- Add Windows instruction dialog when saving scripts for Windows.
- Fix incorrect macOS download URL given for Linux instructions.
- Refactor UI rendering, eleminating the use of `v-html` and JavaScript
variables to hold HTML code.
This commit introduces system-native error dialogs on desktop
application for code save or execution failures, addressing user confusion
described in issue #264.
This commit adds informative feedback when script execution or saving
fails.
Changes:
- Implement support for system-native error dialogs.
- Refactor `CodeRunner` and `Dialog` interfaces and their
implementations to improve error handling and provide better type
safety.
- Introduce structured error handling, allowing UI to display detailed
error messages.
- Replace error throwing with an error object interface for controlled
handling. This ensures that errors are propagated to the renderer
process without being limited by Electron's error object
serialization limitations as detailed in electron/electron#24427.
- Add logging for dialog actions to aid in troubleshooting.
- Rename `fileName` to `defaultFilename` in `saveFile` functions
to clarify its purpose.
- Centralize message assertion in `LoggerStub` for consistency.
- Introduce `expectTrue` in tests for clearer boolean assertions.
- Standardize `filename` usage across the codebase.
- Enhance existing test names and organization for clarity.
- Update related documentation.
This commit introduces native operating system file dialogs in the
desktop application replacing the existing web-based dialogs.
It lays the foundation for future enhancements such as:
- Providing error messages when saving or executing files, addressing
#264.
- Creating system restore points, addressing #50.
Documentation updates:
- Update `desktop-vs-web-features.md` with added functionality.
- Update `README.md` with security feature highlights.
- Update home page documentation to emphasize security features.
Other supporting changes include:
- Integrate IPC communication channels for secure Electron dialog API
interactions.
- Refactor `IpcRegistration` for more type-safety and simplicity.
- Introduce a Vue hook to encapsulate dialog functionality.
- Improve errors during IPC registration for easier troubleshooting.
- Move `ClientLoggerFactory` for consistency in hooks organization and
remove `LoggerFactory` interface for simplicity.
- Add tests for the save file dialog in the browser context.
- Add `Blob` polyfill in tests to compensate for the missing
`blob.text()` function in `jsdom` (see jsdom/jsdom#2555).
Improve environment detection logic:
- Treat test environment as browser environments to correctly activate
features based on the environment. This resolves issues where the
environment is misidentified as desktop, but Electron preloader APIs
are missing.
- Rename `isDesktop` environment identification variable to
`isRunningAsDesktopApplication` for better clarity and to avoid
confusion with desktop environments in web/browser/test environments.
- Simplify `BrowserRuntimeEnvironment` to consistently detect
non-desktop application environments.
- Improve environment detection for Electron main process
(electron/electron#2288).
This commit introduces several improvements to the macOS update process,
primarily focusing on enhancing security and reliability:
- Add data integrity checks to ensure downloaded updates haven't been
tampered with.
- Optimize update progress logging in `streamWithProgress` by limiting
amount of logs during the download process.
- Improve resource management by ensuring proper closure of file
read/write streams.
- Add retry logic with exponential back-off during file access to handle
occassionally seen file system preparation delays on macOS.
- Improve decision-making based on user responses.
- Improve clarity and informativeness of log messages.
- Update error dialogs for better user guidance when updates fail to
download, unexpected errors occur or the installer can't be opened.
- Add handling for unexpected errors during the update process.
- Move to asynchronous functions for more efficient operation.
- Move to scoped imports for better code clarity.
- Update `Readable` stream type to a more modern variant in Node.
- Refactor `ManualUpdater` for improved separation of concerns.
- Document the secure update process, and log directory locations.
- Rename files to more accurately reflect their purpose.
- Add `.DS_Store` in `.gitignore` to avoid unintended files in commits.
- Migrate to `electron-log` v5.X.X, centralizing log files to adhere to
best-practices.
- Add critical event logging in the log file.
- Replace `ElectronLog` type with `LogFunctions` for better abstraction.
- Unify log handling in `desktop-runtime-error` by removing
`renderer.log` due to `electron-log` v5 changes.
- Update and extend logger interfaces, removing 'I' prefix and adding
common log levels to abstract `electron-log` completely.
- Move logger interfaces to the application layer as it's cross-cutting
concern, meanwhile keeping the implementations in the infrastructure
layer.
- Introduce `useLogger` hook for easier logging in Vue components.
- Simplify `WindowVariables` by removing nullable properties.
- Improve documentation to clearly differentiate between desktop and web
versions, outlining specific features of each.
- Add "Further Installation Options" section.
- Move releases page reference to the new section to keep Get Started
simple.
Co-authored-by: MrEddX <101912712+Zliced13@users.noreply.github.com>
This commit incorporates Static Analysis Security Testing (SAST) using
CodeQL. This integration will enforce consistent security assessments
with every change and on a predetermined schedule.
This commit also involves a restructure of security checks. The existing
security-checks workflow is renamed to better reflect its functionality
related to dependency audits.
These changes will enhance the project's resilience against potential
vulnerabilities in both the codebase and third-party dependencies.
Changes include:
- Remove older LGTM badge that's replaced by SAST checks.
- Rename `checks.security.yaml` to `checks.security.dependencies.yaml`,
reinforcing the focus on dependency audits.
- Update `README.md`, ensuring the clear representation of security
check statuses, including new SAST integration.
- Add new `SECURITY.md`, establishing the protocol for reporting
vulnerabilities and outlining the project's commitment to robust
security testing.
- Enhance `docs/tests.md` with detailed information on the newly
integrated security checks.
- Add reference to SECURITY.md in README.md.
This commit improves multiple aspects of Docker builds:
- Enable artifact output validation for Dockerfile.
- Correct the path references in Dockerfile for the distribution
directory.
- Add Dockerfile specific indentation rules to `.editorconfig`.
- Use `npm run install-deps` for dependency installation, enhancing
build reliability.
- Add automation script `verify-web-server-status.js` to verify running
web server on given URL.
- Introduce automated build verification for Dockerfile:
- On macOS, install Docker with colima as the container runtime
because default agents do not include Docker and Docker runtime is
not installed due to licensing issues (see actions/runner-images#17).
- On Windows, there's no Linux container support (actions/runner#904,
actions/runner-images#1143), so keep the checks for macOS and Ubuntu
only.
This commit fixes issues with download URLs of desktop application
artifacts on README.md
- Corrected typo in Linux AppImage link
- Updated older version links to the newest release
Co-authored-by: MrEddX <66828538+MrEddX@users.noreply.github.com>
This commit addresses occasional pipeline failures caused by transient
network errors during dependency installation with `npm ci`. It
centralizes the logic for installing npm dependencies and introduces a
retry mechanism.
The new approach will attempt `npm ci` up to 5 times with a 5-second
interval between each attempt, thereby increasing the resilience of
CI/CD pipelines.
This commit adds a new script `npm-install.js` with `npm run
install-deps` command to centralize npm dependency installation process
throughout the project. Separate testing of scripts to a separate
workflow.
It removes unused `install` dependency from `package.json`.
- Move external URL checks to its own module under `tests/`. This
separates them from integration test, addressing long runs and
frequent failures that led to ignoring test results.
- Move `check-desktop-runtime-errors` to `tests/checks` to keep all
test-related checks into one directory.
- Replace `ts-node` with `vite` for running
`check-desktop-runtime-errors` to maintain a consistent execution
environment across checks.
- Implement a timeout for each fetch call.
- Be nice to external sources, wait 5 seconds before sending another
request to an URL under same domain. This solves rate-limiting issues.
- Instead of running test on every push/pull request, run them only
weekly.
- Do not run tests on each commit/PR but only scheduled (weekly) to
minimize noise.
- Fix URLs are not captured correctly inside backticks or parenthesis.
- Add automation script for building, packaging, installing, executing
and verifying Electron distrubtions across macOS, Ubuntu and Windows.
- Add GitHub workflow to run the script to test distributions using the
script.
- Update README with new workflow status badge.
- Add application initialization log to desktop applications to be able
to test against crashes before application initialization.
All outbound links now include `rel="noopener noreferrer"` attribute.
This security improvement prevents the new page from being able to
access the `window.opener` property and ensures it runs in a separate
process.
`rel="noopener"`:
When a new page is opened using `target="_blank"`, the new page runs
on the same process as the originating page, and has a reference to
the originating page `window.opener`. By implementing
`rel="noopener"`, the new page is prevented to use `window.opener`
property.
It's security issue because the newly opened website could
potentially redirect the page to a malicious URL. Even though
privacy.sexy doesn't have any sensitive information to protect, this
can still be a vector for phishing attacks.
`rel="noreferrer"`:
It implies features of `noopener`, and also prevents `Referer` header
from being sent to the new page. Referer headers may include
sensitive data, because they tell the new page the URL of the page
the request is coming from.
- Unify reading subtitle/slogan throughout the application.
- Refactor related unit tests for easier future changes.
- Add typed constants for Vue app environment variables.
Key features of Linux support:
- It supports python 3 scripts execution.
- It supports Flatpak and Snap installation for software
clean-up/configurations.
- Extensive documentation.
- Simplify `README.md` by creating and moving some documentation to
`architecture.md`.
- Add more documentation for state handling between layers.
- Improve some documentation to use clearer language.
Move existing documentation to `docs/development.md` to have simpler
`README.md` but more dedicated and extensive documentation for
development.
Improve existing documentation for different commands for the project.
Document VSCode recommendations in `extensions.json` file and add
exception in `.gitignore` to be able to add it to repository.
Run quality checks for every possible OS because behavior of linting
rules may change per OS (e.g. `linebreak-style` ESLint assertment varies
by Unix-like vs Windows).
Add a new check to ensure project can be built:
1. As both web and desktop applications.
Different jobs are used due to nonidentical environment/mode support.
Reference: nklayman/vue-cli-plugin-electron-builder#1627.
2. Targeting all possible modes.
The modes are configured using `--mode` but electron CLI checks
`NODE_ENV` so it's set as well.
Reference: nklayman/vue-cli-plugin-electron-builder#1626.
3. On and for different operating systems.
Fix typo "Run units" instead of "Run unit tests".
Link to specific GitHub actions page for workflow runs.
Update documentation to match new structure, and change nontransparent
icons from the diagram and consistently use imperative for actions.
Rename `release-site` , `release-git`, `release-desktop` to
`site-release` , `git-release` and `desktop-release` to not be Yoda.
- Seperate test pipeline into E2E, integration and unit test pipelines.
- Improve documenetation for pipelines (ci-cd.md).
- Introduce naming convention for worklow files and names.
- Center badges with multiple files on README file.
The goal is to be able to modify values of variables used in templates.
It enables future functionality such as escaping, inlining etc.
It adds support applying predefined pipes to variables. Pipes
can be applied to variable substitution in with and parameter
substitution expressions. They work in similar way to piping in Unix
where each pipe applied to the compiled result of pipe before.
It adds support for using pipes in `with` and parameter substitution
expressions. It also refactors how their regex is build to reuse more of
the logic by abstracting regex building into a new class.
Finally, it separates and extends documentation for templating.
- Use same multi-lined comment convention
- Highlight that "additional information" in a bug report is optional
- Remove recommendation for pasting script in a bug report as it's too long
- Rename feature request issue file to follow same naming convention
- Document also creating a issue as a way to extend scripts
- Add reproduction steps in script bug reports
- Use names instead of commands in heading
Integration tests are executed using vue-cli-service with double quotes as following: `vue-cli-service test:unit "tests/integration/**/*.spec.ts"`. Using single quotes (mochajs/mocha#1828) works on macOS and Ubuntu but does not on Windows (tests are not found). Double quotes is the only portable way that works on all three platforms (mochajs/mocha#3136).
