AppBundler v1.0#30
Conversation
|
The API for preferences is now finalised. I have tested it on all examples and some larger projects on macOS. Some tests yet need to be performed on Windows and Linux before the 1.0 release. To address security issue #28, AppBundler could consume the secrets via standard input, as discussed here: https://utcc.utoronto.ca/~cks/space/blog/programming/PassingSecretsViaStdin. This approach would ensure that the secrets are not listed within environment variables at all. Need to check, though, whether Windows Shell has a piping operator I can rely on. |
|
Security issue #28 is about to be fixed. I decided to adopt a strategy where passwords can be passed as command-line arguments, with stdin as the default when absent. Although passing a password as a command-line argument is not safe on local systems, where one can explore processes, it could be considered rather safe on CI like GitHub or GitLab, which do not expose process exploration. |
…nt to keep stage and bundle docstrings generic to cover MSIX, Snap, DMG at the same time.
…the cases? (recipes.jl)
…rendering of docstrings if needed.; Can you revise JuliaImgBundle and stage docstrings?
…ine overview, consolidate preference lists into a quick-reference table, restructure AppEnv and Surgical Overrides sections
…low, restructure with cleaner subsections, remove duplication — using a tone consistent with Julia community documentation style.
…entation for technical precision and clarity, fixing spelling and grammar, improving flow.
… link, add a Quickstart section, and lightly polish wording throughout
1 participant
This pull request focuses on bringing AppBundler to a 1.0 release. The primary goals are to stabilise the API and write corresponding documentation that makes AppBundler's functionality accessible to users.
It has become clear that AppBundler could, in the future, serve other programming language ecosystems such as Rust, Go, and Python, which currently rely on host system utilities for bundling and could therefore benefit from cross-platform bundling to significantly simplify deployment maintenance. With this in mind, the coupling between
JuliaCandJuliaImgmodules needs to be reworked so that they function more like extensions rather than integral parts of the AppBundler project.JuliaImg, for instance, could be worth investigating as a self-contained package.Regarding API changes, this release will transition to using
Preferences.tomlas a more future-proof approach. There is also work to be done in evaluating each parameter name and potentially consolidating them along the way.The following tasks need to be completed for this PR:
Preferences.tomlruncommand ([#28](Security suggestion: avoid exposing sensitive information in CI logs #28))