From 5ea6263c129678dfc8136fada9a5d3d487981b9c Mon Sep 17 00:00:00 2001 From: Kat Hagan Date: Tue, 14 May 2024 15:57:39 -0400 Subject: [PATCH] Build: Update the deploy script and config file encryption (#3195) * add --legacy-peer-deps flag in deploy script * update options in circleCI config * maybe we do need force * add encrypt/decrypt conf to Makefile, update README instructions, re-encrypt config with up-to-date encryption method, upgrade packages in vip/package.json * update decryption on circleCI * punctuation * error message if an invalid deploy target is specified --- .circleci/config.yml | 2 +- Makefile | 18 ++++++++++++++++++ README.md | 12 +++++++----- bin/deploy.sh | 5 +++-- resources/secrets/config.json.enc | Bin 192 -> 192 bytes vip/package.json | 4 ++-- 6 files changed, 31 insertions(+), 10 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index facfe1d84..c76bee6cd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,7 +10,7 @@ references: command: | openssl aes-256-cbc -md md5 -d -in ./resources/certificates/win.p12.enc -out ./resources/certificates/win.p12 -k ${SECRETS_ENCRYPTION_KEY_2024} openssl aes-256-cbc -md md5 -d -in ./resources/certificates/mac.p12.enc -out ./resources/certificates/mac.p12 -k ${SECRETS_ENCRYPTION_KEY} - openssl aes-256-cbc -md md5 -d -in ./resources/secrets/config.json.enc -out ./config.json -k ${SECRETS_ENCRYPTION_KEY} + openssl aes-256-cbc -d -in ./resources/secrets/config.json.enc -out ./config.json -pbkdf2 -k ${SECRETS_ENCRYPTION_KEY} job_filters: &job_filters branches: ignore: diff --git a/Makefile b/Makefile index 8b42a5152..f7cea4c44 100644 --- a/Makefile +++ b/Makefile @@ -173,3 +173,21 @@ lint-scss: .PHONY: lint-js lint-js: @npx eslint --ignore-path .gitignore "**/*.{js,jsx,ts,tsx}" + + +# encrypted config file +.PHONY: _pwd_prompt decrypt_conf encrypt_conf + +CONF_FILE=./resources/secrets/config.json.enc + +# 'private' task for echoing instructions +_pwd_prompt: + @echo "Check the secret store for Simplenote!" + +# to create config +decrypt_conf: _pwd_prompt + openssl aes-256-cbc -d -in ${CONF_FILE} -out ./config-local.json -pbkdf2 + +# for updating config +encrypt_conf: _pwd_prompt + openssl aes-256-cbc -e -in config-local.json -out ${CONF_FILE} -pbkdf2 diff --git a/README.md b/README.md index ad4c6d635..231c4618d 100644 --- a/README.md +++ b/README.md @@ -6,15 +6,17 @@ A Simplenote [React](https://reactjs.org/) client packaged in [Electron](https:/ ## Running +**Read this first!!** Local development is currently not supported if you don't have an existing account on the test server or access to the production credentials. This is because the move to an email-first signup flow has made it impossible to create accounts in the test database. We hope to be able to support an open-source development workflow again in the future. + 1. Clone the repo: `git clone https://github.com/Automattic/simplenote-electron.git` 2. `cd simplenote-electron` 3. `npm install --legacy-peer-deps` (This flag is necessary because `react-monaco-editor` is pinned to a specific `monaco-editor` dependency, but `npm` [considers minor versions to be breaking changes for sub-1.0.0 apps](https://stackoverflow.com/questions/62629878/why-doesnt-npm-upgrade-install-my-0-0-1-dep-with-a-dependency-on-0-0-0)) -4. `npm run dev` -5. The dev server will start on [http://localhost:4000](http://localhost:4000), and the Electron app will launch automatically. -6. For all logging from Electron to be printed to the terminal (e.g. `console.log` statements within `app.js`), you might need to set `env ELECTRON_ENABLE_LOGGING=1`. -7. Sign up for a new account within the app. Use the account for **testing purposes only** as all note data will be periodically cleared out on the server. +4. Decrypt the config file using `make decrypt_conf`. +5. `npm run dev` +6. The dev server will start on [http://localhost:4000](http://localhost:4000), and the Electron app will launch automatically. +7. For all logging from Electron to be printed to the terminal (e.g. `console.log` statements within `app.js`), you might need to set `env ELECTRON_ENABLE_LOGGING=1`. -_Note: Simplenote API features such as sharing and publishing will not work with development builds. Due to a limitation of `make` installation paths used for build cannot have spaces._ +_Note: Simplenote API features such as sharing and publishing will not work with development builds. Due to a limitation of `make`, installation paths used for build cannot have spaces._ ## Building diff --git a/bin/deploy.sh b/bin/deploy.sh index 963146fe0..a57190224 100755 --- a/bin/deploy.sh +++ b/bin/deploy.sh @@ -31,12 +31,13 @@ case $1 in ;; *) + echo "Deploy environment must be one of: production, develop, staging" exit 0 ;; esac # Install Node Modules -npm install +npm install --legacy-peer-deps # Temporarily move config-local so it doesn't get overwritten mv config-local.json config-local.original.json @@ -81,4 +82,4 @@ echo "Deployed Successfully!" git checkout trunk -exit 0 \ No newline at end of file +exit 0 diff --git a/resources/secrets/config.json.enc b/resources/secrets/config.json.enc index 9cc1d6337f0ca71bfc1269aa8dc32d114d99bb91..a51a4c1f98823749e832068a7061932bd78e9487 100644 GIT binary patch literal 192 zcmV;x06+gzVQh3|WM5y5^AU27;jY2B0^%Uu1O5XQ#-#m~~`XY)K(#5>l!!@wN&PWgp_0Si%oqacatrK_T_1RA}P$e3+p&8@s-N zf+`3f9+-!&Z0<3`uFYlE8u3Rh>d5(Pz_QfyxLe$KI1YpMvu2A+MEr)%9px((GItEc ukM(!1q01lpN_5*_gGE-ox;t!+v3y`aPtFS9nHKQ-ONW8{{r*wW?K16$L1SJ3 diff --git a/vip/package.json b/vip/package.json index 5ad011448..2e792a683 100644 --- a/vip/package.json +++ b/vip/package.json @@ -12,7 +12,7 @@ "url": "git://github.com/Automattic/simplenote-electron.git" }, "dependencies": { - "@automattic/vip-go": "0.3.3", - "express": "4.17.1" + "@automattic/vip-go": "1.1.0", + "express": "4.19.2" } }