Skip to content

feat: use isolated-vm to run integration scripts #30229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sampaiodiego merged 17 commits into from
Sep 26, 2023
Merged

feat: use isolated-vm to run integration scripts #30229

sampaiodiego merged 17 commits into from
Sep 26, 2023

Conversation

@pierre-lehnen-rc
Copy link
Contributor

@pierre-lehnen-rc pierre-lehnen-rc commented Aug 30, 2023
edited
Loading

Proposed changes (including videos or screenshots)

This PR adds an option on the webhooks form to select if the custom script should be executed in secure or compatible mode. Compatible mode will continue to use vm2 to run the scripts, while the secure mode will use isolated-vm instead.
Old scripts written for vm2 should mostly be compatible with isolated-vm as well, but we've taken this opportunity to also limit what's available on the script sandbox so some internal functions that are available to vm2 will be undefined for scripts running on isolated-vm.

The envvars that manage custom scripts now also support specifying only one of the scripts engine, with the values "vm2" and "ivm".
So if the envvar FREEZE_INTEGRATION_SCRIPTS is set to "vm2", use of isolated-vm will be mandatory for new or modified scripts, but vm2 will continue to work for older scripts that have not been modified.
Once you change a script to run in isolated-vm you can no longer switch back to vm2 if vm2 is frozen.

If DISABLE_INTEGRATION_SCRIPTS is set to "vm2", those scripts will be ignored and only scripts set to isolated-vm will be executed.

Issue(s)

https://rocketchat.atlassian.net/browse/ARCH-1167

Steps to test or reproduce

Further comments

@changeset-bot
Copy link

changeset-bot bot commented Aug 30, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 955b37d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 30 packages
Name Type
@rocket.chat/core-typings Minor
@rocket.chat/rest-typings Minor
@rocket.chat/tools Minor
@rocket.chat/meteor Minor
@rocket.chat/core-services Patch
@rocket.chat/cron Patch
@rocket.chat/gazzodown Major
@rocket.chat/livechat Patch
@rocket.chat/model-typings Patch
@rocket.chat/ui-contexts Major
@rocket.chat/account-service Patch
@rocket.chat/authorization-service Patch
@rocket.chat/ddp-streamer Patch
@rocket.chat/omnichannel-transcript Patch
@rocket.chat/presence-service Patch
@rocket.chat/queue-worker Patch
@rocket.chat/stream-hub-service Patch
@rocket.chat/api-client Patch
@rocket.chat/omnichannel-services Patch
@rocket.chat/pdf-worker Patch
@rocket.chat/presence Patch
rocketchat-services Patch
@rocket.chat/ddp-client Patch
@rocket.chat/fuselage-ui-kit Major
@rocket.chat/models Patch
@rocket.chat/ui-client Major
@rocket.chat/ui-video-conf Major
@rocket.chat/uikit-playground Patch
@rocket.chat/web-ui-registration Major
@rocket.chat/instance-status Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codecov
Copy link

codecov bot commented Aug 30, 2023
edited
Loading

Codecov Report

Merging #30229 (955b37d) into develop (12e66c0) will increase coverage by 0.05%.
Report is 1 commits behind head on develop.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop   #30229      +/-   ##
===========================================
+ Coverage    50.23%   50.29%   +0.05%     
===========================================
  Files          780      775       -5     
  Lines        14476    14459      -17     
  Branches      2617     2613       -4     
===========================================
  Hits          7272     7272              
+ Misses        6809     6780      -29     
- Partials       395      407      +12
Flag Coverage Δ
e2e 48.67% <ø> (+0.07%) ⬆️
unit 60.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@pierre-lehnen-rc pierre-lehnen-rc marked this pull request as ready for review September 6, 2023 16:34
@pierre-lehnen-rc pierre-lehnen-rc requested review from a team as code owners September 6, 2023 16:34
tassoevan
tassoevan previously approved these changes Sep 12, 2023
View reviewed changes
@debdutdeb debdutdeb self-requested a review September 15, 2023 13:29
MarcosSpessatto
MarcosSpessatto previously approved these changes Sep 20, 2023
View reviewed changes
@tassoevan tassoevan removed the request for review from debdutdeb September 21, 2023 12:26
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label Sep 25, 2023
@dionisio-bot dionisio-bot bot removed the stat: ready to merge PR tested and approved waiting for merge label Sep 25, 2023
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label Sep 25, 2023
@pierre-lehnen-rc pierre-lehnen-rc marked this pull request as draft September 25, 2023 19:08
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: ready to merge PR tested and approved waiting for merge labels Sep 25, 2023
@pierre-lehnen-rc pierre-lehnen-rc force-pushed the feat/integrations-script-engine branch from 9df7d2f to a073151 Compare September 25, 2023 21:22
@dionisio-bot dionisio-bot bot removed the stat: ready to merge PR tested and approved waiting for merge label Sep 25, 2023
@pierre-lehnen-rc pierre-lehnen-rc marked this pull request as ready for review September 25, 2023 23:22
sampaiodiego
sampaiodiego previously approved these changes Sep 26, 2023
View reviewed changes
@sampaiodiego sampaiodiego merged commit 9261368 into develop Sep 26, 2023
@sampaiodiego sampaiodiego deleted the feat/integrations-script-engine branch September 26, 2023 23:05
sampaiodiego pushed a commit that referenced this pull request Sep 26, 2023
@pierre-lehnen-rc @tassoevan @sampaiodiego
feat: use isolated-vm to run integration scripts (#30229)
1041d4d 
Co-authored-by: Marcos Spessatto Defendi <[email protected]>
Co-authored-by: Tasso Evangelista <[email protected]>
gabriellsh added a commit that referenced this pull request Sep 27, 2023
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into impr…
663d457 
…ove/iframeLogin

* 'develop' of github.com:RocketChat/Rocket.Chat: (33 commits)
  feat: New records page analytics tab (#30373)
  chore: Changing some key translations - Setup Wizard (#30462)
  feat: use isolated-vm to run integration scripts (#30229)
  fix: do not broadcast events from the local node to the local service (duplicated event) (#30446)
  fix: Microsoft autotranslate not working (#30390)
  chore: `ResetPasswordPage` a11y improvements (#30479)
  chore: `ResetPasswordForm` a11y improvements (#30476)
  chore: Move bad words filter callback to service (#30241)
  fix: Message disappears from room after deletion even if "Show Deleted Status" is enabled (#30452)
  chore: add tooltip to mentions (#30445)
  chore: bump mongo deps (#30450)
  ci: patch mongo type definitions (#30449)
  chore: cache incremental ts check (#30447)
  Release 6.4.0-rc.4
  Release 6.4.0-rc.3
  chore: update meteor 2.13.0 (#29989)
  chore: Assertion accuracy on registration test (#30440)
  ci: Add step to notify external services about a new release after Docker image publish (#30436)
  regression: close button not working on contact history (#30432)
  regression: custom fields not showing in current chats (#30428)
  ...
gabriellsh added a commit that referenced this pull request Sep 28, 2023
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into feat…
507c808 
…/mentionBot

* 'develop' of github.com:RocketChat/Rocket.Chat:
  chore: move Omnichannel toolbox section from sidebar room list (#30502)
  fix: RTL lang crashes Moderation Console  (#30393)
  feat: New records page analytics tab (#30373)
  chore: Changing some key translations - Setup Wizard (#30462)
  feat: use isolated-vm to run integration scripts (#30229)
  fix: do not broadcast events from the local node to the local service (duplicated event) (#30446)
  fix: Microsoft autotranslate not working (#30390)
  chore: `ResetPasswordPage` a11y improvements (#30479)
  chore: `ResetPasswordForm` a11y improvements (#30476)
  chore: Move bad words filter callback to service (#30241)
  fix: Message disappears from room after deletion even if "Show Deleted Status" is enabled (#30452)
  chore: add tooltip to mentions (#30445)
ggazzo pushed a commit that referenced this pull request Sep 28, 2023
@pierre-lehnen-rc @tassoevan @ggazzo
feat: use isolated-vm to run integration scripts (#30229)
7146a72 
Co-authored-by: Marcos Spessatto Defendi <[email protected]>
Co-authored-by: Tasso Evangelista <[email protected]>
@pierre-lehnen-rc pierre-lehnen-rc mentioned this pull request Oct 5, 2023
Closed
debdutdeb pushed a commit that referenced this pull request Oct 26, 2023
@pierre-lehnen-rc @tassoevan @debdutdeb
feat: use isolated-vm to run integration scripts (#30229)
2cb5c71 
Co-authored-by: Marcos Spessatto Defendi <[email protected]>
Co-authored-by: Tasso Evangelista <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tassoevan tassoevan tassoevan left review comments

@sampaiodiego sampaiodiego sampaiodiego left review comments

+1 more reviewer

@MarcosSpessatto MarcosSpessatto MarcosSpessatto left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@pierre-lehnen-rc @tassoevan @sampaiodiego @MarcosSpessatto @janainaCoelhoRocketchat @casalsgh