diff options
author | Kristóf Marussy <kristof@marussy.com> | 2021-12-30 21:47:46 +0100 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2021-12-30 21:47:46 +0100 |
commit | 1383dde6aa0d25b5fa23d7a7b64ba7de21ec5b99 (patch) | |
tree | 94739ff48121a1d69358acf5f2c60124d1b1cdec /.electron-builder.config.cjs | |
parent | build: Only use vite typings in renderer (diff) | |
download | sophie-1383dde6aa0d25b5fa23d7a7b64ba7de21ec5b99.tar.gz sophie-1383dde6aa0d25b5fa23d7a7b64ba7de21ec5b99.tar.zst sophie-1383dde6aa0d25b5fa23d7a7b64ba7de21ec5b99.zip |
build: Fully switch over to ESM
Now we can run with ESM at build and test time and transpile into
commonjs for electron. This greatly simplifies testing, since we treat
everything as ESM during build with esbuild anyways. Now the test
environment and the build scripts match the apparent (but not the actual
for the main, preload, and inject modules) runtime environment.
Caveats:
- We may use top-level async expressions in tests and script, but not in
code that gets transpiled into commonjs or scripts that get imported
by vite. The limitation w.r.t. commonjs seems fundamental.
- Jest only experimentally supports ESM and there are some limitations
with mocking. Most limitations (except the lack of automatic mocks)
can be worked around by async importing code that uses mocks.
- There are packages marked as modules (so that node reads any scripts
in them as ESM) that nevertheless get transpiled into commonjs
modules. However, these should be clearly marked by using a .cjs
extension as their bundle. The worst offender is the root package,
which has a .cjs as its main entry point that gets read by electron,
but is in fact marked as a module. This doesn't seem to bother electron
at all. The service-inject package is an IIFE with a .js extension,
but it outputs a fully self-contained bundle, so the choice of module
format should be irrelevant.
Diffstat (limited to '.electron-builder.config.cjs')
-rw-r--r-- | .electron-builder.config.cjs | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/.electron-builder.config.cjs b/.electron-builder.config.cjs new file mode 100644 index 0000000..5238c69 --- /dev/null +++ b/.electron-builder.config.cjs | |||
@@ -0,0 +1,69 @@ | |||
1 | // @ts-check | ||
2 | |||
3 | const { Arch } = require('electron-builder'); | ||
4 | const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses'); | ||
5 | const { join } = require('path'); | ||
6 | |||
7 | /** | ||
8 | * @type {import('electron-builder').Configuration} | ||
9 | * @see https://www.electron.build/configuration/configuration | ||
10 | */ | ||
11 | const config = { | ||
12 | directories: { | ||
13 | output: 'dist', | ||
14 | buildResources: 'buildResources', | ||
15 | }, | ||
16 | files: [ | ||
17 | 'packages/main/dist/**', | ||
18 | 'packages/preload/dist/**', | ||
19 | 'packages/renderer/dist/**', | ||
20 | 'packages/service-inject/dist/**', | ||
21 | 'packages/service-preload/dist/**', | ||
22 | // Do not ship with source maps. | ||
23 | '!**/*.map', | ||
24 | ], | ||
25 | afterPack(context) { | ||
26 | return burnFuses(context); | ||
27 | }, | ||
28 | }; | ||
29 | |||
30 | /** | ||
31 | * Hardens the shipped electron binary by burning some electron fuses. | ||
32 | * | ||
33 | * Enabled chromium cookie encryption and disables options that could be | ||
34 | * used to execute arbitrary code in the main process to circumvent cookie encryption: | ||
35 | * - Running the application as a plain node process is disabled. | ||
36 | * - Setting options through the `NODE_OPTIONS` environment variable is disabled. | ||
37 | * - Attaching a debugger through the `--inspect` family of options is disabled. | ||
38 | * - Embedded ASAR integrity validation is enabled. | ||
39 | * - Will onload load the application from the ASAR archive. | ||
40 | * | ||
41 | * @param {import('electron-builder').AfterPackContext} context The `electron-builder` context. | ||
42 | * @return {Promise<void>} The promise to flip the fuses. | ||
43 | * @see https://github.com/electron/fuses | ||
44 | */ | ||
45 | async function burnFuses(context) { | ||
46 | /** @type {string} */ | ||
47 | const ext = { | ||
48 | darwin: '.app', | ||
49 | win32: '.exe', | ||
50 | }[context.electronPlatformName] || ''; | ||
51 | const electronBinaryPath = join( | ||
52 | context.appOutDir, | ||
53 | `${context.packager.appInfo.productFilename}${ext}` | ||
54 | ); | ||
55 | /** @type {import('@electron/fuses').FuseConfig<boolean>} */ | ||
56 | const fuseConfig = { | ||
57 | version: FuseVersion.V1, | ||
58 | resetAdHocDarwinSignature: context.electronPlatformName === 'darwin' && context.arch === Arch.arm64, | ||
59 | [FuseV1Options.RunAsNode]: false, | ||
60 | [FuseV1Options.EnableCookieEncryption]: true, | ||
61 | [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, | ||
62 | [FuseV1Options.EnableNodeCliInspectArguments]: false, | ||
63 | [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, | ||
64 | [FuseV1Options.OnlyLoadAppFromAsar]: true, | ||
65 | }; | ||
66 | return flipFuses(electronBinaryPath, fuseConfig); | ||
67 | } | ||
68 | |||
69 | module.exports = config; | ||