1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-01 00:08:27 +01:00
Commit Graph

41 Commits

Author SHA1 Message Date
olav
20d738f725 refactor: add eslint to merge check (#1022)
* refactor: fix eslint issues

* refactor: add eslint to merge check
2022-05-25 12:36:58 +02:00
Thomas Heartman
9463c8df90 meta: add external PRs to project board (#1006)
The `pull_request` hook runs in the context of the proposed changes. That means that for forks, this action won't have access to the required secrets for it to complete. As such, PRs from outside contributors won't work correctly.

The `pull_request_target` hook, however, runs in the context of the target branch, and thus has all the permissions it needs. The [github docs for this hook](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) also indicate that this is the way to go:

> This event allows your workflow to do things like label or comment on pull requests from forks. Avoid using this event if you need to build or run code from the pull request.

## Interesting note for PRs

It seems that when this change is proposed as a PR, the expected action (_add new item to project board_) does not run. However, this does not affect other new PRs. After merging, the pipeline works and triggers as expected, for both external and internal contributors.

## Isn't this potentially dangerous?

Good question! As far as I understand: no, it's not. The long answer is in [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/), but I'll try and summarize it here.

Some choice cuts from the article:

> TL;DR: Combining pull_request_target workflow trigger with an **explicit checkout of an untrusted PR** is a dangerous practice that may lead to repository compromise.

However, we do not check the PR out!

> Due to the dangers inherent to automatic processing of PRs, GitHub’s standard pull_request workflow trigger by default prevents write permissions and secrets access to the target repository. However, in some scenarios such access is needed to properly process the PR. To this end the pull_request_target workflow trigger was introduced.

> pull_request_target runs in the context of the target repository of the PR, rather than in the merge commit. This means the standard checkout action uses the target repository to prevent accidental usage of the user supplied code.

> These safeguards enable granting the pull_request_target additional permissions. The reason to introduce the pull_request_target trigger was to enable workflows to label PRs (e.g. needs review) or to comment on the PR. The intent is to use the trigger for PRs that do not require dangerous processing, say building or running the content of the PR.

That is: when using `pull_request_target`, the action will not check out the PR branch and thus, the PR cannot inject any code changes into the action. On the other hand `pull_request` uses the code that's in the PR to run actions, which is why it requires explicit authorization before being run.

`pull_request_target` runs in the context of the target branch (most commonly `main`) and only runs code that already exists in the target branch. No code from the PR gets used.

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2022-05-24 10:26:41 +02:00
Thomas Heartman
70d334efd1 feat: add 'issue/pr to project' workflow 2022-05-11 12:02:00 +02:00
olav
49b8e7329e refactor: convert auth tests from Cypress to Jest (#864)
* refactor: replace data-test with data-testid

* refactor: add Jest tests for auth pages

* refactor: remove Cypress tests for auth pages

* refactor: remove questionable snapshots

* refactor: share test server setup/teardown

* refactor: restore auth page flex layout

* refactor: use toBeInTheDocument

* refactor: change recent data-test attrs to data-testid
2022-04-08 13:13:45 +02:00
Nuno Góis
1132a79f6d fix: reject duplicate segment names (#855)
* fix: reject duplicate segment names

* fix: useSegmentValidation now takes into account initial value

* refactor: add segments e2e test

* refactor: add github action from segments e2e test

* refactor: use enterprise edition for all e2e tests

* refactor: use enterprise edition for all e2e tests
2022-04-08 11:34:59 +01:00
olav
42a81e6647 refactor: use --frozen-lockfile in actions (#853) 2022-04-07 11:33:07 +02:00
Ivar Conradi Østhus
edaa31f3f7 fix: action release.yml 2022-04-05 15:23:22 +02:00
Ivar Conradi Østhus
b874eea1a6 fix: naming for release_changelog action 2022-04-05 15:21:34 +02:00
Ivar Conradi Østhus
97ac994fb1 fix: fidle more with release action 2022-04-05 15:20:56 +02:00
Ivar Conradi Østhus
d4d9961ede fix: set npm token 2022-04-05 14:58:47 +02:00
Ivar Conradi Østhus
c1aed734ef fix: use frozen lockfile for release 2022-04-05 14:57:29 +02:00
Ivar Conradi Østhus
7f92c13a8a fix releas.yml action 2022-04-05 14:48:44 +02:00
Ivar Conradi Østhus
7cb85111e4 fix: add release action to support npm and cdn 2022-04-05 14:26:17 +02:00
renovate[bot]
1e2f057ee3 chore(deps): update actions/checkout action to v3 (#763)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-25 10:18:06 +01:00
renovate[bot]
ad8f45fd08 chore(deps): update actions/setup-node action to v3 (#751)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-25 09:50:01 +01:00
olav
82972498f8 refactor: simplify e2e auth (#803) 2022-03-24 09:38:41 +01:00
renovate[bot]
cd50f66dd5 chore(deps): update actions/checkout action to v2 (#589)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-28 09:28:01 +01:00
olav
19b16ed600 refactor: fix flaky Cypress tests (#746)
* refactor: normalize spec names

* refactor: make ESLint ignore dir

* refactor: port specs to TS

* refactor: wait for login redirects to finish

* refactor: remove static wait timers

* refactor: match any env name in interceptors

* refactor: move config vars to the top

* refactor: use longer IDs to avoid collisions

* refactor: misc cleanup

* refactor: disable screenshots and videos

* refactor: disable prod guard in tests

* refactor: wait for inputs before typing
2022-02-25 10:21:28 +01:00
olav
016633dae9 refactor: format files (#719)
* refactor: fix deprecated prettier config name

* refactor: add fmt scripts

* refactor: check fmt during CI

* refactor: format files
2022-02-18 09:51:10 +01:00
olav
213e8950d3 refactor: port login auth to TS/SWR (#680)
* refactor: allow existing tsc errors

* refactor: add missing component key

* refactor: port login auth to TS/SWR

* refactor: replace incorrect CREATE_TAG_TYPE with UPDATE_TAG_TYPE

* refactor: fix AccessProvider permission mocks

* refactor: add types to AccessContext

* refactor: fix file extension

* refactor: remove default export

* refactor: remove unused IAddedUser interface

* refactor: comment on the permissions prop

* refactor: split auth hooks

* feat: auth tests

* fix: setup separate e2e tests

* fix: naming

* fix: lint

* fix: spec path

* fix: missing store

* feat: add more tests

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-02-10 17:04:10 +01:00
Fredrik Strand Oseberg
ac81955fdf fix: e2e tests (#636)
* fix: e2e tests

* fix: update env
2022-01-27 17:31:44 +01:00
Thomas Heartman
297c00e89f Merge branch 'main' into chore/update-workflows 2022-01-10 14:04:07 +01:00
Ivar Conradi Østhus
09cb972a01 fix: upload all assests under build 2022-01-05 13:37:39 +01:00
Ivar Conradi Østhus
6657de01cd fix: gha releast_to_cdn rm working directory 2022-01-05 11:58:19 +01:00
Ivar Conradi Østhus
7c17176a0e fix: gha releast_to_cdn set working directory correctly 2022-01-05 11:56:13 +01:00
Ivar Conradi Østhus
80facfac23 fix: gha releast_to_cdn set working directory for all 2022-01-05 11:51:58 +01:00
Ivar Conradi Østhus
33e72db8fd fix: gha releast_to_cdn does not need to build twice 2022-01-05 11:46:48 +01:00
Ivar Conradi Østhus
7f0418a036 fix: gha releast_to_cdn must use yarn 2022-01-05 11:40:39 +01:00
Ivar Conradi Østhus
f3b1de8ad4 fix: add gha to upload to cdn on release 2022-01-05 11:34:47 +01:00
Thomas Heartman
97e8cfe5a1 chore(workflows): update with new branch names 2021-12-23 14:06:53 +01:00
renovate[bot]
59728e1131 chore(deps): update metcalfc/changelog-generator action to v2 (#463)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-28 09:32:30 +02:00
Renovate Bot
63ff908974 chore(deps): update metcalfc/changelog-generator action to v1.0.1 2021-10-12 14:38:28 +00:00
renovate[bot]
09b6bbefa0 chore(deps): update metcalfc/changelog-generator action to v1 (#387)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-30 20:04:00 +02:00
renovate[bot]
a36bbe0904 chore(deps): update actions/checkout action to v2 (#378)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-30 19:59:47 +02:00
Fredrik Strand Oseberg
87414c1c9c feat: e2e tests and mobile views (#348)
* fix: add sidebar button

* fix: set absolute positioned sidebar button

* feat: test setup

* fix: add tests for adding strategy

* fix: add delete  strategy test

* feat: add workflow

* feat: add vercel token

* fix: update project id

* fix: increase sleep

* fix: sleep

* fix: vercel

* fix: typo

* fix: vercel preview url action

* fix: yml formatting

* fix: steps

* fix: format

* fix: runs on

* fix: team id

* fix: teamid

* fix: add workflow

* fix: remove unused import

* fix: add token

* fix: add configuration

* fix: set env variables

* fix: use with

* feat: main navigation routes

* feat: mobile views

* fix: change spec name

* fix: update cypress project id

* fix: add record key

* fix: button positioning

* feat: permissions

* fix: custom strategy

* fix: remove unused action yml

* fix: update yarn lock

* fix: keys

* fix: remove videos and screenshots

* fix: add cyrpess folders to gitignore

* fix: env variable
2021-09-30 11:44:30 +02:00
renovate[bot]
64d4149c60 chore(deps): update actions/setup-node action to v2 (#372)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-30 10:19:13 +02:00
Ivar Conradi Østhus
76cd54fd91 feat: upgrade to node.js v14 2021-05-05 22:18:35 +02:00
Christopher Kolstad
22795e251f Migrate to create-react-app and react-scripts (#263)
* Setup create-react-app and typescript

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2021-04-07 09:04:48 +02:00
Christopher Kolstad
913db58c35 Added a release workflow, creating GH releases from tags 2021-01-27 11:37:03 +01:00
Ivar Conradi Østhus
2b31e5b56c fix: github action 2021-01-12 11:45:30 +01:00
Ivar Conradi Østhus
8ad81be8af Create node.js.yml 2021-01-12 11:44:38 +01:00