Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: fixed the cicd audit check #326

Merged
merged 39 commits into from
Jul 1, 2022
Merged

fix: fixed the cicd audit check #326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
a1d2bd6
Initial Commit
Jun 23, 2022
be47f05
added start script to adapter
Jun 23, 2022
7a1b259
cleanup
Jun 25, 2022
a77b7fc
cleanup
Jun 25, 2022
e93aca1
cleanup
Jun 25, 2022
9782d6d
cicd
Jun 26, 2022
3e46cdd
cicd
Jun 26, 2022
f03b748
cicd
Jun 26, 2022
6fba244
cicd
Jun 26, 2022
13f407b
cicd
Jun 26, 2022
f9bbe5c
cicd
Jun 26, 2022
e2a5b96
cicd
Jun 26, 2022
3ecf6fe
chore: fixed api-svc api templates for inbound and outbound paths to …
mdebarros Jun 27, 2022
2216259
chore: fixes for monorepo
mdebarros Jun 27, 2022
e549e4a
fix: api-snippets
Jun 28, 2022
b2e8001
fix: cicd
Jun 28, 2022
95b3096
fix: cicd
Jun 28, 2022
4cb6a20
fix: cicd
Jun 28, 2022
807bddf
fix: cicd
Jun 28, 2022
a7d2811
fix: cicd
Jun 28, 2022
53424ce
fix: cicd
Jun 28, 2022
9dc4b2a
fix: cicd audit check
Jun 30, 2022
abe7a87
fix: cicd audit check
Jun 30, 2022
bdd6327
fix: cicd audit check
Jul 1, 2022
6cdc7bd
fix: cicd audit check
Jul 1, 2022
d39ff56
fix: cicd audit check
Jul 1, 2022
8625330
fix: cicd audit check
Jul 1, 2022
d64ed32
fix: cicd audit check
Jul 1, 2022
d63e841
fix: cicd audit check
Jul 1, 2022
3480696
fix: cicd audit check
Jul 1, 2022
6ae6dbf
fix: cicd audit check
Jul 1, 2022
f1d39d9
fix: cicd audit check
Jul 1, 2022
cc6dd1c
fix: cicd audit check
Jul 1, 2022
d5d80f0
fix: cicd audit check
Jul 1, 2022
6d73d71
fix: cicd audit check
Jul 1, 2022
c12b659
fix: cicd audit check
Jul 1, 2022
663fe72
fix: cicd audit check
Jul 1, 2022
dffbf20
fix: cicd audit check
Jul 1, 2022
39692be
fix: cicd audit check
Jul 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 11 additions & 32 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,10 @@ jobs:
name: Install general dependencies
command: *defaults_Dependencies
- checkout
# - run:
# name: Access npm folder as root
# command: cd $(npm root -g)/npm
# - run:
# name: Update NPM install (using `npm ci`)
# command: npm ci
####################################################
- run:
name: Install Dependencies for api-svc
command: yarn install
working_directory: /home/circleci/project/modules/api-svc
- run:
name: Install Dependencies
command: yarn install --immutable
Expand All @@ -100,9 +97,7 @@ jobs:
- .yarn/cache
- .yarn/unplugged
- node_modules

####################################################

# - modules/api-svc/node_modules
- run:
name: Delete build dependencies
command: apk del build-dependencies
Expand All @@ -118,9 +113,6 @@ jobs:
name: Restore Yarn Package Cache
keys:
- yarn-packages-{{ checksum "yarn.lock" }}
- run:
name: Install Dependencies
command: yarn install --immutable
- run:
name: Execute unit tests
command: yarn run test:unit
Expand Down Expand Up @@ -191,9 +183,6 @@ jobs:
name: Restore Yarn Package Cache
keys:
- yarn-packages-{{ checksum "yarn.lock" }}
- run:
name: Install Dependencies
command: yarn install --immutable
- run:
name: Validate openapi
command: yarn run build:openapi && yarn run validate:api
Expand All @@ -205,14 +194,13 @@ jobs:
name: Install general dependencies
command: *defaults_Dependencies
- checkout
- restore_cache:
name: Restore Yarn Package Cache
keys:
- yarn-packages-{{ checksum "yarn.lock" }}
- run:
name: Install Dependencies for api-svc
command: yarn install
working_directory: /home/circleci/project/modules/api-svc
- run:
name: Install Dependencies
command: yarn install --immutable

command: yarn install
- run:
name: Create dir for lint results
command: mkdir -p /lintresults
Expand All @@ -233,15 +221,12 @@ jobs:
name: Restore Yarn Package Cache
keys:
- yarn-packages-{{ checksum "yarn.lock" }}
- run:
name: Install Dependencies
command: yarn install --immutable
- run:
name: Create dir for test results
command: mkdir -p ./audit/results
- run:
name: Check for new npm vulnerabilities
command: yarn run audit:check --silent -- --json > ./audit/results/auditResults.json
command: yarn run audit:check > ./audit/results/auditResults.json
- store_artifacts:
path: ./audit/results

Expand All @@ -258,12 +243,6 @@ jobs:
name: Restore Yarn Package Cache
keys:
- yarn-packages-{{ checksum "yarn.lock" }}
- run:
name: Install Dependencies
command: yarn install --immutable
- run:
name: Prune non-production packages before running license-scanner
command: yarn prune --production
- run:
name: Run the license-scanner
command: cd /tmp/license-scanner && pathToRepo=$CIRCLE_WORKING_DIRECTORY make run
Expand Down
66 changes: 33 additions & 33 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
FROM node:16.15.0-alpine as builder

# RUN apk add --no-cache git python3 build-base

# EXPOSE 3000

# WORKDIR /src

# # This is super-ugly, but it means we don't have to re-run npm install every time any of the source
# # files change- only when any dependencies change- which is a superior developer experience when
# # relying on docker-compose.
# COPY ./package.json .
# COPY ./package-lock.json .
# RUN npm ci --only=production
# FROM node:16.15.0-alpine

# ARG BUILD_DATE
# ARG VCS_URL
# ARG VCS_REF
# ARG VERSION

# # See http://label-schema.org/rc1/ for label schema info
# LABEL org.label-schema.schema-version="1.0"
# LABEL org.label-schema.name="sdk-scheme-adapter"
# LABEL org.label-schema.build-date=$BUILD_DATE
# LABEL org.label-schema.vcs-url=$VCS_URL
# LABEL org.label-schema.vcs-ref=$VCS_REF
# LABEL org.label-schema.url="https://mojaloop.io/"
# LABEL org.label-schema.version=$VERSION

# COPY --from=builder /src/ /src
# COPY ./src ./src
# COPY ./secrets /

# CMD ["node", "src/index.js"]
RUN apk add --no-cache git python3 build-base

EXPOSE 3000

WORKDIR /src

# This is super-ugly, but it means we don't have to re-run npm install every time any of the source
# files change- only when any dependencies change- which is a superior developer experience when
# relying on docker-compose.
COPY ./package.json .
COPY ./package-lock.json .
RUN npm ci --only=production
FROM node:16.15.0-alpine

ARG BUILD_DATE
ARG VCS_URL
ARG VCS_REF
ARG VERSION

# See http://label-schema.org/rc1/ for label schema info
LABEL org.label-schema.schema-version="1.0"
LABEL org.label-schema.name="sdk-scheme-adapter"
LABEL org.label-schema.build-date=$BUILD_DATE
LABEL org.label-schema.vcs-url=$VCS_URL
LABEL org.label-schema.vcs-ref=$VCS_REF
LABEL org.label-schema.url="https://mojaloop.io/"
LABEL org.label-schema.version=$VERSION

COPY --from=builder /src/ /src
COPY ./src ./src
COPY ./secrets /

CMD ["node", "src/index.js"]


# TODO: compose the docker image
16 changes: 16 additions & 0 deletions audit-ci.jsonc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
// audit-ci supports reading JSON, JSONC, and JSON5 config files.
// Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
"moderate": true,
"allowlist": [
"GHSA-282f-qqgm-c34q",
"GHSA-v88g-cgmw-v5xw",
"GHSA-mjxr-4v3x-q3m4",
"GHSA-p9pc-299p-vxgp",
"GHSA-6vfc-qv3f-vr6c",
"GHSA-rjqq-98f6-6j3r",
"GHSA-phwq-j96m-2c2q",
"GHSA-pfrx-2q88-qq97"
]
}
0 modules/api-svc/docker-compose.yml → docker-compose.yml
View file
Open in desktop
File renamed without changes.
Loading