inteligr8/alfresco-content-app
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-content-app.git synced 2025-09-17 14:21:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-10100][Security] Remove npx usage from CI/CD and shell scripts to mitigate supply chain risks (#4795)

Browse Source
This commit is contained in:
dominikiwanekhyland
2025-09-16 10:12:28 +02:00
committed by GitHub
parent ccc08db8a4
commit 66720be7c0
28 changed files with 184 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/before-e2e/action.yml vendored
View File

@@ -6,4 +6,4 @@ runs:
steps:
- name: Check content UP
shell: bash
run: ./node_modules/@alfresco/adf-cli/bin/adf-cli check-cs-env --host $BASE_URL -u $ADMIN_EMAIL -p $ADMIN_PASSWORD || exit 1
run: npm run ci:check-env || exit 1

4
.github/actions/publish-libs/action.yml vendored
View File

@@ -29,7 +29,9 @@ runs:
- name: Build Libraries
shell: bash
run: npm ci && npx nx run-many --target=build
run: |
npm ci
npm run ci:build:many
- uses: actions/setup-node@v4
name: setup GH registry

2
.github/actions/run-e2e-playwright/action.yml vendored
View File

@@ -30,4 +30,4 @@ runs:
printf "\nApplication is ready.\n"
echo "Running playwright tests with options ${{ inputs.options }}"
npx nx run ${{ inputs.options }}-e2e:e2e
E2E_TARGET=${{ inputs.options }} npm run ci:e2e

9
.github/workflows/pull-request.yml vendored
View File

@@ -55,7 +55,7 @@ jobs:
run: npm run affected:lint -- --base=origin/develop
- name: lint all
if: ${{ github.event_name != 'pull_request' }}
run: npx nx run-many --target=lint
run: npm run ci:lint
- run: npm run stylelint
build:
@@ -80,7 +80,7 @@ jobs:
with:
name: npm-logs
path: /home/runner/.npm/_logs/
- run: npx nx build aca-playwright-shared
- run: npm run ci:build -- aca-playwright-shared
- run: npm run build -- $BUILD_OPTS
- name: dist cache
@@ -119,7 +119,7 @@ jobs:
- name: Test all
if: ${{ github.event_name != 'pull_request' }}
run: npx nx run-many --target=test --browsers=ChromeHeadless --watch=false $TEST_OPTS
run: npm run ci:test -- $TEST_OPTS
e2es-playwright:
needs: [lint, build, unit-tests]
@@ -203,8 +203,7 @@ jobs:
uses: ./.github/actions/before-e2e
- name: Before playwright
shell: bash
run: npx playwright install chromium
run: npm run ci:playwright:install
- uses: ./.github/actions/run-e2e-playwright
with:

6
.github/workflows/run-e2e-with-env.yml vendored
View File

@@ -45,7 +45,7 @@ jobs:
cache: 'npm'
- uses: ./.github/actions/before-install
- run: npm ci
- run: npx nx build aca-playwright-shared
- run: npm run ci:build -- aca-playwright-shared
- run: npm run build -- $BUILD_OPTS
- name: dist cache
@@ -128,12 +128,12 @@ jobs:
uses: ./.github/actions/before-e2e
- name: Before playwright
shell: bash
run: npx playwright install chromium
run: npm run ci:playwright:install
- uses: ./.github/actions/run-e2e-playwright
with:
options: "${{ matrix.e2e-suites.name }}"
artifact-name: ${{ matrix.e2e-suites.name }}
test-runner: playwright
- uses: ./.github/actions/after-e2e

5
.husky/pre-commit
View File

@@ -1,4 +1 @@
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"
npx lint-staged
lint-staged

2
e2e/playwright/authentication/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/authentication/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/authentication/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/copy-move-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/copy-move-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/copy-move-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/create-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/create-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/create-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/delete-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/delete-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/delete-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/edit-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/edit-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/edit-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/favorite-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/favorite-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/favorite-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/folder-information-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/folder-information-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/folder-information-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/folder-rules/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/folder-rules/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/folder-rules/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/info-drawer/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/info-drawer/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/info-drawer/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/library-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/library-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/library-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/list-views/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/list-views/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/list-views/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/navigation/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/navigation/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/navigation/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/pagination/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/pagination/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/pagination/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/search/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/search/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/search/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/share-action/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/share-action/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/share-action/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/smoke-test/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/smoke-test/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/smoke-test/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/special-permissions-actions-available/project.json
View File

@@ -8,7 +8,7 @@
"executor": "nx:run-commands",
"options": {
"commands": [
"npx playwright test --config=e2e/playwright/special-permissions-actions-available/playwright.config.ts"
"playwright test --config=e2e/playwright/special-permissions-actions-available/playwright.config.ts"
]
},
"configurations": {

2
e2e/playwright/upload-download-actions/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/upload-download-actions/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/upload-download-actions/playwright.config.ts"]
},
"configurations": {
"production": {

2
e2e/playwright/viewer/project.json
View File

@@ -7,7 +7,7 @@
"e2e": {
"executor": "nx:run-commands",
"options": {
"commands": ["npx playwright test --config=e2e/playwright/viewer/playwright.config.ts"]
"commands": ["playwright test --config=e2e/playwright/viewer/playwright.config.ts"]
},
"configurations": {
"production": {

134
package-lock.json generated
View File

@@ -100,7 +100,8 @@
"stylelint": "^15.11.0",
"stylelint-config-standard-scss": "^7.0.1",
"ts-node": "^10.9.2",
"typescript": "5.8.2"
"typescript": "5.8.2",
"webpack-bundle-analyzer": "^4.10.2"
}
},
"node_modules/@adobe/css-tools": {
@@ -9962,6 +9963,13 @@
"node": ">=18"
}
},
"node_modules/@polka/url": {
"version": "1.0.0-next.29",
"resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.29.tgz",
"integrity": "sha512-wwQAWhWSuHaag8c4q/KN/vCoeOJYshAIvMQwD4GpSb3OiZklFfvAgmj0VCBBImRpuF/aFgIRzllXlVX93Jevww==",
"dev": true,
"license": "MIT"
},
"node_modules/@reportportal/agent-js-playwright": {
"version": "5.1.11",
"resolved": "https://registry.npmjs.org/@reportportal/agent-js-playwright/-/agent-js-playwright-5.1.11.tgz",
@@ -15742,6 +15750,13 @@
"integrity": "sha512-oaMBel6gjolK862uaPQOVTA7q3TZhuSvuMQAAglQDOWYO9A91IrAOUJEyKVlqJlHE0vq5p5UXxzdPfMH/x6xNg==",
"license": "MIT"
},
"node_modules/debounce": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz",
"integrity": "sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug==",
"dev": true,
"license": "MIT"
},
"node_modules/debug": {
"version": "4.4.1",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz",
@@ -16232,6 +16247,13 @@
"node": ">= 0.4"
}
},
"node_modules/duplexer": {
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz",
"integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==",
"dev": true,
"license": "MIT"
},
"node_modules/eastasianwidth": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
@@ -18907,6 +18929,22 @@
"dev": true,
"license": "MIT"
},
"node_modules/gzip-size": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz",
"integrity": "sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q==",
"dev": true,
"license": "MIT",
"dependencies": {
"duplexer": "^0.1.2"
},
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/hachure-fill": {
"version": "0.5.2",
"resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz",
@@ -27767,6 +27805,21 @@
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/sirv": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/sirv/-/sirv-2.0.4.tgz",
"integrity": "sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"@polka/url": "^1.0.0-next.24",
"mrmime": "^2.0.0",
"totalist": "^3.0.0"
},
"engines": {
"node": ">= 10"
}
},
"node_modules/sisteransi": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",
@@ -29338,6 +29391,16 @@
"node": ">=0.6"
}
},
"node_modules/totalist": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz",
"integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=6"
}
},
"node_modules/tr46": {
"version": "0.0.3",
"resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
@@ -30493,6 +30556,75 @@
}
}
},
"node_modules/webpack-bundle-analyzer": {
"version": "4.10.2",
"resolved": "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz",
"integrity": "sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@discoveryjs/json-ext": "0.5.7",
"acorn": "^8.0.4",
"acorn-walk": "^8.0.0",
"commander": "^7.2.0",
"debounce": "^1.2.1",
"escape-string-regexp": "^4.0.0",
"gzip-size": "^6.0.0",
"html-escaper": "^2.0.2",
"opener": "^1.5.2",
"picocolors": "^1.0.0",
"sirv": "^2.0.3",
"ws": "^7.3.1"
},
"bin": {
"webpack-bundle-analyzer": "lib/bin/analyzer.js"
},
"engines": {
"node": ">= 10.13.0"
}
},
"node_modules/webpack-bundle-analyzer/node_modules/@discoveryjs/json-ext": {
"version": "0.5.7",
"resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz",
"integrity": "sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=10.0.0"
}
},
"node_modules/webpack-bundle-analyzer/node_modules/commander": {
"version": "7.2.0",
"resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz",
"integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">= 10"
}
},
"node_modules/webpack-bundle-analyzer/node_modules/ws": {
"version": "7.5.10",
"resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz",
"integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=8.3.0"
},
"peerDependencies": {
"bufferutil": "^4.0.1",
"utf-8-validate": "^5.0.2"
},
"peerDependenciesMeta": {
"bufferutil": {
"optional": true
},
"utf-8-validate": {
"optional": true
}
}
},
"node_modules/webpack-dev-middleware": {
"version": "7.4.2",
"resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-7.4.2.tgz",

20
package.json
View File

@@ -9,7 +9,7 @@
"build.release": "npm run build -- --configuration=production,release",
"test": "nx test",
"lint": "NODE_OPTIONS=--max_old_space_size=4096 nx run-many --all --target=lint",
"inspect.bundle": "nx build content-ce --configuration production --stats-json && npx webpack-bundle-analyzer dist/content-ce/stats.json",
"inspect.bundle": "nx build content-ce --configuration production --stats-json && webpack-bundle-analyzer dist/content-ce/stats.json",
"prepare": "husky install",
"stylelint": "stylelint \"{app,projects}/**/*.scss\"",
"affected:build": "nx affected:build",
@@ -22,8 +22,19 @@
"print-affected:build": "nx print-affected --target=build --select=tasks.target.project",
"print-affected:test": "nx print-affected --target=test --select=tasks.target.project",
"print-affected:lint": "nx print-affected --target=lint --select=tasks.target.project",
"lintfix": "nx affected:lint --fix"
},
"lintfix": "nx affected:lint --fix",
"ci:lint": "nx run-many --target=lint",
"ci:test": "nx run-many --target=test --browsers=ChromeHeadless --watch=false",
"ci:build": "nx build",
"ci:build:many": "nx run-many --target=build",
"ci:playwright:install": "playwright install chromium",
"ci:e2e": "nx run $E2E_TARGET-e2e:e2e",
"ci:audit": "adf-cli audit -d docs/audit",
"ci:licenses": "adf-cli licenses -d docs/licences",
"ci:changelog": "adf-cli changelog -o docs/changelog --exclude=\"bot\\|Alfresco Build User\\|alfresco-build\"",
"ci:check-env": "adf-cli check-cs-env --host $BASE_URL -u $ADMIN_EMAIL -p $ADMIN_PASSWORD"
}
,
"repository": {
"type": "git",
"url": "https://github.com/Alfresco/alfresco-content-app.git"
@@ -121,6 +132,7 @@
"stylelint": "^15.11.0",
"stylelint-config-standard-scss": "^7.0.1",
"ts-node": "^10.9.2",
"typescript": "5.8.2"
"typescript": "5.8.2",
"webpack-bundle-analyzer": "^4.10.2"
}
}

6
scripts/generate-reports.sh
View File

@@ -2,6 +2,6 @@
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
npx @alfresco/adf-cli@latest audit -d $DIR/docs/audit
npx @alfresco/adf-cli@latest licenses -d $DIR/docs/licences
npx @alfresco/adf-cli@alpha changelog -o $DIR/docs/changelog --exclude="bot\|Alfresco Build User\|alfresco-build"
npm run ci:audit
npm run ci:licenses
npm run ci:changelog