Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(854): switch frontend package manager from yarn to npm #1538

Merged
merged 8 commits into from
Jan 25, 2022

Conversation

jorgegonzalez
Copy link

@jorgegonzalez jorgegonzalez commented Jan 12, 2022

Summary of Changes

Provide a brief summary of changes

Pull request closes #854
Acceptance criteria as stated in the issue

How to Test

List the steps to test the PR
These steps are generic, please adjust as necessary.

cd tdrs-frontend && docker-compose -f docker-compose.yml -f docker-compose.local.yml up -d
  1. Open http://localhost:3000/ and sign in.
  2. Ensure frontend build proceeds as normal
  3. Ensure there are no errors when running locally with Docker
  4. Run npm install and npm test in the local frontend directory and ensure they succeed gracefully

Deliverable 1: Accepted Features

Performance Standard(s): At the beginning of each sprint, the Product Owner and development team will collaborate to define a set of user stories to be completed during the sprint. Acceptance criteria for each story will also be defined. The development team will deliver code and functionality to satisfy these user stories.

Acceptable Quality Level: Delivered code meets the acceptance criteria for each user story. Incomplete stories will be assessed and considered for inclusion in the next sprint.

  • Look up the acceptance criteria in the related issue; paste ACs below in checklist format.
  • Check against the criteria:
    • Remove yarn and implement npm as alternative
    • Have a new lockfile and package manager
    • update documentation
    • reviewed and tested by @ADPennington

As Product Owner, @lfrohlich will decide if ACs are met.

Deliverable 2: Tested Code

Performance Standard(s): Code delivered under the order must have substantial test code coverage. Version-controlled HHS GitHub repository of code that comprises products that will remain in the government domain.

Acceptable Quality Level: Minimum of 90% test coverage of all code. All areas of code are meaningfully tested.

  • Are all areas of code introduced in this PR meaningfully tested?
    • If this PR introduces backend code changes, are they meaningfully tested?
    • If this PR introduces frontend code changes, are they meaningfully tested?
  • Are code coverage minimums met?

Deliverable 3: Properly Styled Code

Performance Standard(s): GSA 18F Front- End Guide

Acceptable Quality Level: 0 linting errors and 0 warnings

  • Are backend code style checks passing on CircleCI?
  • Are frontend code style checks passing on CircleCI?
  • Does this PR change any linting or CI settings?

Deliverable 4: Accessible

Performance Standard(s): Web Content Accessibility Guidelines 2.1 AA standards

Acceptable Quality Level: 0 errors reported using an automated scanner and 0 errors reported in manual testing

  • Does this PR complete the epic?
  • Are links included to any other gov-approved PRs associated with epic?
  • Does PR include documentation for Raft's a11y review?
  • Did automated and manual testing with @iamjolly and @ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

Performance Standard(s): Code must successfully build and deploy into the staging environment.

Acceptable Quality Level: Successful deployment by assigning a 'Deploy with CircleCI - {env}' label

  • Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

Performance Standard(s): Summary of user stories completed every two weeks. All dependencies are listed and the licenses are documented. Major functionality in the software/source code is documented, including system diagram. Individual methods are documented inline in a format that permits the use of tools such as JSDoc. All non-inherited 800-53 system security controls are documented in the Open Control or OSCAL format and HHS Section 508 Product Assessment Template (PAT) are updated as appropriate.

Acceptable Quality Level: Combination of manual review and automated testing, if available

  • If this PR introduces backend code, is that code documented both inline and overall?
  • If this PR introduces frontend code, is that code documented both inline and overall?
  • If this PR introduces dependencies, are their licenses documented?

Deliverable 7: Secure

Performance Standard(s): Open Web Application Security Project (OWASP) Application Security Verification Standard 3.0

Acceptable Quality Level: Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities

  • Does the OWASP Scan pass on CircleCI?
  • Do manual code review and manual testing detect any security issues?
    no new issues detected

Deliverable 8: Context

  • Performance Standard(s): Code must be understandable and contextualized for the reviewers possess the knowledge and background necessary for analysis and constructive criticism to take place.
  • Acceptable Quality Level: Code submitted in the pull request has context.*
  • Does this pull request contain sufficient inline comments providing relevant context for code snippets?
  • Is the code understandable and lucid?
  • Does this pull request provide background for why coding decisions were made?
  • Can you as a reviewer explain and take ownership of these elements presented in this code review?

@jorgegonzalez jorgegonzalez force-pushed the build/854-npm-migration branch from ad9ad26 to 581a6bf Compare January 12, 2022 20:59
@codecov
Copy link

codecov bot commented Jan 12, 2022

Codecov Report

Merging #1538 (c0d2c68) into raft-tdp-main (6cd5e1a) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@              Coverage Diff               @@
##           raft-tdp-main    #1538   +/-   ##
==============================================
  Coverage          97.58%   97.58%           
==============================================
  Files                 80       80           
  Lines               1901     1901           
  Branches             249      249           
==============================================
  Hits                1855     1855           
  Misses                22       22           
  Partials              24       24           
Flag Coverage Δ
dev-backend 99.10% <ø> (ø)
dev-frontend 94.76% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.


Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6cd5e1a...c0d2c68. Read the comment docs.

@jorgegonzalez jorgegonzalez added the raft review This issue is ready for raft review label Jan 19, 2022
@andrew-jameson andrew-jameson added QASP Review and removed raft review This issue is ready for raft review labels Jan 19, 2022
@jorgegonzalez
Copy link
Author

jorgegonzalez commented Jan 21, 2022

@ADPennington what is the QASP review status of this? This PR is blocking #1506 #1511 #1551 #1460

@jorgegonzalez jorgegonzalez force-pushed the build/854-npm-migration branch from f269355 to c0d2c68 Compare January 24, 2022 21:16
Copy link
Collaborator

@ADPennington ADPennington left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @jorgegonzalez 🚀

Some notes:
During the tabletop for this PR, we discussed the new "security vulnerabilities" that are being reported from npm audit (by way of npm ci) as part of the frontend build.

npm audit results can be unreliable (ref), and it is unclear why running this report locally yields inconsistent results. So, we decided that these results should be suppressed, since we rely on Dependabot for dependency management and, this tool is sourced by the same dB (ref). So we should get the same information (if it is valid) via the Security tab of this repo. This suppression is accounted for with the merge of this PR. cc: @abottoms-coder @lfrohlich

@jorgegonzalez
Copy link
Author

Good point on the GitHub Advisories db being the same as the npm audit one 👍

@jorgegonzalez jorgegonzalez merged commit 96a2ceb into raft-tdp-main Jan 25, 2022
@jorgegonzalez jorgegonzalez deleted the build/854-npm-migration branch January 25, 2022 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

As technical lead, I want to switch from Yarn to NPM
3 participants