There is a `yarn ci` script which was using audit-ci but this does not
appear to be called anywhere.
The security worflow uses `yarn audit` and `npm audit` which seem fine
enough anyway.
Additionally:
- Update Node to 20.11.1
- Update documentation
- Disable extension signature verification
This works around an issue where the Open VSX is not returning the
expected zip. Verification is skipped later anyway because
@vscode/vsce-sign is missing in the OSS version.
Also remove github.com from the trusted domains. This causes the
browser to block the popup instead (probably because the space between
interaction and popup is too great), which is difficult to notice in
Chromium. Even in Firefox with the extra bar they add at the top it can
be easy to miss.
* Fix building from source on arm
Not building from source causes argon2 to pull the wrong arch, so we
have to build from source.
But building from source is causing the new Kerberos module to fail on
arm64 and keytar to fail on both.
The latter has been very difficult to debug because the GitHub image
provides a different result to containers based on Ubuntu 20.04.
Because of this, use a container instead.
Use debian:buster as the container because it is easier to set up the
architecture sources (no need to modify the sources) and because it
seems to come with glibc 2.28 rather than 2.31.
Also use the exact version of Node (18.15.0) for reproducibility.
* Set owner and group during tar to zero
Otherwise you get IDs that can cause (benign) errors while extracting,
which might be confusing. At the very least, I did not see these errors
from previous tars (although they seem to use 1001).
There is no guarantee what IDs might exist so 0 seems the most
reasonable.
* Avoid packaging yarn.lock
Since the shrinkwrap is what we want everything to use.
* Build with npm
It seems we stuck with yarn because npm was giving us errors but I will try
sorting it out now so we can build with npm as originally intended.
* Remove build from source
Not using CentOS 7 anymore so based on the comment we no longer need
this. Keytar seems to install fine now.
* Update missed Node version
These numbers are all over the place.
* npm_config_arch must be lowercase
* Patch out Kerberos
I am not sure exactly how it is used but I think it is not a path code-server
worries about, at least not right now. Just going to patch it out rather than
figure out how to build it on armv7l but we can revisit later.
* Update VS Code to 1.82.2
* Add new libkrb5 dependency
* Update patches
The only changes were to context except:
- The URL callback provider uses a new _callbackRoute argument and moved
locations.
- The telemetry provider gets passed the request service as the first
argument now.
- CSP hash changed, as usual.
* Update Node to v18
* Revert back to es2020
es2022 is breaking Safari.
* Update to 1.78.1
No changes needed in the patches other than moving some lines around and
updating the CSP hash as usual.
The flake had to be updated as it was using Node 16.16 and 16.17 is
required at minimum now. Also python seems to install python2 which is
marked as deprecated so explicitly install python3.
* Update to 1.78.2
Patches applied without any conflicts.
* Update commit environment variable
This was causing the commit not to be set. It broke display languages
since that has a hard dependency on the commit for directory names.
Possibly broke other things.
