Prioritize config-local and update dependencies (#3223)

Co-authored-by: Gio Lodi <[email protected]>
Automattic · Jun 24, 2024 · f5ff6a1 · f5ff6a1
1 parent f4f96b1
commit f5ff6a1
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 59 deletions.
diff --git a/.buildkite/commands/package_windows.ps1 b/.buildkite/commands/package_windows.ps1
@@ -42,7 +42,7 @@ Write-Host "--- :npm: Installing dependencies"
 npm ci --legacy-peer-deps
 
 Write-Host "--- :lock_with_ink_pen: Decrypting secrets"
-make decrypt_conf_production
+make decrypt_conf
 
 Write-Host "--- :node: Building app"
 make build

diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml
@@ -55,7 +55,7 @@ steps:
       install_gems
       bundle exec fastlane configure_code_signing
       echo "--- Decrypt secrets"
-      make decrypt_conf_production
+      make decrypt_conf
       bundle exec fastlane run configure_apply
       echo "--- Build"
       make build
@@ -92,10 +92,10 @@ steps:
       - $NVM_PLUGIN
     command: |
       .buildkite/commands/install_node_dependencies.sh
+      echo "--- Decrypt secrets"
+      make decrypt_conf
       echo "--- Build"
       make build
-      echo "--- Decrypt secrets"
-      make decrypt_conf_production
       echo "--- Package"
       make package-linux SKIP_BUILD=true
     env:

diff --git a/Makefile b/Makefile
@@ -11,8 +11,7 @@ THIS_MAKEFILE_PATH := $(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
 THIS_DIR := $(shell cd $(dir $(THIS_MAKEFILE_PATH));pwd)
 
 CONF_FILE_ENCRYPTED=./resources/secrets/config.json.enc
-CONF_FILE_LOCAL=./config-local.json
-CONF_FILE=./config.json
+CONF_FILE=./config-local.json
 
 NPM ?= $(NODE) $(shell which npm)
 NPM_BIN = $(shell npm bin)
@@ -205,34 +204,26 @@ lint-js:
 
 # 'private' task for echoing instructions
 _pwd_prompt:
+ifeq ($(strip $(CI)),)
 	@echo "Check the secret store for Simplenote!"
+else
+	@echo "Use input disabled because running in CI (CI env var set)"
+endif
 
+OPENSSL_CMD=openssl aes-256-cbc -pbkdf2
+DECRYPT_CMD=${OPENSSL_CMD} -d -in ${CONF_FILE_ENCRYPTED} -out ${CONF_FILE}
 # to create config for local development
 decrypt_conf: _pwd_prompt
-	openssl aes-256-cbc -d -in ${CONF_FILE_ENCRYPTED} -out ${CONF_FILE_LOCAL} -pbkdf2
-
-# for updating the stored config with the local values
-encrypt_conf: _pwd_prompt
-	openssl aes-256-cbc -e -in ${CONF_FILE_LOCAL} -out ${CONF_FILE_ENCRYPTED} -pbkdf2
-
-# There's likely a neater way to conditionally decrypt the config but:
-#
-# - This was added in the context of a time restricted effort to deploy a new version
-# - It seems safer to add a new task rather than modifying existing ones and meddling with the dependencies tree
-# - config.json is tracked under Git, which means we ought to be extra careful with the edits that go into it. We don't want leakages
-decrypt_conf_production:
 ifeq ($(strip $(CI)),)
-	$(error "'make decrypt_conf' should only run in CI environments!")
+	${DECRYPT_CMD}
 else
-ifeq ($(NODE_ENV),production)
-	@echo "$(CONF_FILE) not found. Attempting to decode because running for prod (NODE_ENV = $(NODE_ENV))..."
 ifeq ($(strip $(SECRETS_ENCRYPTION_KEY)),)
 	$(error Could not decode $(CONF_FILE) because SECRETS_ENCRYPTION_KEY is missing from environment.)
 else
-	@openssl aes-256-cbc -d -in $(CONF_FILE_ENCRYPTED) -out $(CONF_FILE) -pbkdf2 -k ${SECRETS_ENCRYPTION_KEY}
-	@echo "Successfully decoded $(CONF_FILE_ENCRYPTED) into $(CONF_FILE)."
-endif
-else
-	@echo "Will not attempt to decode $(CONF_FILE_ENCRYPTED) because not running in production (NODE_ENV = $(NODE_ENV))."
+	@${DECRYPT_CMD} -k ${SECRETS_ENCRYPTION_KEY}
 endif
 endif
+
+# for updating the stored config with the local values
+encrypt_conf: _pwd_prompt
+	${OPENSSL_CMD} -e -in ${CONF_FILE} -out ${CONF_FILE_ENCRYPTED}
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -10,7 +10,7 @@
 
 ### Other Changes
 
-- Updated dependencies, build pipeline and documentation [#3183](https://github.com/Automattic/simplenote-electron/pull/3183), [#3097](https://github.com/Automattic/simplenote-electron/pull/3097), [#3194](https://github.com/Automattic/simplenote-electron/pull/3194), [#3195](https://github.com/Automattic/simplenote-electron/pull/3195)
+- Updated dependencies, build pipeline and documentation [#3183](https://github.com/Automattic/simplenote-electron/pull/3183), [#3097](https://github.com/Automattic/simplenote-electron/pull/3097), [#3194](https://github.com/Automattic/simplenote-electron/pull/3194), [#3195](https://github.com/Automattic/simplenote-electron/pull/3195), [#3218](https://github.com/Automattic/simplenote-electron/pull/3218), [#3223](https://github.com/Automattic/simplenote-electron/pull/3223)
 
 ## [v2.21.0]
 

diff --git a/get-config.js b/get-config.js
@@ -1,36 +1,24 @@
-function readLocalConfig() {
-  try {
-    const config = require('./config-local');
-    if (typeof config === 'function') {
-      throw new Error('Invalid config file. Config must be JSON.');
-    }
-    return config;
-  } catch {
-    return false;
-  }
-}
-
 function readConfig() {
+  const configPath = './config-local';
   try {
-    const config = require('./config');
+    const config = require(configPath);
     if (typeof config === 'function') {
       throw new Error('Invalid config file. Config must be JSON.');
     }
     return config;
   } catch (e) {
     // eslint-disable-next-line no-console
     console.error(
-      'Could not read in the required configuration file.\n' +
-        'This file should exist as `config.json` inside the project root directory.\n' +
-        'Please consult the project README.md for further information.\n'
+      `Could not load the required configuration file at ${configPath}.\n` +
+        'Please consult the project README.md for further information.'
     );
 
     throw e;
   }
 }
 
 function getConfig() {
-  var config = readLocalConfig() || readConfig();
+  var config = readConfig();
   var pkg = require('./package.json');
   config.version = pkg.version;
   return config;

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -46,7 +46,7 @@
     "@babel/preset-env": "7.24.5",
     "@babel/preset-react": "7.24.1",
     "@babel/preset-typescript": "7.24.1",
-    "@electron/notarize": "2.3.0",
+    "@electron/notarize": "2.3.2",
     "@testing-library/react": "12.1.5",
     "@types/cookie": "0.6.0",
     "@types/debug": "4.1.12",
@@ -78,7 +78,6 @@
     "debug": "4.3.4",
     "electron": "30.0.2",
     "electron-builder": "24.13.3",
-    "@electron/notarize": "2.3.2",
     "eslint": "8.57.0",
     "eslint-config-prettier": "9.1.0",
     "eslint-plugin-jest": "28.5.0",

diff --git a/webpack.config.js b/webpack.config.js
@@ -75,9 +75,9 @@ module.exports = () => {
       ],
     },
     resolve: {
-      // fallback: {
-      //   setImmediate: require.resolve('setimmediate/'),
-      // },
+      fallback: {
+        './config-local': require.resolve('./config'), // fallback to config.json if config-local.json is missing
+      },
       extensions: ['.js', '.jsx', '.json', '.scss', '.css', '.ts', '.tsx'],
       modules: ['node_modules'],
     },