Add proof of concept publisher content CVE dashboard (#174)

Author: dotNomad

.github/workflows/extensions.yml

@@ -185,6 +185,7 @@ jobs:
       # e.g. `extension-name: ${{ steps.changes.outputs.extension-name }}`
       # Be sure the extension name and directory name it is in are the same
       publisher-command-center: ${{ steps.changes.outputs.publisher-command-center }}
+      publisher-cves: ${{ steps.changes.outputs.publisher-cves }}
 
     steps:
       - uses: actions/checkout@v4
@@ -198,6 +199,7 @@ jobs:
           # e.g. `extension-name: extensions/extension-name/**`
           filters: |
             publisher-command-center: extensions/publisher-command-center/**
+            publisher-cves: extensions/publisher-cves/**
 
   # Creates and releases the Publisher Command Center extension using a custom
   # workflow
@@ -209,6 +211,15 @@ jobs:
     uses: ./.github/workflows/publisher-command-center.yml
     secrets: inherit
 
+  # Creates and releases the Publisher CVEs extension using a custom workflow
+  publisher-cves:
+    needs: [complex-extension-changes]
+    # Only runs if the `complex-extension-changes` job detects changes in the
+    # publisher-cves extension directory
+    if: ${{ needs.complex-extension-changes.outputs.publisher-cves == 'true' }}
+    uses: ./.github/workflows/publisher-cves.yml
+    secrets: inherit
+
   # All extensions have been linted, packaged, and released, if necessary
   # Continuing to update the extension list with the latest release data
 
@@ -219,7 +230,7 @@ jobs:
     runs-on: ubuntu-latest
     # Requires that the `simple-extensions` and all custom workflow jobs are
     # completed before running this job
-    needs: [simple-extension-release, publisher-command-center]
+    needs: [simple-extension-release, publisher-command-center, publisher-cves]
     if: ${{ always() }}
     outputs:
       releases: ${{ steps.fetch-releases.outputs.releases }}

.github/workflows/publisher-cves.yml

@@ -0,0 +1,80 @@
+name: Publisher CVEs Extension
+
+on:
+  workflow_call:
+
+# Setup the environment with the extension name for easy re-use
+# Also need the GH_TOKEN for the release-extension action to be able to use gh
+env:
+  EXTENSION_NAME: publisher-cves
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  extension:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./extensions/${{ env.EXTENSION_NAME }}
+
+    steps:
+      # Checkout the repository so the rest of the actions can run with no issue
+      - uses: actions/checkout@v4
+
+      # We want to fail quickly if the linting fails, do that first
+      - uses: ./.github/actions/lint-extension
+        with:
+          extension-name: ${{ env.EXTENSION_NAME }}
+
+      # Publisher Command Center needs to setup node, install dependencies, and
+      # build to make the files needed for the extension
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+          cache: "npm"
+          cache-dependency-path: extensions/${{ env.EXTENSION_NAME }}/package-lock.json
+
+      - run: npm ci
+      - run: npm run build
+
+      # Now that the extension is built we need to upload an artifact to pass
+      # to the package-extension action that contains the files we want to be
+      # included in the extension
+      # This only includes necessary files for the extension to run leaving out
+      # the files that were used to build the /dist/ directory
+      - name: Upload built extension
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.EXTENSION_NAME }}
+          path: |
+            extensions/${{ env.EXTENSION_NAME }}/dist/
+            extensions/${{ env.EXTENSION_NAME }}/requirements.txt
+            extensions/${{ env.EXTENSION_NAME }}/main.py
+            extensions/${{ env.EXTENSION_NAME }}/manifest.json
+
+      # Package up the extension into a TAR using the generalized
+      # package-extension action
+      - uses: ./.github/actions/package-extension
+        with:
+          extension-name: ${{ env.EXTENSION_NAME }}
+          artifact-name: ${{ env.EXTENSION_NAME }}
+
+  connect-integration-tests:
+    needs: extension
+    uses: ./.github/workflows/connect-integration-tests.yml
+    secrets: inherit
+    with:
+      extensions: '["publisher-cves"]'  # JSON array format to match the workflow input schema
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [extension, connect-integration-tests]
+    # Release the extension using the release-extension action
+    # Will only create a GitHub release if merged to `main` and the semver
+    # version has been updated
+    steps:
+      # Checkout the repository so the rest of the actions can run with no issue
+      - uses: actions/checkout@v4
+
+      - uses: ./.github/actions/release-extension
+        with:
+          extension-name: ${{ env.EXTENSION_NAME }}

extensions/publisher-cves/.gitignore

@@ -0,0 +1,30 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+# Posit Publisher files
+.posit/*
+
+# Claude
+.claude/settings.local.json

extensions/publisher-cves/.prettierignore

@@ -0,0 +1,7 @@
+# Ignore artifacts:
+dist
+build
+coverage
+
+# Ignore virtual environments:
+.venv

extensions/publisher-cves/.prettierrc

@@ -0,0 +1 @@
+{}

extensions/publisher-cves/.python-version

@@ -0,0 +1 @@
+3.11

extensions/publisher-cves/.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["Vue.volar"]
+}

extensions/publisher-cves/CONTRIBUTING.md

@@ -0,0 +1,31 @@
+# Contributing to Publisher CVEs
+
+## Prerequisites
+
+- Python 3.11 or higher
+- [Node.js](https://nodejs.org/en) 20 or higher
+- [uv](https://docs.astral.sh/uv/)
+
+It is recommended to use [nvm (Node Version Manager)](https://github.com/nvm-sh/nvm)
+to manage Node.js versions.
+
+## Setup
+
+1. Run `uv sync` to install dependencies for the FastAPI server.
+2. Run `npm install` to install frontend dependencies.
+
+## Development
+
+1. Run `uv run fastapi dev main.py` to start the FastAPI server.
+2. Run the frontend development server with `npm run dev`.
+
+## Deploy
+
+Run `npm run build` to generate the frontend JS and CSS files in the `dist`
+directory.
+
+From there the required files to be sent in the bundle are:
+
+- `main.py',
+- 'requirements.txt'
+- `dist/**`

extensions/publisher-cves/README.md

@@ -0,0 +1,4 @@
+# Publisher CVEs
+
+Shows the vulnerabilities affecting the content you have published to Posit
+Connect.

extensions/publisher-cves/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Vite + Vue + TS</title>
+  </head>
+  <body class="min-h-svh antialiased">
+    <div id="app"></div>
+    <script type="module" src="/src/main.ts"></script>
+  </body>
+</html>