feat(mojaloop/#2092): upgrade nodeJS version for core services (#330)

feat(mojaloop/#2092): upgrade nodeJS version for core services - mojaloop/project#2092 - standardised CI scripts - fixed lint issues - updated .nvmrc to latest LTS version - added standard CI scripts/config to package.json: release, snapshot, standard-version, etc - updated gitignore to include test/results patterns - updated README with standard auto-release information - resolved audits - cleaned up package.json - updated links in changelog to point correctly to mojaloop issue repo - renamed .ncurc.json to .ncurc.js to add comment-note about the @hapi/catbox* issue as described in the notes below Notes: - npm-audit-resolver v3.0.0-7 is a candidate release to resolve compatibility with npm v7+ as described in naugtur/npm-audit-resolver#34. This will need to be addressed going forward as `npm run audit:resolve` (i.e. `resolve-audit`) is currently not functioning. As a work-around, we need to manually run the following command `npm audit fix`. The `npm run audit:check` (i.e. `check-audit`) still works as expected. - Added "@hapi/catbox", "@hapi/catbox-memory" to ncurc for dep:check to ignore updates due to breaking changes which should be handled by another story BREAKING CHANGE: major version bump for node v16 LTS support, and re-structuring of project directories to align to core Mojaloop repositories!
mojaloop · May 19, 2022 · 4778864 · 4778864
1 parent ce461b7
commit 4778864
Show file tree

Hide file tree

Showing 14 changed files with 17,050 additions and 3,060 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.env b/.env
diff --git a/.gitignore b/.gitignore
@@ -50,3 +50,6 @@ yarn.lock
 
 # General files to ignore
 *IGNORE*
+
+# Ignore test results
+**/test/results/*
diff --git a/.ncurc.js b/.ncurc.js
@@ -0,0 +1,7 @@
+module.exports = {
+  reject: [
+    // TODO: Added "@hapi/catbox", "@hapi/catbox-memory" to ncurc for dep:check to ignore updates due to breaking changes which should be handled by another story
+    "@hapi/catbox",
+    "@hapi/catbox-memory"
+  ]
+}
diff --git a/.ncurc.json b/.ncurc.json
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-12.16.0
+16.15.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,7 +11,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Features
 
-* **mojaloop/#2704:** core-services support for non-breaking backward api compatibility ([#325](https://github.com/mojaloop/central-services-shared/issues/325)) ([cb81f7e](https://github.com/mojaloop/central-services-shared/commit/cb81f7ec92376e0d6ce45e2ce046379ce1996167)), closes [mojaloop/#2704](https://github.com/mojaloop/central-services-shared/issues/2704) [mojaloop/#2704](https://github.com/mojaloop/central-services-shared/issues/2704)
+* **mojaloop/#2704:** core-services support for non-breaking backward api compatibility ([#325](https://github.com/mojaloop/central-services-shared/issues/325)) ([cb81f7e](https://github.com/mojaloop/central-services-shared/commit/cb81f7ec92376e0d6ce45e2ce046379ce1996167)), closes [mojaloop/#2704](https://github.com/mojaloop/project/issues/2704)
 
 ## [15.3.0](https://github.com/mojaloop/central-services-shared/compare/v15.2.0...v15.3.0) (2022-02-07)
 
@@ -25,7 +25,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Features
 
-* **mojaloop/#2608:** injected resource versions config for outbound requests ([#319](https://github.com/mojaloop/central-services-shared/issues/319)) ([13a3d9d](https://github.com/mojaloop/central-services-shared/commit/13a3d9dc8ab8d4815db2aea22563317e3670a19b)), closes [mojaloop/#2608](https://github.com/mojaloop/central-services-shared/issues/2608)
+* **mojaloop/#2608:** injected resource versions config for outbound requests ([#319](https://github.com/mojaloop/central-services-shared/issues/319)) ([13a3d9d](https://github.com/mojaloop/central-services-shared/commit/13a3d9dc8ab8d4815db2aea22563317e3670a19b)), closes [mojaloop/#2608](https://github.com/mojaloop/project/issues/2608)
 
 ## [15.1.0](https://github.com/mojaloop/central-services-shared/compare/v15.0.1...v15.1.0) (2021-11-17)
 
@@ -50,7 +50,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Bug Fixes
 
-* **mojaloop/#2536:** fspiop api version negotiation not handled by transfers service ([#315](https://github.com/mojaloop/central-services-shared/issues/315)) ([e3a8748](https://github.com/mojaloop/central-services-shared/commit/e3a874829794ed8b85b6487dd58bcb58f31a5dd1)), closes [mojaloop/#2536](https://github.com/mojaloop/central-services-shared/issues/2536) [mojaloop/#2536](https://github.com/mojaloop/central-services-shared/issues/2536)
+* **mojaloop/#2536:** fspiop api version negotiation not handled by transfers service ([#315](https://github.com/mojaloop/central-services-shared/issues/315)) ([e3a8748](https://github.com/mojaloop/central-services-shared/commit/e3a874829794ed8b85b6487dd58bcb58f31a5dd1)), closes [mojaloop/#2536](https://github.com/mojaloop/project/issues/2536)
 
 ## [14.0.0](https://github.com/mojaloop/central-services-shared/compare/v13.4.1...v14.0.0) (2021-09-10)
 
@@ -61,7 +61,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Bug Fixes
 
-* **mojaloop/#2470:** central-services-shared streamingprotocol encode/decode functionality fix ([#313](https://github.com/mojaloop/central-services-shared/issues/313)) ([cedc359](https://github.com/mojaloop/central-services-shared/commit/cedc3595508ebe2fd67517f732e8e1da35635171)), closes [mojaloop/#2470](https://github.com/mojaloop/central-services-shared/issues/2470)
+* **mojaloop/#2470:** central-services-shared streamingprotocol encode/decode functionality fix ([#313](https://github.com/mojaloop/central-services-shared/issues/313)) ([cedc359](https://github.com/mojaloop/central-services-shared/commit/cedc3595508ebe2fd67517f732e8e1da35635171)), closes [mojaloop/#2470](https://github.com/mojaloop/project/issues/2470)
 
 ### [13.4.1](https://github.com/mojaloop/central-services-shared/compare/v13.4.0...v13.4.1) (2021-08-25)
 

diff --git a/README.md b/README.md
@@ -6,3 +6,51 @@
 [![CircleCI](https://circleci.com/gh/mojaloop/central-services-shared.svg?style=svg)](https://circleci.com/gh/mojaloop/central-services-shared)
 
 Shared code for central services
+
+## Auditing Dependencies
+
+We use `npm-audit-resolver` along with `npm audit` to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an `audit-resolve.json` file.
+
+To start a new resolution process, run:
+
+```bash
+npm run audit:resolve
+```
+
+You can then check to see if the CI will pass based on the current dependencies with:
+
+```bash
+npm run audit:check
+```
+
+And commit the changed `audit-resolve.json` to ensure that CircleCI will build correctly.
+
+## Automated Releases
+
+As part of our CI/CD process, we use a combination of CircleCI, standard-version
+npm package and github-release CircleCI orb to automatically trigger our releases
+and image builds. This process essentially mimics a manual tag and release.
+
+On a merge to master, CircleCI is configured to use the mojaloopci github account
+to push the latest generated CHANGELOG and package version number.
+
+Once those changes are pushed, CircleCI will pull the updated master, tag and
+push a release triggering another subsequent build that also publishes a docker image.
+
+### Potential problems
+
+* There is a case where the merge to master workflow will resolve successfully, triggering
+  a release. Then that tagged release workflow subsequently failing due to the image scan,
+  audit check, vulnerability check or other "live" checks.
+
+  This will leave master without an associated published build. Fixes that require
+  a new merge will essentially cause a skip in version number or require a clean up
+  of the master branch to the commit before the CHANGELOG and bump.
+
+  This may be resolved by relying solely on the previous checks of the
+  merge to master workflow to assume that our tagged release is of sound quality.
+  We are still mulling over this solution since catching bugs/vulnerabilities/etc earlier
+  is a boon.
+
+* It is unknown if a race condition might occur with multiple merges with master in
+  quick succession, but this is a suspected edge case.
diff --git a/audit-resolve.json b/audit-resolve.json
@@ -1,108 +1,59 @@
 {
   "decisions": {
-    "1002401|widdershins>yargs>string-width>strip-ansi>ansi-regex": {
+    "1067553|better-ajv-errors>jsonpointer": {
       "decision": "ignore",
-      "madeAt": 1636372052422,
-      "expiresAt": 1638964045850
+      "madeAt": 1652887989276,
+      "expiresAt": 1655479973082
     },
-    "1002401|widdershins>yargs>cliui>string-width>strip-ansi>ansi-regex": {
+    "1070256|ejs": {
       "decision": "ignore",
-      "madeAt": 1636372052422,
-      "expiresAt": 1638964045850
+      "madeAt": 1652887990649,
+      "expiresAt": 1655479973082
     },
-    "1002865|shins>sanitize-html": {
+    "1070030|shins>markdown-it": {
       "decision": "ignore",
-      "madeAt": 1636372053964,
-      "expiresAt": 1638964045850
+      "madeAt": 1652951732905,
+      "expiresAt": 1655543725868
     },
-    "1002866|shins>sanitize-html": {
+    "1068155|shins>markdown-it>sanitize-html": {
       "decision": "ignore",
-      "madeAt": 1636372053964,
-      "expiresAt": 1638964045850
+      "madeAt": 1652887992740,
+      "expiresAt": 1655479973082
     },
-    "1003019|widdershins>yargs>yargs-parser": {
+    "1070260|shins>markdown-it>sanitize-html": {
       "decision": "ignore",
-      "madeAt": 1636372055094,
-      "expiresAt": 1638964045850
+      "madeAt": 1652887993909,
+      "expiresAt": 1655479973082
     },
-    "1004809|widdershins>openapi-sampler>json-pointer": {
+    "1068310|widdershins>oas-resolver>yargs>yargs-parser": {
       "decision": "ignore",
-      "madeAt": 1636956486789,
-      "expiresAt": 1639548471465
+      "madeAt": 1652887994946,
+      "expiresAt": 1655479973082
     },
-    "1004812|widdershins>swagger2openapi>better-ajv-errors>jsonpointer": {
+    "1067946|widdershins>oas-resolver>yargs>yargs-parser>swagger2openapi>oas-validator>ajv": {
       "decision": "ignore",
-      "madeAt": 1636956491233,
-      "expiresAt": 1639548471465
+      "madeAt": 1652887996204,
+      "expiresAt": 1655479973082
     },
-    "1004812|widdershins>swagger2openapi>oas-validator>better-ajv-errors>jsonpointer": {
+    "1070030|widdershins>markdown-it": {
       "decision": "ignore",
-      "madeAt": 1636956491233,
-      "expiresAt": 1639548471465
+      "madeAt": 1652951732905,
+      "expiresAt": 1655543725868
     },
-    "1004854|widdershins>openapi-sampler>json-pointer": {
+    "1067553|swagger2openapi>better-ajv-errors>jsonpointer": {
       "decision": "ignore",
-      "madeAt": 1644227612906,
-      "expiresAt": 1646819457744
+      "madeAt": 1652951735762,
+      "expiresAt": 1655543725868
     },
-    "1004869|widdershins>swagger2openapi>better-ajv-errors>jsonpointer": {
+    "1067946|swagger2openapi>better-ajv-errors>jsonpointer>oas-validator>ajv": {
       "decision": "ignore",
-      "madeAt": 1644227615371,
-      "expiresAt": 1646819457744
+      "madeAt": 1652951738877,
+      "expiresAt": 1655543725868
     },
-    "1004869|widdershins>swagger2openapi>oas-validator>better-ajv-errors>jsonpointer": {
+    "1068310|widdershins>markdown-it>yargs>yargs-parser": {
       "decision": "ignore",
-      "madeAt": 1644227615371,
-      "expiresAt": 1646819457744
-    },
-    "1004946|widdershins>yargs>string-width>strip-ansi>ansi-regex": {
-      "decision": "ignore",
-      "madeAt": 1644227616947,
-      "expiresAt": 1646819457744
-    },
-    "1004946|widdershins>yargs>cliui>string-width>strip-ansi>ansi-regex": {
-      "decision": "ignore",
-      "madeAt": 1644227616947,
-      "expiresAt": 1646819457744
-    },
-    "1005383|shins>sanitize-html": {
-      "decision": "ignore",
-      "madeAt": 1644227618453,
-      "expiresAt": 1646819457744
-    },
-    "1005384|shins>sanitize-html": {
-      "decision": "ignore",
-      "madeAt": 1644227618454,
-      "expiresAt": 1646819457744
-    },
-    "1005534|widdershins>yargs>yargs-parser": {
-      "decision": "ignore",
-      "madeAt": 1644227619978,
-      "expiresAt": 1646819457744
-    },
-    "1006899|widdershins>node-fetch": {
-      "decision": "fix",
-      "madeAt": 1644227510867
-    },
-    "1006846|shins>sanitize-html>postcss": {
-      "decision": "ignore",
-      "madeAt": 1644227621510,
-      "expiresAt": 1646819457744
-    },
-    "1006886|shins>markdown-it": {
-      "decision": "ignore",
-      "madeAt": 1644227622831,
-      "expiresAt": 1646819457744
-    },
-    "1007050|widdershins>urijs": {
-      "decision": "ignore",
-      "madeAt": 1646234133511,
-      "expiresAt": 1648826119845
-    },
-    "1007017|widdershins>swagger2openapi>oas-validator>ajv": {
-      "decision": "ignore",
-      "madeAt": 1646234136454,
-      "expiresAt": 1648826119845
+      "madeAt": 1652951741588,
+      "expiresAt": 1655543725868
     }
   },
   "rules": {},