Front-end to complement mozilla/addons-server
Перейти к файлу
Stuart Colville e7c4176f1e
Revert base62 upgrade (#4926)
2018-05-03 23:22:43 +01:00
.circleci Fix ui test timeouts (#4901) 2018-04-30 13:03:56 -04:00
assets Tidied up the file a bit 2018-04-05 11:22:44 -07:00
bin Remove all eslint-disable comments for for...of syntax (#4501) 2018-03-05 11:28:40 -05:00
config Remove beta-versions code (#4864) 2018-04-24 20:58:28 +02:00
dist add initial folder layout 2016-02-22 15:03:04 +00:00
docker/etc/pki Update GPG key for yarn 2017-09-13 23:53:25 +01:00
docs Fix i18n docs to have correct command line for committing changes (#4837) 2018-04-18 08:35:57 -04:00
flow fix: Remove babel-plugin-dedent (#2723) 2017-07-11 15:34:33 +01:00
locale Pontoon: Update Turkish (tr) localization of AMO Frontend 2018-05-02 23:51:25 +00:00
src Revert base62 upgrade (#4926) 2018-05-03 23:22:43 +01:00
tests Revert base62 upgrade (#4926) 2018-05-03 23:22:43 +01:00
.ackrc Tell ack to ignore yarn.lock 2017-06-14 15:28:55 -05:00
.babelrc fix: Remove babel-plugin-dedent (#2723) 2017-07-11 15:34:33 +01:00
.eslintignore Add support for i18n dates (fix #1395) 2016-12-23 00:09:54 +00:00
.eslintrc chore(package): update flow-bin to version 0.71.0 (#4917) 2018-05-03 17:50:57 +02:00
.flowconfig Make sure all apps set a default status code (#2891) 2017-08-02 15:36:58 -05:00
.gitignore Show Docker logs again in functional tests (#2727) 2017-07-11 09:58:58 -05:00
.ignore Add an rg .ignore file for better searching (#3386) 2017-10-06 10:43:12 -05:00
.npmrc Add .npmrc 2016-02-22 18:54:24 +00:00
.nsprc chore: Remove exception; fix already applied 2017-12-04 19:38:06 +00:00
.nvmrc chore: Run tests on and support node 8 (fix #3239) 2017-09-30 22:59:41 +01:00
.pyup.yml Add pyup configuration. (#4130) 2018-01-11 11:48:17 -06:00
.snyk [Snyk] Fix for 4 vulnerable dependency paths (#4398) 2018-02-16 14:02:43 -06:00
.stylelintrc chore: Update stylelint rules and fix minor issues found 2018-03-31 18:48:32 +01:00
.travis.yml Re-enable ui tests. (#4780) 2018-04-11 20:56:14 -04:00
.yarnrc Add packages to yarn without ^ prefix (fixes #1587) (#1589) 2017-01-11 08:26:51 -06:00
CODE_OF_CONDUCT.md Fix markdown 2017-04-04 14:20:35 +01:00
CONTRIBUTING.md Add Contributing.md (#2699) 2017-07-06 17:45:34 +01:00
Dockerfile Use local Yarnpkg GPG key in Docker (#3041) 2017-08-31 19:08:00 +02:00
ISSUE_TEMPLATE.md Use proper comments in the issue template (#2401) 2017-05-18 14:30:13 -05:00
LICENSE.txt chore: Add file format to LICENSE 2017-12-24 20:55:34 +00:00
PULL_REQUEST_TEMPLATE.md Fix typo in PR template 2017-07-18 13:04:34 +01:00
README.md Fix `yarn amo` for developing with a local addons-server API (#4349) 2018-02-08 13:29:21 -06:00
jest.config.js Ensure history is defined in the store while testing (#4014) 2017-11-30 08:49:41 -06:00
package.json Revert base62 upgrade (#4926) 2018-05-03 23:22:43 +01:00
postcss.config.js Get UI tests working (#1596) 2017-01-11 13:20:57 -06:00
tox.ini Updated discopane tests and setup server to be able to run in HTTPS m… (#3808) 2018-01-04 09:53:12 -06:00
webpack-common.js API functions for adding an add-on to a collection (#4119) 2018-01-11 10:34:56 -06:00
webpack.dev.config.babel.js chore: Fix webpack accomidations for localForage 1.7.0 2018-03-30 19:57:38 +01:00
webpack.l10n.config.babel.js chore: Fix webpack accomidations for localForage 1.7.0 2018-03-30 19:57:38 +01:00
webpack.prod.config.babel.js Revert base62 upgrade (#4926) 2018-05-03 23:22:43 +01:00
yarn.lock Revert base62 upgrade (#4926) 2018-05-03 23:22:43 +01:00

README.md

Code of Conduct Build Status codecov Documentation

Addons-frontend 🔥

Front-end infrastructure and code to complement mozilla/addons-server.

Security Bug Reports

This code and its associated production website are included in Mozillas web and services bug bounty program. If you find a security vulnerability, please submit it via the process outlined in the program and FAQ pages. Further technical details about this application are available from the Bug Bounty Onramp page.

Please submit all security-related bugs through Bugzilla using the web security bug form.

Never submit security-related bugs through a Github Issue or by email.

Requirements

  • You need Node 6.x which is the current LTS (long term support) release.
  • Install yarn to manage dependencies and run scripts.

The easiest way to manage multiple node versions in development is to use nvm.

Get started

  • type yarn to install all dependencies
  • type yarn amo:stage to start a local server that connects to a hosted staging server

Development commands

Here are some commands you can run:

Command Description
yarn amo Start the dev server/proxy (for amo) using data from Docker
yarn amo:dev Start the dev server/proxy (for amo) using data from the dev server (https://addons-dev.allizom.org/)
yarn amo:no-proxy Start the dev server without a proxy (for amo) using data from Docker
yarn amo:stage Start the dev server/proxy (for amo) using data from the staging server (https://addons.allizom.org/)
yarn disco Start the dev server (for Discovery Pane) using data from the dev server (https://addons-dev.allizom.org/)
yarn flow Run Flow. By default this checks for errors and exits
yarn flow:check Explicitly check for Flow errors and exit
yarn flow:dev Continuously check for Flow errors
yarn eslint Lint the JS
yarn start-func-test-server Start a Docker container for functional tests
yarn stylelint Lint the SCSS
yarn lint Run all the JS + SCSS linters
yarn nsp-check Run nsp to detect dependencies with known vulnerabilities
yarn version-check Check you have the required dependencies
yarn test Run all tests (Enters jest in --watch mode)
yarn test-coverage Run all tests and generate code coverage report (Enters jest in --watch mode)
yarn test-coverage-once Run all tests, generate code coverage report, then exit
yarn test-once Run all tests, run all JS + SCSS linters, then exit
yarn test-ci Run all continuous integration checks. This is only meant to run on TravisCI.

Running tests

You can enter the interactive jest mode by typing yarn test. This is the easiest way to develop new features.

Here are a few tips:

  • When you start yarn test, you can switch to your code editor and begin adding test files or changing existing code. As you save each file, jest will only run tests related to the code you change.
  • If you had typed a when you first started then jest will continue to run the full suite even when you change specific files. Type o to switch back to the mode of only running tests related to the files you are changing.
  • If you see something like Error watching file for changes: EMFILE on Mac OS then brew install watchman might fix it. See https://github.com/facebook/jest/issues/1767

Run a subset of the tests

By default, yarn test will only run a subset of tests that relate to the code you are working on.

To explicitly run a subset of tests, you can type t or p which are explained in the jest watch usage.

Alternatively, you can start the test runner with a specific file or regular expression, like:

yarn test tests/unit/amo/components/TestAddon.js

Run all tests

If you want to run all tests and exit, type:

yarn test-once

Flow

There is limited support for using Flow to check for problems in the source code.

To check for Flow issues during development while you edit files, run:

yarn flow:dev

If you are new to working with Flow, here are some tips:

To add flow coverage to a source file, put a /* @flow */ comment at the top. The more source files you can opt into Flow, the better.

Here is our Flow manifesto:

  • We use Flow to declare the intention of our code and help others refactor it with confidence. Flow also makes it easier to catch mistakes before spending hours in a debugger trying to find out what happened.
  • Avoid magic Flow declarations for any internal code. Just declare a type alias next to the code where it's used and export/import it like any other object.
  • Never import a real JS object just to reference its type. Make a type alias and import that instead.
  • Never add more type annotations than you need. Flow is really good at inferring types from standard JS code; it will tell you when you need to add explicit annotations.
  • When a function like getAllAddons takes object arguments, call its type object GetAllAddonsParams. Example:
type GetAllAddonsParams = {|
  categoryId: number,
|};

function getAllAddons({ categoryId }: GetAllAddonsParams = {}) {
  ...
}
  • Use Exact object types via the pipe syntax ({| key: ... |}) when possible. Sometimes the spread operator triggers an error like 'Inexact type is incompatible with exact type' but that's a bug. You can use the Exact<T> workaround from src/core/types/util if you have to. This is meant as a working replacement for $Exact.
  • Try to avoid loose types like Object or any but feel free to use them if you are spending too much time declaring types that depend on other types that depend on other types, and so on.
  • You can add a $FLOW_FIXME comment to skip a Flow check if you run into a bug or if you hit something that's making you bang your head on the keyboard. If it's something you think is unfixable then use $FLOW_IGNORE instead. Please explain your rationale in the comment and link to a GitHub issue if possible.
  • If you're stumped on why some Flow annotations aren't working, try using the yarn flow type-at-pos ... command to trace which types are being applied to the code. See yarn flow -- --help type-at-pos for details.

Code coverage

To see a report of code coverage, type:

yarn test-coverage-once

This will print a table of files showing the percentage of code coverage. The uncovered lines will be shown in the right column but you can open the full report in a browser:

open coverage/lcov-report/index.html

Running AMO for local development

A proxy server is provided for running the AMO app with the API on the same host as the frontend. This provides a setup that is closer to production than running the frontend on its own. The default configuration for this is to use a local addons-server for the API which can be setup according to the addons-server docs. Docker is the preferred method of running addons-server.

Authentication will work when initiated from addons-frontend and will persist to addons-server but it will not work when logging in from an addons-server page. See mozilla/addons-server#4684 for more information on fixing this.

If you would like to use https://addons-dev.allizom.org for data you should use the yarn amo:dev command. See the table of commands up above for similar hosted options.

Local configuration

If you need to override any settings while running yarn amo, yarn amo:dev, or yarn amo:stage, first create a local config file named exactly like this:

touch config/local-development-amo.js

Make any config changes. For example:

module.exports = {
  trackingEnabled: true,
};

Restart the server to see it take affect.

Consult the config file loading order docs to learn more about how configuration is applied.

Running the Discopane for local development

When running yarn disco, your local server will be configured for a hosted development API. If you want to run your own addons-server API or make any other local changes, you'll need to create a custom config file named exactly like this:

touch config/local-development-disco.js

Here's what local-development-disco.js would look like when overriding the apiHost parameter so that it points to your docker container:

module.exports = {
  apiHost: 'http://olympia.test',
};

Restart the server to see it take affect.

Configuring an Android device for local development

If you want to access your local server on an Android device you will need to change a few settings. Let's say your local machine is accessible on your network at the IP address 10.0.0.1. You could start your server like this:

API_HOST=http://10.0.0.1:3000 \
    SERVER_HOST=10.0.0.1 \
    WEBPACK_SERVER_HOST=10.0.0.1 \
    yarn amo:dev

On your Android device, you could then access the development site at http://10.0.0.1:3000.

NOTE: At this time, it is not possible to sign in with this configuration because the Firefox Accounts client redirects to localhost:3000. You may be able to try a different approach by editing /etc/hosts on your device so that localhost points to your development machine but this has not been fully tested.

Disabling CSP for local development

When developing locally with a webpack server, the randomly generated asset URL will fail our Content Security Policy (CSP) and clutter your console with errors. You can turn off all CSP errors by settings CSP to false in any local config file, such as local-development-amo.js. Example:

module.exports = {
  CSP: false,
};

Working on the documentation

The documentation you are reading right now lives inside the source repository as Github flavored Markdown. When you make changes to these files you can create a pull request to preview them or, better yet, you can use grip to preview the changes locally. After installing grip, run it from the source directory like this:

grip .

Open its localhost URL and you will see the rendered README.md file. As you make edits, it will update automatically.

Building and running services

The following are scripts that are used in deployment - you generally won't need unless you're testing something related to deployment or builds.

The env vars are:

NODE_APP_INSTANCE this is the name of the app e.g. 'disco' NODE_ENV this is the node environment. e.g. production, dev, stage, development.

Script Description
yarn start Starts the express server (requires env vars)
yarn build Builds the libs (all apps) (requires env vars)

Example: Building and running a production instance of the AMO app:

NODE_APP_INSTANCE=amo NODE_ENV=production yarn build
NODE_APP_INSTANCE=amo NODE_ENV=production yarn start

Note: To run the app locally in production mode you'll need to create a config file for local production builds. It must be saved as config/local-production-amo.js and should look like:

import { apiStageHost, amoStageCDN } from './lib/shared';

module.exports = {
  // Statics will be served by node.
  staticHost: '',
  // FIXME: sign-in isn't working.
  // fxaConfig: 'local',

  // The node server host and port.
  serverHost: '127.0.0.1',
  serverPort: 3000,

  enableClientConsole: true,
  apiHost: apiStageHost,
  amoCDN: amoStageCDN,

  CSP: {
    directives: {
      connectSrc: [
        apiStageHost,
      ],
      scriptSrc: [
        "'self'",
        'https://www.google-analytics.com',
      ],
      styleSrc: ["'self'"],
      imgSrc: [
        "'self'",
        'data:',
        amoStageCDN,
        'https://www.google-analytics.com',
      ],
      mediaSrc: ["'self'"],
      fontSrc: [
        "'self'",
        'data:',
        amoStageCDN,
      ],
    },
  },

  // This is needed to serve assets locally.
  enableNodeStatics: true,
  trackingEnabled: false,
  // Do not send client side errors to Sentry.
  publicSentryDsn: null,
};

After this, re-build and restart using yarn build and yarn start as documented above. If you have used localhost before with a different configuration, be sure to clear your cookies.

NOTE: At this time, it's not possible to sign in using this approach.

Working with UX Mocks

When implementing user interfaces you will need to refer to the Sketch mocks that are located in the assets directory. You will need a license to run Sketch and you also need to install some fonts (which are free). Install Fira Sans, Open Sans and Chivo.

What version is deployed?

You can check to see what commit of addons-frontend is deployed by making a request like this:

curl https://addons-dev.allizom.org/__frontend_version__
{
   "build" : "https://circleci.com/gh/mozilla/addons-server/6550",
   "commit" : "87f49a40ee7a5e87d9b9efde8e91b9019e8b13d1",
   "source" : "https://github.com/mozilla/addons-server",
   "version" : ""
}

This will return a 415 response if a version.json file doesn't exist in the root directory. This file is typically generated by the deploy process.

For consistency with monitoring scripts, the same data can be retrieved at this URL:

curl https://addons-dev.allizom.org/__version__

Overview and rationale

This project will hold distinct front-ends e.g:

  • Discovery Pane
  • AMO or addons.mozilla.org

We've made a conscious decision to avoid "premature modularization" and keep this all in one repository. This will help us build out the necessary tooling to support a universal front-end infrastructure without having to worry about cutting packages and bumping versions the entire time.

At a later date if we need to move things out into their own project we still can.

Core technologies

  • Based on Redux + React
  • Code written in ES2015+
  • Universal rendering via node
  • Unit tests with high coverage (aiming for 100%)