-
Notifications
You must be signed in to change notification settings - Fork 0
/
yarn.yml
114 lines (104 loc) · 3.97 KB
/
yarn.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
version: 2.1
description: Yarn commands
orbs:
node: circleci/[email protected]
commands:
install:
description: "yarn install"
parameters:
yarn-version:
type: string
description: Version of yarn to use.
default: 1.15.2
cache-version:
type: string
description: Cache version; increment this for a fresh cache.
default: v1
save-cache:
type: boolean
description: Set to false to save cache on your own. Useful for monorepos.
default: true
yarn-install-command:
type: string
description: Command to run when yarn installing
default: |
yarn --frozen-lockfile
yarn-audit:
type: boolean
description: Set to false to skip yarn audit check.
default: true
steps:
- node/install-package-manager:
yarn: true
yarn_version: << parameters.yarn-version >>
- run:
name: Setup NPM token
command: |
if [ "$NPM_TOKEN" ]; then
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
fi
- restore_cache:
name: "Restore node_modules Cache"
keys:
- yarnpkg-<< parameters.cache-version >>-{{ arch }}-{{ .Branch }}-{{ checksum "yarn.lock" }}
- yarnpkg-<< parameters.cache-version >>-{{ arch }}-{{ .Branch }}-
- yarnpkg-<< parameters.cache-version >>-{{ arch }}-
- run:
name: "Run yarn install"
command: << parameters.yarn-install-command >>
- when:
condition: << parameters.yarn-audit >>
steps:
- run:
name: "Run yarn audit"
command: |
set +e
yarn audit 2>yarn-audit-errors
result=$?
set -e
function check-for-down-server() {
if grep -q "Error: Request failed" yarn-audit-errors; then
cat yarn-audit-errors
echo
echo "NPM's audit servers are down."
echo This happen so often that we are going to ignore this and
echo assume everything is okay.
exit 0
fi
}
if [ "$result" != 0 ]; then
check-for-down-server
if [ -f yarn-audit-known-issues ]; then
set +e
yarn audit --json 2>yarn-audit-errors | grep auditAdvisory > yarn-audit-issues
set -e
check-for-down-server
if diff -q yarn-audit-known-issues yarn-audit-issues > /dev/null 2>&1; then
echo
echo Ignorning known vulnerabilities
exit 0
fi
fi
echo
echo Security vulnerabilities were found that were not ignored
echo
echo Check to see if these vulnerabilities apply to production
echo and/or if they have fixes available. If they do not have
echo fixes and they do not apply to production, you may ignore them
echo
echo To ignore these vulnerabilities, run:
echo
echo "yarn audit --json | grep auditAdvisory > yarn-audit-known-issues"
echo
echo and commit the yarn-audit-known-issues file
exit "$result"
fi
- when:
condition: << parameters.save-cache >>
steps:
- save_cache:
name: "Save node_modules Cache"
key: yarnpkg-<< parameters.cache-version >>-{{ arch }}-{{ .Branch }}-{{ checksum "yarn.lock" }}
paths:
- ~/.cache/yarn
- ~/project/node_modules