search

CircleCI-Archived / visual-config-editor

Generate your CircleCI configuration files by building a visual map of your project's workflows.
https://circle.ci/visual-config-editor
Apache License 2.0
73 stars 17 forks source link

Bug: CORS failures when loading a config.yml that includes private orbs #284

Open adamdmharvey opened 1 year ago

adamdmharvey commented 1 year ago

Is there an existing issue for this?

Current behavior

When trying to load an existing config.yml for one of our pipelines, the end user experience is that nothing happens. It seems as though the VCE simply doesn't work or "do anything".

If I pull up the Web Console, I can see multiple CORS failures for calling a Heroku app that is trying to load data about my company's private orbs.

image

I've tried in both Safari and Firebox, and both return CORS HTTP 503 (just to make sure).

Minimum reproduction code

Not publicly available, but I may be able to provide a sanitized version

Steps to reproduce

  1. Identify a config.yml that includes private orbs from a specific CircleCI organization
  2. Open VCE: https://circleci-public.github.io/visual-config-editor/
  3. Click the blue upload config file icon
  4. Upload your config.yml
  5. ...wait...
  6. Pull up the JavaScript console to see the CORS HTTP 503 errors.

Expected behavior

Ideally, it would be great if the VCE supported private orbs but I know that is likely a complicated scenario.

In the immediate term, I would recommend orbs which are not public to be checked first, and if an orb is identified as private ("not available to be loaded into VCE at this time"), I believe maybe the step could be loaded but perhaps be identified as greyed out and maybe without details when clicking it, but at least it should show the sequence of the commands it infers even if it doesn't actually know what they do? (if that's possible)

CircleCI Config SDK version

n/a

Node.js version

n/a

In which operating systems have you tested?

Other

Safari 15.6.1 Firebox 104.0.2

Jaryt commented 1 year ago

We can certainly make an exception for when the orb is private. It may also be possible to add the ability to manually upload private orb manifests, which are pretty easy to obtain. Not optimal, but a decent enough work around until we have auth integration.

adamdmharvey commented 1 year ago

A quick add on to this. For any config file that fails with this private orb error, if you comment out the orb import definitions, the file continues on and then properly through the normal UI warns the user commands can't be parsed. (as I'd expect since they weren't loaded!)

So definitely would be nice if the private orb HTTP 503 returned from the Heroku orb endpoint was trapped somehow and elevated to the UI for the user as a stop gap. (ideally with a polite warning: this app doesn't support private orbs yet, or some such)

image