[Tech Debt] Incorrect `edge` version shown in app

[MatissJanis]

We show the active version in the settings page. For demo.actualbudget.org this version number is correct.

For edge: we should show the commit hash there (or other unique identifier).

[matt-fidd]

I took a stab at this as one of my first potential changes to actual.

I could either do it through express-actuator (already used for /info /health and /metrics) but it required a git.properties file be generated for every commit and I'm not sure how practical that is.

Alternatively I made a /info/git endpoint that did

execSync('git rev-parse HEAD', { cwd: config.projectRoot }).toString().trim();

Are we okay with exec calls?

[MatissJanis]

For actual-server: ideally I wouldn't want to have usage of exec within the codebase. It can potentially lead to arbitrary code execution down the line (all it takes is for a junior to come in and add a variable in the shell command.. and 💣). What if we created a new file when running yarn start that wrote a new file with active commit hash? And then just read from that file to get the hash. Same thing could be applied for yarn build.

For actual: the hash here would be different. No quick ideas how to solve it.

[matt-fidd]

Ah sorry! Slipped my mind that this was in actual not actual-server. Generating the file for the server on start is a great idea and would sort that out though!

actual gets its version information directly from package.json, but generating the same file on start and reading from it should do the trick? I'm going to have to think a bit about how builds work and how it would work bundled into actual-server. Maybe if the file isn't there we know it's been imported not directly started and we can fallback to the version in package.json. It wouldn't work for edge builds of actual packaged into actual-server though.