search

OfficeDev / Office-Addin-Scripts

A set of scripts and packages that are consumed in Office add-ins projects.
MIT License
153 stars 93 forks source link

Download and install cert without user confirmation #804

Closed nagendra98776 closed 10 months ago

nagendra98776 commented 11 months ago

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

Expected behavior

Download and install cert without user confirmation

Current behavior

Download and install cert requires user confirmation, which restricts for automation.

Please provide information about the failure. What is the current behavior? If it is not a bug, please submit your idea to the Microsoft Tech Community Ideas forum, so that it gets added to our feature roadmap.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

  1. step 1
  2. step 2
  3. you get it...

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

Please include any relevant log snippets, screenshots or code samples here.

AlexJerabek commented 11 months ago

Thanks for raising this issue @nagendra98776. Just to be clear, are you talking about the certificate from creating, installing, and running a new project through yo office?

@millerds Is removing user acceptance of the certificate installation possible?

millerds commented 11 months ago

The prompt for permissions to install come from the commands being sent to the OS to install the cert. On windows it's a powershell command (Import-Certificate), on MacOS it's a security command, and on Linux it's a 'cp' command. It may be possible for these commands to operate without prompting for permission, but it would take some research into each of these commands. I'm also not sure we want to be installing a certificate without the developers consent or knowledge.

Note that there is another user interaction required on first run on windows for allowing loopback which is needed in order for the webview in the host application to access localhost for content.

nagendra98776 commented 11 months ago

Thanks and my gratitude to @millerds for providing valuable explanations.

I would like to provide further explanation regarding the current issue we are facing in this area. We utilize DevOps in our development process. When a developer commits the code, the CI pipeline will first install the necessary npm packages and then execute the 'npm run build' command to construct the application.

However, during the build process in the CI pipeline, it becomes unresponsive for approximately 60 minutes and eventually times out. This timeout limit of 60 minutes is predefined within our pipeline. The DevOps tool does not allow any user inputs once the pipeline is triggered. Therefore, we would appreciate your input on how to suppress user confirmation.

Interestingly, when we try to build the same application on our local machine using the npm run build (("build": "webpack -p --mode production --https false")) command, a pop-up window appears requesting user input. The pop-up notification indicates that the user is about to install a certificate from a certification authority (CA) claiming to represent a certain entity.

Please note that the problem began to appear during the migration to the latest version webpack 5, we noticed that the --https & -p option is no longer supported. So we have modified our package.json file with "build": "webpack --mode production ". After performing the changes, we are still stuck with npm run build step

millerds commented 11 months ago

We have add-in project templates that we run tests on using a CI pipeline as well (for example https://github.com/OfficeDev/Office-Addin-TaskPane) and we've been using webpack 5 for a while now. You can use this as an example to configure your own repo.

akrantz commented 11 months ago

The office-addin-dev-certs command can generate a prompt for approval to add/remove a cert. For a CI machine, you can preinstall the cert for the machine and set the number of days to a large value so the cert won't become invalid.

For example: office-addin-dev-certs install --machine --days 3000

nagendra98776 commented 10 months ago

Hi @millerds,

Thanks a lot for sharing the info and url to access your example project. We are now able to build our application.

Steps added in our pipeline:

  1. After npm install task.
  2. Added a powershell script task to run below commands. npm install office-addin-dev-certs --force npx office-addin-dev-certs install --machine
  3. Then our actula build task npm run build.

Hi @akrantz,

Thanks for your valuable inputs. Since we didn't had a dedicated machine for CI pipelines, we had to install certs each time. So above mentioned process kind of helped out.

Hi @AlexJerabek, Apologies for raising this as an issue/bug. We can close this issue.

Thanks Nagendra