tvquizphd / public-quiz Goto Github PK

ACTION: FAILURE.
Error: Secret ROOT__INSTALLATION invalid.
at toInstallation (/snapshot/public-quiz/dist/util/pasted.js:129:15)
at /snapshot/public-quiz/dist/index.js:348:69
Error: Process completed with exit code 1.

copying works, but pasting does not.

Would actions/upload-artifact and actions/download-artifact be an improvement?

If the latest release is downgraded to pre-release, that renders login impossible.

The activate.ts script currently:

1. Pulls from the Wiki
2. Pushes from the Wiki
3. Triggers copying to Pages

The script should instead

1. read from the Wiki
2. write to GitHub Pages

Instead of contents: write, the step can have these permissions:

pages: write
id-token: write

There will then be no need for:

• committing and pushing
• copy step of wiki.yaml
• filter step of wiki.yaml

Also, wiki.yaml should only respond to gollum.

https://github.com/tvquizphd/public-quiz-device/blob/5cbb48dc2fbc19680a3643a627f73258c8c58802/docs/login/lib/workflow.js#L241

No need for special case… the button handler could set reset and update step with separate function calls

At some point it will be necessary to run separate traffic in my personal projects for PRODUCTION-LOGIN and DEVELOPMENT-TEST environments.

Renaming the projects with the environment as a prefix will allow this. Then, the password manager could remain in production use while testing new features in development.

two problems:

• right after registration link... login still not ready
• right after password reset... login still not ready

This arises when "LOGIN CLOSE" has not yet finished.
Quick fix-- make client wait for mail, even when not needed.

A more secure server-side fix really must handle two things:

• requests failing or requests in the wrong order

Perhaps build up testing framework first?

This is true both in production and local development. Is there a performance issue with encryption, decryption or key exchange?

If authentication flow is re-run, it's not possible to decrypt existing servers, clients, or secrets.

• should clear environment when rebuilding
• should add version suffix to app installations
• The build step alone should run when a PR is merged

It would be more helpful to redirect to the edit page. The client must know the release tag, as releases/edit/latest doesn't fly.

If the client sees a 401 error when connecting, the "update_token" workflow needs to run again.

all that info should live elsewhere-- in release notes or perhaps repo description.

In wiki.yaml, contents: write is insufficient to create a new environment. The relevant repo permissions are not available to github.token. Consider using user-generated personal access token as workaround.

ACTION: FAILURE.
Error: Invalid env: DEPLOYMENT
at toError (/snapshot/public-quiz/dist/index.js:44:28)
at /snapshot/public-quiz/dist/index.js:199:19
at Object. (/snapshot/public-quiz/dist/index.js:536:3)

This has to be a browser side cache issue. Just try adding these headers to sock-secret.
Cache-Control: no-store, must-revalidate

Github app namespace is global!

https://github.com/tvquizphd/public-quiz-device/blob/5cbb48dc2fbc19680a3643a627f73258c8c58802/docs/lib/workflow.js#L67

it’s filtered, has no template

Consider setting up Karma to mock browser activity.

To decide which tests to run,

• Try sketching up a directed graph of current valid/invalid states:
  • among secrets, release notes, client dispatches, and client URLs

Currently the toGitToken function is only incidentally the correct behavior now.

React allows passing props objects to html components. Reef can’t, and writing long strings by hand is confusing. Make a small genetic function to convert an object into html props.

const $ = o => {
 const kv = Object.entries(o);
 return kv.reduce((s, [k,v]) =>{
   return `${s} ${k}="${v}"`;
 }, '');
}

so

const h1_p = {id: 'prop'};
const h1 = `<h1 ${$(h1_p)}>Prop</h1>`;

If I'm using Chrome for memory intensive tasks, the tests fail to connect to localhost in Firefox.

Solutions:

1. Await make_latest release workflow PR.
2. Write the current release tag to environment.csv

Because of this sock-secret issue, unless cache is explicitly disabled, we can't handle "If-Modified-Since" when socket starts up. Creation of client socket should include default parameter for "last-modified" header that we can pass in when creating socket. The client quit() command should supply this header for use in creating a new socket.