reintroduce CI build and fix vulnerabilities

finos · Sep 4, 2024 · 4861f2d · 4861f2d
1 parent b7c43d6
commit 4861f2d
Show file tree

Hide file tree

Showing 7 changed files with 5,357 additions and 16,548 deletions.
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -0,0 +1,82 @@
+# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+name: Node.js CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  # building project
+  build:
+    name: Build
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        node-version: [20.x]
+        os: [ubuntu-latest]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Cache NPM
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Cache Elm
+        uses: actions/cache@v3
+        with:
+          path: ~/.elm
+          key: ${{ runner.os }}-elm-${{ hashFiles('**/elm.json') }}
+          restore-keys: |
+            ${{ runner.os }}-elm-
+
+      - name: Download dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build --if-present
+
+      - name: Running Test
+        run: npm test
+
+  # CVE scanning
+  cvescan:
+    name: CVE Scanning
+    runs-on: ubuntu-latest
+    needs: [build]
+    strategy:
+      matrix:
+        node-version: [18.x]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: npm ci
+      - run: npx --yes auditjs ossi --whitelist allow-list.json
+
+  # Semgrep static code analysis
+  semgrep:
+    name: Semgrep
+    runs-on: ubuntu-latest
+    needs: [cvescan]
+    container:
+      # A Docker image with Semgrep installed. Don't change this.
+      image: returntocorp/semgrep
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v4
+      - run: semgrep scan --config auto --severity ERROR
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-lts/hydrogen
+lts/iron
diff --git a/cli2/config-processing.ts b/cli2/config-processing.ts
@@ -3,8 +3,7 @@ This file serves as the entrypoint for Json Schema Backend configuration process
 */
 import * as fs from "fs";
 import * as path from 'path';
-import * as util from 'util'
-import cli from "./cli";
+import * as util from 'util';
 
 const fsReadFile = util.promisify(fs.readFile);
 const configFilePath: string = "JsonSchema.config.json";

diff --git a/gulpfile.js b/gulpfile.js
@@ -1,31 +1,41 @@
-const { series, parallel, src, dest } = require('gulp');
-const concat = require('gulp-concat');
-const os = require('os')
-const path = require('path')
-const util = require('util')
-const fs = require('fs')
-const tmp = require('tmp')
-const git = require('isomorphic-git')
-const { request: delegate } = require('isomorphic-git/http/node')
-const { HttpProxyAgent, HttpsProxyAgent } = require('hpagent')
-const del = require('del')
-const elmMake = require('node-elm-compiler').compile
-const execa = require('execa');
-const shell = require('shelljs')
-const mocha = require('gulp-mocha');
-const ts = require('gulp-typescript');
-const { isExpressionWithTypeArguments } = require('typescript');
+import gulp from 'gulp';
+const { series, parallel, src, dest } = gulp;
+
+import fs from 'fs';
+import concat from 'gulp-concat';
+import path from 'path';
+import tmp from 'tmp';
+import util from 'util';
+
+import git from 'isomorphic-git';
+
+import { HttpProxyAgent, HttpsProxyAgent } from 'hpagent';
+import http_node from 'isomorphic-git/http/node/index.js';
+const { request: delegate } = http_node
+
+import { deleteAsync as del } from 'del';
+import nodeElmCompiler from 'node-elm-compiler';
+const elmMake = nodeElmCompiler.compile
+
+import execa from 'execa';
+import mocha from 'gulp-mocha';
+import shell from 'shelljs';
+
+import ts from 'gulp-typescript';
+import tsp from 'typescript';
+const { isExpressionWithTypeArguments } = tsp;
+
 const mainTsProject = ts.createProject('./tsconfig.json')
 const cliTsProject = ts.createProject('./cli2/tsconfig.json')
 const readFile = util.promisify(fs.readFile)
 
-async function request ({ url, method, headers, body }) {
+async function request({ url, method, headers, body }) {
     const proxy = url.startsWith('https:')
-      ? { Agent: HttpsProxyAgent, url: process.env.https_proxy }
-      : { Agent: HttpProxyAgent, url: process.env.http_proxy }
+        ? { Agent: HttpsProxyAgent, url: process.env.https_proxy }
+        : { Agent: HttpProxyAgent, url: process.env.http_proxy }
     const agent = proxy.url ? new proxy.Agent({ proxy: proxy.url }) : undefined
     return delegate({ url, method, agent, headers, body })
-  }
+}
 
 const http = { request };
 
@@ -107,13 +117,13 @@ const buildCLI2 =
         makeCLI2
     )
 
-const buildMorphirAPI2 = async ()=>{
+const buildMorphirAPI2 = async () => {
     try {
-        await morphirElmMakeRunOldCli('.', './morphir-ir.json', {typesOnly: true})
+        await morphirElmMakeRunOldCli('.', './morphir-ir.json', { typesOnly: true })
         await morphirElmGen('./morphir-ir.json', './lib/generated', 'TypeScript')
         src('./lib/sdk/**/*')
-        .pipe(dest('./lib/generated/morphir/sdk'))
-       return await execa('npx tsc', ['--project',path.join('.','lib','tsconfig.json')])
+            .pipe(dest('./lib/generated/morphir/sdk'))
+        return await execa('npx tsc', ['--project', path.join('.', 'lib', 'tsconfig.json')])
     } catch (error) {
         console.error("Error building morphir API 2", error);
         return error
@@ -184,10 +194,10 @@ async function morphirJsonSchemaGen(inputPath, outputDir, target) {
     args = ['./cli2/lib/morphir-json-schema-gen.js', 'json-schema-gen', '-i', inputPath, '-o', outputDir, '-t', target]
     console.log("Running: " + args.join(' '));
     try {
-        await execa('node', args, {stdio})
+        await execa('node', args, { stdio })
     } catch (err) {
         console.log("Error running json-schema-gen command", err);
-        throw(err)
+        throw (err)
     }
 }
 
@@ -214,7 +224,7 @@ async function testUnit(cb) {
 }
 
 async function compileCli2Ts() {
-    src(['./cli2/*.ts', '!./cli2/*.test.ts' ]).pipe(cliTsProject()).pipe(dest('./cli2/lib/'))
+    src(['./cli2/*.ts', '!./cli2/*.test.ts']).pipe(cliTsProject()).pipe(dest('./cli2/lib/'))
 }
 
 
@@ -364,14 +374,14 @@ async function testCreateCSV(cb) {
     }
 }
 
-testIntegrationSpark = series(
+const testIntegrationSpark = series(
     testIntegrationMakeSpark,
     testIntegrationGenSpark,
     testIntegrationBuildSpark,
     testIntegrationTestSpark,
 )
 
-testIntegration = series(
+const testIntegration = series(
     testIntegrationClean,
     testIntegrationMake,
     testCreateCSV,
@@ -386,8 +396,8 @@ testIntegration = series(
             testIntegrationGenTypeScript,
             testIntegrationTestTypeScript,
         ),
-    ),testIntegrationDockerize,
-     testIntegrationJsonSchemaGen
+    ), testIntegrationDockerize,
+    testIntegrationJsonSchemaGen
 )
 
 
@@ -429,7 +439,7 @@ async function checkPackageLockJson() {
     }
 }
 
-testMorphirIR = series(
+const testMorphirIR = series(
     testMorphirIRMake,
     testMorphirIRGenTypeScript,
     testMorphirIRTestTypeScript,
@@ -447,27 +457,25 @@ const csvfiles = series(
     testCreateCSV,
 )
 
-exports.clean = clean;
-exports.makeCLI = makeCLI;
-exports.makeDevCLI = makeDevCLI;
-exports.buildCLI2 = buildCLI2;
-exports.compileMain2Ts = compileMain2Ts;
-exports.build = build;
-exports.test = test;
-exports.csvfiles = csvfiles;
-exports.testIntegration = testIntegration;
-exports.testIntegrationSpark = testIntegrationSpark;
-exports.testMorphirIR = testMorphirIR;
-exports.testMorphirIRTypeScript = testMorphirIR;
-exports.checkPackageLockJson = checkPackageLockJson;
-exports.default =
+export {
+    build, buildCLI2, checkPackageLockJson, clean, compileMain2Ts, csvfiles, makeCLI,
+    makeDevCLI, test, testIntegration,
+    testIntegrationSpark,
+    testMorphirIR
+};
+
+
+    export { testMorphirIR as testMorphirIRTypeScript };
+
+
+
+export default series(
+    clean,
+    checkPackageLockJson,
     series(
-        clean,
-        checkPackageLockJson,
-        series(
-            cloneMorphirJVM,
-            copyMorphirJVMAssets,
-            cleanupMorphirJVM
-        ),
-        build
-    );
+        cloneMorphirJVM,
+        copyMorphirJVMAssets,
+        cleanupMorphirJVM
+    ),
+    build
+);
diff --git a/jest.config.js → jest.config.cjs b/jest.config.js → jest.config.cjs