search

Esri / esri-leaflet

A lightweight set of tools for working with ArcGIS services in Leaflet. :rocket:
https://developers.arcgis.com/esri-leaflet/
Apache License 2.0
1.61k stars 799 forks source link

added siteinfo step to release #1313

Closed gavinr closed 2 years ago

gavinr commented 2 years ago

Adds an additional step to the release bash script that generates the ssri integrity string and saves it (and the lib version number) into a JSON file in the root of the repository (siteData.json). This is generating the integrity string based on the built file on disk (as opposed to reading it from NPM) for the security/integrity of the process.

We will do a similar thing in all the related repositories (esri-leaflet-geocoder, esri-leaflet-vector, etc) so that it will replace the functionality that https://github.com/Esri/esri-leaflet-doc/blob/master/data/integrity.js is currently providing.

I got the command from MDN: Subresource Integrity. It does require OpenSSL to be installed on the build machine but I think that's fairly common/standard.

gavinr commented 2 years ago

Thanks @patrickarlt. Sounds good - done.