feat(mojaloop/#2092): upgrade nodeJS version for core services (#67)

feat(mojaloop/#2092): upgrade nodeJS version for core services - mojaloop/project#2092 - standardised CI scripts - fixed lint issues - updated .nvmrc to latest LTS version - added standard CI scripts/config to package.json: release, snapshot, standard-version, etc - updated gitignore to include test/results and IGNORE patterns - added useUnknownInCatchVariables config to tsconfig to support current code style - updated README with standard auto-release information - Fixed imports - Added 'serialize-error' to ncurc for dep:check to ignore future updates - this is because v9+ only supports ESM loaders and not CJS. This will need to be addressed in a future story. - Aligned jest config to moja standard - Cleaned up Package.json - Added 'prepublishOnly' script to package.json to ensure that dist is build prior to publishing - Updated tsconfig to latest standards Notes: - npm-audit-resolver v3.0.0-7 is a candidate release to resolve compatibility with npm v7+ as described in naugtur/npm-audit-resolver#34. This will need to be addressed going forward as `npm run audit:resolve` (i.e. `resolve-audit`) is currently not functioning. As a work-around, we need to manually run the following command `npm audit fix`. The `npm run audit:check` (i.e. `check-audit`) still works as expected. - 'serialize-error' version is fixed to v8.1.0, this is because v9+ only supports ESM loaders and not CJS. This will need to be addressed in a future story. BREAKING CHANGE: major version bump for node v16 LTS support, and re-structuring of project directories to align to core Mojaloop repositories!
mojaloop · May 19, 2022 · 6fa9f74 · 6fa9f74
1 parent f5d863a
commit 6fa9f74
Show file tree

Hide file tree

Showing 24 changed files with 17,204 additions and 7,842 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -0,0 +1,28 @@
+module.exports = {
+  parser: '@typescript-eslint/parser', // Specifies the ESLint parser
+  extends: [
+    'plugin:@typescript-eslint/recommended', // Uses the recommended rules from the @typescript-eslint/eslint-plugin
+    // Enforces ES6+ import/export syntax
+    'plugin:import/errors',
+    'plugin:import/warnings',
+    'plugin:import/typescript',
+    'prettier'
+  ],
+  parserOptions: {
+    ecmaVersion: 2018, // Allows for the parsing of modern ECMAScript features
+    sourceType: 'module' // Allows for the use of imports
+  },
+  rules: {
+    '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-var-requires': 'off'
+  },
+  overrides: [
+    {
+      // Disable some rules that we abuse in unit tests.
+      files: ['test/**/*.ts'],
+      rules: {
+        '@typescript-eslint/explicit-function-return-type': 'off'
+      }
+    }
+  ]
+}
diff --git a/.gitignore b/.gitignore
@@ -76,3 +76,9 @@ docs/
 .idea/**
 **/*.iml
 private
+
+# Ignore test results
+**/test/results/*
+
+# Ignore general
+**/*.IGNORE.*
diff --git a/.ncurc.json b/.ncurc.json
@@ -1,4 +1,5 @@
 {
   "reject": [
+    "serialize-error"
   ]
 }
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+16.15.0
diff --git a/.prettierrc.js b/.prettierrc.js
@@ -0,0 +1,7 @@
+module.exports = {
+  semi: false,
+  trailingComma: 'none',
+  singleQuote: true,
+  printWidth: 120,
+  tabWidth: 2,
+};
diff --git a/README.md b/README.md
@@ -2,7 +2,6 @@
 
 **EXPERIMENTAL** Event SDK for Clients &amp; Server implementations
 
-
 [![Git Commit](https://img.shields.io/github/last-commit/mojaloop/event-sdk.svg?style=flat)](https://github.com/mojaloop/event-sdk/commits/master)
 [![Git Releases](https://img.shields.io/github/release/mojaloop/event-sdk.svg?style=flat)](https://github.com/mojaloop/event-sdk/releases)
 [![Npm Version](https://img.shields.io/npm/v/@mojaloop/event-sdk.svg?style=flat)](https://www.npmjs.com/package/@mojaloop/event-sdk)
@@ -46,18 +45,20 @@ Edit the file in `./config/default.json` to configure the logger, or set the fol
 | `EVENT_SDK_TRACEID_PER_VENDOR` | If enabled, when vendor of the parent span is different from the vendor set by `EVENT_SDK_VENDOR_PREFIX` the traceId will be new and the parent traceId will be stored as a tag: `corelationTraceId` . Otherwise, the traceId is persisted. | `false` | `true`, `false` |
 
 ## Tracestate format and methods
+
 _Note: Tags in the tracestate are supported from version [v9.4.1](https://github.com/mojaloop/event-sdk/releases/tag/v9.4.1). Since [v9.5.2](https://github.com/mojaloop/event-sdk/releases/tag/v9.5.2) tracestate is base64 encoded string. To be able to use the tracestate correctly accross all services, they should have same version of event-sdk and [central-services-shared](https://github.com/mojaloop/central-services-shared) librarires._
 
 ### Format
+
 Tracestate header can be used to preserve vendor specific information across various connected systems in multivendor setup. The  format is according to the [w3c specifications](https://github.com/w3c/trace-context/blob/master/spec/20-http_header_format.md#tracestate-header).
 Tracestate header example value: `acmevendor=eyJzcGFuSWQiOiI2Njg2Nzk1MDBiMGUzYzQwIiwgInRyYW5zZmVyX3R4X21zOjE1OTA0MDc0NjUifQ==`, where the vendor is `acmevendor` and the value is base64 encoded key value pair as `spanId` key is set automatically. When decoded:  `{"spanId":"668679500b0e3c40", "transfer_tx_ms:1590407465"}`
 
 ### Methods to access the tracestate are:
+
 * setTracestateTags - sets user tags into the tracestate
 * getTracestates - Returns the tracestates object per vendor, as configured vendor tracestate is decoded key value pair with tags
 * getTracestateTags - Returns the tracestate tags for the configured vendor as key value pairs
 
-
 ## Current Supported Events
 
 | eventType | eventAction | Description |
@@ -80,3 +81,51 @@ Tracestate header example value: `acmevendor=eyJzcGFuSWQiOiI2Njg2Nzk1MDBiMGUzYzQ
 Instrumented services should be part of a configuration which includes the [event sidecar](https://github.com/mojaloop/event-sidecar) and [event-streaming-processor](https://github.com/mojaloop/event-streaming-processor). Detailed architecture overview can be found [here](https://docs.mojaloop.io/documentation/mojaloop-technical-overview/event-framework/)
 
 Examples of usage of the SDK can be found in the `src/examples` directory of this repo: [Javascript example](src/examples/js_app.js) and [TypeScript example](src/examples/ts_app.ts).
+
+## Auditing Dependencies
+
+We use `npm-audit-resolver` along with `npm audit` to check dependencies for vulnerabilities, and keep track of resolved dependencies with an `audit-resolv.json` file.
+
+To start a new resolution process, run:
+
+```bash
+npm run audit:resolve
+```
+
+You can then check to see if the CI will pass based on the current dependencies with:
+
+```bash
+npm run audit:check
+```
+
+And commit the changed `audit-resolv.json` to ensure that CircleCI will build correctly.
+
+## Automated Releases
+
+As part of our CI/CD process, we use a combination of CircleCI, standard-version
+npm package and github-release CircleCI orb to automatically trigger our releases
+and image builds. This process essentially mimics a manual tag and release.
+
+On a merge to master, CircleCI is configured to use the mojaloopci github account
+to push the latest generated CHANGELOG and package version number.
+
+Once those changes are pushed, CircleCI will pull the updated master, tag and
+push a release triggering another subsequent build that also publishes a docker image.
+
+### Potential problems
+
+* There is a case where the merge to master workflow will resolve successfully, triggering
+  a release. Then that tagged release workflow subsequently failing due to the image scan,
+  audit check, vulnerability check or other "live" checks.
+
+  This will leave master without an associated published build. Fixes that require
+  a new merge will essentially cause a skip in version number or require a clean up
+  of the master branch to the commit before the CHANGELOG and bump.
+
+  This may be resolved by relying solely on the previous checks of the
+  merge to master workflow to assume that our tagged release is of sound quality.
+  We are still mulling over this solution since catching bugs/vulnerabilities/etc earlier
+  is a boon.
+
+* It is unknown if a race condition might occur with multiple merges with master in
+  quick succession, but this is a suspected edge case.
diff --git a/audit-resolve.json b/audit-resolve.json
@@ -73,6 +73,11 @@
       "decision": "ignore",
       "madeAt": 1648572159174,
       "expiresAt": 1651164155341
+    },
+    "1070275|ansi-regex": {
+      "decision": "ignore",
+      "madeAt": 1652949458605,
+      "expiresAt": 1655541454321
     }
   },
   "rules": {},

diff --git a/jest.config.js b/jest.config.js
@@ -1,8 +1,15 @@
 module.exports = {
   displayName: 'tsc',
+  testMatch: [
+    '**/test/unit/**/*.test.ts'
+  ],
   transform: {
-    ".(ts)": "ts-jest"
+    '^.+\\.ts$': 'ts-jest',
   },
+  transformIgnorePatterns: [
+    '^.+\\.json$',
+    'jest.config.js'
+  ],
   moduleFileExtensions: ['ts', 'js', 'json', 'node'],
   verbose: true,
   coverageThreshold: {