feat(spotlight): Add self-contained spotlight binary creation #559
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #559 +/- ##
==========================================
+ Coverage 29.00% 31.15% +2.14%
==========================================
Files 60 83 +23
Lines 4144 5030 +886
Branches 72 99 +27
==========================================
+ Hits 1202 1567 +365
- Misses 2942 3463 +521 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| console.warn( | ||
| "Missing required environment variables for macOS signing, you won't be able to use this binary until you sign it yourself.", | ||
| ); | ||
| console.info({ APPLE_TEAM_ID, APPLE_CERT_PATH, APPLE_CERT_PASSWORD }); |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we need to ensure that sensitive information is not logged in clear text. Instead of logging the actual values of APPLE_TEAM_ID, APPLE_CERT_PATH, and APPLE_CERT_PASSWORD, we can log a message indicating that the required environment variables are missing without exposing their values.
- Replace the logging of sensitive information with a generic message.
- Specifically, change the code on line 113 to avoid logging the actual values of the sensitive environment variables.
- No additional methods or imports are needed to implement this change.
Suggested changeset
1
packages/spotlight/bin/build.js
| @@ -112,3 +112,3 @@ | ||
| ); | ||
| console.info({ APPLE_TEAM_ID, APPLE_CERT_PATH, APPLE_CERT_PASSWORD }); | ||
| console.info("Missing required environment variables for macOS signing."); | ||
| return; | ||
| @@ -134,3 +134,3 @@ | ||
| ); | ||
| console.info({ APPLE_API_KEY_PATH }); | ||
| console.info("Missing required environment variable for macOS notarization."); | ||
| return; |
Copilot is powered by AI and may make mistakes. Always verify output.
BYK
pushed a commit
that referenced
this pull request
Nov 26, 2024
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or [setup this action to publish automatically](https://github.com/changesets/action#with-publishing). If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @spotlightjs/[email protected] ### Minor Changes - Add request and module details to context with JSONViewer ([#544](#544)) - Add support for JSON-like queries (MongoDB) while improving span details page a bit ([#563](#563)) - - Added copy filename button on error frame. ([#550](#550)) - changed styling of error frames. - - Added subtabs in trace detail page ([#557](#557)) - - Sidecar url made generic to support all sidecar server routes. ([#558](#558)) - No use of static sidecar url. ### Patch Changes - - changed route and added navigation in performance tab to make queries tab default active. ([#555](#555)) - Fixed showing of 0 in false condition in span details. - Fixed minor overlay trigger count issue ([#542](#542)) - - Fixed some conditional rendering in TraceIcon and SpanDetails which was showing 0 on UI. ([#549](#549)) - Fixed routing for query summary page by encoding the query description which can be a long text. - Fix DB queries missing for some Sentry SDKs ([#547](#547)) ## @spotlightjs/[email protected] ### Minor Changes - - Sidecar url made generic to support all sidecar server routes. ([#558](#558)) - No use of static sidecar url. - Create a self-contained executable for Linux, macOS, and Windows for Spotlight. ([#559](#559)) Docker images now use these binaries instead of a Node build in the image. ### Patch Changes - Fix hanging when another Spotlight server is running ([#571](#571)) ## @spotlightjs/[email protected] ### Minor Changes - Add CLI banner for eye candy ([#568](#568)) - Add request and module details to context with JSONViewer ([#544](#544)) - Stabilize embedded JS file name for local includes ([#553](#553)) - - Sidecar url made generic to support all sidecar server routes. ([#558](#558)) - No use of static sidecar url. - Create a self-contained executable for Linux, macOS, and Windows for Spotlight. ([#559](#559)) Docker images now use these binaries instead of a Node build in the image. ### Patch Changes - Fix DB queries missing for some Sentry SDKs ([#547](#547)) - Fix hanging when another Spotlight server is running ([#571](#571)) - Updated dependencies \[[`4d1e07eda8e5ab04db2d1e6bb14aa823e2f5d4e0`](4d1e07e), [`3ec99001202fd66a81486cc49a47452eb9e3e34b`](3ec9900), [`2e4d90c369c6345b38c085cea89142647c4b6be2`](2e4d90c), [`84f029db0e76f9295b38349f659457878df6924d`](84f029d), [`ab5181c645bcee3ab42a4f28db4daab47b5852a5`](ab5181c), [`7b9329c8c59a25cfe4cec7cbd9c6f231cf099220`](7b9329c), [`6bd2937adfcd8721af6ccd5f031860691ce6e46f`](6bd2937), [`aba5c072c59f3777c47832d1532d732237b1b9dd`](aba5c07), [`1749cb3a06576a0d94f77f0831cd088045a762fb`](1749cb3), [`5c0b1624bac267554d93bc81d17414159f0b9fe0`](5c0b162), [`c88e50edd07c56c7368ff6788bbaa938e3f9f6b8`](c88e50e)]: - @spotlightjs/[email protected] - @spotlightjs/[email protected] ## @spotlightjs/[email protected] ### Patch Changes - Updated dependencies \[[`378b5c186742cb30949e5ba6342bd799b4c82b08`](378b5c1), [`2e4d90c369c6345b38c085cea89142647c4b6be2`](2e4d90c), [`ab5181c645bcee3ab42a4f28db4daab47b5852a5`](ab5181c), [`dad649a9f716d91be2665fd43f4d09497cde84c6`](dad649a), [`1749cb3a06576a0d94f77f0831cd088045a762fb`](1749cb3), [`5c0b1624bac267554d93bc81d17414159f0b9fe0`](5c0b162), [`c88e50edd07c56c7368ff6788bbaa938e3f9f6b8`](c88e50e)]: - @spotlightjs/[email protected] ## @spotlightjs/[email protected] ### Patch Changes - Updated dependencies \[[`4d1e07eda8e5ab04db2d1e6bb14aa823e2f5d4e0`](4d1e07e), [`3ec99001202fd66a81486cc49a47452eb9e3e34b`](3ec9900), [`2e4d90c369c6345b38c085cea89142647c4b6be2`](2e4d90c), [`84f029db0e76f9295b38349f659457878df6924d`](84f029d), [`ab5181c645bcee3ab42a4f28db4daab47b5852a5`](ab5181c), [`7b9329c8c59a25cfe4cec7cbd9c6f231cf099220`](7b9329c), [`6bd2937adfcd8721af6ccd5f031860691ce6e46f`](6bd2937), [`aba5c072c59f3777c47832d1532d732237b1b9dd`](aba5c07), [`1749cb3a06576a0d94f77f0831cd088045a762fb`](1749cb3), [`5c0b1624bac267554d93bc81d17414159f0b9fe0`](5c0b162), [`c88e50edd07c56c7368ff6788bbaa938e3f9f6b8`](c88e50e)]: - @spotlightjs/[email protected] - @spotlightjs/[email protected] Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a new release type which is a self-contained CLI akin to
running
npx @spotlightjs/spotlightbut without anynodeornpxor any other requirements on the system.
It also changes how we serve the static assets: instead of serving the
entire folder, which can be dangerous as it allows access to arbitrary
files, we now use the
manifest.jsongenerated when compiling it andonly serve files listed there, directly from memory. This should also
increase the performance.