Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: plug NodeSecure runtime configuration #3

Merged
merged 42 commits into from
Mar 26, 2022
Merged

feat: plug NodeSecure runtime configuration #3

merged 42 commits into from
Mar 26, 2022

Conversation

antoine-coulon
Copy link
Member

@antoine-coulon antoine-coulon commented Mar 14, 2022
edited
Loading

Linked to #2

This PR aims to integrate the @nodesecure/rc lib which would be another way to provide a runtime configuration in addition to the API and CLI options.

More generally it also introduces a way to manage different types of configuration in a transparent way for the @nodesecure/ci runner by providing standardization mechanisms towards a Nsci Configuration.

Consequently here are few semantic choices that can be discussed:

  • Nsci configuration becomes the standard interface for a valid configuration in order to run the pipeline
  • External configuration becomes the standard format for every external configuration (API, CLI, .nodesecurerc). Each configuration has to implement an adapter than converts the input format of the configuration to the external configuration format.
  • Once CLI, API or .nodesecurerc configuration is adapted to the External configuration, the External configuration can be standardized and validated to the Nsci format.

Take for example:

  • cli configuration
export type CliConfig = {
  directory: string;
  strategy: Nsci.InputStrategy;
  vulnerabilities: Nsci.Severity;
  warnings: Nsci.Warnings;
  reporters: string | Nsci.ReporterTarget[];
};
  • .nodesecurerc configuration, described differently
export interface RC {
  version: string;
   i18n?: i18n.languages;
   strategy?: vuln.Strategy.Kind;
   ci?: {
     reporters?: ("console" | "html")[];
     vulnerabilities?: {
        severity?: "medium" | "high" | "critical" | "all";
     };
     warnings?: CiWarnings | Record<jsxray.kindWithValue | "unsafe-import", CiWarnings>;
   };
}

These two different configurations can be defined by the user upstream the pipeline runner but we want to abstract this
complexity for the runner which should consume a standard format agnostic of configuration changes.

For that, I propose to describe a target standard format for each of these configurations such as:

export type ExternalRuntimeConfiguration = {
  directory: string;
  strategy: Nsci.InputStrategy;
  vulnerabilities: Nsci.Severity;
  warnings: Nsci.Warnings;
  reporters: string | Nsci.ReporterTarget[];
};

Each of the config could then be converted to this format above by implementing a common adapter:

export type ExternalConfigAdapter<T> = {
  adaptToExternalConfig: (config: T) => ExternalRuntimeConfiguration;
};

Once the config is adapted to the ExternalRuntimeConfiguration, its an easy work to sanitize/validate/complete the Nsci standard configuration (check src/config/external/standardize.ts)

@antoine-coulon
chore: add @nodesecure/rc dependency
0fada65
@antoine-coulon
chore(eslint): remove id-length rule
2ca0095
@antoine-coulon
refactor: rename pipeline-run file
9c4fa60
@antoine-coulon
refactor: regroup everything related to the external configuration do…
6244af4 
…main
@antoine-coulon
refactor: colocalize nodesecurerc.ts with /config domain
e815ae5
@antoine-coulon
refactor: include standard nsci in config/internal domain
a2d2b43
@antoine-coulon
refactor: scope standard configuration in Nsci namespace
545fc67
@antoine-coulon
refactor: replace all RC occurrences with Nsci which is now considere…
5d22982 
…d as the standard runtime config for @nodesecure/ci
@antoine-coulon
feat: add NodeSecure runtime config as an External config in order to…
2083d26 
… be easily standardized to the nsci standard runtime config format
@antoine-coulon
feat: implement adapter for each type of configuration
8ea1b02
@antoine-coulon
feat: add configuration management upstream of the ci runner
a100757
@antoine-coulon antoine-coulon force-pushed the plug-runtime-configuration branch from 47a7f58 to a100757 Compare March 14, 2022 18:26
@antoine-coulon antoine-coulon force-pushed the plug-runtime-configuration branch 7 times, most recently from fcdcf9f to 2b6c240 Compare March 17, 2022 16:59
@antoine-coulon antoine-coulon force-pushed the plug-runtime-configuration branch 2 times, most recently from 73bc823 to 031159a Compare March 22, 2022 23:40
@tony-go tony-go mentioned this pull request Mar 23, 2022
Closed
tony-go
tony-go approved these changes Mar 23, 2022
View reviewed changes
Copy link
Member

@tony-go tony-go left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoine-coulon antoine-coulon force-pushed the plug-runtime-configuration branch 4 times, most recently from 189a326 to bafb80b Compare March 23, 2022 23:16
@antoine-coulon
refactor: colocalize payload interpretation spec with its own domain
326f1de
@antoine-coulon
chore: add ts-pattern dependency
24fb579
@antoine-coulon
feat: fill interpreted payload with 'error' and 'warning' warnings
0ff7c3c
@antoine-coulon
feat: add runtime configuration internal reporting
9a31bc3
@antoine-coulon
feat: improve console reporting in order to support all types of 'war…
6823054 
…nings' such as off, error, warning, object literal
@antoine-coulon
feat: enhance global warning reporting
ca0cc75
@antoine-coulon
feat: enhance outcome console reporting using a table
c3a04de
@antoine-coulon
fix: update entry point for nsci library
c6af2b6
@antoine-coulon
chore(docs): update docs
114ec46
@antoine-coulon
refactor: checkable renaming
eb94c5a
@antoine-coulon
chore(eslint): add explicit function return type
f49332c
@antoine-coulon
refactor: rename with appropriate context semantics
0865a61
@antoine-coulon
refactor: make local constant declaration uniform with 'k' prefix
2904a41
@antoine-coulon
refactor: make filter function comparisons more declarative
f761abf
@antoine-coulon
chore(docs)
8c31798
@antoine-coulon
refactor: replace promises namespace with fs/promises imports
6e2abc9
@antoine-coulon
refactor: replace conditional statements with pattern matching
55cee50
@antoine-coulon
chore: add comment to explicitly describe import type
a67133a
@antoine-coulon antoine-coulon force-pushed the plug-runtime-configuration branch from bafb80b to a67133a Compare March 24, 2022 19:10
@fraxken fraxken merged commit 7b038e2 into main Mar 26, 2022
@fraxken fraxken deleted the plug-runtime-configuration branch June 2, 2022 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fraxken fraxken fraxken left review comments

@tony-go tony-go tony-go approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@antoine-coulon @fraxken @tony-go