-
Notifications
You must be signed in to change notification settings - Fork 796
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added siteinfo step to release #1313
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
patrickarlt
requested changes
Feb 22, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but do you want to write the integrity file to dist/siteData.json
so it becomes part of the release files?
Thanks @patrickarlt. Sounds good - done. |
gavinr
pushed a commit
that referenced
this pull request
Feb 23, 2022
add siteData.json as an allowed file when publishing to NPM. Follow-up to #1313
gavinr
pushed a commit
to Esri/esri-leaflet-cluster
that referenced
this pull request
Feb 25, 2022
gavinr
pushed a commit
to gavinr/esri-leaflet-geocoder
that referenced
this pull request
Feb 28, 2022
jgravois
pushed a commit
to jgravois/esri-leaflet
that referenced
this pull request
Apr 23, 2022
* added siteinfo step to release * save to dist
jgravois
pushed a commit
to jgravois/esri-leaflet
that referenced
this pull request
Apr 23, 2022
add siteData.json as an allowed file when publishing to NPM. Follow-up to Esri#1313
jgravois
pushed a commit
to jgravois/esri-leaflet
that referenced
this pull request
Apr 23, 2022
* added siteinfo step to release * save to dist
jgravois
pushed a commit
to jgravois/esri-leaflet
that referenced
this pull request
Apr 23, 2022
add siteData.json as an allowed file when publishing to NPM. Follow-up to Esri#1313
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds an additional step to the release bash script that generates the ssri integrity string and saves it (and the lib version number) into a JSON file in the root of the repository (
siteData.json
). This is generating the integrity string based on the built file on disk (as opposed to reading it from NPM) for the security/integrity of the process.We will do a similar thing in all the related repositories (
esri-leaflet-geocoder
,esri-leaflet-vector
, etc) so that it will replace the functionality that https://github.com/Esri/esri-leaflet-doc/blob/master/data/integrity.js is currently providing.I got the command from MDN: Subresource Integrity. It does require OpenSSL to be installed on the build machine but I think that's fairly common/standard.