Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@storybook/storybook-deployer
Advanced tools
This is a simple tool allows you to deploy your Storybook into a static hosting service. (Currently, GitHub Pages and AWS S3 beta)
$ storybook-to-ghpages --help
$ storybook-to-aws-s3 --help
Options:
--help, -h Show help. [boolean]
--version Show version number [boolean]
--existing-output-dir, -e If you have previously built your storybook output (through a
different CI step, etc) and just need to publish it [string]
--out, -o Configure the output directory [string]
--packages, -p Directory for package.jsons (monorepo support) [string]
--monorepo-index-generator, -m Path to file to customize the monorepo index.html. This function
should return the html for the page. [string]
--script, -s Specify the build script in your package.json [string]
--ci Deploy the storybook in CI mode (github only) [boolean]
--dry-run Run build but hold off on publishing [boolean]
--remote Git remote to push to [string] [default: "origin"]
--branch Git branch to push to [string] [default: "gh-pages"]
--source-branch Source branch to push from [string] [default: "master"]
--host-token-env-variable, -t Github token for CI publish [string] [default: "GH_TOKEN"]
--aws-profile AWS profile to use for publishing. Use NONE to use no profile
at all instead of "default". [string] [default: "default"]
--bucket-path AWS bucket path to use for publishing [string]
--s3-sync-options Additional options to pass to AWSCLI s3 sync [string]
Install Storybook Deployer with:
npm i @storybook/storybook-deployer --save-dev
Then add a NPM script like this for github page:
{
"scripts": {
"deploy-storybook": "storybook-to-ghpages"
}
}
or like this for AWS S3:
{
"scripts": {
"deploy-storybook": "storybook-to-aws-s3"
}
}
Then you can run npm run deploy-storybook
to deploy the Storybook.
Alternatively, you can execute Storybook Deployer directly using npx
npx -p @storybook/storybook-deployer storybook-to-ghpages
npx -p @storybook/storybook-deployer storybook-to-aws-s3
If you customize the build configuration with some additional params (like static file directory), then you need to expose another NPM script like this:
{
"scripts": {
"build-storybook": "build-storybook -s public"
}
}
If you need to configure the output directory you can supply the out
flag.
npm run deploy-storybook -- --out=.out
If you have previously built your storybook output (through a different CI step, etc) and just need to publish it, specify the directory like this:
npm run deploy-storybook -- --existing-output-dir=.out
if you want to see how everything build without pushing to a remote, use the --dry-run
flag.
npm run deploy-storybook -- --dry-run
If you manage a monorepo with multiple storybooks you can pass the packages
flag to deploy-storybook
to scan a directory for package.json
s.
The following command will search the packages
directory for packages. It will also generate a default index.html
that links to all of the loaded storybooks.
npm run deploy-storybook -- --packages packages
index.html
To customize the monorepo index.html
you can pass the monorepo-index-generator
flag to deploy-storybook
. This file should export a function that receive the following arguments and returns the html for the page.
package.json
data from the loaded storybooks as the first argumentnpm run deploy-storybook -- --monorepo-index-generator my-custom-generator.js
To deploy Storybook as part of a CI step, pass the ci
flag to npm run deploy-storybook
.
If the CI
environment variable is set then this mode will be assumed, therefore no need to specify the ci
flag.
Because pushing to GitHub as part of a CI step requires a personal access token, Storybook uses the GH_TOKEN
environment variable, by default, to authenticate GitHub pushes.
This environment variable name can be configured via the host-token-env-variable
flag.
For example, if your access token is stored in the GH_TOKEN
environment variable
npm run deploy-storybook -- --ci
Or if your access token is stored in the GITHUB_TOKEN
environment variable
npm run deploy-storybook -- --ci --host-token-env-variable=GITHUB_TOKEN
If you are deploying Storybook to GitHub Pages from a repository belonging to an organization account on GitHub, you may need to specify a ${{ github.actor }}
in addition to the ${{ secrets.GITHUB_TOKEN }}
for your build step to be able to authenticate properly.
For instance:
- name: Deploy storybook to GitHub Pages
run: npm run deploy-storybook -- --ci
env:
GH_TOKEN: ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}
If you want to customize Git username, email or commit message, add this to package.json
:
"storybook-deployer": {
"gitUsername": "Custom Username",
"gitEmail": "custom@email.com",
"commitMessage": "Deploy Storybook [skip ci]"
}
It will override the default configuration:
"storybook-deployer": {
"gitUsername": "GH Pages Bot",
"gitEmail": "hello@ghbot.com",
"commitMessage": "Deploy Storybook to GitHub Pages"
}
To deploy Storybook to a remote other than origin
, pass a --remote
flag to npm run deploy-storybook
.
For example, to deploy to your upstream
remote:
npm run deploy-storybook -- --remote=upstream
Or, to specify a target branch and serve your storybook with rawgit instead of gh-pages:
npm run deploy-storybook -- --branch=feature-branch
Or, to specify a source branch other than master
, pass a --source-branch
flag to npm run deploy-storybook
:
npm run deploy-storybook -- --source-branch=release
For AWS S3 deployment you must have awscli installed.
You must specify a bucket path with bucket-path
option: my-bucket-name/path/to/destination-folder-in-bucket
and have the rights to write to this bucket.
You can change the aws profile used to run the command with the aws-profile
option.
storybook-to-aws-s3 --bucket-path=my-bucket-name/path/to/destination-folder-in-bucket --aws-profile=myprofile
You can exclude the aws profile by setting this flag to "NONE":
storybook-to-aws-s3 --bucket-path=my-bucket-name/path/to/destination-folder-in-bucket --aws-profile=NONE
You can provide arbitrary S3 sync options via the --s3-sync-options
flag:
storybook-to-aws-s3 --bucket-path=bucket-name/bucket-path --s3-sync-options=--acl=public-read
storybook-to-aws-s3 --bucket-path=bucket-name/bucket-path --s3-sync-options="--acl=public-read --quiet"
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
Deploy your storybook as a webapp.
The npm package @storybook/storybook-deployer receives a total of 56,182 weekly downloads. As such, @storybook/storybook-deployer popularity was classified as popular.
We found that @storybook/storybook-deployer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 30 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.