ricardozanini opened a new issue, #2762: URL: https://github.com/apache/incubator-kie-tools/issues/2762
## Summary Currently, the Web Tools web application uses [a very close image](https://github.com/apache/incubator-kie-tools/tree/main/packages/serverless-logic-web-tools-swf-dev-mode-image) to the [sonataflow-devmode-image](https://github.com/apache/incubator-kie-tools/tree/main/packages/sonataflow-devmode-image). We should unify them into one and use the very same on the operator and web tools side. ## Goals 1. Make the SonataFlow Operator Web Tools image to share the same Quarkus Devmode image 2. Disable the zip upload feature on the Operator side to avoid a security breach ## Motivation We should unify these images since the operator and web tools share the same requirements. One image serving both tools would increase our maintainability and resource use. ## Description The `serverless-logic-web-tools-swf-dev-mode-image` has a backdoor that the web tools use to update the project files via a ZIP structure. To avoid security breaches, this backdoor must be disabled by default and only enabled by the Web Tools when refreshing the application. After this work, we can safely remove one of the packages to save build and maintenance resources. ## Testing The exact use case offered today by the web tools and the operator Operator continues to work. 1. Deploy one workflow with Web Tools, check the running status, and if it creates a workflow instance without any occurrences 2. Repeat the process with the OperatorOperatortcome must be the same ## Risks Fail to turn off the ZIP backdoor on the Operator deployment. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
