Better checks that static file routing works as expected #23014
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KevinMind
changed the title
KevinMind
force-pushed
the
move-deps-again
branch
3 times, most recently
from
8c6db5c to
7fd9bd6
Compare
…ing make up - Replaced the locale compilation script from a shell script to a Python script (compile_locales.py) for better error handling and parallel processing. - Updated the update_assets target in Makefile-docker to use the new update_assets.py script. - Removed the obsolete compile-mo.sh script. - Introduced sync_host_files.py to streamline dependency updates and asset synchronization.
- Removed obsolete file checks and user validation from Makefile-docker. - Updated Nginx configuration to improve static file handling and added headers for better traceability. - Refactored storage management commands in the Python codebase: - Renamed `clean_storage` to `make_storage` for clarity and added a `clean` parameter. - Updated command implementations to use the new `make_storage` method. - Introduced a new system check for Nginx configurations to ensure proper file accessibility and response validation.
…d directories: - Removed the previous build information generation method and replaced it with a new Python script (scripts/build_info.py) that creates a build info file with content hashes for static assets and locales. - Updated Dockerfile to utilize the new build_info.py script for generating build information during the Docker build process. - Adjusted the static check in the Django app to validate the content hash of static files against the expected hash. - Cleaned up .dockerignore and .gitignore files by removing the exclusion of build*.py files. - Added unit tests for the new build_info.py script and its functionality.
KevinMind
force-pushed
the
move-deps-again
branch
from
7fd9bd6 to
0e3ca9a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relates: mozilla/addons#15066
Description
First add checks to static file handling and better debugging of nginx static file serving
clean_storagetomake_storagefor clarity and added acleanparameter.make_storagemethod.Second add content hashing of static built directories allowing guarantees that static files created during the build are not modified at runtime.
Context
We serve static files from several possible sources. This PR ensures we understand where a file was served from and also have tests ensuring the routing through nginx works as expected.
Testing
Test NGINX routing
CI should suffice as it runs the make checks but you can break the routing in
addons.confand re-run the checks to ensure they fail. Comment out the /static file handler or specific blocks to force nginx to serve no files or files from incorrect sourcesTest content hashing
Run in prod mode (make down first to guarantee correct volumes are used)
make down && make up DOCKER_TARGET=production OLYMPIA_DEPS=development OLYMPIA_MOUNT=developmentThen shell into the container
make shelland runVerify that the content hashes for
static-filesandlocalesmatch in both places. the build-info.json file is from the image build and the script is running against the current state in the container.You can verify that this breaks the checks by modifying a file in either of the directories
And then run checks
This will raise an error that the content hash has changed which is not allowed on production targets. If you remove the file, the check should then pass again.
Tip
Bonus points
You can freely modify the
staticfiles.jsonfile in site-static because this file is non-deterministic and thus excluded from the content hash.Checklist
#ISSUENUMat the top of your PR to an existing open issue in the mozilla/addons repository.