npm 7 changed how it resolves dependencies, and starter-kit fails to
build with lots of unresolved peer dependencies of PatternFly.
With an absolute path, `resolve.modules` will only look in that
directory; the default is a relative path "node_modules" that just
works [1]. Use that default, as we don't use `$SRCDIR` in this project
anyway.
[1] https://webpack.js.org/configuration/resolve/#resolvemodules
Sync some improvements from cockpit-machines:
* Unbreak running `tmt` in local trees with an already existing ./bots
symlink.
* Don't install all NPM packages, only chrome-remote-interface and sizzle.
* Disable detection of affected tests, taking too long for real
projects.
`var` has broken/unexpected scoping in JavaScript, and can lead to
subtle errors. It's preferable and safer to use `const` whenever
possible, and `let` where necessary.
There are no usages of `var` in starter-kit right now, so just enable
the rule to ensure that it stays that way.
CentOS/RHEL 9 switched to OpenSSL 3, which does not support the `md4`
hash any more. webpack 5 hardcodes that in no less than 21 places, so
monkey-patch `crypto.createHash()` to substitute sha256 for md4.
Hack to work around https://github.com/webpack/webpack/issues/13572
The node_modules cache tarball will be published as release artifact, to
make sure that any release can be rebuilt in a reproducible way.
Cockpituous' release-source will call this if available:
https://github.com/cockpit-project/cockpituous/pull/438
Avoid the indirection, and directly call webpack. This avoids adding an
`npm` build dependency if/when the RPM wants to rebuild the webpack
during package build.
This is ugly as it races with other make targets which expect
node_modules/ to exist. It's also unnecessary, we can just tell tar to
ignore node_modules/.
Cockpit 247 changed cockpit-po-plugin.js to always expect a line number
in msgid references [1]. Also sync manifest2po from Cockpit 249 to
generate that reference for manifests, so that they keep getting
included into the translation js.
[1] 0ecc3a705d
This partitions secrets and limits their potential exposure/leakage.
This environment can be created with github-upload-action-secrets in [1].
[1] https://github.com/cockpit-project/bots/pull/2164
