparse": {
"version": "1.0.10",
"resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
"integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
"dev": true,
"dependencies": {
"sprintf-js": "~1.0.2"
}
},
"node_modules/@yarnpkg/parsers/node_modules/js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"dev": true,
"dependencies": {
"argparse": "^1.0.7",
"esprima": "^4.0.0"
},
"bin": {
"js-yaml": "bin/js-yaml.js"
}
},
"node_modules/abort-controller": {
"version": "3.0.0",
"license": "MIT",
@ -7011,6 +7047,15 @@
"url": "https://github.com/fb55/entities?sponsor=1"
}
},
"node_modules/env-paths": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz",
"integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==",
"dev": true,
"engines": {
"node": ">=6"
}
},
"node_modules/error-ex": {
"version": "1.3.2",
"license": "MIT",
@ -9431,6 +9476,65 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/lockfile-lint": {
"version": "4.14.0",
"resolved": "https://registry.npmjs.org/lockfile-lint/-/lockfile-lint-4.14.0.tgz",
"integrity": "sha512-uyXZ8X4J6EsicG87p0y4SHorJBwABLcaXOpI/j3h8SO/OX4fKTJ6Cqqi+U3zjgU0fo+u/4KbB7fl8ZzTewd0Ow==",
"dev": true,
"dependencies": {
"cosmiconfig": "^9.0.0",
"debug": "^4.3.4",
"fast-glob": "^3.3.2",
"lockfile-lint-api": "^5.9.1",
"yargs": "^17.7.2"
},
"bin": {
"lockfile-lint": "bin/lockfile-lint.js"
},
"engines": {
"node": ">=16.0.0"
}
},
"node_modules/lockfile-lint-api": {
"version": "5.9.1",
"resolved": "https://registry.npmjs.org/lockfile-lint-api/-/lockfile-lint-api-5.9.1.tgz",
"integrity": "sha512-us5IT1bGA6KXbq1WrhrSzk9mtPgHKz5nhvv3S4hwcYnhcVOKW2uK0W8+PN9oIgv4pI49WsD5wBdTQFTpNChF/Q==",
"dev": true,
"dependencies": {
"@yarnpkg/parsers": "^3.0.0-rc.48.1",
"debug": "^4.3.4",
"object-hash": "^3.0.0"
},
"engines": {
"node": ">=16.0.0"
}
},
"node_modules/lockfile-lint/node_modules/cosmiconfig": {
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz",
"integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==",
"dev": true,
"dependencies": {
"env-paths": "^2.2.1",
"import-fresh": "^3.3.0",
"js-yaml": "^4.1.0",
"parse-json": "^5.2.0"
},
"engines": {
"node": ">=14"
},
"funding": {
"url": "https://github.com/sponsors/d-fischer"
},
"peerDependencies": {
"typescript": ">=4.9.5"
},
"peerDependenciesMeta": {
"typescript": {
"optional": true
}
}
},
"node_modules/lodash": {
"version": "4.17.21",
"license": "MIT"
@ -12632,6 +12736,15 @@
"node": ">=0.10.0"
}
},
"node_modules/object-hash": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
"integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==",
"dev": true,
"engines": {
"node": ">= 6"
}
},
"node_modules/object-inspect": {
"version": "1.13.1",
"license": "MIT",

14
website/package.json
View File

@ -4,16 +4,17 @@
"private": true,
"license": "MIT",
"scripts": {
"docusaurus": "docusaurus",
"watch": "docusaurus gen-api-docs all && docusaurus start",
"build": "cp ../docker-compose.yml static/docker-compose.yml && cp ../schema.yml static/schema.yaml && docusaurus gen-api-docs all && docusaurus build",
"build-bundled": "cp ../schema.yml static/schema.yaml && docusaurus gen-api-docs all && docusaurus build",
"swizzle": "docusaurus swizzle",
"deploy": "docusaurus deploy",
"serve": "docusaurus serve",
"prettier-check": "prettier --check .",
"docusaurus": "docusaurus",
"lint:lockfile": "lockfile-lint --path package.json --type npm --allowed-hosts npm --validate-https",
"prettier": "prettier --write .",
"test": "node --test"
"prettier-check": "prettier --check .",
"serve": "docusaurus serve",
"swizzle": "docusaurus swizzle",
"test": "node --test",
"watch": "docusaurus gen-api-docs all && docusaurus start"
},
"dependencies": {
"@docusaurus/core": "^3.4.0",
@ -54,6 +55,7 @@
"@docusaurus/tsconfig": "^3.4.0",
"@docusaurus/types": "^3.3.2",
"@types/react": "^18.3.3",
"lockfile-lint": "^4.14.0",
"prettier": "3.3.2",
"typescript": "~5.5.2"
},