diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index a4bc0289260934..a53ce16e5589b7 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -336,12 +336,6 @@ RUN curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | && nvm install v${NODE_VERSION} \ && nvm alias default v${NODE_VERSION}" -# Disable npm/yarn lifecycle scripts by default (security hardening) -# To allow specific packages, use: npm rebuild or yarn rebuild -RUN npm config set ignore-scripts true --location=global && \ - npm config set ignore-scripts true --location=user && \ - echo 'ignore-scripts true' >> ~/.yarnrc - # Disable npx (security hardening - prevents arbitrary package execution) # Remove npx from NVM and replace with stub that prints warning RUN rm -f /usr/bin/npx /usr/local/bin/npx && \ diff --git a/.github/actions/deploy-gitpod/Dockerfile b/.github/actions/deploy-gitpod/Dockerfile index bb3ccc9e7d0f3f..2a05bca9d76dbe 100644 --- a/.github/actions/deploy-gitpod/Dockerfile +++ b/.github/actions/deploy-gitpod/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/deploy-monitoring-satellite/Dockerfile b/.github/actions/deploy-monitoring-satellite/Dockerfile index bb3ccc9e7d0f3f..2a05bca9d76dbe 100644 --- a/.github/actions/deploy-monitoring-satellite/Dockerfile +++ b/.github/actions/deploy-monitoring-satellite/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile index bb3ccc9e7d0f3f..2a05bca9d76dbe 100644 --- a/.github/actions/preview-create/Dockerfile +++ b/.github/actions/preview-create/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/workflows/branch-build.yml b/.github/workflows/branch-build.yml index 8708e1f6631779..b0091087466584 100644 --- a/.github/workflows/branch-build.yml +++ b/.github/workflows/branch-build.yml @@ -107,7 +107,7 @@ jobs: cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} runs-on: ubuntu-latest-16-cores container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 @@ -180,7 +180,7 @@ jobs: ports: - 6379:6379 container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root env: DB_HOST: "mysql" @@ -516,7 +516,7 @@ jobs: environment: branch-build runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root if: needs.configuration.outputs.with_integration_tests != '' && needs.configuration.outputs.is_scheduled_run != 'true' concurrency: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20a90e3c5828a6..bb43993d4c062f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -110,7 +110,7 @@ jobs: cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} runs-on: ubuntu-latest-16-cores container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 @@ -183,7 +183,7 @@ jobs: ports: - 6379:6379 container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root env: DB_HOST: "mysql" @@ -519,7 +519,7 @@ jobs: environment: main-build runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root if: needs.configuration.outputs.with_integration_tests != '' && needs.configuration.outputs.is_scheduled_run != 'true' concurrency: diff --git a/.github/workflows/code-nightly.yml b/.github/workflows/code-nightly.yml index 064d1aa6dc6ca2..fe116b47d01e43 100644 --- a/.github/workflows/code-nightly.yml +++ b/.github/workflows/code-nightly.yml @@ -11,7 +11,7 @@ jobs: build: runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index 97d80aca45224e..648a3657b59728 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -36,7 +36,7 @@ jobs: name: Configuration runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root outputs: name: ${{ steps.configuration.outputs.name }} @@ -125,7 +125,7 @@ jobs: needs: [configuration, infrastructure] runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root volumes: - /var/tmp:/var/tmp diff --git a/.github/workflows/jetbrains-auto-update-template.yml b/.github/workflows/jetbrains-auto-update-template.yml index d29cd08266bf7d..66bf2dee428d6a 100644 --- a/.github/workflows/jetbrains-auto-update-template.yml +++ b/.github/workflows/jetbrains-auto-update-template.yml @@ -15,7 +15,7 @@ jobs: update-jetbrains: runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/jetbrains-integration-test.yml b/.github/workflows/jetbrains-integration-test.yml index f8dce4376ba57b..dea0c85bd2fbe5 100644 --- a/.github/workflows/jetbrains-integration-test.yml +++ b/.github/workflows/jetbrains-integration-test.yml @@ -34,7 +34,7 @@ on: jobs: jetbrains-smoke-test-linux: container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root runs-on: ubuntu-latest steps: diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index adbd902ac7e90d..0b2e427ebd5fd8 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -92,7 +92,7 @@ jobs: if: ${{ needs.configuration.outputs.skip == 'false' }} runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root volumes: - /var/tmp:/var/tmp diff --git a/.github/workflows/preview-env-delete.yml b/.github/workflows/preview-env-delete.yml index 01d7dfdeeccd0b..8b8d6213ffabd7 100644 --- a/.github/workflows/preview-env-delete.yml +++ b/.github/workflows/preview-env-delete.yml @@ -15,7 +15,7 @@ jobs: if: github.event.ref_type == 'branch' || github.event.inputs.name != '' runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index 0645b719be86b7..d3dc24d16a4a52 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -11,7 +11,7 @@ jobs: name: "Find stale preview environments" runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root outputs: names: ${{ steps.set-matrix.outputs.names }} diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index 340dfb271b78cb..9938b60c3e774e 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -52,7 +52,7 @@ jobs: name: Configuration runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root outputs: name: ${{ steps.configuration.outputs.name }} @@ -158,7 +158,7 @@ jobs: needs: [configuration, infrastructure] runs-on: ubuntu-latest container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 options: --user root steps: - uses: actions/checkout@v4 diff --git a/.gitpod.yml b/.gitpod.yml index 565189aa16679c..dfe743bdc9f2f5 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -1,4 +1,4 @@ -image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:main-gha.34181 +image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-skip-if-empty-env-vars-gha.22 workspaceLocation: gitpod/gitpod-ws.code-workspace checkoutLocation: gitpod ports: diff --git a/components/content-service/pkg/git/git_test.go b/components/content-service/pkg/git/git_test.go index de96b4aef47bde..03dd7041410c88 100644 --- a/components/content-service/pkg/git/git_test.go +++ b/components/content-service/pkg/git/git_test.go @@ -38,7 +38,7 @@ func TestGitStatus(t *testing.T) { &Status{ porcelainStatus: porcelainStatus{ BranchOID: "(initial)", - BranchHead: "master", + BranchHead: "main", }, }, nil, @@ -53,7 +53,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, LatestCommit: notEmpty, @@ -73,7 +73,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"another-file"}, }, @@ -94,7 +94,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UncommitedFiles: []string{"first-file"}, }, @@ -118,7 +118,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, UnpushedCommits: []string{notEmpty}, @@ -170,7 +170,7 @@ func TestGitStatus(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"this/is/a/nested/test/first-file"}, }, @@ -247,7 +247,7 @@ func TestGitStatusFromFiles(t *testing.T) { &Status{ porcelainStatus: porcelainStatus{ BranchOID: "(initial)", - BranchHead: "master", + BranchHead: "main", }, }, nil, @@ -262,7 +262,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, LatestCommit: notEmpty, @@ -282,7 +282,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"another-file"}, }, @@ -303,7 +303,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UncommitedFiles: []string{"first-file"}, }, @@ -327,7 +327,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, }, UnpushedCommits: []string{notEmpty}, @@ -379,7 +379,7 @@ func TestGitStatusFromFiles(t *testing.T) { }, &Status{ porcelainStatus: porcelainStatus{ - BranchHead: "master", + BranchHead: "main", BranchOID: notEmpty, UntrackedFiles: []string{"this/is/a/nested/test/first-file"}, }, @@ -437,7 +437,7 @@ func TestGitStatusFromFiles(t *testing.T) { } gitout, err = client.GitWithOutput(ctx, &errNoCommitsYet, "log", "--pretty=%H", "-n", "1") - if err != nil && !strings.Contains(err.Error(), "fatal: your current branch 'master' does not have any commits yet") { + if err != nil && !strings.Contains(err.Error(), "fatal: your current branch 'main' does not have any commits yet") { t.Errorf("error calling GitWithOutput: %v", err) return } diff --git a/components/gitpod-protocol/src/util/skip-if.ts b/components/gitpod-protocol/src/util/skip-if.ts index c3585983aca028..8909babc8a3c1b 100644 --- a/components/gitpod-protocol/src/util/skip-if.ts +++ b/components/gitpod-protocol/src/util/skip-if.ts @@ -5,13 +5,14 @@ */ /** - * Skips a Mocha TestSuite if a certain env var is not set and prints its + * Skips a Mocha TestSuite if a certain env var is not set or empty * @param name The name of the env var the TestSuite depends on being present */ export function ifEnvVarNotSet(name: string): boolean { - const skip = process.env[name] === undefined; + const value = process.env[name]; + const skip = value === undefined || value === ""; if (skip) { - console.log(`Skipping suite because env var '${name}' is not set`); + console.log(`Skipping suite because env var '${name}' is not set or empty`); } return skip; } diff --git a/dev/image/Dockerfile b/dev/image/Dockerfile index 39432fb7543968..ab0f80ee39d882 100644 --- a/dev/image/Dockerfile +++ b/dev/image/Dockerfile @@ -129,12 +129,6 @@ RUN bash -c ". .nvm/nvm.sh \ && nvm install $GITPOD_NODE_VERSION" ENV PATH=/home/gitpod/.nvm/versions/node/v${GITPOD_NODE_VERSION}/bin:$PATH -# Disable npm/yarn lifecycle scripts by default (security hardening) -# To allow specific packages, use: npm rebuild or yarn rebuild -RUN npm config set ignore-scripts true --location=global && \ - npm config set ignore-scripts true --location=user && \ - echo 'ignore-scripts true' >> ~/.yarnrc - # Disable npx (security hardening - prevents arbitrary package execution) RUN sudo rm -f /usr/bin/npx /usr/local/bin/npx /home/gitpod/.nvm/versions/node/v${GITPOD_NODE_VERSION}/bin/npx && \ echo '#!/bin/sh' | sudo tee /usr/local/bin/npx > /dev/null && \