-
-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundle scroll-time polyfill into library #582
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #582 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 22 22
Lines 494 494
Branches 47 47
=========================================
Hits 494 494 ☔ View full report in Codecov by Sentry. |
@Smarthard Thanks for the PR! could you double check why local coverage is broken |
@MurhafSousli not sure. Probably your CI workflow missing |
@Smarthard I opened a PR to test the build, it has no issue #585 Weird, perhaps it couldn't comment on the PR cause it is opened by you? |
I created a test branch with changes similar to yours in #585 and opened PRs #586 here and Smarthard#1 in my fork to test if it really a permission's issue UPD: force-pushed to trigger CI build in fork repo |
@MurhafSousli Yeah looks like you were right. My changes passed workflow in my repo and failed in yours. I think you need something like this to solve this issues with permissions. diff --git a/.github/workflows/integrate.yml b/.github/workflows/integrate.yml
index 7ffcc0e..2729b37 100644
--- a/.github/workflows/integrate.yml
+++ b/.github/workflows/integrate.yml
@@ -8,6 +8,10 @@ on:
jobs:
build:
+ # Allow forks to be annotated with code coverage properly
+ permissions:
+ pull-requests: write
+
# Machine environment:
# We specify the Node.js version manually below, and use versioned Chrome from Puppeteer.
runs-on: ubuntu-latest |
I think you should try that change within your PR |
I fixed the CI build issue, I got a question, the script is copied to assets directory of the plugin. but how would be copied to the user's app assets directory? would that happen automatically? |
By including it to UPD {
"projects": {
"app": {
"architect": {
"build": {
"builder": "@angular-devkit/build-angular:browser",
"options": {
"assets": [
{
"glob": "**/*",
"input": "node_modules/ngx-scrollbar/assets/",
"output": "assets"
}
],
}
}
}
}
}
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case, I want to keep loading the script from the github link as the default option, without breaking changes and the only change in this PR would be the shipping of the script with the package.
We can add to the documentation the changes needed to load it manually from the assets directory.
@MurhafSousli Hello! I updated PR as you required. All changes were squashed into single commit and force-pushed to make it clearer. |
I have a related issue. I'm using this scrollbar in this chrome extension. It is being rejected due to this component not being fully contained.
I've just come across an interesting point: you provide an injection token, NG_SCROLLBAR_POLYFILL, with provideScrollbarPolyfill. Unfortunately, I think they use static code analysis instead of actual runtime checking.
At runtime, I don't see this loading in the Chrome extension inspect window. So, if it is static code analysis, maybe change NG_SCROLLBAR_POLYFILL to supply a function that can be tree-shaken by consumers who do not need this polyfill. I wouldn't include it in a Chrome extension and for those that do they can override with their own function to load from a local location if they need that. for now just so I can move forward I'm going using https://www.npmjs.com/package/patch-package to remove the reference. |
@leblancmeneses I don't get it, in Chrome the polypill script does not even need to load, and the URL is stored as a string value. could you open an issue and describe what is not working? |
@Smarthard Sorry for the late response. I added the documentation here https://github.com/MurhafSousli/ngx-scrollbar/wiki/Scroll-timeline-polyfill |
@MurhafSousli no worries! Thanks! I just tested and it's working great. One good thing to point out for anyone who will use it that way. I needed to additionally modify my CSP rules for style-src like this: For future references I'd like to left an example how I handled these changes for my project: Smarthard/shikicinema@c5ae774 |
@leblancmeneses frankly, from my experience moderators from Chrome Web Store often falsy-positive report issues on items to their developers. My recommendation is to reply to CWS from email message you receive (look closely for reply contacts). You could describe there your concerns about false-positive alert and provide them references from your code and/or references from the software your are using. |
@Smarthard Is #590 or #594 related? It would be beneficial if you could add a how-to make it work with CSP at the end at this documentation https://github.com/MurhafSousli/ngx-scrollbar/wiki/Scroll-timeline-polyfill |
I think I've seen those kind of errors in my console as well, but after CSP correction there are no errors.
For common SSR/CSR angular web apps this should be sufficient: <!-- index.html -->
<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline' blob:"> For web extensions you would need to modify "content_security_policy": "style-src 'unsafe-inline' blob:" |
After removing the string with patch-package, my Chrome extension was approved. I think the best solution here would be to bump the major version and change NG_SCROLLBAR_POLYFILL
and figure out a way to make it tree-shakable for consumers wanting to override the current default behavior. Thanks for maintaining this! @Smarthard, This violation is pretty clear: 'modules pointing to external files'. I'm curious, though, if yours is approved with the string in your bundles. |
So if any variable contains a string value of an external URL would be rejected even if it is never used at runtime! that's weird |
resolves #572
I was able to figure out why tests were failing. Karma just wasn't serving new library's assets directory. Sorry to kept you waiting.
I added polyfill as is. Not sure if we actually need to provide a license notice or something like that there. But as soon as original repository will provide a proper npm package we could be able to remove it from here and work with it as a plain dependency.