Граф коммитов

84 Коммитов

Автор SHA1 Сообщение Дата
Vincent 87449ecfba Split build step into separate CI job
This should speed up our CI pipelines, work more towards
consolidating on GitHub Actions, and minimise the RAM usage of a
single CI job.
2024-01-23 17:56:58 +01:00
Vincent 5f0ddb50a7 Pass OneRep sandbox API key to end-to-end tests
That way, it can start up the server without errors.
2024-01-18 15:19:27 +01:00
Vincent 416ad3ded3 Use unique names for GitHub Actions jobs
GitHub allows us to mark jobs as required to merge in PRs, but only
by job name. That means if different workflows have jobs with the
same name, you can only mark all of those jobs as required or not.

I also took the opportunity to clarify some other jobs (primarily,
that the l10n linter only applies to the l10n files).
2024-01-18 09:08:04 +01:00
Vincent b0c2d7b967 Align on Node 20.9 everywhere
Something changed in how V8 measures coverage, it seems, because
running the tests in Node 20.10 results in <100% coverage. Among
the uncovered lines are some inside of `getLocale`, although
running specifically the `getLocale` tests results in full
coverage.

We didn't catch this in CI because CI didn't use the same Node
version as we do locally. This aligns CI and local versions, but
due to the above problem, on Node 20.9.
2023-12-12 17:50:27 +01:00
Raphael Okafor Jr 905829f6bf
Merge branch 'main' into MNTOR-2394-optimize-separate-e2e-cron 2023-11-20 10:38:49 -05:00
mozrokafor 88db03a29c further addressing pr feedbacks 2023-11-20 10:38:20 -05:00
Vincent 1c171812b0 Raise max number of Dependabot PRs
When a bunch of dependencies update around the same time - for
example, when Definitely Typed applies a change to all @types/*
dependencies - the backlog can get clogged up. And when one
dependency update depends on another (e.g. right now, a Next.js
update requires a Next-Auth update), this can result in manually
retriggering Dependabot updates until you get the one you need.

This is annoying, hence this proposal to just deal with more PRs
at once.
2023-11-20 09:58:52 +01:00
mozrokafor a5366ab320 optimized webserver condition 2023-11-13 18:17:36 -05:00
mozrokafor 4ca972fae6 addressing pr feedbacks 2023-11-13 15:27:52 -05:00
mozrokafor 3340fd9fc7 add env variable to run local web server 2023-11-13 13:38:04 -05:00
mozrokafor 83cfaab0ed cron yml should not run on PRs 2023-11-13 13:35:12 -05:00
mozrokafor 1c55a97be9 optimized the e2e suite, separated the yml for cron 2023-11-13 13:20:03 -05:00
mozrokafor ccaf7085df e2e cron for monitor application 2023-10-19 09:41:54 -04:00
Vincent 68f1af1b73 Remove redundant quote 2023-10-16 10:01:05 +02:00
Vincent 7dc4def0c8 Group more Dependabot updates 2023-10-16 09:25:49 +02:00
dependabot[bot] 369ecf5a05
Bump node from 18.12-alpine to 20.5-alpine (#3295)
* Bump node from 18.12-alpine to 20.5-alpine

Bumps node from 18.12-alpine to 20.5-alpine.

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* try bumping all the places to node 20.5

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Raphael Okafor Jr <94625718+mozrokafor@users.noreply.github.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
2023-10-12 21:34:33 -07:00
Florian Zia 96a5d36e8e
chore: Exclude string id dashboard-top-banner-monitor-more-cta from moz-fluent-lint 2023-10-02 21:45:20 +02:00
Robert Helmer f54dacc9bb
CI: Run probe-scraper push action on push and on PRs (#3472)
Co-authored-by: Jan-Erik Rediger <jrediger@mozilla.com>
2023-09-26 11:28:26 -07:00
Vincent 566b7c44b8 Don't run Playwright tests for Dependabot PRs
Secrets are not available in these PRs (because they would be
exposed to mailicious new versions of dependencies), so the
Playwright tests can't run succesfully.

This does mean that the tests will only be run after they are
approved to merge to main.
2023-09-25 14:20:31 +02:00
Vincent 0a99eb30dd Make coverage report available on test failures
If unit tests are flaky (which is more likely to happen when using
non-deterministic faker data), it can be useful to see which code
actually got executed in a test.
2023-09-06 17:36:11 +02:00
Vincent cab4a5f814 Timeout Playwright tests after ten minutes
Most test workflow runs in CI take between 4 and 5 minutes.
However, if e.g. a network error occurs, it keeps running for an
hour until it times out. We can save some energy and still have
plenty of leeway for the near future by setting the timeout to a
lower number :)
2023-09-05 15:38:44 +02:00
mozrokafor ba79ce8edc adding smoke test labels to e2e suite 2023-08-30 10:10:58 -04:00
Vincent fe9d59a5a6 Always lint l10n files
This allows us to make it a required check.
2023-08-16 20:46:07 +02:00
Peter deHaan ae5df5065f
Update reference_linter.yaml (#3268)
Co-authored-by: Vincent <Vinnl@users.noreply.github.com>
Co-authored-by: Francesco Lodolo <flodolo@mozilla.com>
2023-08-14 11:09:57 -07:00
Vincent d5ab9e4cf2
Group related Dependabot updates (#3291)
This should hopefully cut down on some of the noise of ESLint
updates, and ensure that packages that break unless they are
updated together are actually updated together.

See https://github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta/

Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
2023-08-07 09:59:30 -07:00
Joey Zhou 25dd268c0e reverse 2023-08-02 15:09:32 -07:00
mansaj 0085cd6642
Update .github/workflows/playwright.yml
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
2023-08-02 14:50:55 -07:00
Joey Zhou 11bc98e873 trigger another run 2023-08-02 10:52:12 -07:00
mansaj 249929c945 try store version 2023-08-02 10:32:08 -07:00
mansaj f4c0ac825c caching playwright browser 2023-08-02 10:15:41 -07:00
Robert Helmer 7107f728e0
MNTOR-1403 - land mock data, type definition, and faker code for OneRep types (#3166)
* MNTOR-1403 - land mock data, type definition, and faker code for OneRepScan
* base64-encode conflict markers
* do not run on merges to main, just pull requests
2023-07-10 23:50:41 -07:00
Vincent cbff59dbdf Move pendingTranslations.ftl
The direct reason for this change is that moz-fluent-lint added
lint rules that failed on non-reference files (i.e. localised
files), and because `pendingTranslations.ftl` was at the root, the
linter would also cover all those files.

However, now that pending strings are in a separate directory, it's
probably also a good idea to allow for multiple pending translation
files, so that we can later submit them as separate localised files
more easily, and avoid conflicts when working on unrelated
features.
2023-07-05 10:31:04 +02:00
Vincent bdbe4ecc22 Also lint pendingTranslations 2023-06-29 16:58:50 +02:00
Vincent b56993359e
Merge Next.js into `main` (#3116)
* Initialise Next.js app using create-next-app

Command run: npx create-next-app@latest

* Also tell VSCode to format TS and TSX files

* WIP: Sign in with next-auth

* Add Fluent

Unfortunately, since the ReactLocalization object contains
functions, it can't be shared between client and server (because
functions can't be serialized), so in effect every page that uses
localisation has to be a client component.

But at least we can set the correct `lang` attribute on <html> on
the server, so there's that :)

* Copy-paste public breach scan into Next.js

* Halfway migrate public breach list

Did not do: breach icons and getLocale() (for list and date
formatting).

* Enable SSR for localised strings

This allows our pages to be Server Components now.

* Download breach logos in Next.js server

* Tell search engines not to index non-prod envs

* Port existing security headers from Helmet to Next

* Add a 404 page

* Relax CSP in local development

* Set up Next-Auth for server components

It still doesn't work at the moment because the correct redirect
URL hasn't yet been set up on FxA.

* Apply Prettier to Next.js files on commit

* Enable Sass

* feat: Port existing landing page

* fix: Set hibp footer as html

* Wire up Next.js to FxA using iron-session

* feat: Port main layout for authenticated pages

* chore: Get session in layout

* Set up Prettier for VSCode users

* fix: Provide fxa user menu with data

* chore: Format Create Next App template

* Make Next-Auth work with FxA

To test, add the following two variables to your .env:

  NEXTAUTH_URL=http://localhost:6060
  NEXTAUTH_SECRET=<generate using `openssl rand -base64 32`>

You can then add <SignInButton/> to e.g. the landing page to kick
off authentication.

* Port breach-detail page to Next.js

* Add pending translations

* Access session data in React components

* Use Prettier as the formatter in VSCode

* Port Nebula & Protocol tokens into tokens file

* merge: Resolve conflicts

* fix: Move hr into li element

* feat: Handle authenticated users

* chore: Add todo note

* chore: Don’t use default exports for SignInButton and UserMenu

* chore: Move site navigation to client-side component

* Make mozlog work with Next.js

Unfortunately, this required patching the `intel` package. That
said, since that package hasn't been updated in six years, this
should be relatively safe.

The problem is that `intel` was trying to dynamically determine
which modules to load based on which files were present in its
directory. However, since Next.js moves (and presumably bundles)
Node modules into the `.next` folder, it was unable to find the
modules that `mozlog` was expecting to use.

The patch fixes this by simply explicitly importing those four
modules.

* Add back a couple of authentication logs

* add woff files and metropolis css file

* add right font path

* format scss file to include camelcase

* chore: Move components into (nextjs_migration) and remove redundant layout file

* chore: Remove redirect landing page -> dashboard

* chore: Redirect to dashboard upon signin

* add title and body copy variables

* use token variables in landing scss file instead of old variables from variables.css

* feat: Add basic dashboard page elements

* chore: Add circle chart web component

* chore: Add custom select web component

* breaches get and put calls

* cleanup

* get rid of debug logs

* Add sentry to nextJS branch (#3075)

MNTOR-1641 - enable Sentry for NextJS, for front- and back-end code

* chore: Render user breaches

* feat: Port breach resolution api

* fix: Check breach resolution filter by default

* chore: Add redirect /user/dashboard -> /user/breaches

* feat: Add breach page types

* chore: Remove breach resolution API call headers

* fix: Rename changed API response data key

* add template button component

* remove assets

* add button styling

* chore: Trigger auto signIn for pages that require authentication

* chore: Update breach types

* chore: Repurpose HIBP BreachDataTypes

* chore: Don’t capitalize first letter of chart label

* chore: Remove duplicate font size

* chore: Rename BreachResolutionApiBody -> BreachResolutionRequest

* Add a redirect from /security-tips for Next.js

This was already present in the Express-based website.

* Add the app shell for the React-based website

* chore: Re-enable gtag

* use old font code and add status pill component

* remove unnecessary package additions and style status pills

* lint

* test exposurecard data func

* MNTOR-1765 - set title, favicon, and meta tag correctly for nextjs app (#3082)

* Port unsubscribe-monthly page to Next.js

* add toggle to exposurecard accordion

* add icons to exposure type

* Ease transition from `getMessage`

This adds a `getStringLookup` API to ease the transition from old
Fluent functions (which depend on the user's locale being stored in
AsyncLocalStorage). It will behave the same as the old getMessage()
when called as-is, but when passed an instance of ReactLocalization
(which we have access to in Next.js routes), it will retrieve the
localised string from that.

* Add preliminary Subscriber table type definition

* Process new user sign-in

This does a couple of things:
- It updates the code that sends the breach check email on
  first sign-in to pass an instance of ReactLocalization.
- It splits session data and JWT properties to separate data
  provided to use by FxA from data we store in our own database.
- It checks if the user that signs in is already known in our
  database, and if not, it adds them. It does so using mostly the
  same code as in /src/controllers/auth.js's `confirmed` function.

* dockerflow endpoints

* remove introduction.mdx for now, refine button states

* apply some changes

* Move new components out of migration dir

* Delete .bash_profile

* Delete storybook.log

* Delete main.js

* Delete preview.js

* remove use of inter for now

* feat: add email api

* feat: remove email api

* verify email

* update comms options

* light refactoring

* take shared function out to util

* send verification email

* add another property to EmailRow

* add some types

* rename route

* fix review comment

* Fix MNTOR-1634: Stub /settings page (auth)

* Remove commented code, add CSS, match HTML markup from previous iterations

* Remove/comment out logic dependent on session info

* Wire up settings page and new APIs

* Work around radio button unchecking on page load

* Adding a catch all 404

Not ideal but the best solution at the moment

Co-authored-by: Vincent <Vinnl@users.noreply.github.com>

* version route

* remove log

* Port admin pages to Next.js

The Notification email doesn't work yet, because it's not clear yet
how to trigger the Cloud Function.

* Add Storybook build output folder to gitignore

* Set up Netlify

* Group Storybook ignores together

* add node env

Co-authored-by: Vincent <Vinnl@users.noreply.github.com>

* fix test

* fix npm test

* fix css lint

* fix lint js

* exclude sentry.*

* Set up the actual linting we'll use

* Prettier-ignore appropriate files, format the rest

* Fix/ignore ESLint and TypeScript errors

* Make tests work with getStringLookup

* Remove now-unused dependencies and build scripts

* Update CI scripts for Next.js

* Add missing Next.js dependencies to the lockfile

These were added when running `next build`.

* Tag Next.js migration TODOs

* Make "add email" dialog work on dashboard

* Load client-side scripts as modules

This is the same the old website did, and avoids e.g. different
`init` functions overriding each other.

* Fix loading of FxA avatar

* Use <BreachLogo> component

* Allow Next.js's inline scripts/styles in prod

For `style-src`, the current website already enables
'unsafe-inline'. For script-src, it looks like we currently cannot
avoid that: https://github.com/vercel/next.js/discussions/51039

* Debug Playwright (#3118)

---------

Co-authored-by: Florian Zia <zia.florian@gmail.com>
Co-authored-by: Kaitlyn <kandres@mozilla.com>
Co-authored-by: Joey Zhou <jozhou@mozilla.com>
Co-authored-by: Robert Helmer <rhelmer@mozilla.com>
Co-authored-by: maxxcrawford <maxx.crawford@gmail.com>
2023-06-12 13:35:35 -07:00
Vincent 326a24c225 Prevent merging unresolved conflicts 2023-05-24 17:10:09 +01:00
Amri Toufali d612dfa46a
fix e2e test config 2023-04-24 23:07:07 -07:00
Amri Toufali a0afdc7ead
fix unit tests 2023-04-24 22:13:23 -07:00
Francesco Lodolo e60309f3e0
Fix workflow syntax, update setup-python action 2023-03-15 16:59:57 +01:00
Francesco Lodolo 13c485a2f6
Enable variable checks in linter, fix errors 2023-03-15 16:45:06 +01:00
Francesco Lodolo ca0b2c1c80
Enable placeable checks in linter, fix errors 2023-03-15 16:24:19 +01:00
Francesco Lodolo 5b73be5d64
Update workflow syntax and use moz-fluent-linter 0.4 2023-03-15 15:47:41 +01:00
Joey Zhou bc106bde7d add more env vars, use redis mock 2023-03-01 08:23:26 -08:00
mozrokafor ec282f092a change default to local 2023-03-01 08:26:01 -05:00
mozrokafor 55dfa74238 npm install 2023-02-28 22:40:53 -05:00
mozrokafor e1494d75eb updating test details 2023-02-28 22:39:24 -05:00
mozrokafor e06a52025b updating pwr dir 2023-02-28 22:09:32 -05:00
mozrokafor 81fa86fc42 adding db name 2023-02-28 21:45:41 -05:00
mozrokafor 493944a5a8 adding port to postgres service 2023-02-28 21:39:14 -05:00
mozrokafor e906987b0a package-lock alignment 2023-02-28 21:23:05 -05:00
mozrokafor 59bc69c0df revert 1 2023-02-28 21:12:40 -05:00