Skip to content

feat(spotlight): Add self-contained spotlight binary creation#559

Merged
BYK merged 113 commits intomainfrom
byk/feat/sea
Nov 25, 2024
Merged

feat(spotlight): Add self-contained spotlight binary creation#559
BYK merged 113 commits intomainfrom
byk/feat/sea

Conversation

@BYK
Copy link
Member

@BYK BYK commented Nov 12, 2024
edited
Loading

This PR adds a new release type which is a self-contained CLI akin to
running npx @spotlightjs/spotlight but without any node or npx
or any other requirements on the system.

It also changes how we serve the static assets: instead of serving the
entire folder, which can be dangerous as it allows access to arbitrary
files, we now use the manifest.json generated when compiling it and
only serve files listed there, directly from memory. This should also
increase the performance.

@vercel
Copy link

vercel bot commented Nov 12, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
spotlightjs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 25, 2024 10:52am

@codecov
Copy link

codecov bot commented Nov 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 31.15%. Comparing base (ea666ac) to head (3a5ec6c).
Report is 135 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #559      +/-   ##
==========================================
+ Coverage   29.00%   31.15%   +2.14%     
==========================================
  Files          60       83      +23     
  Lines        4144     5030     +886     
  Branches       72       99      +27     
==========================================
+ Hits         1202     1567     +365     
- Misses       2942     3463     +521

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚨 Try these New Features:

BYK added 27 commits November 22, 2024 12:56
@BYK
copy --chmod for docker
44139c8
@BYK
dockerizms
1cf5c26
@BYK
changed files lol
d9095a8
@BYK
simplify docker publish
95584b4
@BYK
let the games begin
9417a86
@BYK
lol
fbecf4d
@BYK
sigh, blunders
118d61f
@BYK
actually sign the code
46a8460
@BYK
got save my brains
1513ea2
@BYK
okay, now we're talking
ce60b91
@BYK
silence unzip
2af543b
@BYK
move docker image building into main build step
98f6d45
@BYK
kill macos build flow
b211648
@BYK
signature removal
2033a75
@BYK
turn off spotlight after smoketest
b76d904
@BYK
some more debug info
47b20e8
@BYK
fix final conditional
7a1c00c
@BYK
can we get away without unsigning?
0dbea32
@BYK
kill softer
c792853
@BYK
handle some signals
b2026fb
@BYK
no subshell
f576973
@BYK
fix signal handling at core
db3dccb
@BYK
kill with sigint
d7631e5
@BYK
remove windows signatures
ac58b83
@BYK
remove signatures in node-land
086f000
@BYK
update changelog for windows binaries
7a64d99
@BYK
rcodesign ftw
8b76e85
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2024
View reviewed changes
packages/spotlight/bin/build.js
console.warn(
"Missing required environment variables for macOS signing, you won't be able to use this binary until you sign it yourself.",
);
console.info({ APPLE_TEAM_ID, APPLE_CERT_PATH, APPLE_CERT_PASSWORD });

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This logs sensitive data returned by [an access to APPLE_CERT_PASSWORD](1) as clear text. This logs sensitive data returned by [an access to APPLE_CERT_PASSWORD](2) as clear text.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to ensure that sensitive information is not logged in clear text. Instead of logging the actual values of APPLE_TEAM_ID, APPLE_CERT_PATH, and APPLE_CERT_PASSWORD, we can log a message indicating that the required environment variables are missing without exposing their values.

  • Replace the logging of sensitive information with a generic message.
  • Specifically, change the code on line 113 to avoid logging the actual values of the sensitive environment variables.
  • No additional methods or imports are needed to implement this change.
Suggested changeset 1
packages/spotlight/bin/build.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/spotlight/bin/build.js b/packages/spotlight/bin/build.js
--- a/packages/spotlight/bin/build.js
+++ b/packages/spotlight/bin/build.js
@@ -112,3 +112,3 @@
         );
-        console.info({ APPLE_TEAM_ID, APPLE_CERT_PATH, APPLE_CERT_PASSWORD });
+        console.info("Missing required environment variables for macOS signing.");
         return;
@@ -134,3 +134,3 @@
         );
-        console.info({ APPLE_API_KEY_PATH });
+        console.info("Missing required environment variable for macOS notarization.");
         return;
EOF
@@ -112,3 +112,3 @@
);
console.info({ APPLE_TEAM_ID, APPLE_CERT_PATH, APPLE_CERT_PASSWORD });
console.info("Missing required environment variables for macOS signing.");
return;
@@ -134,3 +134,3 @@
);
console.info({ APPLE_API_KEY_PATH });
console.info("Missing required environment variable for macOS notarization.");
return;
Copilot is powered by AI and may make mistakes. Always verify output.
@getsentry-release getsentry-release mentioned this pull request Nov 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lms24 Lms24 Lms24 approved these changes

@jan-auer jan-auer Awaiting requested review from jan-auer

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BYK @Shubhdeep12 @Lms24