Patch product.json to fix CSP issues
Issue: Patch product.json in the vscode fork injected ... (gitlab#424977 - closed)
Description
-
.webviewContentExternalBaseUrlTemplateinproduct.jsonneeds to be patched before building the editor injector to fix CSP issues described in the issue above. -
build-editor-injectorjob in the CI only runs during the release stage. It means, the pipeline is running from a tag and thus I could use theCI_COMMIT_SHAdirectly to construct thewebviewContentExternalBaseUrlTemplate. - While building the editor injector locally, we could use the commit of the last tag while allowing the user to override the environment variable to account for other scenarios. if the user wants to use a specific commit for patching the
product.json, they can override thePATCH_PRODUCT_JSON_WITH_COMMIT_SHAenvironment variable in the pipeline.
How to verify the changes locally
Instead of building the entire thing which takes roughly 1 hour and you'd have to set your own fork as described in gitlab#424977 (comment 1669623998) , you can essentially test whether this MR patches the product.json or not.
Run the following command and verify that the .webviewContentExternalBaseUrlTemplate in product.json has been updated with the correct value containing the SHA.
The pipeline outputs the container image as an atrifact which can be loaded locally for testing.
For tagged pipelines,
Mock a tagged pipeline by setting CI_COMMIT_SHA and CI_COMMIT_TAG.
CI_COMMIT_TAG="randomTag" CI_COMMIT_SHA="randomSHA256" ./scripts/gl/gl_patch_product_json.shFor non-tagged pipelines
This will use the commit of the last tag.
./scripts/gl/gl_patch_product_json.shFor non-tagged pipelines explicitly overriding the commit sha to use for patching product.json
Since an explicit commit has been provided, it will use that.
PATCH_PRODUCT_JSON_WITH_COMMIT_SHA="randomSHA256" ./scripts/gl/gl_patch_product_json.shEdited by Vishal Tak