[DE-4012] Add FOSSA attribution report pages for Calico Enterprise#2559
[DE-4012] Add FOSSA attribution report pages for Calico Enterprise#2559sabags wants to merge 3 commits intotigera:mainfrom
Conversation
Serve FOSSA HTML attribution reports from S3 via Netlify proxy redirect, rendered inline via iframe within the docs layout. - Add FossaReport React component (iframe-based) - Add Netlify wildcard proxy redirect for S3 buckets - Add MDX pages for 20 patch versions across CE 3.20-3.23 - Add FOSSA Reports sidebar category to all versioned sidebars - Use hyphenated bucket names to avoid S3 virtual-hosted SSL issues Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Jest unit test for FossaReport component (iframe src, title, sizing) - Consistency validation: sidebar entries ↔ MDX files bidirectional check - MDX content validation: version prop matches filename - Netlify redirect validation: wildcard proxy rule exists - S3 bucket existence check: verifies each version's bucket exists - All version discovery is dynamic — no hardcoded version strings Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
❌ Deploy Preview for tigera failed. Why did it fail? →Built without sensitive environment variables
|
sabags
changed the title
There was a problem hiding this comment.
Pull request overview
Adds versioned documentation pages that embed FOSSA attribution HTML reports via a Netlify → S3 proxy, plus validation and unit tests to keep sidebar/MDX/redirects in sync.
Changes:
- Introduces a
FossaReportReact component that renders the report in an iframe. - Adds Netlify redirect for proxying attribution report HTML from per-version S3 buckets.
- Adds Jest tests validating component behavior, sidebar↔MDX consistency, Netlify redirect presence, and S3 bucket existence.
Reviewed changes
Copilot reviewed 30 out of 30 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/components/test/FossaReport.test.js | Adds unit tests verifying iframe src/title/sizing for the report embed component |
| src/components/FossaReport.js | Adds the FossaReport iframe component used by MDX pages |
| src/tests/fossa-reports-validation.test.js | Adds validation tests for sidebar↔MDX consistency, Netlify redirect presence, and S3 bucket checks |
| sidebars-calico-enterprise.js | Adds “FOSSA Reports” category and entry in the main (unversioned) sidebar |
| netlify.toml | Adds a redirect rule proxying report HTML requests to S3 buckets |
| calico-enterprise_versioned_sidebars/version-3.23-1-sidebars.json | Adds “FOSSA Reports” category/entry to a versioned sidebar |
| calico-enterprise_versioned_sidebars/version-3.22-2-sidebars.json | Adds “FOSSA Reports” category/entries to a versioned sidebar |
| calico-enterprise_versioned_sidebars/version-3.21-2-sidebars.json | Adds “FOSSA Reports” category/entries to a versioned sidebar |
| calico-enterprise_versioned_sidebars/version-3.20-2-sidebars.json | Adds “FOSSA Reports” category/entries to a versioned sidebar |
| calico-enterprise_versioned_docs/version-3.23-1/reference/fossa-reports/3-23-0-1-0.mdx | Adds versioned MDX page embedding the report for 3.23.0-1.0 |
| calico-enterprise_versioned_docs/version-3.22-2/reference/fossa-reports/3-22-1.mdx | Adds versioned MDX page embedding the report for 3.22.1 |
| calico-enterprise_versioned_docs/version-3.22-2/reference/fossa-reports/3-22-0-3-0.mdx | Adds versioned MDX page embedding the report for 3.22.0-3.0 |
| calico-enterprise_versioned_docs/version-3.22-2/reference/fossa-reports/3-22-0-2-0.mdx | Adds versioned MDX page embedding the report for 3.22.0-2.0 |
| calico-enterprise_versioned_docs/version-3.22-2/reference/fossa-reports/3-22-0-1-0.mdx | Adds versioned MDX page embedding the report for 3.22.0-1.0 |
| calico-enterprise_versioned_docs/version-3.21-2/reference/fossa-reports/3-21-6.mdx | Adds versioned MDX page embedding the report for 3.21.6 |
| calico-enterprise_versioned_docs/version-3.21-2/reference/fossa-reports/3-21-3.mdx | Adds versioned MDX page embedding the report for 3.21.3 |
| calico-enterprise_versioned_docs/version-3.21-2/reference/fossa-reports/3-21-2.mdx | Adds versioned MDX page embedding the report for 3.21.2 |
| calico-enterprise_versioned_docs/version-3.21-2/reference/fossa-reports/3-21-1.mdx | Adds versioned MDX page embedding the report for 3.21.1 |
| calico-enterprise_versioned_docs/version-3.21-2/reference/fossa-reports/3-21-0-2-0.mdx | Adds versioned MDX page embedding the report for 3.21.0-2.0 |
| calico-enterprise_versioned_docs/version-3.21-2/reference/fossa-reports/3-21-0-1-0.mdx | Adds versioned MDX page embedding the report for 3.21.0-1.0 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-7.mdx | Adds versioned MDX page embedding the report for 3.20.7 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-6.mdx | Adds versioned MDX page embedding the report for 3.20.6 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-5.mdx | Adds versioned MDX page embedding the report for 3.20.5 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-4.mdx | Adds versioned MDX page embedding the report for 3.20.4 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-2.mdx | Adds versioned MDX page embedding the report for 3.20.2 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-1.mdx | Adds versioned MDX page embedding the report for 3.20.1 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-0-2-2.mdx | Adds versioned MDX page embedding the report for 3.20.0-2.2 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-0-2-0.mdx | Adds versioned MDX page embedding the report for 3.20.0-2.0 |
| calico-enterprise_versioned_docs/version-3.20-2/reference/fossa-reports/3-20-0-1-0.mdx | Adds versioned MDX page embedding the report for 3.20.0-1.0 |
| calico-enterprise/reference/fossa-reports/3-23-0-1-0.mdx | Adds unversioned (next) docs MDX page embedding the report for 3.23.0-1.0 |
| <iframe | ||
| src={src} | ||
| title={`FOSSA Attribution Report - ${version}`} | ||
| style={{ | ||
| width: '100%', | ||
| height: '80vh', | ||
| border: '1px solid var(--ifm-color-emphasis-300)', | ||
| borderRadius: '4px', | ||
| }} | ||
| /> |
There was a problem hiding this comment.
The iframe embeds external HTML (proxied from S3) but does not set any iframe restrictions. Consider adding sandbox (and only the minimal allow-* permissions needed) and a referrerPolicy to reduce the impact of any unexpected scripts/links inside the attribution report.
There was a problem hiding this comment.
Good call — FOSSA reports are static HTML tables with no need for scripts, forms, or popups. Will add sandbox and referrerPolicy for defense-in-depth.
| from = "/calico-enterprise/fossa-reports/:version/attribution-report.html" | ||
| to = "https://ce-:version-attribution-report.s3.amazonaws.com/attribution-report.html" |
There was a problem hiding this comment.
This redirect proxies only attribution-report.html. If the report HTML references relative assets (CSS/JS/images), those requests will remain on the docs origin and will 404 unless additional redirects exist. Consider adding a broader redirect such as /calico-enterprise/fossa-reports/:version/* → https://ce-:version-attribution-report.s3.amazonaws.com/:splat (or ensure the report is generated as a fully self-contained single HTML file).
| from = "/calico-enterprise/fossa-reports/:version/attribution-report.html" | |
| to = "https://ce-:version-attribution-report.s3.amazonaws.com/attribution-report.html" | |
| from = "/calico-enterprise/fossa-reports/:version/*" | |
| to = "https://ce-:version-attribution-report.s3.amazonaws.com/:splat" |
There was a problem hiding this comment.
FOSSA attribution reports are self-contained single HTML files with inline styles — no external CSS/JS/image references. The narrow redirect is intentional: it only proxies the exact file we need, avoiding exposing arbitrary bucket content through a broader wildcard.
| it.each(allVersions)('S3 bucket exists for version %s', async (version) => { | ||
| const bucketUrl = `https://s3.amazonaws.com/ce-${version}-attribution-report/`; | ||
| const res = await fetch(bucketUrl, { method: 'GET' }); | ||
| const body = await res.text(); | ||
| // AccessDenied or PermanentRedirect = bucket exists; NoSuchBucket = missing | ||
| expect(body).not.toContain('NoSuchBucket'); | ||
| }, 10000); |
There was a problem hiding this comment.
This test is a live network integration check (and relies on a global fetch) which can make CI runs flaky and environment-dependent. Consider (1) gating it behind an env flag (e.g., only run in a scheduled job or when RUN_LIVE_S3_CHECKS=1), (2) using a HEAD request and asserting on status/response headers rather than scanning the body for NoSuchBucket, and (3) using the same virtual-hosted-style URL pattern that the Netlify redirect uses to reduce redirect/region edge cases.
There was a problem hiding this comment.
Agree on the env flag to avoid flaky CI. Will gate behind RUN_S3_CHECKS=1. Also switching to virtual-hosted-style HEAD requests since we use hyphenated bucket names (no dots = no SSL issues), giving clean 403/404 status codes instead of body parsing.
- Add sandbox="" and referrerPolicy="no-referrer" to iframe for defense-in-depth - Gate S3 bucket existence checks behind RUN_S3_CHECKS=1 env flag to avoid CI flakiness - Switch S3 checks to virtual-hosted-style HEAD requests - Use getByTitle instead of querySelector in component tests for better accessibility testing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
FossaReportReact component, MDX pages for 20 patch versions across CE 3.20–3.23, and sidebar entries for all versioned docsce-3-22-1-attribution-report) to avoid virtual-hosted SSL issues with dots in bucket namesS3 bucket setup required before merge
Buckets need to be created with the hyphenated naming convention (e.g.,
ce-3-22-1-attribution-report) and populated withattribution-report.html. The Netlify wildcard redirect handles all versions automatically:Test plan
🤖 Generated with Claude Code