Skip to content

Publish machine-readable file list and SRI data to resources/ #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Krinkle merged 2 commits into from
Aug 7, 2021
Merged

Publish machine-readable file list and SRI data to resources/ #76

Krinkle merged 2 commits into from
Aug 7, 2021

Conversation

@Krinkle
Copy link
Member

@Krinkle Krinkle commented Aug 6, 2021

Let "wordpress-deploy" upload this to the site, which the gw-resources plugin exposes via addresses like https://releases.jquery.com/resources/foo.

See https://github.com/jquery/api.jquery.com/ for an example of this.

Local test plan:

nobody$ npm ci
nobody$ cp config-sample.json config.json

nobody$ ./node_modules/.bin/grunt sri
nobody$ less resources/sri-directives.json
  {"@cdn/color/2.2.0/jquery.color.js":{"hashes":{"sha256":"gvMJWDH...

nobody$ ./node_modules/.bin/grunt build-index build-resources
nobody$ less dist/wordpress/resources/sri-directives.json
  {"@cdn/color/2.2.0/jquery.color.js":{"hashes":{"sha256":"gvMJWDH...
nobody$ less dist/wordpress/resources/cdn.json
  { "jquery": [ [ "3", { "latestStable": {
  "filename": "jquery-3.6.0.js", ...

Closes #40.

@Krinkle
Copy link
Member Author

Krinkle commented Aug 6, 2021
edited
Loading

This is mainly to help me implement a "Verify reproducible builds" job in CI for QUnit, for which I'd otherwise need to either guess at filenames or scrape HTML (ref qunitjs/qunit#1560).

mgol
mgol approved these changes Aug 6, 2021
View reviewed changes
Gruntfile.js
Comment on lines +33 to +36
// This copies /resources/* to /dist/wordpress/resources/*,
// This is flattened (subpaths not preserved) to just base filenames,
Copy link
Member

@mgol mgol Aug 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we're OK with exposing all these files? I'm not sure what else is there.

Copy link
Member Author

@Krinkle Krinkle Aug 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Internally, the build currently results in an empty ./dist/wordpress/resources directory for codeorigin. Although even if it wasn't empty, this patch is not enabling it as a feature (it is always on).

The build-resources task is poorly named, as all it does is copy the local files in ./resources/ to local ./dist/wordpress/resources. We could instead generate the two JSON files directly in ./dist/wordpress/resources and not need this task.

The task of uploading the contents of ./dist/wordpress/resources is separate from this and is always enabled for all WP sites.

mgol
mgol reviewed Aug 6, 2021
View reviewed changes
Krinkle added 2 commits August 7, 2021 00:09
@Krinkle
Build: Replace ensure-wordpress-config with more direct assignment
1060293 
This is the same, simpler, approach as utilised at
<https://github.com/jquery/api.jquery.com/blob/v3.1.0/Gruntfile.js>.
@Krinkle
Build: Publish machine-readable file list and SRI data to resources/
377bbfb 
Let "wordpress-deploy" upload this to the site, which the gw-resources
plugin exposes via addresses like <https://releases.jquery.com/resources/foo>.

See <https://github.com/jquery/api.jquery.com/> for an example of this.

Local test plan:

```
nobody$ npm ci
nobody$ cp config-sample.json config.json

nobody$ ./node_modules/.bin/grunt sri
nobody$ less resources/sri-directives.json
  {"@cdn/color/2.2.0/jquery.color.js":{"hashes":{"sha256":"gvMJWDH...

nobody$ ./node_modules/.bin/grunt build-index build-resources
nobody$ less dist/wordpress/resources/sri-directives.json
  {"@cdn/color/2.2.0/jquery.color.js":{"hashes":{"sha256":"gvMJWDH...
nobody$ less dist/wordpress/resources/cdn.json
  { "jquery": [ [ "3", { "latestStable": {
  "filename": "jquery-3.6.0.js", ...
```

Closes #40.
@Krinkle Krinkle merged commit df3587e into main Aug 7, 2021
@Krinkle Krinkle deleted the sri-data branch August 7, 2021 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgol mgol mgol approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add SRI hashes to Git

3 participants

@Krinkle @mgol