Verify no dependencies conflicts with central-services-shared and cen…

…tral-services-stream (#9) * Update dependencies * Resolve audit reports - subtext ignored for a week * Resolve PR comment * Add vulnerability check and licences audit to ci config. * Fix ci config. * Update version to 8.3.0 * Update package-lock.json
mojaloop · Oct 15, 2019 · 98cd616 · 98cd616
1 parent 26bc895
commit 98cd616
Show file tree

Hide file tree

Showing 4 changed files with 517 additions and 171 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -12,12 +12,6 @@ defaults_docker_helm_kube: &defaults_docker_helm_kube
   docker:
     - image: hypnoglow/kubernetes-helm
 
-# default_env: &default_env
-#   environment:
-#     # - TAG_EXP: 'v[0-9]+(\.[0-9]+)*'
-#     # - TAG_EXP_SNAPSHOT: 'v[0-9]+(\.[0-9]+)*\-SNAPSHOT'
-#     # - TAG: v1.0
-
 defaults_Dependencies: &defaults_Dependencies |
     apk --no-cache add git
     apk --no-cache add ca-certificates
@@ -37,6 +31,11 @@ defaults_awsCliDependencies: &defaults_awsCliDependencies |
     pip install --upgrade awscli==1.14.5 s3cmd==2.0.1 python-magic
     apk -v --purge del py-pip
 
+defaults_license_scanner: &defaults_license_scanner
+  name: Install and set up license-scanner
+  command: |
+    git clone https://github.com/mojaloop/license-scanner /tmp/license-scanner
+    cd /tmp/license-scanner && make build default-files set-up
 
 defaults_build_docker_login: &defaults_build_docker_login
   name: Login to Docker Hub
@@ -309,6 +308,49 @@ jobs:
 #       - store_test_results:
 #           path: ./test/results
 
+  vulnerability-check:
+    <<: *defaults_working_directory
+    <<: *defaults_docker_node
+    steps:
+      - run:
+          name: Install general dependencies
+          command: *defaults_Dependencies
+      - checkout
+      - restore_cache:
+          key: dependency-cache-{{ checksum "package.json" }}
+      - run:
+          name: Create dir for test results
+          command: mkdir -p ./audit/results
+      - run:
+          name: Check for new npm vulnerabilities
+          # TODO: change back to silent, we make this verbose to catch this bug: https://github.com/mojaloop/project/issues/958
+          command: npm run audit:check --verbose -- --json > ./audit/results/auditResults.json
+      - store_artifacts:
+          path: ./audit/results
+          prefix: audit
+
+  audit-licenses:
+    <<: *defaults_working_directory
+    <<: *defaults_docker_node
+    steps:
+      - run:
+          name: Install general dependencies
+          command: *defaults_Dependencies
+      - run:
+          <<: *defaults_license_scanner
+      - checkout
+      - restore_cache:
+          key: dependency-cache-{{ checksum "package.json" }}
+      - run:
+          name: Prune non-production packages before running license-scanner
+          command: npm prune --production
+      - run:
+          name: Run the license-scanner
+          command: cd /tmp/license-scanner && pathToRepo=$CIRCLE_WORKING_DIRECTORY make run
+      - store_artifacts:
+          path: /tmp/license-scanner/results
+          prefix: licenses
+
   build-snapshot:
     machine: true
     <<: *defaults_working_directory
@@ -593,6 +635,28 @@ workflows:
               ignore:
                 - /feature*/
                 - /bugfix*/
+      - vulnerability-check:
+          context: org-global
+          requires:
+            - setup
+          filters:
+            tags:
+              only: /.*/
+            branches:
+              ignore:
+                - /feature*/
+                - /bugfix*/
+      - audit-licenses:
+          context: org-global
+          requires:
+            - setup
+          filters:
+            tags:
+              only: /.*/
+            branches:
+              ignore:
+                - /feature*/
+                - /bugfix*/
 #      - test-integration:
 #          context: org-global
 #          requires:
@@ -630,11 +694,13 @@ workflows:
           context: org-global
           requires:
             - setup
-#            - test-unit
-#            - test-coverage
-#            - test-integration
-#            - test-functional
+            - test-unit
+            # - test-coverage
+            # - test-integration
+            # - test-functional
             # - test-spec
+            - vulnerability-check
+            - audit-licenses
           filters:
             tags:
               only: /v[0-9]+(\.[0-9]+)*\-snapshot/
@@ -657,9 +723,11 @@ workflows:
             - setup
             - test-unit
             - test-coverage
-#            - test-integration
-#            - test-functional
+            # - test-integration
+            # - test-functional
             # - test-spec
+            - vulnerability-check
+            - audit-licenses
           filters:
             tags:
               only: /v[0-9]+(\.[0-9]+)*/

diff --git a/audit-resolve.json b/audit-resolve.json
@@ -0,0 +1,11 @@
+{
+  "decisions": {
+    "1168|hapi>subtext": {
+      "decision": "ignore",
+      "madeAt": 1570706679815,
+      "expiresAt": 1571311407031
+    }
+  },
+  "rules": {},
+  "version": 1
+}