-
Notifications
You must be signed in to change notification settings - Fork 800
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Components: Add Threats DataView #39754
Conversation
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available. Follow this PR Review Process:
Still unsure? Reach out in #jetpack-developers for guidance! Protect plugin:
If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. |
cd3cdb2
to
9b67cb6
Compare
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
3adfb3c
to
0ed374e
Compare
311ba67
to
0ba8bb9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking absolutely fantastic!
Some super minor changes requested mostly surrounding text content and story config and data, otherwise, the bulk of this is ready to go!
Worth noting that there are still some things that we may want to address in other followups, for example:
- When a fixer is in-progress or in error state, we should hide or disable any actions.
- I believe it was confirmed that we should even hide the Actions button when none are available (rather than disable) - perhaps that could be suitable option for the previous point as well.
- We already have something in the works for adding bulk actions support, but if that doesn't move forward as planned (pending designs confirmation of whether we want to strictly keep to core functionality), we will want to update the logic here for the checkboxes (if they should display and when they should be active/disabled).
projects/js-packages/components/components/threat-fixer-button/index.tsx
Outdated
Show resolved
Hide resolved
projects/js-packages/components/changelog/add-threats-data-view-component
Outdated
Show resolved
Hide resolved
projects/js-packages/components/components/threats-data-views/stories/index.stories.tsx
Outdated
Show resolved
Hide resolved
source: '', | ||
}, | ||
{ | ||
id: '7275a176-d579-471a-8492-df8edbdf27de', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if this was done intentionally to confirm that we display results that do not have a valid id
(which it appears to), but I believe this should be an integer ID as with the rest.
Additionally, this entry does not have a status
so only shows up when all filters are removed but cannot have any actions performed on it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This story is mocking the free results, which do include a string id
, which comes from the alphanumeric WPScan vulnerability ID. I've updated the Threat.id
type to string | number
because of that. Fixed the missing status
as well: 6549f86
I've also updated the Threat
type to use conditional properties more generally - i.e. do not expect every threat to have every property to always have a value set, remove the manual setting of null
for irrelevant properties: b6dbf92
We can probably improve the Threat
type further with unions/discriminations for specific threat types and/or data sources. I can include that in the follow up PR that adjusts how the threats data is provided from the server side. 👍
@@ -0,0 +1,17 @@ | |||
export type FixerStatus = 'not_started' | 'in_progress' | 'fixed' | 'not_fixed'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a general note on these types, in Protect we have a much more extensive set of types in fixers.ts
that considers all the varying possible statuses. It seems we don't require this to function here but will that change once we are handling actual Scan API responses? Or are these two just similar but for completely separate purposes and wont have any overlap?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've only moved over the necessary types used by the dataviews component in this PR – the component doesn't work with the fixers API response directly, it only needs the FixerStatus
and ThreatFixStatus
types for rendering the auto-fix column.
I do eventually bring in the rest of the FixersStatus
types here in the follow-up PR 👍
1b50f9f
to
b6dbf92
Compare
Looking into the failing JS tests 👀 |
Co-authored-by: dkmyta <[email protected]>
Co-authored-by: dkmyta <[email protected]>
Co-authored-by: dkmyta <[email protected]>
25254f3
to
79804d5
Compare
Tests fixed via 79804d5 👍 |
Thanks for the review @dkmyta! I have merged your suggestions and responded to any inline comments.
Good points re: follow-ups! We can address disabling threat actions when integrating the component, using the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
* | ||
* @return {JSX.Element} The component. | ||
*/ | ||
export default function ThreatFixerButton( { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do these threats
specific components belong to the generic components
package? May be they belong to the scan
JS package?
CC: @Automattic/jetpack-garage
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason for that is these components and thus the dataviews component may be bundled to all the consumer plugins that import components package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do these
threats
specific components belong to the genericcomponents
package?
Personally I'd say no. I think the components package should have stick to things that would be very widely useful. But I can't speak for all of Garage on this, that's just my own view.
You might also ask @Automattic/jetpack-agora, I think they still do work on the package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@manzoorwanijk @anomiex @Automattic/jetpack-agora
We have initially included these components here as:
- they are candidates for re-use across Jetpack projects (notably the Jetpack and Protect plugins)
- there are existing product/feature specific components in the package (
BoostScoreBar
,BoostScoreGraph
, etc) - These threat components rely on other Jetpack components (Button, Badge, Text) so we would need the
scan
package to depend oncomponents
. Thecomponents
package extends thetsconfig.base.json
config, and the use of"moduleResolution": "bundler"
is incompatible with thescan
package's current use oftsconfig.tsc.json
. Though we could address this somehow I'm sure.
To avoid weighing down the main components
package, we can definitely look into the possibility of distributing these components elsewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The
components
package extends thetsconfig.base.json
config, and the use of"moduleResolution": "bundler"
is incompatible with thescan
package's current use oftsconfig.tsc.json
. Though we could address this somehow I'm sure.
Probably just switching the import
statements to use .js
extensions (and explicit index.js
instead of directory includes) would be sufficient.
OTOH, fully switching it to generate a build directory, along the lines of what #40299 did for scan, wouldn't be a bad thing for someone to do. It'd make the package more usable outside the monorepo.
Resolves https://github.com/Automattic/jetpack-scan-team/issues/1512
Proposed changes:
ThreatsDataViews
component for displaying threats identified by Jetpack Scan.table
andlist
views.Badge
component.ThreatSeverityBadge
component to also use the newBadge
component.IconTooltip
component.scan
package, and implements them in the above components.Other information:
Jetpack product discussion
p1HpG7-uIo-p2
Does this pull request change what data or activity we track or use?
No
Testing instructions:
cd projects/js-packages/storybook && pnpm storybook:dev
Screenshots