fix(mojaloop/#2439): quoting-service-model.validatequoterequest-doesn…

…t-perform-correct-validation (#280)

fix([mojaloop/#2439](mojaloop/project#2439)): quoting-service model.validateQuoteRequest doesn't perform correct validation when simpleRoutingMode is TRUE
- added typesafe checks for validate quote request logic
- added devspace patterns to gitignore
- minor formatting of the serverStart unit tests for clarity
- updated dependencies to latest version
- added circleci config for automated releases
- added standard-version dependency for automated releases
- fixed audit resolve issues:
```text
--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
```
> Outcome: Fixed

```text
--------------------------------------------------
 yargs-parser needs your attention.

[ low ] Prototype Pollution
 vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
 - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser
```
> Outcome: Ignored for a week
> Impact: Minimal as the dependencies are used for the Developer Documentation end-point

```text
--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
```
> Outcome: Ignored for a week
> Impact: Minimal as the dependencies are used for the Developer Documentation end-point

.circleci/config.yml

@@ -11,6 +11,7 @@ orbs:
   deploy-kube: mojaloop/deployment@0.1.6
   slack: circleci/slack@3.4.2
   pr-tools: mojaloop/pr-tools@0.1.10
+  github-release: h-matsuo/github-release@0.1.3
 
 ##
 # defaults
@@ -314,6 +315,72 @@ jobs:
           fail_only: true
           webhook: "$SLACK_WEBHOOK_ANNOUNCMENT_CI_CD"
           failure_message: 'Deployment failed for: \`"${DOCKER_ORG}/${CIRCLE_PROJECT_REPONAME}:${CIRCLE_TAG}"\`'
+
+  release:
+    executor: default-docker
+    steps:
+      - run:
+          name: Install general dependencies
+          command: *defaults_Dependencies
+      - checkout
+      - restore_cache:
+          keys:
+          - dependency-cache-{{ .Environment.CIRCLE_SHA1 }}
+      - run:
+          name: Configure git
+          command: |
+            git config user.email ${GIT_CI_EMAIL}
+            git config user.name ${GIT_CI_USER}
+            git checkout ${CIRCLE_BRANCH}
+      - run:
+          name: Configure ssh
+          command: |
+            mkdir -p ~/.ssh
+            ssh-keyscan -p 443 ssh.github.com >> ~/.ssh/known_hosts
+            ssh-keyscan github.com >> ~/.ssh/known_hosts
+      - run:
+          name: Generate changelog and bump package version
+          command: npm run release
+      - run:
+          name: Push the release
+          command: git push --follow-tags origin ${CIRCLE_BRANCH}
+
+  github-release:
+    executor: default-machine
+    steps:
+      - run:
+          name: Install git
+          command: |
+            sudo apt-get update && sudo apt-get install -y git
+      - checkout
+      - run:
+          name: Fetch updated release branch
+          command: |
+            git config user.email ${GIT_CI_EMAIL}
+            git config user.name ${GIT_CI_USER}
+            git fetch origin
+            git checkout origin/${CIRCLE_BRANCH}
+      - run:
+          # Note: this is rather imperfect, but will do for now
+          name: Format the changelog into the github release body and get release tag
+          command: |
+            git diff --no-indent-heuristic master~1 HEAD CHANGELOG.md | sed -n '/^+[^+]/ s/^+//p' > /tmp/changes
+            echo 'export RELEASE_CHANGES=`cat /tmp/changes`' >> $BASH_ENV
+            echo 'export RELEASE_TAG=`cat package-lock.json | jq -r .version`' >> $BASH_ENV
+      - run:
+          name: check the release changes
+          command: |
+            echo "Changes are: ${RELEASE_CHANGES}"
+      - github-release/create:
+          github-token-variable: ${GITHUB_TOKEN}
+          tag: v${RELEASE_TAG}
+          title: v${RELEASE_TAG} Release
+          description: ${RELEASE_CHANGES}
+          file-path: CHANGELOG.md
+      - slack/status:
+          webhook: "$SLACK_WEBHOOK_ANNOUNCEMENT"
+          success_message: '*"${CIRCLE_PROJECT_REPONAME}"* - Release \`"v${RELEASE_TAG}"\` \nhttps://github.com/mojaloop/"${CIRCLE_PROJECT_REPONAME}"/releases/tag/"v${RELEASE_TAG}"'
+
 ##
 # Workflows
 #
@@ -411,24 +478,49 @@ workflows:
             branches:
               ignore:
                 - /.*/
-      - publish:
+      # New commits to master release automatically
+      - release:
           context: org-global
           requires:
+            - pr-tools/pr-title-check
+            - test-unit
+            - test-coverage
+            - vulnerability-check
+            - audit-licenses
             - license-scan
             - image-scan
           filters:
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(\-snapshot)?(\-hotfix(\.[0-9]+))?/
             branches:
-              ignore:
-                - /.*/
-      - deploy:
+              only:
+                - master
+                - /release\/v.*/
+      - github-release:
+          context: org-global
+          requires:
+            - release
+          filters:
+            branches:
+              only:
+                - master
+                - /release\/v.*/
+      - publish:
           context: org-global
           requires:
-            - publish
+            - license-scan
+            - image-scan
           filters:
             tags:
-              only: /v[0-9]+(\.[0-9]+)*(\-snapshot)?/
+              only: /v[0-9]+(\.[0-9]+)*(\-snapshot)?(\-hotfix(\.[0-9]+))?/
             branches:
               ignore:
-                - /.*/
+                - /.*/
+      # - deploy:
+      #     context: org-global
+      #     requires:
+      #       - publish
+      #     filters:
+      #       tags:
+      #         only: /v[0-9]+(\.[0-9]+)*(\-snapshot)?/
+      #       branches:
+      #         ignore:
+      #           - /.*/

.gitignore

@@ -79,3 +79,7 @@ typings/
 # MacOs
 .[Dd][Ss]_[Ss]tore
 .notes.md
+
+# https://devspace.sh/
+devspace*
+.devspace/**.*

audit-resolve.json

@@ -18,18 +18,18 @@
     },
     "1500|@mojaloop/central-services-shared>widdershins>yargs>yargs-parser": {
       "decision": "ignore",
-      "madeAt": 1629379814043,
-      "expiresAt": 1629984609093
+      "madeAt": 1630492434834,
+      "expiresAt": 1631097196218
     },
     "1675|@mojaloop/central-services-shared>shins>sanitize-html": {
       "decision": "ignore",
-      "madeAt": 1629379816711,
-      "expiresAt": 1629984609093
+      "madeAt": 1630492438539,
+      "expiresAt": 1631097196218
     },
     "1676|@mojaloop/central-services-shared>shins>sanitize-html": {
       "decision": "ignore",
-      "madeAt": 1629379816711,
-      "expiresAt": 1629984609093
+      "madeAt": 1630492438539,
+      "expiresAt": 1631097196218
     },
     "1693|@mojaloop/central-services-shared>shins>sanitize-html>postcss": {
       "decision": "ignore",
@@ -43,6 +43,14 @@
     "1771|@mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar": {
       "decision": "fix",
       "madeAt": 1628694530974
+    },
+    "1780|@mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar": {
+      "decision": "fix",
+      "madeAt": 1630492425076
+    },
+    "1781|@mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar": {
+      "decision": "fix",
+      "madeAt": 1630492425076
     }
   },
   "rules": {},