Upgrade 16 #58
Upgrade 16 #58
Conversation
|
Kudos, SonarCloud Quality Gate passed!
|
| @@ -24,7 +24,6 @@ backend: | |||
| csp: | |||
| connect-src: [ "'self'", 'http:', 'https:' ] | |||
| img-src: [ "'self'", "*.gov.bc.ca", "data:" ] | |||
| script-src: [ "'self'", "*.gov.bc.ca" ] | |||
There was a problem hiding this comment.
This line was originally added when I added the snowplow js script to the header in the summer time.
I removed this line because it was interfering with the isolated-vm change. With this line in place, the website would show a blank page with the error in the web browser developer tools of:
"EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' *.gov.bc.ca"."
I checked that the current analytics is working without it by using the Chrome snowplow plugin. I could see the page view for the environment I was working in (tools).
| @@ -1,3 +1,3 @@ | |||
| { | |||
| "version": "1.14.2" | |||
| "version": "1.16.0" | |||
| } | |||
There was a problem hiding this comment.
For the upgrade path, I followed the instructions on https://backstage.github.io/upgrade-helper/?from=1.14.2&to=1.16.0
| ENV CONTAINER_SOURCE=/opt/app-root/src | ||
|
|
||
| WORKDIR $CONTAINER_SOURCE/ | ||
| COPY --from=cleanup --chown=1001:1001 $CONTAINER_SOURCE/ ./ | ||
|
|
There was a problem hiding this comment.
This line gives a Security Hotspot warning in Sonar Cloud. But, janus-idp/backstage-showcase#374 (comment) indicates it is a false positive
There was a problem hiding this comment.
I was going to mark it as such in Sonar, if that is alright with everyone
| @@ -1,79 +1,78 @@ | |||
| # From https://github.com/janus-idp/backstage-showcase/ | |||
| # Stage 1 - Install dependencies | |||
| FROM registry.access.redhat.com/ubi9/nodejs-18:latest AS deps | |||
| # Stage 1 - Build nodejs skeleton | |||
There was a problem hiding this comment.
I used the janus show case docker file at the v 1.15 upgrade as the basis for this docker file. It's pretty much the same except for adding in plugins and removing techdocs dependencies as techdocs are external for us
| "app": "link:../app", | ||
| "dockerode": "^3.3.1", | ||
| "express": "^4.17.1", | ||
| "express-promise-router": "^4.1.0", | ||
| "pg": "^8.10.0", | ||
| "winston": "^3.2.1" | ||
| "winston": "^3.2.1", | ||
| "node-gyp": "^9.0.0", |
There was a problem hiding this comment.
Add node-gyp as per backstage/backstage#20695
Upgrade to version 1.16.0. Upgraded from current main branch