Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(docs): Create SECURITY.md #7682

Closed
wants to merge 1 commit into from
Closed

chore(docs): Create SECURITY.md #7682

wants to merge 1 commit into from

Conversation

dinhomathias
Copy link

You decided to contribute to this project? Great, thanks a lot for pushing it.

This project adheres to the Contributor Covenant code of conduct.
By participating, you are expected to uphold this code. Please file issue to report unacceptable behavior.

This repository has a mono-repo structure consisting of multiple packages. Try to take a look at the packages directory!

Prerequisites

All prerequisites could be installed via script at the end of the chapter

  • pnpm is required because NPM is not reliable and Yarn 2 is not as good as PNPM. Currently we use the latest version 7.x of PNPM, please use the same version to ensure that lockfiles are compatible.
  • For local development, you can use yalc in order to apply changes made to
    electron-builder for your other projects to leverage and test with.
npm i -g pnpm@latest-7
pnpm i yalc -g
  • (unsettled) You may need yarn. See this issue for details. Detailed reports are welcome.
npm i -g yarn

To setup a local dev environment

Follow this chapter to setup an environment from scratch.

git clone https://github.com/electron-userland/electron-builder.git

pushd ./electron-builder
pnpm install
popd

Publish the electron-builder packages to yalc's local store via these commands that you need to run from electron-builder/packages.
Unfortunately,the yalc publish command cannot pass multiple packages.

yalc publish app-builder-lib
yalc publish builder-util
yalc publish builder-util-runtime
yalc publish dmg-builder
yalc publish electron-builder
yalc publish electron-publish
yalc publish electron-builder-squirrel-windows
yalc publish electron-forge-maker-appimage
yalc publish electron-forge-maker-nsis
yalc publish electron-forge-maker-nsis-web
yalc publish electron-forge-maker-snap
yalc publish electron-updater

Now link those packages to your project via the one-liner below (run from your project folder).

yalc link app-builder-lib builder-util builder-util-runtime dmg-builder electron-builder electron-publish electron-builder-squirrel-windows electron-forge-maker-appimage electron-forge-maker-nsis electron-forge-maker-nsis-web electron-forge-maker-snap electron-updater

The magical script for whenever you make changes to electron-builder! Rebuilds electron-builder, and then patches
the npm modules in your project (such as electron-quick-start).
Ready for copy-paste into terminal presuming electron-builder repo is at root level outside your project folder,
otherwise adjust path as necessary.

pushd ../electron-builder
pnpm compile
find packages/ -type d -maxdepth 1 -print0 | xargs -0 -L1 sh -c 'cd "$0" && yalc push'
popd

If you are using Windows and Visual Studio Code(Powershell), please use this.

pushd ..\electron-builder
pnpm compile
Get-ChildItem packages -Directory | Foreach-Object{pushd "$_"; yalc push; popd;}
popd

On Windows cmd.exe:

pushd ..\electron-builder
pnpm compile
for /D %d in (packages\*) do (pushd "%d" & yalc push & popd)
popd

Pull Requests

To check that your contributions match the project coding style make sure pnpm test passes.
To build project run: pnpm i && pnpm compile

If you get strange compilation errors, try to remove all node_modules directories in the project (especially under packages/*).

Git Commit Guidelines

We use semantic-release, so we have very precise rules over how
our git commit messages can be formatted.

Documentation

Documentation files located in the /docs.

/docs is deployed to Netlify on every release and available for all users.

bash netlify-docs.sh to setup local env (Python 3) and build.

Build command: mkdocs build.

Debug Tests

Only IntelliJ Platform IDEs (IntelliJ IDEA,
WebStorm) support debug.

If you use IntelliJ IDEA or WebStorm — ij-rc-producer is used and you
can run tests from an editor (just click on Run green gutter icon).

Or you can create the Node.js run configuration manually:

  • Ensure that Before launch contains Compile TypeScript.
  • Set Node interpreter to NodeJS 8. NodeJS 8 is required to debug.
  • Set Application Parameters to -t "test name" relative-test-file-name if you want to debug particular test. E.g. 
    -t "extraResources - one-package" globTest.js
  • Set Environment Variables:
    • Optionally, TEST_APP_TMP_DIR to some directory (e.g. /tmp/electron-builder-test) to inspect output if test
      uses temporary directory (only if --match is used). Specified directory will be used instead of random
      temporary directory and cleared on each run.

Run Test using CLI

pnpm compile
TEST_APP_TMP_DIR=/tmp/electron-builder-test ./node_modules/.bin/jest --env jest-environment-node-debug -t 'assisted' '/oneClickInstallerTest\.\w+$'

where TEST_APP_TMP_DIR is specified to easily inspect and use test build, assisted is the test name
and /oneClickInstallerTest\.\w+$ is the path to test file.

Issues

When filing an issue please make sure, that you give all information needed.

This includes:

  • description of what you're trying to do
  • package.json
  • log of the terminal output
  • node version
  • npm version
  • on which system do you want to create installers (macOS, Linux or Windows).

@changeset-bot
Copy link

changeset-bot bot commented Jul 21, 2023

⚠️ No Changeset found

Latest commit: 127f561

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@netlify
Copy link

netlify bot commented Jul 21, 2023
edited

Deploy Preview for car-park-attendant-cleat-11576 failed.

Name Link
🔨 Latest commit 127f561
🔍 Latest deploy log https://app.netlify.com/sites/car-park-attendant-cleat-11576/deploys/64babcd5c8d4480009b24866

mmaietta
mmaietta reviewed Jul 22, 2023
View reviewed changes
SECURITY.md
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea on adding this!

Due to the way the changeset versioning package works, I can only maintain the latest major version of electron-builder/updater

Please update this version table to:

electron-builder

| Version | Supported          |
| ------- | ------------------ |
| 24.x    | :white_check_mark: |
| < 24.0  | :x:                |


electron-updater

| Version | Supported          |
| ------- | ------------------ |
| 6.x     | :white_check_mark: |
| < 6.0   | :x:                |

@mmaietta mmaietta changed the title Create SECURITY.md chore(docs): Create SECURITY.md Jul 22, 2023
@github-actions
Copy link
Contributor

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.

@github-actions github-actions bot added the Stale label Sep 21, 2023
@github-actions github-actions bot closed this Oct 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmaietta mmaietta mmaietta left review comments

Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dinhomathias @mmaietta