Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: always use latest apollo sandbox #2686

Conversation

gitxiongpan
Copy link
Contributor

@gitxiongpan gitxiongpan commented Jun 21, 2023

I am not sure whether there are any securiy concerns regarding loading latest apollo sanbox by default. For me, it makes sense to auto load the latest version.

I have:

  • Added tests covering the bug / feature (see testing)
  • Updated any relevant documentation (see docs)

@coveralls
Copy link

coveralls commented Jun 21, 2023

Coverage Status

coverage: 79.177% (+0.02%) from 79.16% when pulling d955b63 on gitxiongpan:feat/always-use-latest-apollo-sanbox into ee6add4 on 99designs:master.

@StevenACoffman StevenACoffman changed the title feat: always use latest apollo sanbox feat: always use latest apollo sandbox Jun 21, 2023
@StevenACoffman
Copy link
Collaborator

See #2581 for the history of this Apollo Sandbox playground feature.

The url https://embeddable-sandbox.cdn.apollographql.com/ will allow you to list the contents of the S3 bucket. I made a dumb script to figure out the latest one from the S3 bucket and calculate the Subresource Integrity. This script is https://gist.github.com/StevenACoffman/2f15cd2e64f107d1a9a5f10f9748e1b0 and when I run it:

CDN_FILE=https://embeddable-sandbox.cdn.apollographql.com/7212121cad97028b007e974956dc951ce89d683c/embeddable-sandbox.umd.production.min.js
curl -s $CDN_FILE | openssl dgst -sha256 -binary | openssl base64 -A; echo

ldbSJ7EovavF815TfCN50qKB9AMvzskb9xiG71bmg2I=

So instead of setting it to "_latest" and having to forego the subresource integrity check, let's just update both to that and now we can try to remember to periodically run this dumb script and update it. Ok?

@chadxzs
Copy link

chadxzs commented Jun 22, 2023

perhaps something that could help is a GitHub Action to run the script and issue a PR on a cronjob schedule. I've not personally done this but a quick search shows GitHub has a 1st-class action for it.

@StevenACoffman StevenACoffman merged commit abc3c62 into 99designs:master Jun 22, 2023
@StevenACoffman
Copy link
Collaborator

Thanks for this PR! Looking forward to your next PR.

@gitxiongpan gitxiongpan deleted the feat/always-use-latest-apollo-sanbox branch June 25, 2023 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants