Merge pull request #67 from ACE-IoT-Solutions/nic

Address security issues

.config/.cprc.json

@@ -1,3 +1,3 @@
 {
-  "version": "4.13.0"
+  "version": "5.3.7"
 }

.config/.eslintrc

@@ -2,7 +2,7 @@
  * ⚠️⚠️⚠️ THIS FILE WAS SCAFFOLDED BY `@grafana/create-plugin`. DO NOT EDIT THIS FILE DIRECTLY. ⚠️⚠️⚠️
  *
  * In order to extend the configuration follow the steps in
- * https://grafana.com/developers/plugin-tools/create-a-plugin/extend-a-plugin/extend-configurations#extend-the-eslint-config
+ * https://grafana.com/developers/plugin-tools/get-started/set-up-development-environment#extend-the-eslint-config
  */
 {
   "extends": ["@grafana/eslint-config"],

.config/Dockerfile

@@ -4,6 +4,7 @@ ARG grafana_image=grafana-enterprise
 FROM grafana/${grafana_image}:${grafana_version}
 
 ARG development=false
+ARG TARGETARCH
 
 
 ENV DEV "${development}"

.config/README.md

@@ -159,6 +159,6 @@ services:
         grafana_image: ${GRAFANA_IMAGE:-grafana}
 ```
 
-In this example, we assign the environment variable `GRAFANA_IMAGE` to the build arg `grafana_image` with a default value of `grafana`. This will allow you to set the value while running the docker-compose commands, which might be convenient in some scenarios.
+In this example, we assign the environment variable `GRAFANA_IMAGE` to the build arg `grafana_image` with a default value of `grafana`. This will allow you to set the value while running the docker compose commands, which might be convenient in some scenarios.
 
 ---

.config/jest-setup.js

@@ -2,7 +2,7 @@
  * ⚠️⚠️⚠️ THIS FILE WAS SCAFFOLDED BY `@grafana/create-plugin`. DO NOT EDIT THIS FILE DIRECTLY. ⚠️⚠️⚠️
  *
  * In order to extend the configuration follow the steps in
- * https://grafana.com/developers/plugin-tools/create-a-plugin/extend-a-plugin/extend-configurations#extend-the-jest-config
+ * https://grafana.com/developers/plugin-tools/get-started/set-up-development-environment#extend-the-jest-config
  */
 
 import '@testing-library/jest-dom';

.config/jest.config.js

@@ -2,7 +2,7 @@
  * ⚠️⚠️⚠️ THIS FILE WAS SCAFFOLDED BY `@grafana/create-plugin`. DO NOT EDIT THIS FILE DIRECTLY. ⚠️⚠️⚠️
  *
  * In order to extend the configuration follow the steps in
- * https://grafana.com/developers/plugin-tools/create-a-plugin/extend-a-plugin/extend-configurations#extend-the-jest-config
+ * https://grafana.com/developers/plugin-tools/get-started/set-up-development-environment#extend-the-jest-config
  */
 
 const path = require('path');

.config/tsconfig.json

@@ -2,7 +2,7 @@
  * ⚠️⚠️⚠️ THIS FILE WAS SCAFFOLDED BY `@grafana/create-plugin`. DO NOT EDIT THIS FILE DIRECTLY. ⚠️⚠️⚠️
  *
  * In order to extend the configuration follow the steps in
- * https://grafana.com/developers/plugin-tools/create-a-plugin/extend-a-plugin/extend-configurations#extend-the-typescript-config
+ * https://grafana.com/developers/plugin-tools/get-started/set-up-development-environment#extend-the-typescript-config
  */
 {
   "compilerOptions": {

.config/webpack/utils.ts

@@ -29,6 +29,11 @@ export function getPluginJson() {
   return require(path.resolve(process.cwd(), `${SOURCE_DIR}/plugin.json`));
 }
 
+export function getCPConfigVersion() {
+  const cprcJson = path.resolve(__dirname, '../', '.cprc.json');
+  return fs.existsSync(cprcJson) ? require(cprcJson).version : { version: 'unknown' };
+}
+
 export function hasReadme() {
   return fs.existsSync(path.resolve(process.cwd(), SOURCE_DIR, 'README.md'));
 }

.config/webpack/webpack.config.ts

@@ -2,21 +2,35 @@
  * ⚠️⚠️⚠️ THIS FILE WAS SCAFFOLDED BY `@grafana/create-plugin`. DO NOT EDIT THIS FILE DIRECTLY. ⚠️⚠️⚠️
  *
  * In order to extend the configuration follow the steps in
- * https://grafana.com/developers/plugin-tools/create-a-plugin/extend-a-plugin/extend-configurations#extend-the-webpack-config
+ * https://grafana.com/developers/plugin-tools/get-started/set-up-development-environment#extend-the-webpack-config
  */
 
 import CopyWebpackPlugin from 'copy-webpack-plugin';
 import ESLintPlugin from 'eslint-webpack-plugin';
 import ForkTsCheckerWebpackPlugin from 'fork-ts-checker-webpack-plugin';
-import LiveReloadPlugin from 'webpack-livereload-plugin';
 import path from 'path';
 import ReplaceInFileWebpackPlugin from 'replace-in-file-webpack-plugin';
-import { Configuration } from 'webpack';
+import TerserPlugin from 'terser-webpack-plugin';
+import { type Configuration, BannerPlugin } from 'webpack';
+import LiveReloadPlugin from 'webpack-livereload-plugin';
+import VirtualModulesPlugin from 'webpack-virtual-modules';
 
-import { getPackageJson, getPluginJson, hasReadme, getEntries, isWSL } from './utils';
-import { SOURCE_DIR, DIST_DIR } from './constants';
+import { DIST_DIR, SOURCE_DIR } from './constants';
+import { getCPConfigVersion, getEntries, getPackageJson, getPluginJson, hasReadme, isWSL } from './utils';
 
 const pluginJson = getPluginJson();
+const cpVersion = getCPConfigVersion();
+
+const virtualPublicPath = new VirtualModulesPlugin({
+  'node_modules/grafana-public-path.js': `
+import amdMetaModule from 'amd-module';
+
+__webpack_public_path__ =
+  amdMetaModule && amdMetaModule.uri
+    ? amdMetaModule.uri.slice(0, amdMetaModule.uri.lastIndexOf('/') + 1)
+    : 'public/plugins/${pluginJson.id}/';
+`,
+});
 
 const config = async (env): Promise<Configuration> => {
   const baseConfig: Configuration = {
@@ -34,6 +48,8 @@ const config = async (env): Promise<Configuration> => {
     entry: await getEntries(),
 
     externals: [
+      // Required for dynamic publicPath resolution
+      { 'amd-module': 'module' },
       'lodash',
       'jquery',
       'moment',
@@ -80,6 +96,18 @@ const config = async (env): Promise<Configuration> => {
 
     module: {
       rules: [
+        // This must come first in the rules array otherwise it breaks sourcemaps.
+        {
+          test: /src\/(?:.*\/)?module\.tsx?$/,
+          use: [
+            {
+              loader: 'imports-loader',
+              options: {
+                imports: `side-effects grafana-public-path`,
+              },
+            },
+          ],
+        },
         {
           exclude: /(node_modules)/,
           test: /\.[tj]sx?$/,
@@ -112,25 +140,35 @@ const config = async (env): Promise<Configuration> => {
           test: /\.(png|jpe?g|gif|svg)$/,
           type: 'asset/resource',
           generator: {
-            // Keep publicPath relative for host.com/grafana/ deployments
-            publicPath: `public/plugins/${pluginJson.id}/img/`,
-            outputPath: 'img/',
             filename: Boolean(env.production) ? '[hash][ext]' : '[file]',
           },
         },
         {
           test: /\.(woff|woff2|eot|ttf|otf)(\?v=\d+\.\d+\.\d+)?$/,
           type: 'asset/resource',
           generator: {
-            // Keep publicPath relative for host.com/grafana/ deployments
-            publicPath: `public/plugins/${pluginJson.id}/fonts/`,
-            outputPath: 'fonts/',
-            filename: Boolean(env.production) ? '[hash][ext]' : '[name][ext]',
+            filename: Boolean(env.production) ? '[hash][ext]' : '[file]',
           },
         },
       ],
     },
 
+    optimization: {
+      minimize: Boolean(env.production),
+      minimizer: [
+        new TerserPlugin({
+          terserOptions: {
+            format: {
+              comments: (_, { type, value }) => type === 'comment2' && value.trim().startsWith('[create-plugin]'),
+            },
+            compress: {
+              drop_console: ['log', 'info'],
+            },
+          },
+        }),
+      ],
+    },
+
     output: {
       clean: {
         keep: new RegExp(`(.*?_(amd64|arm(64)?)(.exe)?|go_plugin_build_manifest)`),
@@ -145,6 +183,13 @@ const config = async (env): Promise<Configuration> => {
     },
 
     plugins: [
+      virtualPublicPath,
+      // Insert create plugin version information into the bundle
+      new BannerPlugin({
+        banner: '/* [create-plugin] version: ' + cpVersion + ' */',
+        raw: true,
+        entryOnly: true,
+      }),
       new CopyWebpackPlugin({
         patterns: [
           // If src/README.md exists use it; otherwise the root README

.cprc.json

@@ -1,3 +1,6 @@
 {
-  "features": {}
+  "features": {
+    "bundleGrafanaUI": false,
+    "useReactRouterV6": false
+  }
 }

.github/workflows/ci.yml

@@ -135,14 +135,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-        with:
-          sparse-checkout: |
-            provisioning
-            tests
-            .config
 
       - name: Download plugin
-        if: needs.build.outputs.has-backend == 'true'
         uses: actions/download-artifact@v4
         with:
           path: dist
@@ -151,7 +145,7 @@ jobs:
       - name: Execute permissions on binary
         if: needs.build.outputs.has-backend == 'true'
         run: |
-          chmod +x ./dist/gpx_cicd_linux_amd64
+          chmod +x ./dist/gpx_*
 
       - name: Setup Node.js environment
         uses: actions/setup-node@v4
@@ -164,8 +158,8 @@ jobs:
 
       - name: Start Grafana
         run: |
-          docker-compose pull
-          DEVELOPMENT=false GRAFANA_VERSION=${{ matrix.GRAFANA_IMAGE.VERSION }} GRAFANA_IMAGE=${{ matrix.GRAFANA_IMAGE.NAME }} docker-compose up -d
+          docker compose pull
+          DEVELOPMENT=false GRAFANA_VERSION=${{ matrix.GRAFANA_IMAGE.VERSION }} GRAFANA_IMAGE=${{ matrix.GRAFANA_IMAGE.NAME }} docker compose up -d
 
       - name: Wait for Grafana to start
         uses: nev7n/wait_for_response@v1
@@ -176,7 +170,7 @@ jobs:
           interval: 500
 
       - name: Install Playwright Browsers
-        run: npx playwright install chromium --with-deps
+        run: npm exec playwright install chromium --with-deps
 
       - name: Run Playwright tests
         id: run-tests
@@ -185,10 +179,10 @@ jobs:
       - name: Docker logs
         if: ${{ always() && steps.run-tests.outcome == 'failure' }}
         run: |
-          docker logs qqqqqqqqqq-zzzzzzzzzzz-panel >& grafana-server.log
+          docker logs aceiot-svg-panel >& grafana-server.log
 
       - name: Stop grafana docker
-        run: docker-compose down
+        run: docker compose down
 
       - name: Upload server log
         uses: actions/upload-artifact@v4
@@ -198,12 +192,12 @@ jobs:
           path: grafana-server.log
           retention-days: 5
 
-      # If your repository is public, uploading the Playwright report will make it public on the Internet.
-      # Beware not to expose sensitive information.
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        if: ${{ always() && steps.run-tests.outcome == 'failure' }}
-        with:
-          name: playwright-report-${{ matrix.GRAFANA_IMAGE.NAME }}-v${{ matrix.GRAFANA_IMAGE.VERSION }}-${{github.run_id}}
-          path: playwright-report/
-          retention-days: 5
+      # Uncomment this step to upload the Playwright report to Github artifacts.
+      # If your repository is public, the report will be public on the Internet so beware not to expose sensitive information.
+      # - name: Upload artifacts
+      #   uses: actions/upload-artifact@v4
+      #   if: ${{ always() && steps.run-tests.outcome == 'failure' }}
+      #   with:
+      #     name: playwright-report-${{ matrix.GRAFANA_IMAGE.NAME }}-v${{ matrix.GRAFANA_IMAGE.VERSION }}-${{github.run_id}}
+      #     path: playwright-report/
+      #     retention-days: 5

docker-compose.yaml

@@ -1,17 +1,14 @@
-version: '3.0'
-
 services:
   grafana:
     user: root
     container_name: 'aceiot-svg-panel'
 
-    platform: 'linux/amd64'
     build:
       context: ./.config
       args:
         grafana_image: ${GRAFANA_IMAGE:-grafana-enterprise}
-        grafana_version: ${GRAFANA_VERSION:-10.3.3}
-        development: ${DEVELOPMENT:-true}
+        grafana_version: ${GRAFANA_VERSION:-11.2.0}
+        development: ${DEVELOPMENT:-false}
     ports:
       - 3000:3000/tcp
     volumes: