Do not silently install cargo-about. (#377)

2021-09-19 16:58:04 +02:00 · 2021-09-19 16:58:04 +02:00 · fb517b3d5b
parent 736d611812
commit fb517b3d5b
4 changed files with 60 additions and 21 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -25,6 +25,9 @@ jobs:
    - name: 🚧 Install Node dependencies
      run: cd frontend && npm install

+    - name: 📦 Install cargo-about
+      run: cargo install cargo-about
+
    - name: 🌐 Build Graphite web code
      run: cd frontend && npm run build

--- a/about.hbs
+++ b/about.hbs
@ -1,7 +1,8 @@
-// Be careful to prevent auto-formatting from breaking this file's indentation
-// Replace this file with JSON output once this is resolved: https://github.com/EmbarkStudios/cargo-about/issues/73
-
-module.exports = [
+{{!
+Be careful to prevent auto-formatting from breaking this file's indentation
+Replace this file with JSON output once this is resolved: https://github.com/EmbarkStudios/cargo-about/issues/73
+}}
+GENERATED_BY_CARGO_ABOUT: [
 	{{#each licenses}}
 	{
 		licenseName: `{{name}}`,
@ -18,4 +19,4 @@ module.exports = [
 		],
 	},
 	{{/each}}
-];
+]
--- a/frontend/package.json
+++ b/frontend/package.json
@ -5,7 +5,7 @@
 	"private": true,
 	"scripts": {
 		"serve": "vue-cli-service serve || (npm install && vue-cli-service serve)",
-		"build": "cd .. && cargo install cargo-about && cargo about generate about.hbs > frontend/rust-licenses.js && cd frontend && (vue-cli-service build || (npm install && vue-cli-service build))",
+		"build": "vue-cli-service build || (npm install && vue-cli-service build)",
 		"lint": "vue-cli-service lint || (npm install && vue-cli-service lint)",
 		"lint-no-fix": "vue-cli-service lint --no-fix || (echo 'There were lint errors. Please run `npm run lint` to fix auto-them. If the linter execution fails, try running `npm install` first.' && false)"
 	},
--- a/frontend/vue.config.js
+++ b/frontend/vue.config.js
@ -1,18 +1,37 @@
-/* eslint-disable @typescript-eslint/no-var-requires */
+/* eslint-disable @typescript-eslint/no-var-requires, no-console */
 const path = require("path");
-const { unlink } = require("fs");
+const { spawnSync } = require("child_process");

 const WasmPackPlugin = require("@wasm-tool/wasm-pack-plugin");
 const LicenseCheckerWebpackPlugin = require("license-checker-webpack-plugin");

-let rustLicenses = [];
-let debugMode = false;
-try {
-	// eslint-disable-next-line global-require, import/extensions, import/no-unresolved
-	rustLicenses = require("./rust-licenses");
-} catch (_) {
-	// Rust licenses are not generated by Cargo About except in release mode (`npm run build`)
-	debugMode = true;
+function generateRustLicenses() {
+	console.info("Generating license information for rust code");
+	const { stdout, stderr, status } = spawnSync("cargo", ["about", "generate", "about.hbs"], {
+		cwd: path.join(__dirname, ".."),
+		encoding: "utf8",
+		timeout: 60000, // one minute
+		shell: true,
+		windowsHide: true, // hide the DOS window on windows
+	});
+
+	if (status !== 0) {
+		if (status !== 101) {
+			// cargo returns 101 when the subcommand wasn't found
+			console.error("cargo-about failed", status, stderr);
+		}
+		return null;
+	}
+
+	// Make sure the output starts as expected, we don't want to eval an error message.
+	if (!stdout.trim().startsWith("GENERATED_BY_CARGO_ABOUT:")) {
+		console.error("Unexpected output from cargo-about", stdout);
+		return null;
+	}
+
+	// Security-wise, eval() isn't any worse than require(), but it doesn't need a temporary file.
+	// eslint-disable-next-line no-eval
+	return eval(stdout);
 }

 module.exports = {
@ -78,8 +97,27 @@ module.exports = {
 };

 function formatThirdPartyLicenses(jsLicenses) {
+	let rustLicenses = null;
+	if (process.env.NODE_ENV === "production") {
+		try {
+			rustLicenses = generateRustLicenses();
+		} catch (e) {
+			// Nothing to show. Error messages were printed above.
+		}
+
+		if (rustLicenses === null) {
+			// This is probably caused by cargo about not being installed
+			console.error(`
+Could not run 'cargo about', which is required to generate license information.
+To install cargo-about on your system, you can run:
+    cargo install cargo-about
+License information is required on production builds. Aborting.`);
+			process.exit(1);
+		}
+	}
+
 	// Remove the HTML character encoding caused by Handlebars
-	let licenses = rustLicenses.map((rustLicense) => ({
+	let licenses = (rustLicenses || []).map((rustLicense) => ({
 		licenseName: htmlDecode(rustLicense.licenseName),
 		licenseText: trimBlankLines(htmlDecode(rustLicense.licenseText)),
 		packages: rustLicense.packages.map((package) => ({
@ -131,7 +169,7 @@ function formatThirdPartyLicenses(jsLicenses) {

 	// Generate the formatted text file
 	let formattedLicenseNotice = "GRAPHITE THIRD-PARTY SOFTWARE LICENSE NOTICES\n\n";
-	if (debugMode) formattedLicenseNotice += "WARNING: Licenses for Rust packages are excluded in debug mode to improve performance — do not release without their inclusion!\n\n";
+	if (!rustLicenses) formattedLicenseNotice += "WARNING: Licenses for Rust packages are excluded in debug mode to improve performance — do not release without their inclusion!\n\n";

 	licenses.forEach((license) => {
 		let packagesWithSameLicense = "";
@ -153,9 +191,6 @@ ${license.licenseText}
 `;
 	});

-	// Clean up by deleting the `rust-licenses.js` Rust licenses data file generated by Cargo About
-	unlink("./rust-licenses.js", (_) => _);
-
 	return formattedLicenseNotice;
 }