diff --git a/.buildkite/commands/package_windows.ps1 b/.buildkite/commands/package_windows.ps1 index f30bf9fca..406ba2812 100644 --- a/.buildkite/commands/package_windows.ps1 +++ b/.buildkite/commands/package_windows.ps1 @@ -42,7 +42,7 @@ Write-Host "--- :npm: Installing dependencies" npm ci --legacy-peer-deps Write-Host "--- :lock_with_ink_pen: Decrypting secrets" -make decrypt_conf_production +make decrypt_conf Write-Host "--- :node: Building app" make build diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 8f30241b2..57222b3e5 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -55,7 +55,7 @@ steps: install_gems bundle exec fastlane configure_code_signing echo "--- Decrypt secrets" - make decrypt_conf_production + make decrypt_conf bundle exec fastlane run configure_apply echo "--- Build" make build @@ -92,10 +92,10 @@ steps: - $NVM_PLUGIN command: | .buildkite/commands/install_node_dependencies.sh + echo "--- Decrypt secrets" + make decrypt_conf echo "--- Build" make build - echo "--- Decrypt secrets" - make decrypt_conf_production echo "--- Package" make package-linux SKIP_BUILD=true env: diff --git a/Makefile b/Makefile index 04d4c30f7..f20bc9f37 100644 --- a/Makefile +++ b/Makefile @@ -11,8 +11,7 @@ THIS_MAKEFILE_PATH := $(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST)) THIS_DIR := $(shell cd $(dir $(THIS_MAKEFILE_PATH));pwd) CONF_FILE_ENCRYPTED=./resources/secrets/config.json.enc -CONF_FILE_LOCAL=./config-local.json -CONF_FILE=./config.json +CONF_FILE=./config-local.json NPM ?= $(NODE) $(shell which npm) NPM_BIN = $(shell npm bin) @@ -205,34 +204,26 @@ lint-js: # 'private' task for echoing instructions _pwd_prompt: +ifeq ($(strip $(CI)),) @echo "Check the secret store for Simplenote!" +else + @echo "Use input disabled because running in CI (CI env var set)" +endif +OPENSSL_CMD=openssl aes-256-cbc -pbkdf2 +DECRYPT_CMD=${OPENSSL_CMD} -d -in ${CONF_FILE_ENCRYPTED} -out ${CONF_FILE} # to create config for local development decrypt_conf: _pwd_prompt - openssl aes-256-cbc -d -in ${CONF_FILE_ENCRYPTED} -out ${CONF_FILE_LOCAL} -pbkdf2 - -# for updating the stored config with the local values -encrypt_conf: _pwd_prompt - openssl aes-256-cbc -e -in ${CONF_FILE_LOCAL} -out ${CONF_FILE_ENCRYPTED} -pbkdf2 - -# There's likely a neater way to conditionally decrypt the config but: -# -# - This was added in the context of a time restricted effort to deploy a new version -# - It seems safer to add a new task rather than modifying existing ones and meddling with the dependencies tree -# - config.json is tracked under Git, which means we ought to be extra careful with the edits that go into it. We don't want leakages -decrypt_conf_production: ifeq ($(strip $(CI)),) - $(error "'make decrypt_conf' should only run in CI environments!") + ${DECRYPT_CMD} else -ifeq ($(NODE_ENV),production) - @echo "$(CONF_FILE) not found. Attempting to decode because running for prod (NODE_ENV = $(NODE_ENV))..." ifeq ($(strip $(SECRETS_ENCRYPTION_KEY)),) $(error Could not decode $(CONF_FILE) because SECRETS_ENCRYPTION_KEY is missing from environment.) else - @openssl aes-256-cbc -d -in $(CONF_FILE_ENCRYPTED) -out $(CONF_FILE) -pbkdf2 -k ${SECRETS_ENCRYPTION_KEY} - @echo "Successfully decoded $(CONF_FILE_ENCRYPTED) into $(CONF_FILE)." -endif -else - @echo "Will not attempt to decode $(CONF_FILE_ENCRYPTED) because not running in production (NODE_ENV = $(NODE_ENV))." + @${DECRYPT_CMD} -k ${SECRETS_ENCRYPTION_KEY} endif endif + +# for updating the stored config with the local values +encrypt_conf: _pwd_prompt + ${OPENSSL_CMD} -e -in ${CONF_FILE} -out ${CONF_FILE_ENCRYPTED} diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 2e714252d..8df796535 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -10,7 +10,7 @@ ### Other Changes -- Updated dependencies, build pipeline and documentation [#3183](https://github.com/Automattic/simplenote-electron/pull/3183), [#3097](https://github.com/Automattic/simplenote-electron/pull/3097), [#3194](https://github.com/Automattic/simplenote-electron/pull/3194), [#3195](https://github.com/Automattic/simplenote-electron/pull/3195) +- Updated dependencies, build pipeline and documentation [#3183](https://github.com/Automattic/simplenote-electron/pull/3183), [#3097](https://github.com/Automattic/simplenote-electron/pull/3097), [#3194](https://github.com/Automattic/simplenote-electron/pull/3194), [#3195](https://github.com/Automattic/simplenote-electron/pull/3195), [#3218](https://github.com/Automattic/simplenote-electron/pull/3218), [#3223](https://github.com/Automattic/simplenote-electron/pull/3223) ## [v2.21.0] diff --git a/get-config.js b/get-config.js index 0bd0c3497..70fb07941 100644 --- a/get-config.js +++ b/get-config.js @@ -1,18 +1,7 @@ -function readLocalConfig() { - try { - const config = require('./config-local'); - if (typeof config === 'function') { - throw new Error('Invalid config file. Config must be JSON.'); - } - return config; - } catch { - return false; - } -} - function readConfig() { + const configPath = './config-local'; try { - const config = require('./config'); + const config = require(configPath); if (typeof config === 'function') { throw new Error('Invalid config file. Config must be JSON.'); } @@ -20,9 +9,8 @@ function readConfig() { } catch (e) { // eslint-disable-next-line no-console console.error( - 'Could not read in the required configuration file.\n' + - 'This file should exist as `config.json` inside the project root directory.\n' + - 'Please consult the project README.md for further information.\n' + `Could not load the required configuration file at ${configPath}.\n` + + 'Please consult the project README.md for further information.' ); throw e; @@ -30,7 +18,7 @@ function readConfig() { } function getConfig() { - var config = readLocalConfig() || readConfig(); + var config = readConfig(); var pkg = require('./package.json'); config.version = pkg.version; return config; diff --git a/package-lock.json b/package-lock.json index 2ad12f49a..54e6bcdc3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6746,12 +6746,13 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, + "license": "MIT", "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -10546,10 +10547,11 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, + "license": "MIT", "dependencies": { "to-regex-range": "^5.0.1" }, @@ -12108,6 +12110,7 @@ "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true, + "license": "MIT", "engines": { "node": ">=0.12.0" } @@ -19592,6 +19595,7 @@ "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", "dev": true, + "license": "MIT", "dependencies": { "is-number": "^7.0.0" }, @@ -20912,9 +20916,10 @@ } }, "node_modules/ws": { - "version": "8.16.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.16.0.tgz", - "integrity": "sha512-HS0c//TP7Ina87TfiPUz1rQzMhHrl/SG2guqRcTOIUYD2q8uhUdNHZYJUaQ8aTGPzCh+c6oawMKW35nFl1dxyQ==", + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz", + "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==", + "license": "MIT", "engines": { "node": ">=10.0.0" }, diff --git a/package.json b/package.json index 20ec6d03a..2eb13b320 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "@babel/preset-env": "7.24.5", "@babel/preset-react": "7.24.1", "@babel/preset-typescript": "7.24.1", - "@electron/notarize": "2.3.0", + "@electron/notarize": "2.3.2", "@testing-library/react": "12.1.5", "@types/cookie": "0.6.0", "@types/debug": "4.1.12", @@ -78,7 +78,6 @@ "debug": "4.3.4", "electron": "30.0.2", "electron-builder": "24.13.3", - "@electron/notarize": "2.3.2", "eslint": "8.57.0", "eslint-config-prettier": "9.1.0", "eslint-plugin-jest": "28.5.0", diff --git a/webpack.config.js b/webpack.config.js index 56374c96d..cb9dbec39 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -75,9 +75,9 @@ module.exports = () => { ], }, resolve: { - // fallback: { - // setImmediate: require.resolve('setimmediate/'), - // }, + fallback: { + './config-local': require.resolve('./config'), // fallback to config.json if config-local.json is missing + }, extensions: ['.js', '.jsx', '.json', '.scss', '.css', '.ts', '.tsx'], modules: ['node_modules'], },