chore(mojaloop/#3439): nodejs upgrade (#97)

* chore(mojaloop/#3439): nodejs upgrade * fix: fix dockerfile and correct dependencies * ci: remove unused test jobs * ci: remove orphan filters * chore: upgrade dependenncies * Update .circleci/config.yml * update ci reports for unit tests * update ci reports command * add .versionrc file
mojaloop · Sep 14, 2023 · a51ea79 · a51ea79
1 parent 2bec711
commit a51ea79
Show file tree

Hide file tree

Showing 8 changed files with 4,422 additions and 17,243 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-16.15.0
+18.17.1
diff --git a/.versionrc b/.versionrc
@@ -0,0 +1,15 @@
+{
+  "types": [
+    {"type": "feat", "section": "Features"},
+    {"type": "fix", "section": "Bug Fixes"},
+    {"type": "docs", "section": "Documentation"},
+    {"type": "style", "section": "Styling"},
+    {"type": "refactor", "section": "Refactors"},
+    {"type": "perf", "section": "Performance"},
+    {"type": "test", "section": "Tests"},
+    {"type": "build", "section": "Build System"},
+    {"type": "ci", "section": "CI"},
+    {"type": "chore", "section": "Chore"},
+    {"type": "revert", "section": "Reverts"}
+  ]
+}
diff --git a/Dockerfile b/Dockerfile
@@ -1,31 +1,43 @@
-FROM node:16.15.0-alpine as builder
-USER root
-
-WORKDIR /opt/app/
-
-RUN apk add --no-cache -t build-dependencies git make gcc g++ python3 libtool autoconf automake \
-    && cd $(npm root -g)/npm \
-    && npm config set unsafe-perm true \
-    && npm install -g node-gyp
+# Arguments
+ARG NODE_VERSION=lts-alpine
+
+# NOTE: Ensure you set NODE_VERSION Build Argument as follows...
+#
+#  export NODE_VERSION="$(cat .nvmrc)-alpine" \
+#  docker build \
+#    --build-arg NODE_VERSION=$NODE_VERSION \
+#    -t mojaloop/sdk-scheme-adapter:local \
+#    . \
+#
+
+# Build Image
+FROM node:${NODE_VERSION} as builder
+WORKDIR /opt/app
+
+RUN apk --no-cache add git
+RUN apk add --no-cache -t build-dependencies make gcc g++ python3 libtool openssl-dev autoconf automake bash \
+    && cd $(npm root -g)/npm
 
 COPY package.json package-lock.json* /opt/app/
+
 RUN npm ci
 
 COPY src /opt/app/src
 COPY config /opt/app/config
+COPY test /opt/app/test
 
-FROM node:16.15.0-alpine
-WORKDIR /opt/app/
+FROM node:${NODE_VERSION}
+WORKDIR /opt/app
 
 # Create empty log file & link stdout to the application log file
 RUN mkdir ./logs && touch ./logs/combined.log
 RUN ln -sf /dev/stdout ./logs/combined.log
 
-# Create a non-root user: app-user
-RUN adduser -D app-user
-USER app-user
+# Create a non-root user: ml-user
+RUN adduser -D ml-user 
+USER ml-user
 
-COPY --chown=app-user --from=builder /opt/app/ .
+COPY --chown=ml-user --from=builder /opt/app .
 RUN npm prune --production
 
 EXPOSE 4001

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Transaction Requests Service
 
-[![Git Commit](https://img.shields.io/github/last-commit/mojaloop/transaction-requests-service.svg?style=flat)](https://github.com/mojaloop/transaction-requests-service/commits/master)
+[![Git Commit](https://img.shields.io/github/last-commit/mojaloop/transaction-requests-service.svg?style=flat)](https://github.com/mojaloop/transaction-requests-service/commits/main)
 [![Git Releases](https://img.shields.io/github/release/mojaloop/transaction-requests-service.svg?style=flat)](https://github.com/mojaloop/transaction-requests-service/releases)
 [![Docker pulls](https://img.shields.io/docker/pulls/mojaloop/transaction-requests-service.svg?style=flat)](https://hub.docker.com/r/mojaloop/transaction-requests-service)
 [![CircleCI](https://circleci.com/gh/mojaloop/transaction-requests-service.svg?style=svg)](https://circleci.com/gh/mojaloop/transaction-requests-service)
@@ -22,12 +22,12 @@
 
 ## Auditing Dependencies
 
-We use `npm-audit-resolver` along with `npm audit` to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an `audit-resolve.json` file.
+We use `audit-ci` along with `npm audit` to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an `audit-ci.jsonc` file.
 
 To start a new resolution process, run:
 
 ```bash
-npm run audit:resolve
+npm run audit:fix
 ```
 
 You can then check to see if the CI will pass based on the current dependencies with:
@@ -36,7 +36,7 @@ You can then check to see if the CI will pass based on the current dependencies
 npm run audit:check
 ```
 
-And commit the changed `audit-resolve.json` to ensure that CircleCI will build correctly.
+The [audit-ci.jsonc](./audit-ci.jsonc) contains any audit-exceptions that cannot be fixed to ensure that CircleCI will build correctly.
 
 ## Container Scans
 
@@ -55,28 +55,28 @@ As part of our CI/CD process, we use a combination of CircleCI, standard-version
 npm package and github-release CircleCI orb to automatically trigger our releases
 and image builds. This process essentially mimics a manual tag and release.
 
-On a merge to master, CircleCI is configured to use the mojaloopci github account
+On a merge to main, CircleCI is configured to use the mojaloopci github account
 to push the latest generated CHANGELOG and package version number.
 
-Once those changes are pushed, CircleCI will pull the updated master, tag and
+Once those changes are pushed, CircleCI will pull the updated main, tag and
 push a release triggering another subsequent build that also publishes a docker image.
 
 ### Potential problems
 
-- There is a case where the merge to master workflow will resolve successfully, triggering
+- There is a case where the merge to main workflow will resolve successfully, triggering
   a release. Then that tagged release workflow subsequently failing due to the image scan,
   audit check, vulnerability check or other "live" checks.
 
-  This will leave master without an associated published build. Fixes that require
+  This will leave main without an associated published build. Fixes that require
   a new merge will essentially cause a skip in version number or require a clean up
-  of the master branch to the commit before the CHANGELOG and bump.
+  of the main branch to the commit before the CHANGELOG and bump.
 
   This may be resolved by relying solely on the previous checks of the
-  merge to master workflow to assume that our tagged release is of sound quality.
+  merge to main workflow to assume that our tagged release is of sound quality.
   We are still mulling over this solution since catching bugs/vulnerabilities/etc earlier
   is a boon.
 
-- It is unknown if a race condition might occur with multiple merges with master in
+- It is unknown if a race condition might occur with multiple merges with main in
   quick succession, but this is a suspected edge case.
 
 ## Additional Notes

diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -13,6 +13,8 @@
     "GHSA-g954-5hwp-pp24",
     "GHSA-rjqq-98f6-6j3r",
     "GHSA-mjxr-4v3x-q3m4",
-    "GHSA-p9pc-299p-vxgp"
+    "GHSA-p9pc-299p-vxgp",
+    "GHSA-h755-8qp9-cq85",
+    "GHSA-f9xv-q969-pqx4"
   ]
 }