Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support experiments.SubresourceIntegrityPlugin #9171

Merged
merged 16 commits into from
Feb 14, 2025
Merged

feat: support experiments.SubresourceIntegrityPlugin #9171

merged 16 commits into from
Feb 14, 2025

Conversation

LingyuCoder
Copy link
Contributor

@LingyuCoder LingyuCoder commented Feb 6, 2025
edited
Loading

Summary

relate to #4381

  • Add native subresource integrity plugin in crates/rspack_plugin_sri, which implements most logic of webpack-subresource-integrity. If HtmlRspackPlugin is used, the native plugin will interact with it directly.
  • Add javascript subresource integrity plugin in packages/rspack/src/builtin-plugin/SubresourceIntegrityPlugin.ts, which will interact with html-webpack-plugin if it is used.
  • Port test cases of webpack-subresource-integrity into tests/plugin-test/sri-plugin. If the test case uses html-webpack-plugin, then it will also be runned with HtmlRspackPlugin instead.
  • Export the plugin in rspack.experiments.SubresourceIntegrityPlugin.

The hashLoading option is not supported yet, and the hashFuncNames only support sha-256, sha-384 and sha-512.

This PR does not contain any document change, I will add documents in another PR.

This pull request introduces the Subresource Integrity (SRI) plugin to the rspack project, which ensures that resources loaded by a web application have not been manipulated. The most important changes include the addition of the SRI plugin and its integration into various parts of the codebase.

Introduction of SRI Plugin:

  • New SRI Plugin Module:
    • Added a new module rspack_plugin_sri with its own Cargo.toml and implementation files. This module includes the main logic for the SRI plugin, which computes integrity hashes for assets and integrates with the existing compilation process. [1] [2] [3]

Integration with Existing Codebase:

  • Cargo.toml Updates:

    • Updated Cargo.toml files in various crates to include the new rspack_plugin_sri as a dependency. This ensures that the SRI plugin is available throughout the project. [1] [2]

  • Modifications in raw_builtins:

    • Added raw_sri module and integrated RawSRIPluginOptions into the existing structure. This includes updates to the BuiltinPluginName enum and the BuiltinPlugin implementation to support the new SRI plugin. [1] [2] [3] [4] [5]

Configuration Changes:

  • Workflow Adjustment:
    • Commented out the PUPPETEER_SKIP_DOWNLOAD environment variable in the .github/workflows/reusable-build.yml file, likely to avoid conflicts or unnecessary downloads during the build process.

Checklist

  • Tests updated (or not required).
  • Documentation updated (or not required).

@github-actions github-actions bot added the release: feature release: feature related release(mr only) label Feb 6, 2025
@netlify Netlify
Copy link

netlify bot commented Feb 6, 2025
edited
Loading

Deploy Preview for rspack canceled.

Name Link
🔨 Latest commit ff1a2e0
🔍 Latest deploy log https://app.netlify.com/sites/rspack/deploys/67aeed4c087e8d00091656cf

@LingyuCoder LingyuCoder changed the title feat(sri): add native plugin feat: add rspack sri plugin Feb 6, 2025
@github-actions github-actions bot added the team The issue/pr is created by the member of Rspack. label Feb 6, 2025
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Feb 6, 2025
edited
Loading

CodSpeed Performance Report

Merging #9171 will not alter performance

Comparing feat/native-sri-plugin (ff1a2e0) with main (cae75b7)

Summary

✅ 6 untouched benchmarks

@LingyuCoder LingyuCoder force-pushed the feat/native-sri-plugin branch 6 times, most recently from 353f43d to dc50b27 Compare February 13, 2025 08:25
@LingyuCoder LingyuCoder marked this pull request as ready for review February 13, 2025 09:55
@LingyuCoder LingyuCoder requested a review from hardfist February 13, 2025 09:57
@LingyuCoder LingyuCoder changed the title feat: add rspack sri plugin feat: support experiments.SubresourceIntegrityPlugin Feb 13, 2025
@LingyuCoder LingyuCoder force-pushed the feat/native-sri-plugin branch from bcae81d to 094b926 Compare February 13, 2025 10:22
@hardfist hardfist requested a review from chenjiahan February 14, 2025 03:44
@LingyuCoder LingyuCoder force-pushed the feat/native-sri-plugin branch from a8bde99 to c2dc33d Compare February 14, 2025 05:32
@LingyuCoder LingyuCoder force-pushed the feat/native-sri-plugin branch from c2dc33d to 2344284 Compare February 14, 2025 06:11
chenjiahan
chenjiahan reviewed Feb 14, 2025
View reviewed changes
README.md Show resolved Hide resolved
@LingyuCoder LingyuCoder force-pushed the feat/native-sri-plugin branch from d81bc93 to ff1a2e0 Compare February 14, 2025 07:14
@LingyuCoder LingyuCoder enabled auto-merge (squash) February 14, 2025 07:46
hardfist
hardfist approved these changes Feb 14, 2025
View reviewed changes
packages/rspack/etc/core.api.md Show resolved Hide resolved
@LingyuCoder LingyuCoder merged commit 23b223e into main Feb 14, 2025
33 checks passed
@LingyuCoder LingyuCoder deleted the feat/native-sri-plugin branch February 14, 2025 07:51
@hardfist hardfist restored the feat/native-sri-plugin branch February 14, 2025 08:44
@hardfist hardfist mentioned this pull request Feb 14, 2025
Merged
2 tasks
chenjiahan pushed a commit that referenced this pull request Feb 14, 2025
@hardfist @LingyuCoder
feat: support experiments.SubresourceIntegrityPlugin #9171 (#9311)
b7b7c3e 
* feat(sri): add native plugin

---------

Co-authored-by: LingyuCoder <[email protected]>
@chenjiahan chenjiahan deleted the feat/native-sri-plugin branch February 14, 2025 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenjiahan chenjiahan chenjiahan left review comments

@hardfist hardfist hardfist approved these changes

@jerrykingxyz jerrykingxyz Awaiting requested review from jerrykingxyz jerrykingxyz is a code owner

Assignees
No one assigned
Labels
release: feature release: feature related release(mr only) team The issue/pr is created by the member of Rspack.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LingyuCoder @chenjiahan @hardfist