Added vendor dir for js/css libs; Documented sources (#1484)

[MTecknology]

This PR resolves #1484 and moves vendor'ed javascript (and other) libraries to public/vendor/. It also moves the documentation to vendor/librejs.html and includes documentation for both js and non-js libs.

With this commit, it is easy to prove only free/open-source libraries are being used by gitea, which helps meet GNU ethical repository criteria (#1524).

[sapk]

LGTM
Just, why do you choose to put all under /plugins ? Why not keep some under sub-folder /libs like jquery, vue or semantic ?

[MTecknology]

@sapk

There were times where the CSS components weren't kept with the JS bits, but that wasn't consistent. I moved each lib into it's own directory partly to add consistency; I also wanted to be able to include a license file for each vendor'ed library to clearly identify each project as a separate work and clearly show the license terms of that source (which also helps meet license terms).

I kept them under plugins/ instead of breaking them into the other sub-directories because I wasn't able to discern the logic to the current layout.

Example:

jquery-1.11.3 was under public/js/
jquery.are-you-sure was under public/js/libs/
two other jquery libs were under public/plugins/<lib-name>/

public/js/libs/
    clipboard-1.5.9
    emojify-1.1.0
public/plugins/
    highlight-9.11.0
    simplemde-1.10.1

Even in the source, I couldn't find a reason why they should be considered different. Sorry, I didn't mean to get long-winded or ranty... just wanted to thoroughly explain my logic. :)

[sapk]

@MTecknology ok not a problem just to know if there were any reason. But effectively there wasn't before also ^^. Maybe we should think of using versionning for web ressources like npm or bower in the future. (not sure everyone will aggree with me ^^). still LGTM

[lafriks]

@sapk in the future we should move to webpack to have single js file

[MTecknology]

@lafriks I agree! It'd be nice to have a nice json file (or two) with a pretty script to update all libs and run unit testing. If we had that, librejs.html could be turned into a dynamic file that's built by reading existing json files. (sounds great for a lot of reasons)

For now, though, it'd be super if this could make it into 1.2.0. It'd make my life a whole super duper lot easier. :)

(P.S. I actually don't care that much about the last commit. I hope to never touch that librejs plugin again... sticking w/ noscript. I just happened to be "in the neighborhood.")

[bkcsoft]

A part from the question. There's no file listing which versions we have. This have to exist for this to be merged. I don't care if it's a real package.json/yarn.lock or just a plain-text file listing them, but it absolutely have to exist.

[bkcsoft]

Why has this file changed?

[sapk]

It has moved under public/vendor/librejs.html

[MTecknology]

As requested => the VERSIONS file

[bkcsoft]

don't care if it's a real package.json/yarn.lock or just a plain-text file listing them

With this I mean that for this PR I don't care, any updates in the future should use yarn though ;)

[sapk]

@bkcsoft we could do that in an other PR.

[sapk]

And in fact all the version are listed in archive link of librejs.html

[bkcsoft]

@sapk Why I hate PRs that touch 1.3k files 😂

[sapk]

Me too but in this case it is mostly rename.

[bkcsoft]

@sapk right, my point was that we need a file public/vendor/VERSIONS that just lists all versions. Since I had no idea that librejs.html had that, and therefore no one else knows that either 😉

[MTecknology]

@bkcsoft I think I already responded to most of those concerns. I agree, librejs.html should be dynamically generated from the output of a tool that can keep JS libs up to date. (hopefully choosing a tool that can output a "versions" file)

I also think that's something much better suited for a different PR. I tried to keep this PR to just file moves and documentation--it's big, but I tried for minimal. librejs.html wasn't listed as a move because the file contents changed almost entirely.

Also, in the future, it'd be nice to apply a template to the rendered page so it's not just a boring table but a themed page with <table>[...]</table> as the page body.

[strk]

LGTM

[strk]

This is ready to merge, why waiting for 1.3.0 ? I think it is worth having this ib 1.2.0

[lunny]

It's not tested well. I don't think move it to v1.2 is a good idea.

[strk]

@lunny 1.2.0 could be the first version with a proper Debian package, but I've understood a Debian package depends on this PR, for licensing issues.

#2285 was more dangerous to put in 1.2.0, if you ask me, as I suspect it's what broke the UI (#2331)

[MTecknology]

@lunny This is a large PR, but I would encourage you to review what is being changed.

1. Moved 3rd party libs to designated directory
2. Updated path references to match
3. Created/updated library documentation
   3a. Added missing LICENSE files
4. Fixed issues for librejs users

This PR addresses some licensing concerns that, as @strk mentioned, are blockers for other bugs--one of those being a proper Debian package. I intentionally kept this changeset as small as possible to prevent this problem. I don't know what additional testing can be performed; if you tell me, I'll do my best to make it happen.

@bkcsoft You still have "changes requested," but I do not see what changes you are requesting. Could you please tell me so that I can make them?

[bkcsoft]

@MTecknology A file listing packages and versions. (no, librejs.html does not count 🙂 )

[MTecknology]

@bkcsoft Your comment was about the file being removed. The file was not removed, it was relocated and modified. I already commented on the inclusion of an alternate option. It's a cool idea. This PR is already big enough, isn't it? It's a really big PR and, as I mentioned, I tried hard to keep it minimal. I tried to keep out functional changes and keep it to documentation and cleanup. I disagree very much that this should be held up to wait for an entirely new and undiscussed feature.

[bkcsoft]

@MTecknology It's not a new feature, the version were tracked by the folder-names (jquery-1.1.3 etc), but now that information is removed and needs to be added back in some form. And as I've said, it does not have to be yarn/npm, just a straight up flat file listing deps and versions...

[MTecknology]

@bkcsoft That information /is/ in librejs.html... Why does that file "not count"?

bits from that file:

 +          <td><a href="https://github.com/codedance/jquery.AreYouSure/archive/1.9.0.tar.gz">jquery.areyousure-1.9.0.tar.gz</a></td> 
 +          <td><a href="https://code.jquery.com/jquery-1.11.3.min.js">jquery-1.11.3.min.js</a></td> 
 +          <td><a href="https://github.com/Semantic-Org/Semantic-UI/archive/2.2.1.tar.gz">semantic-UI-2.2.1.tar.gz</a></td>
 +          <td><a href="https://github.com/zenorocha/clipboard.js/archive/v1.5.9.tar.gz">clipboard-1.5.9.tar.gz</a></td> 

Are you looking for an additional file? Would you prefer I create librejs.yml to sit beside librejs.html that include the same information and adds an extra field just for the version?

[strk]

Is a machine readable format you are after, @bkcsoft ?

[lunny]

I found some links broken in librejs.html master version. If this PR will also fix that?

[MTecknology]

@lunny Yes...

The first commit in this PR:

This commit [moves] vendor'ed plugins into a vendor/ directory and document[s] their upstream source and license in vendor/librejs.html.

I'll say this again... very little actually changes in this PR. It's documentation and licensing crap. Please, look at what files changed and what file changes took place. I tried very hard to make this PR very easy to review for these exact reasons... I thought I'd succeeded... :(

[bkcsoft]

@MTecknology My main quarel with having them listed in librejs.html is because that file is not where I'd expect to find that information. Since you've now added a VERSION file this LGTM 🙂

[lofidevops]

Awesome!

[lunny]

And If you want to this in v1.2, please send a back port PR to branch release/v1.2

[gsantner]

I'm on current HEAD and there are things broken. I think it's related to this one

[daviian]

Furthermore integration tests are failing because of moved librejs file.

[strk]

Is drone not running integration tests ?

[daviian]

@strk @tboerger mentioned that integration tests currently run only on master branch...