-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Establish a build/exec/deploy system #249
Comments
This is where something like #97 Grunt or gulp.js would come in. As far as I'm concerned, all tools (including deploy scripts) should be in the repo in some sort of |
Thanks Cletus... I'll start reading up on these, including grunts repo. We definitely seem to have calls over many CDNs. This really should stop and be centralized. A build system could manage some of this... hopefully without merge conflicts... but I see multiple .css/.js files from different CDNs with the same naming. While I'm sure those sites might be credible it's impending doom if they change something and kill OUJS for some reason. |
We can also use something along the lines of Bower in conjuction with these. You can set it up to pull a specific URL or repo, e.g. a known working version from a CDN or github, and then the build system can pull from that (just like anything in |
CloudFlare seems to be a pretty popular CDN: https://www.cloudflare.com/features-cdn They have this collection for rarer scripts: http://cdnjs.com/ At least if they go down, many other websites will be broken too. ;) Obviously Google has their own CDN: https://developers.google.com/speed/libraries/devguide Some advantages of using a CDN over self-hosting:
Disadvantages:
|
I understand the only perk is for speed but with recent experiences these CDNs are more of a pain than a plus.
In general it's a bad practice if we don't own the management rights to the hosting space without some control of versioning. The weight of this merits hosting things ourselves or implementing project build controls. The files are relatively small so I don't think it's going to be much of an issue. The solution currently is to put these on our controlled site and have some sort of management to keep them up to date. I'd much rather we kill the site accidentally than someone else out there. |
@cletusc There's still always the option of doing this as natively as possible with git. Bash shell scripts can do just about anything and has a longer mtbf since it's been around since the dawn of terminal shells. Related chatter: |
* Mostly covered from USO with a few additions/changes Applies to OpenUserJS#116
**NOTE** This is currently unminified... whenever OpenUserJS#249 gets implemented we can minimize on deploy... 'till then think big!
@cletusc Cc: @sizzlemctwizzle $ npm install -h
npm install
npm install <pkg>
npm install <pkg>@<tag>
npm install <pkg>@<version>
npm install <pkg>@<version range>
npm install <folder>
npm install <tarball file>
npm install <tarball url>
npm install <git:// url>
npm install <github username>/<github project> |
We could; the only downside is we wouldn't be able to do single files as with Bower.
Or serve directly from the |
It's unlikely that any dev would want skeleton code I think... deploying and testing could use gulp to scoot individual files around because they should be minified/uglified anyhow. I'd rather not bruise the original source when trying to track down a bug. Loading a minified file in takes FOREVER in any editor (save for VIM which is console based...even UltraEdit under Win has some issues sometimes) and I'm developing on a very new machine with a ton of processing power and memory... not to mention trying to search that. GH has some limitations too when the diff is too big but with smaller steps I think this can be managed. Thanks for your feedback. Bower also creates a lot of weird hidden files... and somehow it created the same filename on my ext4 filesystem (not a symlink either)... so I'm a bit leery on that part. I also had to fill in the entire project information that is already in |
I didn't mean we pick and choose files that we need. I meant that some repos out there have their source in a single file, without a
Sublime Text 3 on windows opens a 575562 character minified file in way under a second, and prettifies it in < 3 seconds to 731301 characters (I do this once every couple of days). Time to upgrade :P
Not on my setup (Win7). I run
If you wanted to add {
"name": "openuserjs",
"dependencies": {
"jquery": "2.0"
}
} Whatever we do, we could use npm to manage the packages that will work with it (e.g. packages with a |
Little short there for Bower config... bare bones is: {
"name": "OpenUserJS.org",
"version": "0.1.3",
"homepage": "https://github.com/OpenUserJs/OpenUserJS.org",
"description": "An open source user scripts repo built using Node.js",
"main": "./app.js",
"moduleType": [
"node"
],
"keywords": [
"user",
"script",
"userscript"
],
"authors": [
"sizzlemctwizzle"
],
"license": "GPL-3.0+",
"private": true,
"ignore": [
"**/.*",
"node_modules",
"bower_components",
"test",
"tests"
],
"dependencies": {
"ace-builds": "~1.1.5",
"jquery": "~2.1.1"
}
} Having to maintain two separate configs is going in the opposite direction of what this issue is intended. I'm also thinking none of them are going to address rereferencing things that get suffixed e.g. filename.min.js vs filename.js in our actual source. Let's not get into a debate on editors. Besides I have no intention of reading minified code for any reason. ;) :)
The only time this currently applies that I've seen is with some CSS that we pull, for no apparent reason. I would think we would want to handle this ourselves. The google fonts were a prime example of what not to do. Fonts almost never change. I'm using some ttf's from the early 90's and they still work like a charm on every system... granted wrappers have changed a bit for open fonts but they still don't change. |
Not if we are just consuming deps. Absolute bare minimum is what I posted--see the bower.json spec; all the other stuff is if you are publishing to the Bower registry, of which we are not.
Unfortunately, I have to for a userscript; gotta see how the site does certain things to prevent conflicts :D |
There's also this. So the rule would be download whatever is there instead of a versioned item. This seems like a recipe for disaster with multiple file management. I'm still curious why we have CSS files that are nearly the same but slightly different referenced from cloudflare... I would think that our CSS would be the same and we would want to track changes here on GH instead of blindly following some CDN out there that only has one file on it that may or may not be available at the time of querying.
Do you mean if OUJS clobbers something with minification? Those projects that minify are using the same things we could be using. The minified code shouldn't be obfuscated or different. It was not easy determining the Ace version we have locally since those comment headers were stripped out.
Well Bower install started what looked like a TCL/TCK script and starting asking me questions. New devs to the project would need to be instructed on how to use Bower and what not to pick. I think it could be an option chosen by a dev... we could locally ignore those folders but I don't think we should rely on CDNs unless we have to. In most cases it's best to track the changes here on GH and figure things out for ourselves. We can of course preview what others are doing that's why it's called a SCM repo here. :) We're still going to need some accelerator shell scripts too. |
Applies to OpenUserJS#321 and the beginnings of OpenUserJS#249 Lightly related to OpenUserJS#262
Only validate request ips in production so we can test locally. Webhook will now return 4xx status codes if something goes wrong. Seperate github importing logic from the controller. Move several controllers to their own file. Moved /user/* routes to /account/* Add github webhook test. Broke /account/github/import
UPDATE As I've been commenting and referencing/alluding galore for this issue this is a huge undertaking as well as a work in progress one step at a time. With the recent discovery that Target test: Also bumping the source tree down one level to This is where I am at. Some rambling notes that are probably going to be changing in the comment to reduce the noise level a bit:
|
* Save a few bytes in the headers... not huge but some * Leaving .meta.json full SHA512 for human visual inspection comparison in Admin + UI and with `sha512sum` Applies to OpenUserJS#432 and OpenUserJS#249. Possible addition to OpenUserJS#944 down the line.
Applies to OpenUserJS#432 and OpenUserJS#249. Possible addition to OpenUserJS#944 down the line.
* This probably won't be utilized much but may be useful for isPro mode for diagnosis Applies to OpenUserJS#249
* Add environment variable for *morgan* pre-defined format * This probably won't be utilized much but may be useful for isPro mode for diagnosis Applies to #249 * White space backout Auto-merge
* `npm run clean` ... clears the caches. This is usually done when *uglify-* *(at some point terser)* needs a refreshing after a dep update *(and what I usually get to do by hand for the last few years)* * Renamed existing scripts to match their counterpart names e.g. * `npm run preinstall` ... will get rid of that pesky `package-lock.json` when needed and is run on `npm install` always * `npm run postinstall`... well probably shouldn't run this directly at all but it's there none-the-less NOTE: * Most of these are meant to be very simple scripts. I'd use direct commands but then Windows users would be left out of the mix... so utilizing *node* native APIs Applies to OpenUserJS#249
* `npm run clean` ... clears the caches. This is usually done when *uglify-* *(at some point terser)* needs a refreshing after a dep update *(and what I usually get to do by hand for the last few years)* * Renamed existing scripts to match their counterpart names e.g. * `npm run preinstall` ... will get rid of that pesky `package-lock.json` when needed and is run on `npm install` always * `npm run postinstall`... well probably shouldn't run this directly at all but it's there none-the-less NOTE: * Most of these are meant to be very simple scripts. I'd use direct commands but then Windows users would be left out of the mix... so utilizing *node* native APIs Applies to #249 Auto-merge
* Move `console` output to dev only for experimental minification Applies to OpenUserJS#432 OpenUserJS#249 OpenUserJS#430
* May still do this manually per policy before triggered or failed. * If an issue needs to be reopened for some reason reset lock if necessary. * Adds a layer of security against occasional spamming. Applies to #249 #1791 Ref: * https://github.com/dessant/lock-threads Auto-merge
* Adopting a similar system to *@octokit/octokit* * Since this needs to be spelled out... spelling it out. * Embedded Unicode is prohibited *(is anyhow in STYLEGUIDE.md) in these files as a potential crash of git-scm can occur on some systems. * GH discussions are still in Beta but used "Community-driven" for OUJS vs whatever nomenclature we use if we turn that feature on. Applies to OpenUserJS#249 OpenUserJS#1792 Ref(s): * https://yaml.org/spec/spec.html * https://bugs.launchpad.net/ubuntu/+source/git/+bug/1852985#yui_3_10_3_1_1619665759075_313
* Adopting a similar system to *@octokit/octokit* * Since this needs to be spelled out... spelling it out. * Embedded Unicode is prohibited *(is anyhow in STYLEGUIDE.md)* in these files as a potential crash of git-scm can occur on some systems. * GH discussions are still in Beta but used "Community-driven" for OUJS vs whatever nomenclature we use if we turn that feature on. * z-order indexed for specific itemized list... excluding custom .yml due to GH nature. Applies to #249 #1792 Ref(s): * https://yaml.org/spec/spec.html * https://bugs.launchpad.net/ubuntu/+source/git/+bug/1852985#yui_3_10_3_1_1619665759075_313 Auto-merge
* This was already implemented pre W3C recommendation in our form but normalizing to their syntax. * UI and DB remaining non-base64 encoded... semver limitation with extra characters that violate that spec. * Change caching mechanism... unfortunately traffic for a while will be increased while syncing with browsers. Also because spec doesn't use hex, which it probably should, the eTag header value will be bigger. Hashes, so far, are always "hex-able" by design of SHA but that could change in the future... who knows. * Base62 being dropped in favor of Base64 for cache mechanism. Should be okay with extra `+/` in base64 since that falls within ASCII limitations. * Any .user.js utilizing the .meta.json, or other language, will need to modify to check for the `sha512-` prefix and decode the value appropriately. * If .meta.json shows empty `hash` clear browser cache *(weird Fx issue perhaps)* * Bugfix on local copy of metadata script access... non-fatal atm just incorrect live copy referenced. Post OpenUserJS#1076 and applies to OpenUserJS#432 OpenUserJS#249 Ref(s): * https://developer.mozilla.org/docs/Web/HTTP/Headers/ETag * https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity * https://w3c.github.io/webappsec-subresource-integrity/ * https://www.srihash.org/
* This was already implemented pre W3C recommendation in our form but normalizing to their syntax. * UI and DB remaining non-base64 encoded... semver limitation with extra characters that violate that spec. * Change caching mechanism... unfortunately traffic for a while will be increased while syncing with browsers. Also because spec doesn't use hex, which it probably should, the eTag header value will be bigger. Hashes, so far, are always "hex-able" by design of SHA but that could change in the future... who knows. * Base62 being dropped in favor of Base64 for cache mechanism. Should be okay with extra `+/` in base64 since that falls within ASCII limitations. * Any .user.js utilizing the .meta.json, or other language, will need to modify to check for the `sha512-` prefix and decode the value appropriately. * If .meta.json shows empty `hash` clear browser cache *(weird Fx issue perhaps)* * Bugfix on local copy of metadata script access... non-fatal atm just incorrect live copy referenced. Post #1076 and applies to #432 #249 Ref(s): * https://developer.mozilla.org/docs/Web/HTTP/Headers/ETag * https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity * https://w3c.github.io/webappsec-subresource-integrity/ * https://www.srihash.org/ Auto-merge
Update *Lock threads* * Some of these options don't appear to be documented yet in the README.md Applies to #249
Remove possible failure point error reported by Actions Applies to #249
Post OpenUserJS#1076 OpenUserJS#1826 and applies to OpenUserJS#432 OpenUserJS#249 NOTE: * This increases the server load for more frequent accuracy
Fork a command line minifier for dev tools on the OpenUserJS accountThis will be needed in a while to minify what we want to before deploying along with adeploy.sh
that is kept with sizzle and maybe here... depends on the secrets that need to be kept.Dev and GH source should remain unminified at all times... only time minified should be existing is on deployment/testing... this may require some extra time with making sure minification doesn't clobber anything... usually they are quite good at what they do by now but to be safe an extra testing measure should be done.
This is probably a long term issue since it's going to take some time to undo what's been done.
We could also use, instead, a shell script with git directly to a folder and then use some .sh scripts to move things to the appropriate locations... keeping in mind .gitignore . e.g. we really need a build.sh system and exec.sh type system.
This section may change constantly...
$ npm install
or$ node dev/init.js
$ npm start
or$ node app.js
... process management roughed in.$ git pull
on VPSenabling of cache system and placement on the VPS treewith automated cleanupneeds enabling of cache system and placement on the VPS treewith automated cleanup... wants Test and support new option for *express-minify* with keeping comments #432The text was updated successfully, but these errors were encountered: