check for secrets during publishing (#590)

* check for secrets during publishing

* add a dummy '.env' for packaging

* check for secrets during server publishing as well

.github/workflows/ci.yaml

@@ -73,4 +73,8 @@ jobs:
           run: npm run test:e2e
 
       - name: Package the extension
+        env:
+          SOLIDITY_GA_SECRET: "dummy-value"
+          SOLIDITY_GOOGLE_TRACKING_ID: "dummy-value"
+          SOLIDITY_SENTRY_DSN: "dummy-value"
         run: npm run package

client/scripts/bundle.js

@@ -38,41 +38,24 @@ function ensureDirExists(dir) {
 }
 
 async function main() {
-  if (!process.env.SOLIDITY_GA_SECRET) {
-    console.warn(
-      "\n\n  SOLIDITY_GA_SECRET not set, have you added a .env file based on the example?\n\n"
-    );
-  } else {
-    console.log(`Read SOLIDITY_GA_SECRET from .env file`);
-  }
-
-  if (!process.env.SOLIDITY_GOOGLE_TRACKING_ID) {
-    console.warn(
-      "\n\n  SOLIDITY_GOOGLE_TRACKING_ID not set, have you added a .env file based on the example?\n\n"
-    );
-  } else {
-    console.log(`Read SOLIDITY_GOOGLE_TRACKING_ID from .env file`);
-  }
+  const definedConstants = {};
+
+  for (const key of [
+    "SOLIDITY_GA_SECRET",
+    "SOLIDITY_GOOGLE_TRACKING_ID",
+    "SOLIDITY_SENTRY_DSN",
+  ]) {
+    const value = process.env[key];
+    if (!value || value === "") {
+      throw new Error(
+        `\n\n'${key}' not set, have you added an '.env' file based on 'env.example'?\n\n`
+      );
+    }
 
-  if (!process.env.SOLIDITY_SENTRY_DSN) {
-    console.warn(
-      "\n\n  SOLIDITY_SENTRY_DSN not set, have you added a .env file based on the example?\n\n"
-    );
-  } else {
-    console.log(`Read SOLIDITY_SENTRY_DSN from .env file`);
+    definedConstants[`process.env.${key}`] = `"${value}"`;
+    console.log(`Read 'process.env.${key}' from '.env' file.`);
   }
 
-  const definedConstants =
-    !process.env.SOLIDITY_GA_SECRET |
-      !process.env.SOLIDITY_GOOGLE_TRACKING_ID ||
-    !process.env.SOLIDITY_SENTRY_DSN
-      ? {}
-      : {
-          "process.env.SOLIDITY_GA_SECRET": `"${process.env.SOLIDITY_GA_SECRET}"`,
-          "process.env.SOLIDITY_GOOGLE_TRACKING_ID": `"${process.env.SOLIDITY_GOOGLE_TRACKING_ID}"`,
-          "process.env.SOLIDITY_SENTRY_DSN": `"${process.env.SOLIDITY_SENTRY_DSN}"`,
-        };
-
   // Ensure output directories exist
   ensureDirExists(tmpDir);
 

docs/publish-extension.md

@@ -2,35 +2,36 @@
 
 To publish `hardhat-solidity` you need to do next steps:
 
-1. `git fetch`, Checkout out `development`, then ensure your branch is up to date `git pull --ff-only`
-2. Perform a clean install and build (will lose all uncommitted changes):
+1.  `git fetch`, Checkout out `development`, then ensure your branch is up to date `git pull --ff-only`
+2.  Perform a clean install and build (will lose all uncommitted changes):
 
-   ```sh
-   git clean -fdx .
-   npm install
-   npm run build
-   ```
+    ```sh
+    git clean -fdx .
+    npm install
+    npm run build
+    ```
 
-3. Run a full check, stopping on failure: `npm run fullcheck`, optionally you can check that each commit meets our build requirements with: `git rebase main --exec "npm install && npm run fullcheck"`
-4. Confirm the commits represent the features for the release
-5. Branch into a release branch named for the current date: `git checkout -b release/yyyy-mm-dd`
-6. Update the version based on semver, ensure it is updated in:
+3.  Run a full check, stopping on failure: `npm run fullcheck`, optionally you can check that each commit meets our build requirements with: `git rebase main --exec "npm install && npm run fullcheck"`
+4.  Confirm the commits represent the features for the release
+5.  Branch into a release branch named for the current date: `git checkout -b release/yyyy-mm-dd`
+6.  Update the version based on semver, ensure it is updated in:
 
-   - the client `./client/package.json`
-   - the language server package.json `./server/package.json`
-   - the coc extension package.json, both its version and its dep on the language server, at `./coc/package.json`
+    - The client package version in `./client/package.json`
+    - The language server package version in `./server/package.json`
+    - The coc extension package version in `./coc/package.json`
+      - Its `@nomicfoundation/solidity-language-server` dependency version.
 
-7. Update the changelog in `./client/CHANGELOG.md` by adding a new entry for the new version based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-8. Commit the package version and changelog change as a version bump commit:
+7.  Update the changelog in `./client/CHANGELOG.md` by adding a new entry for the new version based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+8.  Commit the package version and changelog change as a version bump commit:
 
-   ```git
-   chore: bump version to v0.x.x
+    ```git
+    chore: bump version to v0.x.x
 
-   Update the package version and changelog for the `0.x.x - yyyy-mm-dd`
-   release.
-   ```
+    Update the package version and changelog for the `0.x.x - yyyy-mm-dd`
+    release.
+    ```
 
-9. Push the release branch and open a pull request against `main` using the new changelog entry as the PR description
+9.  Push the release branch and open a pull request against `main` using the new changelog entry as the PR description
 
 10. Ensure .env file is populated with GA and Sentry secrets before packaging (see `./env.example`)
 
@@ -42,15 +43,16 @@ To publish `hardhat-solidity` you need to do next steps:
     - windows
     - linux (vscode running against docker)
 
-13. Ensure that metrics are reported correctly in both Google Analytics and Sentry for the new version.
-14. On a successful check, `rebase merge` the PR into `main` branch.
-15. Switch to main branch and pull the latest changes
-16. Git tag the version, `git tag -a v0.x.x -m "v0.x.x"` and push the tag `git push --follow-tags`
-17. Publish the language server npm package, `cd ./server && npm publish`
-18. Publish the coc extension, `cd ./coc && npm publish --non-interactive`
-19. Upload the vsix file to the microsoft marketplace: `npx vsce publish -p $VSCE_TOKEN --packagePath client/hardhat-solidity-0.X.X.vsix`
-20. Upload the vsix file to openvsx, `npx ovsx publish client/hardhat-solidity-0.X.X.vsix -p $OVSX_TOKEN`
-21. Create a release on github off of the pushed tag
+13. On a successful check, `rebase merge` the PR into `main` branch.
+14. Switch to main branch and pull the latest changes
+15. Git tag the version, `git tag -a v0.x.x -m "v0.x.x"` and push the tag `git push --follow-tags`
+16. Publish the language server npm package, `cd ./server && npm publish`
+17. Publish the coc extension, `cd ./coc && npm publish --non-interactive`
+18. Upload the vsix file to the microsoft marketplace: `npx vsce publish -p $VSCE_TOKEN --packagePath client/hardhat-solidity-0.X.X.vsix`
+    - <https://marketplace.visualstudio.com/manage/publishers/nomicfoundation>
+19. Upload the vsix file to openvsx, `npx ovsx publish client/hardhat-solidity-0.X.X.vsix -p $OVSX_TOKEN`
+    - <https://open-vsx.org/user-settings/extensions>
+20. Create a release on github off of the pushed tag:
 
     - use the added changelog section as the body of the release
     - upload the vsix file as an asset.
@@ -62,8 +64,13 @@ To publish `hardhat-solidity` you need to do next steps:
     ---
     ```
 
-22. Rebase `development` onto `main`, and force push back to github
-23. Update the discord announcements channel
+21. Rebase `development` onto `main`, and force push back to github
+22. Update the discord announcements channel
 
     - link to the release entry on github (i.e. `https://github.com/NomicFoundation/hardhat-vscode/releases/tag/v0.x.x`)
     - give a few sentences of description of why users should be excited about this release
+
+23. After 24 hours, to make sure users had time to update to the new release, ensure that metrics are reported correctly to:
+
+    - Google Analytics
+    - Sentry

env.example

@@ -1,3 +1,3 @@
 SOLIDITY_GA_SECRET="" 
 SOLIDITY_GOOGLE_TRACKING_ID=""
-SOLIDITY_SENTRY_DSN="https://xxx.ingest.sentry.io/yyy"
+SOLIDITY_SENTRY_DSN=""

server/scripts/bundle.js

@@ -22,41 +22,24 @@ function ensureDirExists(dir) {
 }
 
 async function main() {
-  if (!process.env.SOLIDITY_GA_SECRET) {
-    console.warn(
-      "\n\n  SOLIDITY_GA_SECRET not set, have you added a .env file based on the example?\n\n"
-    );
-  } else {
-    console.log(`Read SOLIDITY_GA_SECRET from .env file`);
-  }
+  const definedConstants = {};
 
-  if (!process.env.SOLIDITY_GOOGLE_TRACKING_ID) {
-    console.warn(
-      "\n\n  SOLIDITY_GOOGLE_TRACKING_ID not set, have you added a .env file based on the example?\n\n"
-    );
-  } else {
-    console.log(`Read SOLIDITY_GOOGLE_TRACKING_ID from .env file`);
-  }
+  for (const key of [
+    "SOLIDITY_GA_SECRET",
+    "SOLIDITY_GOOGLE_TRACKING_ID",
+    "SOLIDITY_SENTRY_DSN",
+  ]) {
+    const value = process.env[key];
+    if (!value || value === "") {
+      throw new Error(
+        `\n\n'${key}' not set, have you added an '.env' file based on 'env.example'?\n\n`
+      );
+    }
 
-  if (!process.env.SOLIDITY_SENTRY_DSN) {
-    console.warn(
-      "\n\n  SOLIDITY_SENTRY_DSN not set, have you added a .env file based on the example?\n\n"
-    );
-  } else {
-    console.log(`Read SOLIDITY_SENTRY_DSN from .env file`);
+    definedConstants[`process.env.${key}`] = `"${value}"`;
+    console.log(`Read 'process.env.${key}' from '.env' file.`);
   }
 
-  const definedConstants =
-    !process.env.SOLIDITY_GA_SECRET |
-      !process.env.SOLIDITY_GOOGLE_TRACKING_ID ||
-    !process.env.SOLIDITY_SENTRY_DSN
-      ? {}
-      : {
-          "process.env.SOLIDITY_GA_SECRET": `"${process.env.SOLIDITY_GA_SECRET}"`,
-          "process.env.SOLIDITY_GOOGLE_TRACKING_ID": `"${process.env.SOLIDITY_GOOGLE_TRACKING_ID}"`,
-          "process.env.SOLIDITY_SENTRY_DSN": `"${process.env.SOLIDITY_SENTRY_DSN}"`,
-        };
-
   // Ensure output directories exist
   ensureDirExists(serverOutDir);
   ensureDirExists(serverAntlrDir);