Another attempt at fixing github action pinning. This scopes us to the
actions/checkout package only for now, and we can expand it later.
Previously: https://github.com/elastic/kibana/pull/190377, which was
successful for the auto-approve-backport acttion.
## Summary
Drops a comment for the current chaingaurd reference incase it is
implemented in a tech that requires endings other than `.ts`, and then
creates a PR grouping for the chainguard images.
This PR removes the usage of the native module version of `re2` and
replaces it with a js port called `re2js`.
It also ends our usage of native node modules in production and it
removes the task from the build as well. Further steps will be taken
along our strategy to avoid future usages of native node modules in prod
environments.
## Summary
It closes#183977
This PR introduces the MSW library into Kibana and setups for MSW usage
with Jest for integration testing of React components in the Cloud
Security Posture plugin.
It also adds the setup for the initial
[handlers](https://mswjs.io/docs/concepts/request-handler/), and
configures a test for the `<NoFindingsStates/>` components using MSW to
exemplify how the library works.
### Problem Statement
Currently, integration tests for React components that interact with the
server are hard to write and maintain, as they often require mocking
functions implementation and responses, this can lead to tests that do
not accurately verify the intended functionality and can be hard to
maintain as the implementation of the functions changes.
This leads to situations our team faces now, where due to the difficult
maintainability of integration tests, we rely much more on End-to-End
tests, and maintaining those many End-to-End comes with its own set of
tradeoffs, as oftentimes End-to-End tests are detected by the CI as
failing or flaky, and as flakiness can happen in End-to-end tests due to
its nature of multiple integrated systems, this concept proposes that
it's better to reserve End-to-end tests for the features in the most
critical path and tests that test multiple integrated systems as those
will benefit most of the end-to-end testing. For all the other tests we
should focus on unit and integration tests.
### How MSW works
MSW is a library that allows you to mock server responses in your tests,
it works by intercepting the requests made by the client and returning
the mocked responses, this way we can test how the client behaves in
different states of the lifecycle such as loading, error, and success.
This proposes that we should use MSW to enhance our integration tests,
and give preference to writing integration tests over End-to-End tests
whenever possible, but this doesn't mean that we should stop writing
end-to-end tests, as end-to-end tests are still important for the
features in the most critical path and tests that tests multiple
integrated systems.
### MSW Diagram
Here's a diagram that shows how MSW works with Jest tests:
```mermaid
%%{init:{'themeCSS':' g:nth-of-type(3) rect.actor { fill: #eee; };g:nth-of-type(7) rect.actor { fill: #eee; };'}}%%
sequenceDiagram
participant ReactComponent as React Component
participant API as API
participant MSW as MSW Mock Server
participant Jest as Jest Test
Jest->>ReactComponent: Setup component test and mock providers
Jest->>MSW: Setup Mock Server
Note over Jest,MSW: start listening for requests
activate MSW
ReactComponent->>API: Make API Call
Note over ReactComponent,API: loading state
activate API
MSW-->>API: Intercepts API Call
deactivate API
alt is success
MSW-->>ReactComponent: Send Mocked success Response
else is error
MSW-->>ReactComponent: Send Mocked error Response
end
deactivate MSW
ReactComponent-->>Jest: Receive Mocked data and render
```
### Documentation
- Refer to this [PR](https://github.com/elastic/security-team/pull/9624)
containing the documentation of how MSW works and how to use it.
- Refer to this
[presentation](https://docs.google.com/presentation/d/1KYtBaeDMZrpoU5lnKASm8GvCxhrXVqMKxWgR-Xvaxzc/edit#slide=id.g11f0f180654_1_0)
to understand the main motivations behind this proposal.
### How to test it
```
yarn test:jest x-pack/plugins/cloud_security_posture/public/components/no_findings_states.test.tsx
```
### Screenshot
Intercepted requests logged with `{debug: true}`:
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
- Replace the `extends` config from the deprecated `config:base` to
`config:recommended`.
- Removes global defaults from top-level group and applies the
`prCreation` and `stabilityDays` options only to non-elastic dependency
groups.
- Replaces deprecated `stabilityDays` option with new
[`minimumReleaseAge`](https://docs.renovatebot.com/configuration-options/#minimumreleaseage).
- Replaces all `matchPackage*` options to `matchDep*` options.
- Format entire config file with prettier.
## Summary
Close https://github.com/elastic/kibana/issues/182390
### To test
You can test all aspects of the script by first making some changes to
`packages/kbn-esql-validation-autocomplete/src/validation/validation.test.ts`
- delete several tests from an existing function describe block ("block
1"—except don't choose "date_diff" since it has a bunch of custom tests)
- delete another function describe block completely ("block 2")
- change the expected result of several of the tests in a third function
describe block ("block 3")
Then, run `yarn maketests` from within
`packages/kbn-esql-validation-autocomplete`
**Expected result**
- Block 1 should have the deleted tests restored
- Block 2 should be restored entirely (though it may be moved in the
tests file)
- Block 3 should be untouched
### Checklist
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Migrates CLI tasks from `listr` to `listr2`. The former hasn't been
updated in a long time, and the community has moved on to `listr2`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Bump `ejs` from `3.1.8` to `3.1.10`. While looking at other packages
that depend on `ejs` noticed `apidoc-markdown` that is only used by ML
team, so assigned ownership in Rennovate as well (cc @elastic/ml-ui).
```shell
npm ls ejs
kibana@8.15.0 /kibana
├─┬ apidoc-markdown@7.3.2
│ └── ejs@3.1.10 deduped
└── ejs@3.1.10
```
The AppEx Management team was recently renamed on GitHub from
`platform-deployment-management` to `kibana-management`. This PR updates
the Codeowners file and all references to the team name.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
On serverless tests it would be useful to assert that a base set of CSP
directives and values are present.
## Test
Followed instructions in ./x-pack/test_serverless/README.md
## Notes
- Added new dev dependency `content-security-policy-parser` to ease
comparison of CSP directives
## Summary
The previous PR https://github.com/elastic/kibana/pull/161813 was
reverted due to the broken webpack config
eef1afcd59
---------
Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Jon <jon@elastic.co>
## Summary
This is a continuation of #171453 to stop package updates in #169655 due
to Storybook V7 breaking changes. `@storybook/testing-react` uses
different versioning than other `@storybook/*` packages, so requires a
new rule. Also adjusts the default labelling for Storybook PRs.
## Summary
Bump Cypress-related dependencies to the latest versions and update
`renovate.json` to do it automatically in the future
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Gloria Hornero <gloria.hornero@elastic.co>
## Summary
Upgrade `openpgp` from `5.3.0` to `5.10.1`
Commit log:
https://github.com/openpgpjs/openpgpjs/compare/v5.3.0...v5.10.1
There is an incompatibility of `Uint8Array` when using Jest/JSDom with
the TextEncoder/TextDecoder from node `util`.
`https://github.com/kayahr/text-encoding` has been added as a
`devDependency` so it can be used in the polyfill. It provides a working
TextEncoder/Decoder for our Jest tests.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Resolves#160122
## Summary
Remove deprecated styles and components from static error pages
## Screenshot
<img width="696" alt="Screenshot 2023-09-01 at 19 45 13"
src="575deadf-9efd-4e63-8752-df5b69de5bd1">
## Testing
- Create a user without any roles and try to login
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Upgrading the `jsonwebtoken` library used in
`cloud_integration/cloud_chat` plugin from v8.5 to v9.0
## Migration
After reviewing the affected code it looks like this upgrade shouldn't
cause any breaking changes. Please see the v8 --> v9 migration guide
[here](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)
## Questions for reviewers
- What is the size and type of `secret` that we are passing into
`generateSignedJwt`?
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Clint Andrew Hall <clint.hall@elastic.co>
