Build: Update the deploy script and config file encryption (#3195)

codebykat · web-flow · commit 5ea6263c1296 · 2024-05-14T15:57:39.000-04:00
* add --legacy-peer-deps flag in deploy script

* update options in circleCI config

* maybe we do need force

* add encrypt/decrypt conf to Makefile, update README instructions, re-encrypt config with up-to-date encryption method, upgrade packages in vip/package.json

* update decryption on circleCI

* punctuation

* error message if an invalid deploy target is specified
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -10,7 +10,7 @@ references:
       command: |
         openssl aes-256-cbc -md md5 -d -in ./resources/certificates/win.p12.enc -out ./resources/certificates/win.p12 -k ${SECRETS_ENCRYPTION_KEY_2024}
         openssl aes-256-cbc -md md5 -d -in ./resources/certificates/mac.p12.enc -out ./resources/certificates/mac.p12 -k ${SECRETS_ENCRYPTION_KEY}
-        openssl aes-256-cbc -md md5 -d -in ./resources/secrets/config.json.enc -out ./config.json -k ${SECRETS_ENCRYPTION_KEY}
+        openssl aes-256-cbc -d -in ./resources/secrets/config.json.enc -out ./config.json -pbkdf2 -k ${SECRETS_ENCRYPTION_KEY}
   job_filters: &job_filters
     branches:
       ignore:
diff --git a/Makefile b/Makefile
@@ -173,3 +173,21 @@ lint-scss:
 .PHONY: lint-js
 lint-js:
 	@npx eslint --ignore-path .gitignore "**/*.{js,jsx,ts,tsx}"
+
+
+# encrypted config file
+.PHONY: _pwd_prompt decrypt_conf encrypt_conf
+
+CONF_FILE=./resources/secrets/config.json.enc
+
+# 'private' task for echoing instructions
+_pwd_prompt:
+	@echo "Check the secret store for Simplenote!"
+
+# to create config
+decrypt_conf: _pwd_prompt
+	openssl aes-256-cbc -d -in ${CONF_FILE} -out ./config-local.json -pbkdf2
+
+# for updating config
+encrypt_conf: _pwd_prompt
+	openssl aes-256-cbc -e -in config-local.json -out ${CONF_FILE} -pbkdf2
diff --git a/README.md b/README.md
@@ -6,15 +6,17 @@ A Simplenote [React](https://reactjs.org/) client packaged in [Electron](https:/
 
 ## Running
 
+**Read this first!!** Local development is currently not supported if you don't have an existing account on the test server or access to the production credentials. This is because the move to an email-first signup flow has made it impossible to create accounts in the test database. We hope to be able to support an open-source development workflow again in the future.
+
 1. Clone the repo: `git clone https://github.com/Automattic/simplenote-electron.git`
 2. `cd simplenote-electron`
 3. `npm install --legacy-peer-deps` (This flag is necessary because `react-monaco-editor` is pinned to a specific `monaco-editor` dependency, but `npm` [considers minor versions to be breaking changes for sub-1.0.0 apps](https://stackoverflow.com/questions/62629878/why-doesnt-npm-upgrade-install-my-0-0-1-dep-with-a-dependency-on-0-0-0))
-4. `npm run dev`
-5. The dev server will start on [http://localhost:4000](http://localhost:4000), and the Electron app will launch automatically.
-6. For all logging from Electron to be printed to the terminal (e.g. `console.log` statements within `app.js`), you might need to set `env ELECTRON_ENABLE_LOGGING=1`.
-7. Sign up for a new account within the app. Use the account for **testing purposes only** as all note data will be periodically cleared out on the server.
+4. Decrypt the config file using `make decrypt_conf`.
+5. `npm run dev`
+6. The dev server will start on [http://localhost:4000](http://localhost:4000), and the Electron app will launch automatically.
+7. For all logging from Electron to be printed to the terminal (e.g. `console.log` statements within `app.js`), you might need to set `env ELECTRON_ENABLE_LOGGING=1`.
 
-_Note: Simplenote API features such as sharing and publishing will not work with development builds. Due to a limitation of `make` installation paths used for build cannot have spaces._
+_Note: Simplenote API features such as sharing and publishing will not work with development builds. Due to a limitation of `make`, installation paths used for build cannot have spaces._
 
 ## Building
 
diff --git a/bin/deploy.sh b/bin/deploy.sh
@@ -31,12 +31,13 @@ case $1 in
     ;;
 
   *)
+    echo "Deploy environment must be one of: production, develop, staging"
     exit 0
     ;;
 esac
 
 # Install Node Modules
-npm install
+npm install --legacy-peer-deps
 
 # Temporarily move config-local so it doesn't get overwritten
 mv config-local.json config-local.original.json
@@ -81,4 +82,4 @@ echo "Deployed Successfully!"
 
 git checkout trunk
 
-exit 0
+exit 0
diff --git a/resources/secrets/config.json.enc b/resources/secrets/config.json.enc
diff --git a/vip/package.json b/vip/package.json
@@ -12,7 +12,7 @@
     "url": "git://github.com/Automattic/simplenote-electron.git"
   },
   "dependencies": {
-    "@automattic/vip-go": "0.3.3",
-    "express": "4.17.1"
+    "@automattic/vip-go": "1.1.0",
+    "express": "4.19.2"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`"url": "git://github.com/Automattic/simplenote-electron.git"`
`13`	`13`	`},`
`14`	`14`	`"dependencies": {`
`15`		`- "@automattic/vip-go": "0.3.3",`
`16`		`- "express": "4.17.1"`
	`15`	`+ "@automattic/vip-go": "1.1.0",`
	`16`	`+ "express": "4.19.2"`
`17`	`17`	`}`
`18`	`18`	`}`