Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Vite #1179

Merged
merged 17 commits into from
Jan 2, 2025
Merged

Use Vite #1179

merged 17 commits into from
Jan 2, 2025

Conversation

rhystmills
Copy link
Contributor

@rhystmills rhystmills commented Nov 18, 2024

What does this change?

This PR moves our build and local development server to Vite from Webpack. I have done this for a few reasons:

  • We have 7 (when I counted) high priority client-side vulnerabilities related to webpack-dev-server and other webpack packages - I've spent many hours unsuccessfully trying to bump that package while getting hot reloading to work, or even the current setup (page refresh on local change) and had no luck. I want to sort the vulnerabilities out.
  • I'm not convinced hot reloading via Webpack is working properly. Instead, the page refreshes completely on local changes (perhaps based on the file 'watch' specified in the Webpack config), which is a bit annoying to work with. With Vite working properly, local development feels smoother and slightly faster.
Before After
Kapture 2024-11-28 at 09 58 40 copy Kapture 2024-11-28 at 09 46 09
  • Full builds are ~30% faster - taking 12 seconds instead of 18.
  • We have lots of config for our Webpack setup - which makes major version bumps to Webpack packages difficult. We have three different conf files, and even more configuration in webpack-dev-server.js. I'm fairly sure some of that config has become redundant over various package bumps in the past, and it's now very messy, especially the local dev server where config is split across two files. In this PR, we lose ~350 lines of config and gain only 29.
  • We end up with far fewer direct dependencies to manage, e.g. for security vulnerabilties, which is a time consuming chore, especially with so many tools to manage. We lose 16 packages and gain only 2.
  • We've moved from Webpack to Vite in facia-tool and typerighter already and everyone cheered.

What did I change in order to do this?

I did a few things:

  1. Removed all webpack config, related packages, the local websocket server on 9002 used for (faulty?) hot reloading
  2. Added vite and some minor config, using it for build (via rollup, under the hood) and the local dev server.
  3. Renamed any .js files containing react to end in .jsx to make Vite happy (it's also good practice)
  4. Remove reqwest because it wasn't playing nicely with Vite - and we can safely use the native fetch api these days anyway.

The reqwest change is probably the one most likely to generate problems in this PR, it changes the mechanism used by all the requests in the application, and the arguments expected by reqwest are not the same as those expected by fetch.

I've tested every interaction the client-side application makes with outside services(e.g. Workflow, Targeting and usages) in our CODE environment) and they all seem to be working.

Will there be any follow-up work?

This PR should work by itself, but there will be some tidying as a follow-up. I'd like to:

  • Rename 'panda-reqwest' because we don't use reqwest any more.
  • Remove any redundant arguments still passed to 'panda-reqwest' in invocations across the application, e.g. crossOrigin - and do some other tidying of requests.
  • Make sure .jsx and .tsx files are being linted properly and sort any linting errors.

Also, things that predate this PR which I noticed while working on it:

  • We send a request to e.g. https://workflow.code.dev-gutools.co.uk/api/atom/undefined on load of a video page - this is obviously unintentional, though it doesn't seem to be causing major problems.
  • There are lots of 500 error to pages on the domain https://video.local.dev-gutools.co.uk/support/liveCapi locally
  • Add some more client-side tests, we test almost nothing.
  • Move more files to TypeScript.

How to test

  1. Run ./script/start.sh locally. Does it start a non-hot reloading server locally? If so, build is working.
  2. Run ./script/client-dev.sh locally. Does it start a hot reloading server locally? If so, hot reloading is working.
  3. Deploy to CODE. Does the app work? If so, artefact building is working.

It's also worth testing requests to external services on CODE, where things are wired up better than in local development. Do the Workflow, Targeting and YouTube integrations still work as expected (i.e. do requests in their respective tabs work properly, and does information seem to propagate to those systems?). I can help out with suggestions on testing these integrations, but mostly you'll want to check that you can create and update related settings in related tabs.

Things I tested (you might also want to):

Furniture:

  • Furniture text fields
  • Commissioning desks
  • Composer keywords (tags?)
  • Block ads tickbox
  • Allow comments tickbox
  • Sensitive tickbox

YouTube

  • Youtube furniture text field
  • Youtube furniture dropdown
  • Youtube Tags
  • Also updates YouTube itself?
  • Youtube upload

Workflow

  • Workflow text fields
  • Workflow dropdowns
  • Passes through to workflow?

Usages:

  • Usages tab
  • Updates usages in real time?

Targeting:

  • Targeting tab
  • Targeting rule
  • Updates targeting?

Other:

  • Management tab
  • Pluto tab
  • Pluto commissions
  • Presence
  • Publish to composer
  • Composer updating on furniture change

How can we measure success?

  • Build and local development still work.
  • All requests in the application still work.
  • No new error messages appear in normal usage of the app.

@rhystmills rhystmills force-pushed the rm/use-vite branch 9 times, most recently from a9a8b66 to a8d68b0 Compare November 25, 2024 11:51
},
settings: {
react: {
version: 'detect'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added this to sort an error when eslint was run.

@@ -2,6 +2,3 @@ name: video
mappings:
- prefix: video
port: 9001
- prefix: video-assets
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was only used for running the webpack dev server locally.

"lint": "eslint public/video-ui/src/**/*.js",
"build": "tsc && vite build",
"client-dev": "vite",
"lint": "eslint public/video-ui/src/**/** --ext .js,.ts --no-error-on-unmatched-pattern",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also want to match on .jsx and .tsx files - I'll do this in a follow-up as it will create lots of noise in this PR - there are linting errors in files that were previously not matched by the lint command here.

export function pandaReqwest(reqwestBody, timeout = 0) {
const payload = Object.assign({ method: 'get' }, reqwestBody);
export const pandaReqwest = (reqwestBody, timeout = 0) => {
const payload = Object.assign({ method: 'get', credentials: 'include' }, reqwestBody);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could add these credentials only for specific requests - this might be worth doing as a follow-up PR because we'll need to update the application in a lot of places, creating noise in the PR.

@rhystmills rhystmills force-pushed the rm/use-vite branch 3 times, most recently from 477b2c7 to 6b40a4d Compare November 28, 2024 12:45
@rhystmills
Copy link
Contributor Author

N.b. I would not merge this before Christmas!

@rhystmills rhystmills marked this pull request as ready for review December 19, 2024 11:26
@rhystmills rhystmills requested a review from a team as a code owner December 19, 2024 11:26
Copy link
Contributor

@Fweddi Fweddi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have tested non-hot / hot reloading locally, and tested integrations on CODE. All LGTM!

…cations for v4 - hot module reloading not yet working
… files can't be in 'public' because vite and play are both opinionated about the purpose of

the 'public'
directory, leading to shenanigans. Currently there is a problem with the javascript file bundled by vite, possibly because reqwest is causing an issue (we could
replace it)
 # Please enter the commit message for your changes. Lines starting
…moved, and so did reqwest, in order to get the app building properly. Panda requests now

use 'fetch' instead. The Search page was accidentally removed in an earlier commit, this reinstates it.
…e's http and ws (non-secure) requests locally by updating our content security policy - is there a better way?
… ensuring that ./scripts/start.sh and ./scripts/client-dev.sh still work
…sx or tsx files because there are unresolved linter problems there that will create lots of

noise in this already large PR. This should be addressed in a follow-up PR.
@rhystmills rhystmills merged commit 26f7290 into main Jan 2, 2025
3 checks passed
@rhystmills rhystmills deleted the rm/use-vite branch January 2, 2025 10:31
@prout-bot
Copy link

Seen on PROD (merged by @rhystmills 6 minutes and 23 seconds ago) Please check your changes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants