feat(mojaloop/#2092)!: prefixes for api definitions and upgraded node…

… version (mojaloop#138) feat(mojaloop/[#2092](mojaloop/project#2092)): upgrade nodeJS version for core services - mojaloop/project#2092 - Upgrade to node v16 - Update packages/linting/audit/dockerfile - Update ci with dep/audit checks - Installed pre-commit hooks - feat:added options to api management page Notes: - Helm chart mountPaths need to be updated from `/opt/mojaloop-testing-toolkit-ui` to `/opt/app` as follows: ```YAML volumeMounts: - mountPath: /opt/app/config name: <deployment-name> ``` BREAKING CHANGE: Major version bump for node v16 LTS support, re-structuring of project directories to align to core Mojaloop repositories and docker image now uses `/opt/app` instead of `/opt/mojaloop-testing-toolkit-ui` which will impact config mounts. Major version bump since this is a big upgrade.
vijayg10 · Jul 28, 2022 · 64e9fb7 · 64e9fb7
1 parent 37d2a05
commit 64e9fb7
Show file tree

Hide file tree

Showing 92 changed files with 55,504 additions and 53,216 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.eslintrc b/.eslintrc
@@ -0,0 +1,104 @@
+{
+    "plugins": ["@typescript-eslint", "import"],
+    "extends": ["airbnb-typescript", "plugin:react/recommended"],
+    "parser": "@typescript-eslint/parser",
+    "ignorePatterns": ["src/test"],
+    "parserOptions": {
+      "project": "./tsconfig.json",
+      "sourceType": "module"
+    },
+    "settings": {
+      "import/resolver": "node" 
+    },
+    "rules": {
+      "indent": [
+        "error",
+        4,
+        { "SwitchCase": 1 }
+      ],
+      "linebreak-style": [
+        2,
+        "unix"
+      ],
+      "quotes": [
+        2,
+        "single"
+      ],
+      "semi": [
+        2,
+        "always"
+      ],
+      "no-multiple-empty-lines": ["error", { "max": 2, "maxEOF": 0 }],
+      "no-console": "off",
+      "no-prototype-builtins": "off",
+      "object-curly-spacing": ["warn", "always"],
+      "no-unused-vars": [
+        "warn",
+        {
+          "vars": "all",
+          "args": "none"
+        }
+      ],
+      "@typescript-eslint/no-unused-vars": [
+        "warn",
+        {
+          "vars": "all",
+          "args": "none"
+        }
+      ],
+      "@typescript-eslint/no-explicit-any": [
+        "off",
+        {
+          "ignoreRestArgs": true
+        }
+      ],
+      "@typescript-eslint/indent": [
+        "error",
+        4,
+        { "SwitchCase": 1 }
+      ],
+      "react/jsx-filename-extension": [0, { "extensions": [".js", ".jsx"] }],
+      "max-len": "off",
+      "no-plusplus": [
+        "error",
+        {
+          "allowForLoopAfterthoughts": true
+        }
+      ],
+      "no-underscore-dangle": "off",
+      "import/no-extraneous-dependencies": [
+        "error",
+        {
+          "devDependencies": [
+            "**/*.test.js",
+            "**/*.test.ts",
+            "src/tests/**/*"
+          ]
+        }
+      ],
+      "import/prefer-default-export": "off",
+      "spaced-comment": ["error", "always", { "exceptions": ["*"] }],
+      "@typescript-eslint/keyword-spacing": ["error", { "overrides": {
+        "if": { "after": false },
+        "for": { "after": false },
+        "while": { "after": false }
+      } }],
+      "arrow-parens": ["error", "as-needed"],
+      "import/extensions": [
+        "error", 
+        {
+          "js": "never",
+          "ts": "never",
+          "json": "ignore"
+        }
+      ],
+      "@typescript-eslint/no-use-before-define": "off",
+      "@typescript-eslint/no-shadow": "off",
+      "react/prop-types": "off",
+      "react/no-direct-mutation-state": "off",
+      "react/jsx-key": "off",
+      "@typescript-eslint/space-before-blocks": "off",
+      "react/no-string-refs": "off",
+      "react/react-in-jsx-scope": "off"
+    }
+  }
diff --git a/.ncurc.yaml b/.ncurc.yaml
@@ -0,0 +1,18 @@
+## Add a TODO comment indicating the reason for each rejected dependency upgrade added to this list, and what should be done to resolve it (i.e. handle it through a story, etc).
+reject: [
+  # TODO: Tried to upgrade the react and getting many issues while building the app due to the difference in the libraries.
+  # So keeping the react versions same for now.
+  "react",
+  "react-ace",
+  "react-dom",
+  "react-router-dom",
+  "react-scripts",
+  "web-vitals",
+  "@types/react",
+  "@testing-library/jest-dom",
+  "@testing-library/react",
+  "@testing-library/user-event",
+  # Keeping the bootstrap to the same version because there are many renames in the class names in the recent versions
+  "bootstrap"
+
+]
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+16.15.0
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,30 @@
+# Each line is a file pattern followed by one or more owners.
+## These owners will be the default owners for everything in
+## the repo. Unless a later match takes precedence,
+## @global-owner1 and @global-owner2 will be requested for
+## review when someone opens a pull request.
+#*       @global-owner1 @global-owner2
+*   @vijayg10 @mdebarros @elnyry-sam-k
+## Order is important; the last matching pattern takes the most
+## precedence. When someone opens a pull request that only
+## modifies JS files, only @js-owner and not the global
+## owner(s) will be requested for a review.
+# *.js    @js-owner
+## You can also use email addresses if you prefer. They'll be
+## used to look up users just like we do for commit author
+## emails.
+#*.go docs@example.com
+# In this example, @doctocat owns any files in the build/logs
+# directory at the root of the repository and any of its
+# subdirectories.
+# /build/logs/ @doctocat
+## The `docs/*` pattern will match files like
+## `docs/getting-started.md` but not further nested files like
+## `docs/build-app/troubleshooting.md`.
+# docs/*  docs@example.com
+## In this example, @octocat owns any file in an apps directory
+## anywhere in your repository.
+#apps/ @octocat
+## In this example, @doctocat owns any file in the `/docs`
+## directory in the root of your repository.
+#/docs/ @doctocat
diff --git a/Dockerfile b/Dockerfile
@@ -1,28 +1,39 @@
-FROM node:12.16.0-alpine AS builder
+FROM node:16.15.0-alpine AS builder
+WORKDIR /opt/app
 
-WORKDIR /opt/mojaloop-testing-toolkit-ui
-ENV PATH /opt/mojaloop-testing-toolkit-ui/node_modules/.bin:$PATH
-
-RUN apk add --no-cache -t build-dependencies git make gcc g++ python libtool autoconf automake \
+RUN apk add --no-cache -t build-dependencies make gcc g++ python3 libtool libressl-dev openssl-dev autoconf automake \
     && cd $(npm root -g)/npm \
     && npm config set unsafe-perm true \
     && npm install -g node-gyp
 
-COPY package.json package-lock.json* /opt/mojaloop-testing-toolkit-ui/
-RUN npm install --silent
-#RUN npm install react-scripts@3.0.1 -g --silent
+COPY package.json package-lock.json* /opt/app/
+
+RUN npm ci
+
+COPY src /opt/app/src
+COPY public /opt/app/public
+COPY .eslintrc tsconfig.json /opt/app/
 
-COPY src /opt/mojaloop-testing-toolkit-ui/src
-COPY public /opt/mojaloop-testing-toolkit-ui/public
 RUN npm run build
 
 FROM nginx:1.16.0-alpine
-
 WORKDIR /usr/share/nginx/html
 
-COPY --from=builder /opt/mojaloop-testing-toolkit-ui/build /usr/share/nginx/html
-RUN rm /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf
+# Replace the nginx config files
+RUN rm -f /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf
 COPY nginx/nginx.conf /etc/nginx/nginx.conf
+
+# Create a non-root user: ml-user
+RUN adduser -D ml-user
+
+# Change permissions for nginx folders
+RUN chown -R ml-user:ml-user /var/log/nginx
+RUN chown -R ml-user:ml-user /var/cache/nginx
+RUN chown -R ml-user:ml-user /usr/share/nginx
+
+USER ml-user
+
+COPY --chown=ml-user --from=builder /opt/app/build .
 COPY nginx/start.sh /usr/share/nginx/start.sh
 
 EXPOSE 6060

diff --git a/README.md b/README.md
@@ -54,3 +54,44 @@ Please follow this link to learn about backend service.
 
 https://github.com/mojaloop/ml-testing-toolkit/blob/master/README.md
 
+-------
+
+## Auditing Dependencies
+
+We use `npm-audit-resolver` along with `npm audit` to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an `audit-resolve.json` file.
+
+To start a new resolution process, run:
+
+```bash
+npm run audit:resolve
+```
+
+You can then check to see if the CI will pass based on the current dependencies with:
+
+```bash
+npm run audit:check
+```
+
+And commit the changed `audit-resolve.json` to ensure that CircleCI will build correctly.
+
+## Container Scans
+
+As part of our CI/CD process, we use anchore-cli to scan our built docker container for vulnerabilities upon release.
+
+If you find your release builds are failing, refer to the [container scanning](https://github.com/mojaloop/ci-config#container-scanning) in our shared Mojaloop CI config repo. There is a good chance you simply need to update the `mojaloop-policy-generator.js` file and re-run the circleci workflow.
+
+For more information on anchore and anchore-cli, refer to:
+- [Anchore CLI](https://github.com/anchore/anchore-cli)
+- [Circle Orb Registry](https://circleci.com/orbs/registry/orb/anchore/anchore-engine)
+
+## Automated Releases
+
+As part of our CI/CD process, we use a combination of CircleCI, standard-version
+npm package and github-release CircleCI orb to automatically trigger our releases
+and image builds. This process essentially mimics a manual tag and release.
+
+On a merge to master, CircleCI is configured to use the mojaloopci github account
+to push the latest generated CHANGELOG and package version number.
+
+Once those changes are pushed, CircleCI will pull the updated master, tag and
+push a release triggering another subsequent build that also publishes a docker image.
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -0,0 +1,55 @@
+{
+  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
+  // audit-ci supports reading JSON, JSONC, and JSON5 config files.
+  // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
+  "moderate": true,
+  "allowlist": [
+    // These are all the exceptions for react, react-scripts and their dependencies as it is very hard to update react version at the moment.
+    "GHSA-whgm-jr23-g3j9",
+    "GHSA-whgm-jr23-g3j9",
+    "GHSA-w8qv-6jwh-64r5",
+    "GHSA-phwq-j96m-2c2q",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-ww39-953v-wcq6",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-cj88-88mr-972w",
+    "GHSA-pfrx-2q88-qq97",
+    "GHSA-c36v-fmgq-m8hx",
+    "GHSA-33f9-j839-rf8h",
+    "GHSA-8fr3-hfg3-gpgp",
+    "GHSA-2r2c-g63r-vccr",
+    "GHSA-x4jg-mjrx-434g",
+    "GHSA-cfm4-qjh2-4765",
+    "GHSA-rp65-9cf3-cjxr",
+    "GHSA-rp65-9cf3-cjxr",
+    "GHSA-g4rg-993r-mgx7"
+  ]
+}