Jscrambler Integration with GitHub CI/CD
This section describes how to integrate Jscrambler Code Integrity into your existing GitHub workflows to automate your code protection process.
The easiest way to integrate with GitHub workflows is to use the Jscrambler Code Integrity action. This action allows you to protect a given list of files.
Getting started with Jscrambler configuration
First, if you haven't yet experienced Jscrambler's dashboard, we suggest you follow our Getting Started guide which will walk you through all the functionalities that we make available for our users.
For a quick setup, take a look at the Jscrambler 101 - First Use blog post that covers Jscrambler basic usage.
Jscrambler configuration file
If you are familiar with Jscrambler, you just need to download "No Secrets" Jscrambler's configuration file for the application you want to protect. If you don't know how to do this, please consult the following link.
A Jscrambler configuration file should look like this:
{
"parameters": [
{
"status": 1,
"name": "objectPropertiesSparsing"
},
{
"status": 1,
"name": "whitespaceRemoval"
},
{
"status": 1,
"name": "regexObfuscation"
},
{
"status": 1,
"options": {
"features": [
"opaqueSteps"
]
},
"name": "controlFlowFlattening"
},
{
"status": 1,
"name": "booleanToAnything"
},
{
"status": 1,
"name": "identifiersRenaming"
}
],
"areSubscribersOrdered": false,
"languageSpecifications": {
"es8": true,
"es7": false,
"es6": true,
"es5": true
},
"applicationTypes": {
"html5GameApp": false,
"javascriptNativeApp": false,
"hybridMobileApp": true,
"serverApp": false,
"desktopApp": false,
"webBrowserApp": true
},
"useRecommendedOrder": true,
"tolerateMinification": true,
"useProfilingData": false
}
After downloading Jscrambler configuration file for the application you want to protect, you should:
- Store yout account
keysandapplicationIdas GitHub secrets
- And, place the
jscrambler.jsonfile on your application's root folder.
You are all set! Let's move on to configuring a Jscrambler job with GitHub CI.
Workflow Configuration
Consider the case of a workflow that, on a certain event, compiles/bundles a project and generates a set of JavaScript files in a dist folder. To integrate with Jscrambler, you could add the following jobs:
jobs:
build:
runs-on: ubuntu-latest
name: Test Protection
environment: production
steps:
- uses: actions/checkout@v3
# < your build process here >
- name: Protect with Jscrambler
id: jscrambler
uses: jscrambler/code-integrity-actions/protect@v6
with:
application-id: ${{ secrets.JSCRAMBLER_APPLICATION_ID }}
secret-key: ${{ secrets.JSCRAMBLER_SECRET_KEY }}
access-key: ${{ secrets.JSCRAMBLER_ACCESS_KEY }}
jscrambler-config-path: jscrambler.json
files-src: |
dist/*
dist/**/*
files-dest: dist-obfuscated/
- name: Upload protected code as a GitHub artifact
uses: actions/upload-artifact@v3
with:
name: protected-source-code
path: dist-obfuscated/
retention-days: 1
Explanation
In this scenario:
- Jscrambler reads the relevant credentials from your secrets (environment
production) - Obtains most configuration parameters from a configuration JSON (
jscrambler.json) - Protects the files inside the
distfolder (and, recursively, files in folders insidedist) - Generates the obfuscated code in a folder named
dist-obfuscated, which are uploaded as a GitHub artifact
Other features
The Jscrambler action also supports other use cases, such as:
- Source map generation — through the
source-maps-output-path. These source maps can then be exported as an artifact - Output symbol table generation — through the
symbol-table-output-path. These symbol tables can then be exported as an artifact
Limitations
The Jscrambler action is designed to protect previously generated JS source code. However, for some frameworks (e.g. React Native), it is necessary to incorporate Jscrambler protection into the build system through custom plugins. In these scenarios, the Jscrambler Action should not be used. Instead, Jscrambler should be configured to run alongside the rest of the build system. Read the documentation about integrating Jscrambler with your chosen build system for more information.