fix: fixed the cicd audit check (#326)

* Initial Commit * added start script to adapter * cleanup * cleanup * cleanup * cicd * cicd * cicd * cicd * cicd * cicd * cicd * chore: fixed api-svc api templates for inbound and outbound paths to correctly resolve dependent yamls * chore: fixes for monorepo - removed global eslint config, and added eslint to each module - renamed start:adapter root package script to start:api-svc and fixed the command - added missing dependencies to module/api-svc to fix unit tests * fix: api-snippets * fix: cicd * fix: cicd * fix: cicd * fix: cicd * fix: cicd * fix: cicd * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check * fix: cicd audit check Co-authored-by: Miguel de Barros <[email protected]>
mojaloop · Jul 1, 2022 · e040aaa · e040aaa
1 parent cf97be4
commit e040aaa
Show file tree

Hide file tree

Showing 10 changed files with 1,032 additions and 34,129 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -83,13 +83,10 @@ jobs:
           name: Install general dependencies
           command: *defaults_Dependencies
       - checkout
-      # - run:
-      #     name: Access npm folder as root
-      #     command: cd $(npm root -g)/npm
-      # - run:
-      #     name: Update NPM install (using `npm ci`)
-      #     command: npm ci
-####################################################            
+      - run:
+          name: Install Dependencies for api-svc
+          command: yarn install
+          working_directory: /home/circleci/project/modules/api-svc
       - run:
           name: Install Dependencies
           command: yarn install --immutable
@@ -100,9 +97,7 @@ jobs:
             - .yarn/cache
             - .yarn/unplugged
             - node_modules
-
-####################################################            
-
+            # - modules/api-svc/node_modules
       - run:
           name: Delete build dependencies
           command: apk del build-dependencies
@@ -118,9 +113,6 @@ jobs:
           name: Restore Yarn Package Cache
           keys:
             - yarn-packages-{{ checksum "yarn.lock" }}
-      - run:
-          name: Install Dependencies
-          command: yarn install --immutable
       - run:
           name: Execute unit tests
           command: yarn run test:unit
@@ -191,9 +183,6 @@ jobs:
           name: Restore Yarn Package Cache
           keys:
             - yarn-packages-{{ checksum "yarn.lock" }}
-      - run:
-          name: Install Dependencies
-          command: yarn install --immutable
       - run:
           name: Validate openapi
           command: yarn run build:openapi && yarn run validate:api
@@ -205,14 +194,13 @@ jobs:
           name: Install general dependencies
           command: *defaults_Dependencies
       - checkout
-      - restore_cache:
-          name: Restore Yarn Package Cache
-          keys:
-            - yarn-packages-{{ checksum "yarn.lock" }}
+      - run:
+          name: Install Dependencies for api-svc
+          command: yarn install
+          working_directory: /home/circleci/project/modules/api-svc
       - run:
           name: Install Dependencies
-          command: yarn install --immutable
-
+          command: yarn install
       - run:
           name: Create dir for lint results
           command: mkdir -p /lintresults
@@ -233,15 +221,12 @@ jobs:
           name: Restore Yarn Package Cache
           keys:
             - yarn-packages-{{ checksum "yarn.lock" }}
-      - run:
-          name: Install Dependencies
-          command: yarn install --immutable
       - run:
           name: Create dir for test results
           command: mkdir -p ./audit/results
       - run:
           name: Check for new npm vulnerabilities
-          command: yarn run audit:check --silent -- --json > ./audit/results/auditResults.json
+          command: yarn run audit:check > ./audit/results/auditResults.json
       - store_artifacts:
           path: ./audit/results
 
@@ -258,12 +243,6 @@ jobs:
           name: Restore Yarn Package Cache
           keys:
             - yarn-packages-{{ checksum "yarn.lock" }}
-      - run:
-          name: Install Dependencies
-          command: yarn install --immutable
-      - run:
-          name: Prune non-production packages before running license-scanner
-          command: yarn prune --production
       - run:
           name: Run the license-scanner
           command: cd /tmp/license-scanner && pathToRepo=$CIRCLE_WORKING_DIRECTORY make run

diff --git a/Dockerfile b/Dockerfile
@@ -1,38 +1,38 @@
 FROM node:16.15.0-alpine as builder
 
-# RUN apk add --no-cache git python3 build-base
-
-# EXPOSE 3000
-
-# WORKDIR /src
-
-# # This is super-ugly, but it means we don't have to re-run npm install every time any of the source
-# # files change- only when any dependencies change- which is a superior developer experience when
-# # relying on docker-compose.
-# COPY ./package.json .
-# COPY ./package-lock.json .
-# RUN npm ci --only=production
-# FROM node:16.15.0-alpine
-
-# ARG BUILD_DATE
-# ARG VCS_URL
-# ARG VCS_REF
-# ARG VERSION
-
-# # See http://label-schema.org/rc1/ for label schema info
-# LABEL org.label-schema.schema-version="1.0"
-# LABEL org.label-schema.name="sdk-scheme-adapter"
-# LABEL org.label-schema.build-date=$BUILD_DATE
-# LABEL org.label-schema.vcs-url=$VCS_URL
-# LABEL org.label-schema.vcs-ref=$VCS_REF
-# LABEL org.label-schema.url="https://mojaloop.io/"
-# LABEL org.label-schema.version=$VERSION
-
-# COPY --from=builder /src/ /src
-# COPY ./src ./src
-# COPY ./secrets /
-
-# CMD ["node", "src/index.js"]
+RUN apk add --no-cache git python3 build-base
+
+EXPOSE 3000
+
+WORKDIR /src
+
+# This is super-ugly, but it means we don't have to re-run npm install every time any of the source
+# files change- only when any dependencies change- which is a superior developer experience when
+# relying on docker-compose.
+COPY ./package.json .
+COPY ./package-lock.json .
+RUN npm ci --only=production
+FROM node:16.15.0-alpine
+
+ARG BUILD_DATE
+ARG VCS_URL
+ARG VCS_REF
+ARG VERSION
+
+# See http://label-schema.org/rc1/ for label schema info
+LABEL org.label-schema.schema-version="1.0"
+LABEL org.label-schema.name="sdk-scheme-adapter"
+LABEL org.label-schema.build-date=$BUILD_DATE
+LABEL org.label-schema.vcs-url=$VCS_URL
+LABEL org.label-schema.vcs-ref=$VCS_REF
+LABEL org.label-schema.url="https://mojaloop.io/"
+LABEL org.label-schema.version=$VERSION
+
+COPY --from=builder /src/ /src
+COPY ./src ./src
+COPY ./secrets /
+
+CMD ["node", "src/index.js"]
 
 
 # TODO: compose the docker image
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -0,0 +1,16 @@
+{
+    "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
+    // audit-ci supports reading JSON, JSONC, and JSON5 config files.
+    // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
+    "moderate": true,
+    "allowlist": [
+        "GHSA-282f-qqgm-c34q",
+        "GHSA-v88g-cgmw-v5xw",
+        "GHSA-mjxr-4v3x-q3m4",
+        "GHSA-p9pc-299p-vxgp",
+        "GHSA-6vfc-qv3f-vr6c",
+        "GHSA-rjqq-98f6-6j3r",
+        "GHSA-phwq-j96m-2c2q",
+        "GHSA-pfrx-2q88-qq97"
+    ]
+}
diff --git a/modules/api-svc/docker-compose.yml → docker-compose.yml b/modules/api-svc/docker-compose.yml → docker-compose.yml