From cbec6fe9782aff91e3b9bbec6f790f31d13a7192 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Tue, 12 Mar 2019 21:38:13 +0200 Subject: [PATCH 01/15] Making a difference between NodeJS runtimes we need to make CLI be capable to offer various Node runtimes: - 8 - 10 - 11 This PR adds multistage base images: - 8 and 8-dev - 10 and 10-dev - 11 and 11-dev --- images/build_image/10/Dockerfile | 1 + images/build_image/11/Dockerfile | 1 + images/build_image/8/Dockerfile | 1 + images/run_image/10/Dockerfile | 1 + images/run_image/11/Dockerfile | 1 + images/run_image/8/Dockerfile | 1 + 6 files changed, 6 insertions(+) create mode 100644 images/build_image/10/Dockerfile create mode 100644 images/build_image/11/Dockerfile create mode 100644 images/build_image/8/Dockerfile create mode 100644 images/run_image/10/Dockerfile create mode 100644 images/run_image/11/Dockerfile create mode 100644 images/run_image/8/Dockerfile diff --git a/images/build_image/10/Dockerfile b/images/build_image/10/Dockerfile new file mode 100644 index 0000000..ae76e1d --- /dev/null +++ b/images/build_image/10/Dockerfile @@ -0,0 +1 @@ +FROM node:10-stretch diff --git a/images/build_image/11/Dockerfile b/images/build_image/11/Dockerfile new file mode 100644 index 0000000..7014001 --- /dev/null +++ b/images/build_image/11/Dockerfile @@ -0,0 +1 @@ +FROM node:11-stretch diff --git a/images/build_image/8/Dockerfile b/images/build_image/8/Dockerfile new file mode 100644 index 0000000..3a94bb7 --- /dev/null +++ b/images/build_image/8/Dockerfile @@ -0,0 +1 @@ +FROM node:8-stretch diff --git a/images/run_image/10/Dockerfile b/images/run_image/10/Dockerfile new file mode 100644 index 0000000..b2890e9 --- /dev/null +++ b/images/run_image/10/Dockerfile @@ -0,0 +1 @@ +FROM node:10-stretch-slim diff --git a/images/run_image/11/Dockerfile b/images/run_image/11/Dockerfile new file mode 100644 index 0000000..92286bc --- /dev/null +++ b/images/run_image/11/Dockerfile @@ -0,0 +1 @@ +FROM node:11-stretch-slim diff --git a/images/run_image/8/Dockerfile b/images/run_image/8/Dockerfile new file mode 100644 index 0000000..4185823 --- /dev/null +++ b/images/run_image/8/Dockerfile @@ -0,0 +1 @@ +FROM node:8-stretch-slim From f7d75e30bd0dff95375a1b7fcb51d5c937acc5c7 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Thu, 18 Apr 2019 23:18:51 +0300 Subject: [PATCH 02/15] Adding Snyk security checks all runtimes and dev images would be inspected during each build --- .circleci/config.yml | 24 +++++++++++++++++++++++- build-images.sh | 13 +++++++++++++ images/build-stage/10/Dockerfile | 3 +++ images/build-stage/11/Dockerfile | 3 +++ images/build-stage/8/Dockerfile | 3 +++ images/build_image/10/Dockerfile | 1 - images/build_image/11/Dockerfile | 1 - images/build_image/8/Dockerfile | 1 - images/run_image/10/Dockerfile | 1 - images/run_image/11/Dockerfile | 1 - images/run_image/8/Dockerfile | 1 - images/runtime/10/Dockerfile | 6 ++++++ images/runtime/11/Dockerfile | 6 ++++++ images/runtime/8/Dockerfile | 6 ++++++ release_images.sh | 16 ++++++++++++++++ test-images.sh | 8 ++++++++ 16 files changed, 87 insertions(+), 7 deletions(-) create mode 100755 build-images.sh create mode 100644 images/build-stage/10/Dockerfile create mode 100644 images/build-stage/11/Dockerfile create mode 100644 images/build-stage/8/Dockerfile delete mode 100644 images/build_image/10/Dockerfile delete mode 100644 images/build_image/11/Dockerfile delete mode 100644 images/build_image/8/Dockerfile delete mode 100644 images/run_image/10/Dockerfile delete mode 100644 images/run_image/11/Dockerfile delete mode 100644 images/run_image/8/Dockerfile create mode 100644 images/runtime/10/Dockerfile create mode 100644 images/runtime/11/Dockerfile create mode 100644 images/runtime/8/Dockerfile create mode 100644 release_images.sh create mode 100755 test-images.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 8d9d7ae..60cfb5a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,8 @@ version: 2 jobs: build: - machine: true + docker: + - image: circleci/node working_directory: ~/go/src/github.com/fnproject/fdk-node # docker: # - image: node:9 @@ -12,10 +13,27 @@ jobs: node --version npm --version - checkout + - run: + command: | + npm -v + sudo npm install -g snyk - run: name: "test" command: | ./test.sh + - run: + command: | + ./build-images.sh 8 + ./test-images.sh 8 + - run: + command: | + ./build-images.sh 10 + ./test-images.sh 10 + - run: + command: | + ./build-images.sh 11 + ./test-images.sh 11 + # TODO: run npm test - deploy: command: | @@ -27,4 +45,8 @@ jobs: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc ./release.sh rm -f .npmrc + ./build-images.sh 8 + ./build-images.sh 10 + ./build-images.sh 11 + ./release_images.sh fi diff --git a/build-images.sh b/build-images.sh new file mode 100755 index 0000000..ad67f4a --- /dev/null +++ b/build-images.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +set -ex + +nodeversion=${1:-"8"} +pushd images && \ + pushd build-stage && \ + pushd ${nodeversion} && docker build -t fnproject/node:${nodeversion}-dev .; popd && \ + popd && \ + + pushd runtime && \ + pushd ${nodeversion} && docker build -t fnproject/node:${nodeversion} .; popd && \ + popd && \ +popd diff --git a/images/build-stage/10/Dockerfile b/images/build-stage/10/Dockerfile new file mode 100644 index 0000000..34f48b1 --- /dev/null +++ b/images/build-stage/10/Dockerfile @@ -0,0 +1,3 @@ +FROM node:10-stretch + +RUN apt-get update && apt-get upgrade -qy && apt-get clean diff --git a/images/build-stage/11/Dockerfile b/images/build-stage/11/Dockerfile new file mode 100644 index 0000000..d8808bf --- /dev/null +++ b/images/build-stage/11/Dockerfile @@ -0,0 +1,3 @@ +FROM node:11-stretch + +RUN apt-get update && apt-get upgrade -qy && apt-get clean diff --git a/images/build-stage/8/Dockerfile b/images/build-stage/8/Dockerfile new file mode 100644 index 0000000..96f8839 --- /dev/null +++ b/images/build-stage/8/Dockerfile @@ -0,0 +1,3 @@ +FROM node:8-stretch + +RUN apt-get update && apt-get upgrade -qy && apt-get clean diff --git a/images/build_image/10/Dockerfile b/images/build_image/10/Dockerfile deleted file mode 100644 index ae76e1d..0000000 --- a/images/build_image/10/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM node:10-stretch diff --git a/images/build_image/11/Dockerfile b/images/build_image/11/Dockerfile deleted file mode 100644 index 7014001..0000000 --- a/images/build_image/11/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM node:11-stretch diff --git a/images/build_image/8/Dockerfile b/images/build_image/8/Dockerfile deleted file mode 100644 index 3a94bb7..0000000 --- a/images/build_image/8/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM node:8-stretch diff --git a/images/run_image/10/Dockerfile b/images/run_image/10/Dockerfile deleted file mode 100644 index b2890e9..0000000 --- a/images/run_image/10/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM node:10-stretch-slim diff --git a/images/run_image/11/Dockerfile b/images/run_image/11/Dockerfile deleted file mode 100644 index 92286bc..0000000 --- a/images/run_image/11/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM node:11-stretch-slim diff --git a/images/run_image/8/Dockerfile b/images/run_image/8/Dockerfile deleted file mode 100644 index 4185823..0000000 --- a/images/run_image/8/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM node:8-stretch-slim diff --git a/images/runtime/10/Dockerfile b/images/runtime/10/Dockerfile new file mode 100644 index 0000000..ad03b7e --- /dev/null +++ b/images/runtime/10/Dockerfile @@ -0,0 +1,6 @@ +FROM node:10-stretch-slim + +RUN apt-get update && apt-get upgrade -qy && apt-get clean +# for some reason i see this: +# addgroup: The GID `1000' is already in use. +RUN addgroup --system --gid 1001 --system fn && adduser --system --uid 1001 --ingroup fn fn diff --git a/images/runtime/11/Dockerfile b/images/runtime/11/Dockerfile new file mode 100644 index 0000000..572ea99 --- /dev/null +++ b/images/runtime/11/Dockerfile @@ -0,0 +1,6 @@ +FROM node:11-stretch-slim + +RUN apt-get update && apt-get upgrade -qy && apt-get clean +# for some reason i see this: +# addgroup: The GID `1000' is already in use. +RUN addgroup --system --gid 1001 --system fn && adduser --system --uid 1001 --ingroup fn fn diff --git a/images/runtime/8/Dockerfile b/images/runtime/8/Dockerfile new file mode 100644 index 0000000..bfa77b5 --- /dev/null +++ b/images/runtime/8/Dockerfile @@ -0,0 +1,6 @@ +FROM node:8-stretch-slim + +RUN apt-get update && apt-get upgrade -qy && apt-get clean +# for some reason i see this: +# addgroup: The GID `1000' is already in use. +RUN addgroup --system --gid 1001 --system fn && adduser --system --uid 1001 --ingroup fn fn diff --git a/release_images.sh b/release_images.sh new file mode 100644 index 0000000..b699a73 --- /dev/null +++ b/release_images.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +user="fnproject" +image="node" +runtime8="8" +runtime10="10" +runtime11="11" + +docker push ${user}/${image}:${runtime8} +docker push ${user}/${image}:${runtime8}-dev + +docker push ${user}/${image}:${runtime10} +docker push ${user}/${image}:${runtime10}-dev + +docker push ${user}/${image}:${runtime11} +docker push ${user}/${image}:${runtime11}-dev diff --git a/test-images.sh b/test-images.sh new file mode 100755 index 0000000..ad96dd7 --- /dev/null +++ b/test-images.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -xe + +nodeversion=${1:-"8"} + +SNYK_TOKEN=${SNYK_TOKEN} snyk test --docker fnproject/node:${nodeversion}-dev --file=images/build-stage/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 +SNYK_TOKEN=${SNYK_TOKEN} snyk test --docker fnproject/node:${nodeversion} --file=images/runtime/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 From 416e188158ea1363366da41b7138b5beba602526 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Thu, 18 Apr 2019 23:21:47 +0300 Subject: [PATCH 03/15] Enable docker in CI builds --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 60cfb5a..c765f4f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,9 +4,9 @@ jobs: docker: - image: circleci/node working_directory: ~/go/src/github.com/fnproject/fdk-node - # docker: - # - image: node:9 steps: + - setup_remote_docker: + docker_layer_caching: true - run: name: "Checking Versions" command: | From 0efc01b3d0b671ac203b392adb0f3a8fe2d825e8 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Thu, 18 Apr 2019 23:26:03 +0300 Subject: [PATCH 04/15] adjust test commands for running them in docker --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c765f4f..12c59de 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,12 +15,12 @@ jobs: - checkout - run: command: | - npm -v sudo npm install -g snyk - run: name: "test" command: | - ./test.sh + npm install + npm run test - run: command: | ./build-images.sh 8 From bef5cc61ca2bbde0fbb2b56c030bbb7c9741ab82 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Thu, 18 Apr 2019 23:58:13 +0300 Subject: [PATCH 05/15] hide snyk token --- test-images.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test-images.sh b/test-images.sh index ad96dd7..03fffc9 100755 --- a/test-images.sh +++ b/test-images.sh @@ -4,5 +4,5 @@ set -xe nodeversion=${1:-"8"} -SNYK_TOKEN=${SNYK_TOKEN} snyk test --docker fnproject/node:${nodeversion}-dev --file=images/build-stage/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 -SNYK_TOKEN=${SNYK_TOKEN} snyk test --docker fnproject/node:${nodeversion} --file=images/runtime/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 +snyk test --docker fnproject/node:${nodeversion}-dev --file=images/build-stage/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 +snyk test --docker fnproject/node:${nodeversion} --file=images/runtime/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 From 48ee61011267ae28a4ac1a226ce55f246ff7a93c Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Fri, 19 Apr 2019 14:26:54 +0300 Subject: [PATCH 06/15] Try Anchore that is built-in into CircleCI --- .circleci/config.yml | 59 +++++++++++++++++++++++++++++++++----------- test-images.sh | 8 ------ 2 files changed, 44 insertions(+), 23 deletions(-) delete mode 100755 test-images.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 12c59de..2bfd2f1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,4 +1,4 @@ -version: 2 +version: 2.1 jobs: build: docker: @@ -21,20 +21,6 @@ jobs: command: | npm install npm run test - - run: - command: | - ./build-images.sh 8 - ./test-images.sh 8 - - run: - command: | - ./build-images.sh 10 - ./test-images.sh 10 - - run: - command: | - ./build-images.sh 11 - ./test-images.sh 11 - - # TODO: run npm test - deploy: command: | if [[ "${CIRCLE_BRANCH}" == "master" && -z "${CIRCLE_PR_REPONAME}" ]]; then @@ -50,3 +36,46 @@ jobs: ./build-images.sh 11 ./release_images.sh fi + local_image_scan: + executor: anchore/anchore_engine + working_directory: ~/go/src/github.com/fnproject/fdk-node + steps: + - checkout + - run: + name: Node.JS 8 build + command: | + ./build-images.sh 8 + - anchore/analyze_local_image: + image_name: fnproject/node:8-dev + timeout: '500' + analysis_fail: True + - anchore/analyze_local_image: + image_name: fnproject/node:8 + timeout: '500' + analysis_fail: True + + - run: + name: Node.JS 10 build + command: | + ./build-images.sh 10 + - anchore/analyze_local_image: + image_name: fnproject/node:10-dev + timeout: '500' + analysis_fail: True + - anchore/analyze_local_image: + image_name: fnproject/node:10 + timeout: '500' + analysis_fail: True + + - run: + name: Node.JS 11 build + command: | + ./build-images.sh 11 + - anchore/analyze_local_image: + image_name: fnproject/node:11-dev + timeout: '500' + analysis_fail: True + - anchore/analyze_local_image: + image_name: fnproject/node:11 + timeout: '500' + analysis_fail: True diff --git a/test-images.sh b/test-images.sh deleted file mode 100755 index 03fffc9..0000000 --- a/test-images.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -set -xe - -nodeversion=${1:-"8"} - -snyk test --docker fnproject/node:${nodeversion}-dev --file=images/build-stage/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 -snyk test --docker fnproject/node:${nodeversion} --file=images/runtime/${nodeversion}/Dockerfile --json | docker run --rm -i denismakogon/snyk-filter:0.0.6 From 6ba59f8aeb66f12219d3ca6023af689466a9a022 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Fri, 19 Apr 2019 14:38:44 +0300 Subject: [PATCH 07/15] adjust ci config --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2bfd2f1..7209433 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,4 +1,6 @@ version: 2.1 +orbs: + anchore-engine: anchore/anchore-engine@1.2.0 jobs: build: docker: From cd60aee6e2be6f80a29b40b968e8b29cae510cec Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Fri, 19 Apr 2019 18:07:57 +0300 Subject: [PATCH 08/15] commit to retrigger build --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7209433..d0c8b11 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -43,6 +43,7 @@ jobs: working_directory: ~/go/src/github.com/fnproject/fdk-node steps: - checkout + - run: name: Node.JS 8 build command: | From b16ddd5ab088649b38b0ffc1703ea35e199c23c2 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Fri, 19 Apr 2019 18:12:30 +0300 Subject: [PATCH 09/15] defining the workflow for the CI --- .circleci/config.yml | 47 ++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d0c8b11..a30adea 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,8 +1,11 @@ version: 2.1 + orbs: - anchore-engine: anchore/anchore-engine@1.2.0 + anchore: anchore/anchore-engine@1.2.0 + jobs: - build: + + "fdk": docker: - image: circleci/node working_directory: ~/go/src/github.com/fnproject/fdk-node @@ -15,9 +18,6 @@ jobs: node --version npm --version - checkout - - run: - command: | - sudo npm install -g snyk - run: name: "test" command: | @@ -38,12 +38,11 @@ jobs: ./build-images.sh 11 ./release_images.sh fi - local_image_scan: + "node8_security_check": executor: anchore/anchore_engine working_directory: ~/go/src/github.com/fnproject/fdk-node steps: - checkout - - run: name: Node.JS 8 build command: | @@ -51,12 +50,18 @@ jobs: - anchore/analyze_local_image: image_name: fnproject/node:8-dev timeout: '500' - analysis_fail: True + policy_failure: true - anchore/analyze_local_image: image_name: fnproject/node:8 timeout: '500' - analysis_fail: True + policy_failure: true + - anchore/parse_reports + "node10_security_check": + executor: anchore/anchore_engine + working_directory: ~/go/src/github.com/fnproject/fdk-node + steps: + - checkout - run: name: Node.JS 10 build command: | @@ -64,12 +69,18 @@ jobs: - anchore/analyze_local_image: image_name: fnproject/node:10-dev timeout: '500' - analysis_fail: True + policy_failure: true - anchore/analyze_local_image: image_name: fnproject/node:10 timeout: '500' - analysis_fail: True + policy_failure: true + - anchore/parse_reports + "node11_security_check": + executor: anchore/anchore_engine + working_directory: ~/go/src/github.com/fnproject/fdk-node + steps: + - checkout - run: name: Node.JS 11 build command: | @@ -77,8 +88,18 @@ jobs: - anchore/analyze_local_image: image_name: fnproject/node:11-dev timeout: '500' - analysis_fail: True + policy_failure: true - anchore/analyze_local_image: image_name: fnproject/node:11 timeout: '500' - analysis_fail: True + policy_failure: true + - anchore/parse_reports + +workflows: + version: 2 + build: + jobs: + - "fdk" + - "node8_security_check" + - "node10_security_check" + - "node11_security_check" From e4e29b6881a69a0144145ac253ab69522ef286bb Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Fri, 19 Apr 2019 23:33:07 +0300 Subject: [PATCH 10/15] Adding anchore policy bundle --- .circleci/.anchore/policy_bundle.json | 33 +++++++++++++++++++++++++++ .circleci/config.yml | 16 ++++++++----- 2 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 .circleci/.anchore/policy_bundle.json diff --git a/.circleci/.anchore/policy_bundle.json b/.circleci/.anchore/policy_bundle.json new file mode 100644 index 0000000..9d58e61 --- /dev/null +++ b/.circleci/.anchore/policy_bundle.json @@ -0,0 +1,33 @@ +{ + "id": "default0", + "version": "1_0", + "name": "My Default bundle", + "comment": "My system's default bundle", + "whitelisted_images": [], + "blacklisted_images": [], + "mappings": [], + "whitelists": [], + "policies": [ + { + "name": "IgnoreUnfixablePkgs", + "version": "1_0", + "comment": "Policy for basic checks", + "id": "ba6daa06-da3b-46d3-9e22-f01f07b0489a", + "rules": [ + { + "action": "STOP", + "gate": "vulnerabilities", + "id": "80569900-d6b3-4391-b2a0-bf34cf6d813d", + "params": [ + { "name": "package_type", "value": "all" }, + { "name": "severity_comparison", "value": ">=" }, + { "name": "severity", "value": "medium" }, + { "name": "fix_available", "value": "true"} + ], + "trigger": "package" + } + ] + } + + ] +} diff --git a/.circleci/config.yml b/.circleci/config.yml index a30adea..a48c500 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,14 +1,12 @@ version: 2.1 - orbs: anchore: anchore/anchore-engine@1.2.0 - jobs: "fdk": docker: - image: circleci/node - working_directory: ~/go/src/github.com/fnproject/fdk-node + working_directory: ~/fdk-node steps: - setup_remote_docker: docker_layer_caching: true @@ -40,7 +38,7 @@ jobs: fi "node8_security_check": executor: anchore/anchore_engine - working_directory: ~/go/src/github.com/fnproject/fdk-node + working_directory: ~/fdk-node steps: - checkout - run: @@ -51,15 +49,17 @@ jobs: image_name: fnproject/node:8-dev timeout: '500' policy_failure: true + policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/analyze_local_image: image_name: fnproject/node:8 timeout: '500' policy_failure: true + policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/parse_reports "node10_security_check": executor: anchore/anchore_engine - working_directory: ~/go/src/github.com/fnproject/fdk-node + working_directory: ~/fdk-node steps: - checkout - run: @@ -70,15 +70,17 @@ jobs: image_name: fnproject/node:10-dev timeout: '500' policy_failure: true + policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/analyze_local_image: image_name: fnproject/node:10 timeout: '500' policy_failure: true + policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/parse_reports "node11_security_check": executor: anchore/anchore_engine - working_directory: ~/go/src/github.com/fnproject/fdk-node + working_directory: ~/fdk-node steps: - checkout - run: @@ -89,10 +91,12 @@ jobs: image_name: fnproject/node:11-dev timeout: '500' policy_failure: true + policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/analyze_local_image: image_name: fnproject/node:11 timeout: '500' policy_failure: true + policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/parse_reports workflows: From 702dec6ca959f28ace8f9d0326e29f0d9e2e2060 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Mon, 22 Apr 2019 22:46:50 +0300 Subject: [PATCH 11/15] Split image build+check for each image There's a known issue of Anchore CI tools. Therefore there's a need to define 1 job per 1 build+check --- .circleci/config.yml | 48 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a48c500..8c9f358 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -36,7 +36,7 @@ jobs: ./build-images.sh 11 ./release_images.sh fi - "node8_security_check": + "node8dev_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: @@ -50,6 +50,17 @@ jobs: timeout: '500' policy_failure: true policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json + - anchore/parse_reports + + "node8runtime_security_check": + executor: anchore/anchore_engine + working_directory: ~/fdk-node + steps: + - checkout + - run: + name: Node.JS 8 build + command: | + ./build-images.sh 8 - anchore/analyze_local_image: image_name: fnproject/node:8 timeout: '500' @@ -57,7 +68,7 @@ jobs: policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/parse_reports - "node10_security_check": + "node10dev_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: @@ -71,6 +82,17 @@ jobs: timeout: '500' policy_failure: true policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json + - anchore/parse_reports + + "node10runtime_security_check": + executor: anchore/anchore_engine + working_directory: ~/fdk-node + steps: + - checkout + - run: + name: Node.JS 10 build + command: | + ./build-images.sh 10 - anchore/analyze_local_image: image_name: fnproject/node:10 timeout: '500' @@ -78,7 +100,7 @@ jobs: policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - anchore/parse_reports - "node11_security_check": + "node11dev_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: @@ -92,6 +114,17 @@ jobs: timeout: '500' policy_failure: true policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json + - anchore/parse_reports + + "node11runtime_security_check": + executor: anchore/anchore_engine + working_directory: ~/fdk-node + steps: + - checkout + - run: + name: Node.JS 11 build + command: | + ./build-images.sh 11 - anchore/analyze_local_image: image_name: fnproject/node:11 timeout: '500' @@ -104,6 +137,9 @@ workflows: build: jobs: - "fdk" - - "node8_security_check" - - "node10_security_check" - - "node11_security_check" + - "node8dev_security_check" + - "node8runtime_security_check" + - "node10dev_security_check" + - "node10runtime_security_check" + - "node11dev_security_check" + - "node11runtime_security_check" From aae887aa8ba96b481f2815293f4639a8b5962fbd Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Wed, 24 Apr 2019 22:32:12 +0300 Subject: [PATCH 12/15] updating anchore orb version --- .circleci/config.yml | 86 ++++++++++++-------------------------------- 1 file changed, 22 insertions(+), 64 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8c9f358..e325ff3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,6 @@ version: 2.1 orbs: - anchore: anchore/anchore-engine@1.2.0 + anchore: anchore/anchore-engine@1.3.0 jobs: "fdk": @@ -36,100 +36,61 @@ jobs: ./build-images.sh 11 ./release_images.sh fi - "node8dev_security_check": - executor: anchore/anchore_engine - working_directory: ~/fdk-node - steps: - - checkout - - run: - name: Node.JS 8 build - command: | - ./build-images.sh 8 - - anchore/analyze_local_image: - image_name: fnproject/node:8-dev - timeout: '500' - policy_failure: true - policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - - anchore/parse_reports - - "node8runtime_security_check": + "node8_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: + - setup_remote_docker: + docker_layer_caching: true - checkout - run: name: Node.JS 8 build command: | + apk add bash ./build-images.sh 8 - anchore/analyze_local_image: - image_name: fnproject/node:8 + image_name: "fnproject/node:8-dev fnproject/node:8" timeout: '500' policy_failure: true - policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json + policy_bundle_file_path: .circleci/.anchore/policy_bundle.json - anchore/parse_reports - "node10dev_security_check": - executor: anchore/anchore_engine - working_directory: ~/fdk-node - steps: - - checkout - - run: - name: Node.JS 10 build - command: | - ./build-images.sh 10 - - anchore/analyze_local_image: - image_name: fnproject/node:10-dev - timeout: '500' - policy_failure: true - policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - - anchore/parse_reports - - "node10runtime_security_check": + "node10_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: + - setup_remote_docker: + docker_layer_caching: true - checkout - run: name: Node.JS 10 build command: | + apk add bash ./build-images.sh 10 - anchore/analyze_local_image: - image_name: fnproject/node:10 - timeout: '500' - policy_failure: true - policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json - - anchore/parse_reports - - "node11dev_security_check": - executor: anchore/anchore_engine - working_directory: ~/fdk-node - steps: - - checkout - - run: - name: Node.JS 11 build - command: | - ./build-images.sh 11 - - anchore/analyze_local_image: - image_name: fnproject/node:11-dev + image_name: "fnproject/node:10-dev fnproject/node:10" timeout: '500' policy_failure: true - policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json + policy_bundle_file_path: .circleci/.anchore/policy_bundle.json - anchore/parse_reports - "node11runtime_security_check": + "node11_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: + - setup_remote_docker: + docker_layer_caching: true - checkout - run: name: Node.JS 11 build command: | + apk add bash ./build-images.sh 11 - anchore/analyze_local_image: - image_name: fnproject/node:11 + image_name: "fnproject/node:11-dev fnproject/node:11" timeout: '500' policy_failure: true - policy_bundle_file_path: ~/fdk-node/.circleci/.anchore/policy_bundle.json + policy_bundle_file_path: .circleci/.anchore/policy_bundle.json - anchore/parse_reports workflows: @@ -137,9 +98,6 @@ workflows: build: jobs: - "fdk" - - "node8dev_security_check" - - "node8runtime_security_check" - - "node10dev_security_check" - - "node10runtime_security_check" - - "node11dev_security_check" - - "node11runtime_security_check" + - "node8_security_check" + - "node10_security_check" + - "node11_security_check" From 94071cb7b76dae88bc224427fcc6a9d28301d397 Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Tue, 4 Jun 2019 20:17:57 +0300 Subject: [PATCH 13/15] updating CI build config --- .circleci/config.yml | 14 ++++++++++++-- release_images.sh | 0 2 files changed, 12 insertions(+), 2 deletions(-) mode change 100644 => 100755 release_images.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index e325ff3..a31e27f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,7 +3,7 @@ orbs: anchore: anchore/anchore-engine@1.3.0 jobs: - "fdk": + "test": docker: - image: circleci/node working_directory: ~/fdk-node @@ -36,6 +36,7 @@ jobs: ./build-images.sh 11 ./release_images.sh fi + "node8_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node @@ -97,7 +98,16 @@ workflows: version: 2 build: jobs: - - "fdk" + - "test" + nightly: + triggers: + - schedule: + cron: "0 0 * * *" + filters: + branches: + only: + - master + jobs: - "node8_security_check" - "node10_security_check" - "node11_security_check" diff --git a/release_images.sh b/release_images.sh old mode 100644 new mode 100755 From 673d7f1a5c17d9839915967b70fd3e633643109a Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Tue, 4 Jun 2019 20:30:04 +0300 Subject: [PATCH 14/15] fix tests --- .circleci/config.yml | 11 +-- package-lock.json | 160 +++++++++++++++++-------------------------- package.json | 2 +- 3 files changed, 67 insertions(+), 106 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a31e27f..573a154 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,22 +5,17 @@ jobs: "test": docker: - - image: circleci/node + - image: circleci/node:9-stretch working_directory: ~/fdk-node steps: - setup_remote_docker: docker_layer_caching: true - - run: - name: "Checking Versions" - command: | - node --version - npm --version - checkout - run: name: "test" command: | - npm install - npm run test + npm install + npm run test - deploy: command: | if [[ "${CIRCLE_BRANCH}" == "master" && -z "${CIRCLE_PR_REPONAME}" ]]; then diff --git a/package-lock.json b/package-lock.json index 52827d8..a6c89b7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@fnproject/fdk", - "version": "0.0.14", + "version": "0.0.15", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -494,7 +494,7 @@ "imurmurhash": "0.1.4", "inquirer": "3.3.0", "is-resolvable": "1.1.0", - "js-yaml": "3.12.0", + "js-yaml": "3.13.1", "json-stable-stringify-without-jsonify": "1.0.1", "levn": "0.3.0", "lodash": "4.17.11", @@ -532,7 +532,7 @@ "dev": true, "requires": { "debug": "2.6.9", - "resolve": "1.8.1" + "resolve": "1.11.1" }, "dependencies": { "debug": { @@ -553,13 +553,13 @@ } }, "eslint-module-utils": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.2.0.tgz", - "integrity": "sha1-snA2LNiLGkitMIl2zn+lTphBF0Y=", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.4.0.tgz", + "integrity": "sha512-14tltLm38Eu3zS+mt0KvILC3q8jyIAH518MlG+HO0p+yK885Lb1UHTY/UgR91eOyGdmxAPb+OLoW4znqIT6Ndw==", "dev": true, "requires": { "debug": "2.6.9", - "pkg-dir": "1.0.0" + "pkg-dir": "2.0.0" }, "dependencies": { "debug": { @@ -590,7 +590,7 @@ "debug": "2.6.9", "doctrine": "1.5.0", "eslint-import-resolver-node": "0.3.2", - "eslint-module-utils": "2.2.0", + "eslint-module-utils": "2.4.0", "has": "1.0.3", "lodash": "4.17.11", "minimatch": "3.0.4", @@ -632,7 +632,7 @@ "requires": { "ignore": "3.3.10", "minimatch": "3.0.4", - "resolve": "1.8.1", + "resolve": "1.11.1", "semver": "5.5.1" } }, @@ -650,8 +650,8 @@ "requires": { "doctrine": "2.1.0", "has": "1.0.3", - "jsx-ast-utils": "2.0.1", - "prop-types": "15.6.2" + "jsx-ast-utils": "2.1.0", + "prop-types": "15.7.2" } }, "eslint-plugin-standard": { @@ -777,13 +777,12 @@ "dev": true }, "find-up": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz", - "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz", + "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=", "dev": true, "requires": { - "path-exists": "2.1.0", - "pinkie-promise": "2.0.1" + "locate-path": "2.0.0" } }, "flat-cache": { @@ -972,15 +971,6 @@ "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=", "dev": true }, - "is-builtin-module": { - "version": "1.0.0", - "resolved": "http://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz", - "integrity": "sha1-VAVy0096wxGfj3bDDLwbHgN6/74=", - "dev": true, - "requires": { - "builtin-modules": "1.1.1" - } - }, "is-callable": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.1.4.tgz", @@ -1072,9 +1062,9 @@ "dev": true }, "js-yaml": { - "version": "3.12.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.0.tgz", - "integrity": "sha512-PIt2cnwmPfL4hKNwqeiuz4bKfnzHTBv6HyVgjahA6mPLwPDzjDWrplJBMjHUFxku/N3FlmrbyPclad+I+4mJ3A==", + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz", + "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==", "dev": true, "requires": { "argparse": "1.0.10", @@ -1100,9 +1090,9 @@ "dev": true }, "jsx-ast-utils": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-2.0.1.tgz", - "integrity": "sha1-6AGxs5mF4g//yHtA43SAgOLcrH8=", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-2.1.0.tgz", + "integrity": "sha512-yDGDG2DS4JcqhA6blsuYbtsT09xL8AoLuUR2Gb5exrw7UEM19sBcOTq+YBBhrNbl0PUC4R4LnFu+dHg2HKeVvA==", "dev": true, "requires": { "array-includes": "3.0.3" @@ -1144,14 +1134,6 @@ "requires": { "p-locate": "2.0.0", "path-exists": "3.0.0" - }, - "dependencies": { - "path-exists": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", - "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=", - "dev": true - } } }, "lodash": { @@ -1255,13 +1237,13 @@ } }, "normalize-package-data": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz", - "integrity": "sha512-9jjUFbTPfEy3R/ad/2oNbKtW9Hgovl5O1FvFWKkKblNXoN/Oou6+9+KKohPK13Yc3/TyunyWhJp6gvRNR/PPAw==", + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", "dev": true, "requires": { "hosted-git-info": "2.7.1", - "is-builtin-module": "1.0.0", + "resolve": "1.11.1", "semver": "5.5.1", "validate-npm-package-license": "3.0.4" } @@ -1356,13 +1338,10 @@ } }, "path-exists": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz", - "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=", - "dev": true, - "requires": { - "pinkie-promise": "2.0.1" - } + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", + "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=", + "dev": true }, "path-is-absolute": { "version": "1.0.1", @@ -1439,15 +1418,6 @@ "load-json-file": "4.0.0" }, "dependencies": { - "find-up": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz", - "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=", - "dev": true, - "requires": { - "locate-path": "2.0.0" - } - }, "load-json-file": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-4.0.0.tgz", @@ -1490,12 +1460,12 @@ } }, "pkg-dir": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-1.0.0.tgz", - "integrity": "sha1-ektQio1bstYp1EcFb/TpyTFM89Q=", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-2.0.0.tgz", + "integrity": "sha1-9tXREJ4Z1j7fQo4L1X4Sd3YVM0s=", "dev": true, "requires": { - "find-up": "1.1.2" + "find-up": "2.1.0" } }, "pluralize": { @@ -1523,13 +1493,14 @@ "dev": true }, "prop-types": { - "version": "15.6.2", - "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.6.2.tgz", - "integrity": "sha512-3pboPvLiWD7dkI3qf3KbUe6hKFKa52w+AE0VCqECtf+QHAKgOL37tTaNCnuX1nAAQ4ZhyP+kYVKf8rLmJ/feDQ==", + "version": "15.7.2", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz", + "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==", "dev": true, "requires": { "loose-envify": "1.4.0", - "object-assign": "4.1.1" + "object-assign": "4.1.1", + "react-is": "16.8.6" } }, "pseudomap": { @@ -1538,6 +1509,12 @@ "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=", "dev": true }, + "react-is": { + "version": "16.8.6", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.8.6.tgz", + "integrity": "sha512-aUk3bHfZ2bRSVFFbbeVS4i+lNPZr3/WM5jT2J5omUVV1zzcs1nAaf3l51ctA5FFvCRbhrH0bdAsRRQddFJZPtA==", + "dev": true + }, "read-pkg": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-2.0.0.tgz", @@ -1545,7 +1522,7 @@ "dev": true, "requires": { "load-json-file": "2.0.0", - "normalize-package-data": "2.4.0", + "normalize-package-data": "2.5.0", "path-type": "2.0.0" } }, @@ -1557,17 +1534,6 @@ "requires": { "find-up": "2.1.0", "read-pkg": "2.0.0" - }, - "dependencies": { - "find-up": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz", - "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=", - "dev": true, - "requires": { - "locate-path": "2.0.0" - } - } } }, "readable-stream": { @@ -1596,9 +1562,9 @@ } }, "resolve": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.8.1.tgz", - "integrity": "sha512-AicPrAC7Qu1JxPCZ9ZgCZlY35QgFnNqc+0LtbRNxnVw4TXvjQ72wnuL9JQcEBgXkI9JM8MsT9kaQoHcpCRJOYA==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.11.1.tgz", + "integrity": "sha512-vIpgF6wfuJOZI7KKKSP+HmiKggadPQAdsp5HiC1mvqnfp0gF1vdwgBWZIdrVft9pgqoMFQN+R7BSWZiBxx+BBw==", "dev": true, "requires": { "path-parse": "1.0.6" @@ -1710,7 +1676,7 @@ "imurmurhash": "0.1.4", "inquirer": "3.3.0", "is-resolvable": "1.1.0", - "js-yaml": "3.12.0", + "js-yaml": "3.13.1", "json-stable-stringify-without-jsonify": "1.0.1", "levn": "0.3.0", "lodash": "4.17.11", @@ -1926,19 +1892,19 @@ } }, "spdx-correct": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.0.0.tgz", - "integrity": "sha512-N19o9z5cEyc8yQQPukRCZ9EUmb4HUpnrmaL/fxS2pBo2jbfcFRVuFZ/oFC+vZz0MNNk0h80iMn5/S6qGZOL5+g==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.1.0.tgz", + "integrity": "sha512-lr2EZCctC2BNR7j7WzJ2FpDznxky1sjfxvvYEyzxNyb6lZXHODmEoJeFu4JupYlkfha1KZpJyoqiJ7pgA1qq8Q==", "dev": true, "requires": { "spdx-expression-parse": "3.0.0", - "spdx-license-ids": "3.0.1" + "spdx-license-ids": "3.0.4" } }, "spdx-exceptions": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.1.0.tgz", - "integrity": "sha512-4K1NsmrlCU1JJgUrtgEeTVyfx8VaYea9J9LvARxhbHtVtohPs/gFGG5yy49beySjlIMhhXZ4QqujIZEfS4l6Cg==", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.2.0.tgz", + "integrity": "sha512-2XQACfElKi9SlVb1CYadKDXvoajPgBVPn/gOQLrTvHdElaVhr7ZEbqJaRnJLVNeaI4cMEAgVCeBMKF6MWRDCRA==", "dev": true }, "spdx-expression-parse": { @@ -1947,14 +1913,14 @@ "integrity": "sha512-Yg6D3XpRD4kkOmTpdgbUiEJFKghJH03fiC1OPll5h/0sO6neh2jqRDVHOQ4o/LMea0tgCkbMgea5ip/e+MkWyg==", "dev": true, "requires": { - "spdx-exceptions": "2.1.0", - "spdx-license-ids": "3.0.1" + "spdx-exceptions": "2.2.0", + "spdx-license-ids": "3.0.4" } }, "spdx-license-ids": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.1.tgz", - "integrity": "sha512-TfOfPcYGBB5sDuPn3deByxPhmfegAhpDYKSOXZQN81Oyrrif8ZCodOLzK3AesELnCx03kikhyDwh0pfvvQvF8w==", + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.4.tgz", + "integrity": "sha512-7j8LYJLeY/Yb6ACbQ7F76qy5jHkp0U6jgBfJsk97bwWlVUnUWsAgpyaCvo17h0/RQGnQ036tVDomiwoI4pDkQA==", "dev": true }, "sprintf-js": { @@ -1965,7 +1931,7 @@ }, "standard": { "version": "11.0.1", - "resolved": "http://registry.npmjs.org/standard/-/standard-11.0.1.tgz", + "resolved": "https://registry.npmjs.org/standard/-/standard-11.0.1.tgz", "integrity": "sha512-nu0jAcHiSc8H+gJCXeiziMVZNDYi8MuqrYJKxTgjP4xKXZMKm311boqQIzDrYI/ktosltxt2CbDjYQs9ANC8IA==", "dev": true, "requires": { @@ -2177,7 +2143,7 @@ "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", "dev": true, "requires": { - "spdx-correct": "3.0.0", + "spdx-correct": "3.1.0", "spdx-expression-parse": "3.0.0" } }, diff --git a/package.json b/package.json index 7d9c6ae..e8fb36d 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "devDependencies": { "rewire": "4.0.1", "sinon": "^7.3.2", - "standard": "11.0.1", + "standard": "^11.0.1", "tape": "^4.9.1", "tmp": "0.0.33" } From cba0263252475d179cabef77e3e2f6cc1ae421fa Mon Sep 17 00:00:00 2001 From: Denis Makogon Date: Tue, 4 Jun 2019 20:54:14 +0300 Subject: [PATCH 15/15] start from Node 9 --- .circleci/config.yml | 12 ++++++------ build-images.sh | 2 +- images/build-stage/{8 => 9}/Dockerfile | 2 +- images/runtime/{8 => 9}/Dockerfile | 2 +- release_images.sh | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) rename images/build-stage/{8 => 9}/Dockerfile (75%) rename images/runtime/{8 => 9}/Dockerfile (90%) diff --git a/.circleci/config.yml b/.circleci/config.yml index 573a154..ffb15e7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,13 +26,13 @@ jobs: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc ./release.sh rm -f .npmrc - ./build-images.sh 8 + ./build-images.sh 9 ./build-images.sh 10 ./build-images.sh 11 ./release_images.sh fi - "node8_security_check": + "node9_security_check": executor: anchore/anchore_engine working_directory: ~/fdk-node steps: @@ -40,12 +40,12 @@ jobs: docker_layer_caching: true - checkout - run: - name: Node.JS 8 build + name: Node.JS 9 build command: | apk add bash - ./build-images.sh 8 + ./build-images.sh 9 - anchore/analyze_local_image: - image_name: "fnproject/node:8-dev fnproject/node:8" + image_name: "fnproject/node:9-dev fnproject/node:9" timeout: '500' policy_failure: true policy_bundle_file_path: .circleci/.anchore/policy_bundle.json @@ -103,6 +103,6 @@ workflows: only: - master jobs: - - "node8_security_check" + - "node9_security_check" - "node10_security_check" - "node11_security_check" diff --git a/build-images.sh b/build-images.sh index ad67f4a..02579cf 100755 --- a/build-images.sh +++ b/build-images.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -ex -nodeversion=${1:-"8"} +nodeversion=${1:-"9"} pushd images && \ pushd build-stage && \ pushd ${nodeversion} && docker build -t fnproject/node:${nodeversion}-dev .; popd && \ diff --git a/images/build-stage/8/Dockerfile b/images/build-stage/9/Dockerfile similarity index 75% rename from images/build-stage/8/Dockerfile rename to images/build-stage/9/Dockerfile index 96f8839..e2723a0 100644 --- a/images/build-stage/8/Dockerfile +++ b/images/build-stage/9/Dockerfile @@ -1,3 +1,3 @@ -FROM node:8-stretch +FROM node:9-stretch RUN apt-get update && apt-get upgrade -qy && apt-get clean diff --git a/images/runtime/8/Dockerfile b/images/runtime/9/Dockerfile similarity index 90% rename from images/runtime/8/Dockerfile rename to images/runtime/9/Dockerfile index bfa77b5..099ee21 100644 --- a/images/runtime/8/Dockerfile +++ b/images/runtime/9/Dockerfile @@ -1,4 +1,4 @@ -FROM node:8-stretch-slim +FROM node:9-stretch-slim RUN apt-get update && apt-get upgrade -qy && apt-get clean # for some reason i see this: diff --git a/release_images.sh b/release_images.sh index b699a73..8968710 100755 --- a/release_images.sh +++ b/release_images.sh @@ -2,12 +2,12 @@ user="fnproject" image="node" -runtime8="8" +runtime9="9" runtime10="10" runtime11="11" -docker push ${user}/${image}:${runtime8} -docker push ${user}/${image}:${runtime8}-dev +docker push ${user}/${image}:${runtime9} +docker push ${user}/${image}:${runtime9}-dev docker push ${user}/${image}:${runtime10} docker push ${user}/${image}:${runtime10}-dev