Remove any external linked javascript dependency

.prettierignore

@@ -85,3 +85,6 @@ core
 backend/backend-production.*
 
 **/temp/**
+
+# monaco editor
+**/vs/loader.js 

backend/npx.js

@@ -66,6 +66,9 @@ app.get('/core-ui/*', (_, res) =>
 
 app.use('/backend', handleRequest);
 
+// serve Monaco editor static files
+app.use('/vs', express.static(path.join(__dirname, 'vs')));
+
 app.use('/', express.static(path.join(__dirname, 'core')));
 app.get('/*', (_, res) =>
   res.sendFile(path.join(__dirname + '/core/index.html')),

backend/vs

@@ -0,0 +1 @@
+../node_modules/monaco-editor/min/vs

core-ui/nginx.conf

@@ -55,7 +55,6 @@ http {
     location / {
         access_log /dev/stdout combined if=$nonSuccessful;
         #limit_req zone=mylimit burst=30; # we might consider using this feature; for now it destroys the performance completely
-        set $monacoEditorCdn https://cdn.jsdelivr.net; 
         try_files $uri$args $uri$args/ $uri $uri/ /;
 
         add_header 'Cache-Control' 'public, max-age=300';
@@ -64,7 +63,7 @@ http {
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
         add_header X-XSS-Protection '1; mode=block';
         add_header X-Frame-Options 'SAMEORIGIN';
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-7fF0zlMDaJyxa8K3gkd0Gnt657Obx/gdAct0hR/pdds=' $monacoEditorCdn data: blob:; style-src 'self' 'unsafe-inline' $monacoEditorCdn; connect-src 'self' * https://* wss://*; font-src 'self' $monacoEditorCdn data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:;  worker-src 'self' blob: data:;";
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-7fF0zlMDaJyxa8K3gkd0Gnt657Obx/gdAct0hR/pdds=' 'sha256-bjOtDHhqB+wVlyFDAxz9e0RvTn+EEec/Z4mpjUjNvAs=' data: blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:;  worker-src 'self' blob: data:;";
 
     }
 

core-ui/public/vs

@@ -0,0 +1 @@
+../../node_modules/monaco-editor/min/vs

core/.gitignore

@@ -41,4 +41,4 @@ testem.log
 Thumbs.db
 pkup.sh
 
-src/assets/luigi-core
+src/assets/libs

core/.prettierignore

@@ -1,2 +1,2 @@
-src/assets/luigi-core
+src/assets/libs
 src/assets/luigiConfig.bundle.js

core/Dockerfile

@@ -22,7 +22,7 @@ ARG app_name=core
 
 COPY ./${app_name}/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY --from=builder /app/${app_name}/src /usr/share/nginx/html/
-COPY --from=builder /app/${app_name}/src/assets/luigi-core /usr/share/nginx/html/assets/luigi-core
+COPY --from=builder /app/${app_name}/src/assets/libs /usr/share/nginx/html/assets/libs
 COPY --from=builder /app/${app_name}/licenses/ /app/licenses/
 COPY --from=builder /app/${app_name}/nginx/conf.d /etc/nginx/conf.d/
 COPY --from=builder /app/${app_name}/nginx/nginx.conf /etc/nginx/

core/nginx/nginx.conf

@@ -61,7 +61,7 @@ http {
 
             add_header 'Cache-Control' 'public, max-age=300';
             add_header X-Frame-Options 'SAMEORIGIN';
-            add_header Content-Security-Policy "default-src 'self'; script-src https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.0.0/js-yaml.js 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://* wss://*; font-src 'self' data:; frame-ancestors 'self'; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob:;";
+            add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://* wss://*; font-src 'self' data:; frame-ancestors 'self'; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob:;";
             add_header X-Content-Type-Options 'nosniff';
             add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
             add_header X-XSS-Protection '1; mode=block';

core/src/index.html

@@ -11,7 +11,7 @@
     <link
       charset="utf-8"
       rel="stylesheet"
-      href="/assets/luigi-core/luigi.css"
+      href="/assets/libs/luigi-core/luigi.css"
     />
     <style type="text/css" rel="stylesheet">
       #app .fd-shellbar__title {
@@ -28,7 +28,7 @@
   </head>
 
   <body>
-    <script charset="utf-8" src="/assets/luigi-core/luigi.js"></script>
+    <script charset="utf-8" src="/assets/libs/luigi-core/luigi.js"></script>
     <script charset="utf-8" src="/assets/config/config.js"></script>
     <script charset="utf-8" src="/assets/luigiConfig.bundle.js"></script>
     <div luigi-app-loading-indicator>

core/src/login.html

@@ -9,7 +9,7 @@
     <meta name="description" content="" />
     <meta name="keywords" content="logout" />
 
-    <link rel="stylesheet" href="/assets/luigi-core/luigi.css" />
+    <link rel="stylesheet" href="/assets/libs/luigi-core/luigi.css" />
     <style type="text/css">
       .fd-page {
         height: 100vh;
@@ -123,12 +123,7 @@
         color: #0854a0;
       }
     </style>
-    <script
-      src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.0.0/js-yaml.js"
-      integrity="sha512-LcHBP6wEG9wiB9l6Ok0oHj/OiepnKTPKSIlIy9I21LPhfNFAQzEJVeEJ2sXYFK8p4V/UR+1/pTHo4Cw1yPK7NA=="
-      crossorigin="anonymous"
-      defer
-    ></script>
+    <script src="/assets/libs/js-yaml/js-yaml.min.js"></script>
   </head>
 
   <body>

core/src/logout.html

@@ -9,7 +9,7 @@
     <meta name="description" content="" />
     <meta name="keywords" content="logout" />
 
-    <link rel="stylesheet" href="/assets/luigi-core/luigi.css" />
+    <link rel="stylesheet" href="/assets/libs/luigi-core/luigi.css" />
 
     <style type="text/css">
       .fd-page {

core/src/nopermissions.html

@@ -7,7 +7,7 @@
 
     <title>Not enough permissions</title>
 
-    <link rel="stylesheet" href="/assets/luigi-core/luigi.css" />
+    <link rel="stylesheet" href="/assets/libs/luigi-core/luigi.css" />
 
     <style type="text/css">
       .fd-page {

core/webpack.config.js

@@ -22,7 +22,11 @@ module.exports = {
   },
   plugins: [
     new CopyWebpackPlugin([
-      { from: './node_modules/@luigi-project/core', to: 'luigi-core' },
+      { from: './node_modules/@luigi-project/core', to: 'libs/luigi-core' },
+      {
+        from: '../node_modules/js-yaml/dist/js-yaml.min.js',
+        to: 'libs/js-yaml',
+      },
     ]),
   ],
 };

package.json

@@ -63,6 +63,7 @@
     "lodash.clonedeep": "^4.5.0",
     "merge": "2.1.0",
     "moment": "^2.24.0",
+    "monaco-editor": "^0.23.0",
     "node-fetch": "^2.6.1",
     "prop-types": "^15.7.2",
     "property-expr": "^2.0.4",

resources/web/deployment-service-catalog.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: service-catalog
-          image: eu.gcr.io/kyma-project/busola-service-catalog-ui:PR-104
+          image: eu.gcr.io/kyma-project/busola-service-catalog-ui:PR-101
           imagePullPolicy: IfNotPresent
           resources: {}
           ports:

resources/web/deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: busola
-          image: eu.gcr.io/kyma-project/busola-core:PR-104
+          image: eu.gcr.io/kyma-project/busola-core:PR-101
           imagePullPolicy: Always
           resources:
             # limits:
@@ -34,7 +34,7 @@ spec:
             - containerPort: 6080
             - containerPort: 8080
         - name: core-ui
-          image: eu.gcr.io/kyma-project/busola-core-ui:PR-104
+          image: eu.gcr.io/kyma-project/busola-core-ui:PR-101
           imagePullPolicy: Always
           resources:
             # limits:

service-catalog-ui/nginx.conf

@@ -58,7 +58,7 @@ http {
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
         add_header X-XSS-Protection '1; mode=block';
         add_header X-Frame-Options 'SAMEORIGIN';
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' data: blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob: data:;";
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-bjOtDHhqB+wVlyFDAxz9e0RvTn+EEec/Z4mpjUjNvAs=' data: blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob: data:;";
         # allow unsafe-eval scripts because of "ajv" module - https://github.com/ajv-validator/ajv/issues/406    
     }
 

service-catalog-ui/public/vs

@@ -0,0 +1 @@
+../../node_modules/monaco-editor/min/vs

service-catalog-ui/vs

@@ -0,0 +1 @@
+../../shared/node_modules/monaco-editor/min/vs

shared/index.js

@@ -53,3 +53,8 @@ export * from './components/ModalWithForm/ModalWithForm';
 
 import * as CustomPropTypes from './typechecking/CustomPropTypes';
 export { CustomPropTypes };
+
+import { monaco } from '@monaco-editor/react';
+
+// monaco editor - load from static files instead of from CDN
+monaco.config({ paths: { vs: '/vs' } });

shared/package.json

@@ -7,7 +7,7 @@
     "test:watch": "jest --watch",
     "build": "webpack --env.production",
     "start:kyma": "webpack --env.development --watch",
-    "build:npx": "echo no-op, done during bootstrap"
+    "build:npx": "ln -sf ../node_modules/monaco-editor/min/vs ../backend/vs"
   },
   "author": "hasselhoff-team@kyma",
   "devDependencies": {