1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-25 00:07:47 +01:00
Commit Graph

1980 Commits

Author SHA1 Message Date
Thomas Heartman
9463c8df90 meta: add external PRs to project board (#1006)
The `pull_request` hook runs in the context of the proposed changes. That means that for forks, this action won't have access to the required secrets for it to complete. As such, PRs from outside contributors won't work correctly.

The `pull_request_target` hook, however, runs in the context of the target branch, and thus has all the permissions it needs. The [github docs for this hook](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) also indicate that this is the way to go:

> This event allows your workflow to do things like label or comment on pull requests from forks. Avoid using this event if you need to build or run code from the pull request.

## Interesting note for PRs

It seems that when this change is proposed as a PR, the expected action (_add new item to project board_) does not run. However, this does not affect other new PRs. After merging, the pipeline works and triggers as expected, for both external and internal contributors.

## Isn't this potentially dangerous?

Good question! As far as I understand: no, it's not. The long answer is in [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/), but I'll try and summarize it here.

Some choice cuts from the article:

> TL;DR: Combining pull_request_target workflow trigger with an **explicit checkout of an untrusted PR** is a dangerous practice that may lead to repository compromise.

However, we do not check the PR out!

> Due to the dangers inherent to automatic processing of PRs, GitHub’s standard pull_request workflow trigger by default prevents write permissions and secrets access to the target repository. However, in some scenarios such access is needed to properly process the PR. To this end the pull_request_target workflow trigger was introduced.

> pull_request_target runs in the context of the target repository of the PR, rather than in the merge commit. This means the standard checkout action uses the target repository to prevent accidental usage of the user supplied code.

> These safeguards enable granting the pull_request_target additional permissions. The reason to introduce the pull_request_target trigger was to enable workflows to label PRs (e.g. needs review) or to comment on the PR. The intent is to use the trigger for PRs that do not require dangerous processing, say building or running the content of the PR.

That is: when using `pull_request_target`, the action will not check out the PR branch and thus, the PR cannot inject any code changes into the action. On the other hand `pull_request` uses the code that's in the PR to run actions, which is why it requires explicit authorization before being run.

`pull_request_target` runs in the context of the target branch (most commonly `main`) and only runs code that already exists in the target branch. No code from the PR gets used.

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2022-05-24 10:26:41 +02:00
olav
b742a69c4c refactor: improve OpenAPI refs (#1005)
* refactor: regenerate OpenAPI client

* refactor: update usage of OpenAPI client
2022-05-24 08:37:46 +02:00
Renovate Bot
a0261daac6 chore(deps): update material-ui monorepo 2022-05-23 20:23:55 +00:00
Fredrik Strand Oseberg
68661e983d fix: path param (#1011) 2022-05-23 12:28:57 +02:00
Renovate Bot
d65ceeacc8 chore(deps): update dependency msw to v0.41.0 2022-05-22 04:49:14 +00:00
Renovate Bot
caff12b6d6 chore(deps): update dependency vitest to v0.12.9 2022-05-21 22:00:27 +00:00
Renovate Bot
f15cc528bd chore(deps): update dependency eslint to v8.16.0 2022-05-21 04:25:33 +00:00
Renovate Bot
959fcf3ff3 chore(deps): update dependency sass to v1.52.1 2022-05-21 01:59:12 +00:00
Renovate Bot
e2384a4434 chore(deps): update dependency msw to v0.40.2 2022-05-20 19:21:44 +00:00
Tymoteusz Czech
6d130f61f6 feat: new contexts table (#998)
* feat: new contexts table

* improve context list actions

* refactor: disabled icon colors

* fix: update snapshots

* fix: icons

* fix: context fields typo
2022-05-20 08:29:23 +00:00
Fredrik Strand Oseberg
c28cdab6e8 fix: add after element to column headers (#1000)
* fix: add after element to column headers

* fix: add overflow hidden
2022-05-20 09:58:26 +02:00
Renovate Bot
a8b46a664f chore(deps): update dependency sass to v1.52.0 2022-05-20 06:02:24 +00:00
Renovate Bot
4cc9824441 chore(deps): update dependency msw to v0.40.1 2022-05-20 00:27:13 +00:00
Fredrik Strand Oseberg
1caf9a924c fix: user search pagination (#997) 2022-05-19 14:27:19 +02:00
olav
2e367b3a04 feat: add trial expiration warning banner (#985)
* refactor: simplify useApiGetter cache keys

* refactor: simplify basePath helpers

* refactor: add UNLEASH_BASE_PATH frontend env var

* refactor: make sure AnnouncerElement does not affect the layout

* refactor: draw texture image above footer

* refactor: extract domain check helpers

* refactor: fix a few ts-expect-errors

* feat: add trial expiration warning banner

* refactor: fix IInstanceStatus interface prefix

* refactor: use ConditionallyRender in InstanceStatus

* refactor: simplify env helper functions

* refactor: use FC in InstanceStatus

* refactor: warn about expired trials

* refactor: fix eslint warnings

* refactor: disable banner outside of localhost

* refactor: use new instance state field name
2022-05-19 14:06:18 +02:00
Tymoteusz Czech
06b0a29ea8 Project features list update (#991)
* refactor: column icon position

* project overview horizontal scroll

* updated table headers styles

* fix: feature overview switch title

* refactor: cleanup of sortable header styles

* fix: z-index issue in test

* fix: html semantics after review
2022-05-18 11:56:55 +02:00
olav
98b6214c28 fix: avoid erasing previous environments data on refetch (#990)
* refactor: avoid duplicate useLoading call

* fix: avoid erasing previous environments data on refetch

* refactor: keep mutataion logic within useEnvironments
2022-05-18 11:26:38 +02:00
olav
159c54ed37 fix: resolve issues around changing a toggle's project (#978)
* refactor: show save button before using the dropdown

* refactor: simplify FeatureSettingsProject toast message

* refactor: fix FeatureProjectSelect filter prop type

* refactor: hide change project page for non-enterprise

* refactor: derive move targets from projects list instead of from permissions

* refactor: align frontend project compat check with backend

* refactor: fix useProject object stability

* refactor: disable the save button for the current project

* refactor: require equal environments when moving toggles

* refactor: improve arraysHaveSameItems name
2022-05-18 11:07:19 +02:00
Renovate Bot
4aee33e189 chore(deps): update dependency msw to v0.40.0 2022-05-18 04:07:47 +00:00
Renovate Bot
ac808d5849 chore(deps): update dependency react-table to v7.8.0 2022-05-17 17:11:43 +00:00
Renovate Bot
1fdf62dcaf chore(deps): update material-ui monorepo 2022-05-17 14:32:14 +00:00
Renovate Bot
3c9563c7eb chore(deps): update dependency vitest to v0.12.6 2022-05-13 19:18:32 +00:00
Tymoteusz Czech
b1166bb2f4 Project overview feature toggles list (#971)
* refactor: page container

* refactor: table page header

* feat: new feature toggles list in project overview

* feat: sortable enviromnents in project overview

* feat: project overview toggles search

* feat: project overview features column actions

* project overview table column sizing

* project overview feature actions permissions

* project overview archive feature action

* project overview toggle state strategy fallback

* remove previous project overview implementation

* fix: remove additional prop in sortable table

* fix: stale feature refetch

* improvements after review

* feat: manage visible columns in project overview

* improve project overview columns selection

* fix: simplify columns

* Revert "remove previous project overview implementation"

This reverts commit 98b051ff6a5a4fb8a9a0921b661514e15a00249a.

* restore legacy project overview table
2022-05-13 14:51:22 +02:00
olav
a66168a348 refactor: fix metrics chart series colors (#987) 2022-05-13 09:42:24 +02:00
Renovate Bot
752885a0ac chore(deps): update dependency @types/react-dom to v17.0.17 2022-05-12 22:57:32 +00:00
Renovate Bot
36ce99413d chore(deps): update dependency @testing-library/user-event to v14.2.0 2022-05-12 20:50:44 +00:00
Ivar Conradi Østhus
f245730366 4.11.0-beta.2 2022-05-12 20:10:27 +02:00
Renovate Bot
fd12d842a5 chore(deps): update dependency immer to v9.0.14 2022-05-12 16:06:33 +00:00
Nuno Góis
cdfb1f2452 fix: feature toggle list and UI adjustments (#970)
* fix: add highlight and hover colors, fix them

* misc ui adjustments

* test isGrow prop in table cols

* fix: revert typography changes, update snaps

* Update src/themes/themeTypes.ts

Co-authored-by: Tymoteusz Czech <2625371+Tymek@users.noreply.github.com>

* fix: misc ui adjustments

* fix: backButton color

* refactor: color not needed, can be inherited

* fix: project roles case, new borderRadius values

* fix: color green

* fix: feature form link

* update snaps

* fix: formatting

* update snap

Co-authored-by: Tymoteusz Czech <2625371+Tymek@users.noreply.github.com>
2022-05-12 15:34:04 +02:00
sighphyre
3f766995fb Disable default env in project view (#969)
* fix: Block user from turning on default env in project view

* fix: Allow changing environment state for default in a project if using non OSS

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2022-05-12 09:41:36 +02:00
olav
d1e7a26763 refactor: fix missing eslint deps after CRA removal (#976)
* refactor: fix missing eslint deps after CRA removal

* refactor: fix eslint issues
2022-05-12 08:11:41 +02:00
Renovate Bot
945dc2bc90 chore(deps): update dependency @types/jest to v27.5.1 2022-05-12 03:16:42 +00:00
Renovate Bot
5e6f8db3dc chore(deps): update dependency immer to v9.0.13 2022-05-11 22:20:37 +00:00
Renovate Bot
97fa9d8ae6 chore(deps): update dependency @types/react-table to v7.7.12 2022-05-11 19:27:44 +00:00
Renovate Bot
83d7c356b6 chore(deps): update dependency vite to v2.9.9 2022-05-11 14:27:56 +00:00
Thomas Heartman
70d334efd1 feat: add 'issue/pr to project' workflow 2022-05-11 12:02:00 +02:00
olav
52e25bd632 fix: correct type for variant stickiness dropdown 2022-05-11 10:35:34 +02:00
Renovate Bot
4c2ec052f6 chore(deps): update dependency vitest to v0.12.4 2022-05-11 03:18:09 +00:00
Renovate Bot
b0b5ddd7d3 chore(deps): update material-ui monorepo 2022-05-10 18:48:43 +00:00
Renovate Bot
2a77a9ef6d chore(deps): update dependency vitest to v0.12.3 2022-05-10 16:37:39 +00:00
olav
7343c52e70 4.11.0-beta.1 2022-05-10 15:11:59 +02:00
olav
3b8eecbe88 refactor: use static as the asset dir name (#975) 2022-05-10 15:10:21 +02:00
Thomas Heartman
7d477bf98c Merge pull request #972 from Unleash/chore/update-feedback-target-url
chore: Update target URL for sending feedback input
2022-05-10 12:12:28 +02:00
Thomas Heartman
34d70ad895 chore: Update target URL for sending feedback input 2022-05-10 11:55:57 +02:00
Ivar Conradi Østhus
cc5400e9a6 4.11.0-beta.0 2022-05-10 10:04:24 +02:00
olav
9902494f58 refactor: improve tooltip styles after MUI update (#966)
* refactor: add missing event arg type

* refactor: fix project card popup position

* refactor: add tooltip arrows

* refactor: update snapshot

* refactor: add missing tooltips

* refactor: use a custom Autocomplete size in AutocompleteBox
2022-05-09 15:17:20 +02:00
Tymoteusz Czech
44c579f7a8 Refactor: page container (#967)
* refactor: page container

* refactor: table page header
2022-05-09 14:38:12 +02:00
Tymoteusz Czech
cd37624de4 Theme consistency updates (#960)
* fix: theme palette and shape

* fix: update snapshots

* fix: adjust after review
2022-05-09 12:01:12 +02:00
Renovate Bot
78f06d3dcb chore(deps): update dependency vitest to v0.12.0 2022-05-08 12:56:20 +00:00
Renovate Bot
4bbfabfdc7 chore(deps): update dependency vitest to v0.11.0 2022-05-08 01:44:14 +00:00