3.1.21

fix(core): update
3.1.20
2018-12-24 02:13:05 +01:00 · 2018-12-24 02:13:04 +01:00 · 2018-12-23 18:57:15 +01:00 · 2018-12-23 18:57:15 +01:00 · 2018-12-23 18:54:17 +01:00 · 2018-12-23 18:54:16 +01:00
8 changed files with 53 additions and 13 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -34,6 +34,28 @@ snyk:
  - docker
  - notpriv

+sast:
+  stage: security
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+  tags:
+  - docker
+  - priv
+
 # ====================
 # test stage
 # ====================
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@shipzone/npmci",
-  "version": "3.1.12",
+  "version": "3.1.21",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
@@ -102,7 +102,7 @@
    },
    "@pushrocks/projectinfo": {
      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/@pushrocks/projectinfo/-/projectinfo-4.0.2.tgz",
+      "resolved": "https://verdaccio.lossless.one/@pushrocks%2fprojectinfo/-/projectinfo-4.0.2.tgz",
      "integrity": "sha512-u5tSlrJTdDb5r3qmPub5WkDWlW561WfjqylZMkswP4yNZSR2krhew4ra4Y2/6q2QUnMBXRmo1lj4n7ggXoDNWQ==",
      "requires": {
        "@pushrocks/smartfile": "^6.0.8",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,7 @@
 {
  "name": "@shipzone/npmci",
-  "version": "3.1.12",
+  "version": "3.1.21",
+  "private": false,
  "description": "node and docker in gitlab ci on steroids",
  "main": "dist/index.js",
  "typings": "dist/index.d.ts",
@@ -53,6 +54,5 @@
    "smartanalytics": "^2.0.9",
    "smartsocket": "^1.1.19",
    "through2": "^3.0.0"
-  },
-  "private": false
+  }
 }
--- a/ts/mod_docker/mod.helpers.ts
+++ b/ts/mod_docker/mod.helpers.ts
@@ -165,7 +165,7 @@ export let getDockerBuildArgs = async (): Promise<string> => {
  let buildArgsString: string = '';
  for (const key in NpmciConfig.configObject.dockerBuildargEnvMap) {
    const targetValue = process.env[NpmciConfig.configObject.dockerBuildargEnvMap[key]];
-    buildArgsString = `${buildArgsString} --build-arg ${key}=${targetValue}`;
+    buildArgsString = `${buildArgsString} --build-arg ${key}="${targetValue}"`;
  }
  return buildArgsString;
 };
--- a/ts/mod_git/index.ts
+++ b/ts/mod_git/index.ts
@@ -3,6 +3,8 @@ import * as plugins from './mod.plugins';
 import { bash } from '../npmci.bash';
 import { repo } from '../npmci.env';

+import { configObject } from '../npmci.config';
+
 /**
 * handle cli input
 * @param argvArg
@@ -15,10 +17,10 @@ export let handleCli = async argvArg => {
        await mirror();
        break;
      default:
-        logger.log('error', `>>npmci git ...<< action >>${action}<< not supported`);
+        logger.log('error', `npmci git -> action >>${action}<< not supported!`);
    }
  } else {
-    logger.log('info', `>>npmci git ...<< cli arguments invalid... Please read the documentation.`);
+    logger.log('info', `npmci git -> cli arguments invalid! Please read the documentation.`);
  }
 };

@@ -26,6 +28,16 @@ export let mirror = async () => {
  const githubToken = process.env.NPMCI_GIT_GITHUBTOKEN;
  const githubUser = process.env.NPMCI_GIT_GITHUBGROUP || repo.user;
  const githubRepo = process.env.NPMCI_GIT_GITHUB || repo.repo;
+  if (
+    configObject.projectInfo.npm.packageJson.private === true ||
+    configObject.npmAccessLevel === 'private'
+  ) {
+    logger.log(
+      'warn',
+      `refusing to mirror due to private property use a private mirror location instead`
+    );
+    return;
+  }
  if (githubToken) {
    logger.log('info', 'found github token.');
    logger.log('info', 'attempting the mirror the repository to GitHub');
--- a/ts/mod_npm/index.ts
+++ b/ts/mod_npm/index.ts
@@ -39,10 +39,12 @@ export let handleCli = async argvArg => {
 const prepare = async () => {
  const config = await configModule.getConfig();
  let npmrcFileString: string = '';
-  plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
+  await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
    const npmRegistryUrl = npmEnvArg.split('|')[0];
    const npmToken = npmEnvArg.split('|')[1];
-    npmrcFileString += `//${npmRegistryUrl}/:_authToken="${npmToken}"\n`;
+    npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode(
+      npmToken
+    )}"\n`;
  });
  logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`);
  npmrcFileString += `registry=https://${config.npmRegistryUrl}\n`;
@@ -78,7 +80,7 @@ const publish = async () => {

  // -> configure registry url
  if (config.npmRegistryUrl) {
-    npmAccessCliString = `--registry=https://${config.npmRegistryUrl}`;
+    npmRegistryCliString = `--registry=https://${config.npmRegistryUrl}`;
  } else {
    logger.log('error', `no registry url specified. Can't publish!`);
    process.exit(1);
--- a/ts/mod_trigger/index.ts
+++ b/ts/mod_trigger/index.ts
@@ -6,7 +6,7 @@ const triggerValueRegex = /^([a-zA-Z0-9\.]*)\|([a-zA-Z0-9\.]*)\|([a-zA-Z0-9\.]*)

 export let trigger = async () => {
  logger.log('info', 'now running triggers');
-  plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TRIGGER_*', evaluateTrigger);
+  await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TRIGGER_*', evaluateTrigger);
 };

 const evaluateTrigger = async triggerEnvVarArg => {
--- a/ts/npmci.config.ts
+++ b/ts/npmci.config.ts
@@ -6,9 +6,10 @@ import { repo } from './npmci.env';
 import { KeyValueStore } from '@pushrocks/npmextra';

 export interface INpmciOptions {
+  projectInfo: plugins.projectinfo.ProjectInfo;
  npmGlobalTools: string[];
  npmAccessLevel?: 'private' | 'public';
-  npmRegistryUrl?: string;
+  npmRegistryUrl: string;
  dockerRegistryRepoMap: any;
  dockerBuildargEnvMap: any;
 }
@@ -19,8 +20,11 @@ export let kvStorage = new KeyValueStore('custom', `${repo.user}_${repo.repo}`);
 // handle config retrival
 const npmciNpmextra = new plugins.npmextra.Npmextra(paths.cwd);
 const defaultConfig: INpmciOptions = {
+  projectInfo: new plugins.projectinfo.ProjectInfo(paths.cwd),
  npmGlobalTools: [],
  dockerRegistryRepoMap: {},
+  npmAccessLevel: 'private',
+  npmRegistryUrl: 'registry.npmjs.org',
  dockerBuildargEnvMap: {}
 };
 export let configObject = npmciNpmextra.dataFor<INpmciOptions>('npmci', defaultConfig);
Author	SHA1	Message	Date
Phil Kunz	a4562d4d1b	3.1.21	2018-12-24 02:13:05 +01:00
Phil Kunz	524b405773	fix(core): update	2018-12-24 02:13:04 +01:00
Phil Kunz	0d19c1c68d	3.1.20	2018-12-23 18:57:15 +01:00
Phil Kunz	cff79bc3b4	fix(mirror): now refusing to mirror for private code	2018-12-23 18:57:15 +01:00
Phil Kunz	28541a838d	3.1.19	2018-12-23 18:54:17 +01:00
Phil Kunz	c3ab527341	fix(core): update	2018-12-23 18:54:16 +01:00
Phil Kunz	52cc249098	3.1.18	2018-12-23 17:29:25 +01:00
Phil Kunz	2e189b0660	fix(core): update	2018-12-23 17:29:25 +01:00
Phil Kunz	f876c7414b	3.1.17	2018-12-12 22:29:59 +01:00
Phil Kunz	08b7585cfc	fix(core): update	2018-12-12 22:29:59 +01:00
Phil Kunz	76311fab72	3.1.16	2018-12-11 01:02:22 +01:00
Phil Kunz	1b73df64f5	fix(core): update	2018-12-11 01:02:21 +01:00
Phil Kunz	701cee573b	3.1.15	2018-12-11 00:25:40 +01:00
Phil Kunz	3dd086f711	fix(core): update	2018-12-11 00:25:39 +01:00
Phil Kunz	67ff5d09d4	3.1.14	2018-12-09 16:48:33 +01:00
Phil Kunz	5cb8a79b6a	fix(core): update	2018-12-09 16:48:33 +01:00
Phil Kunz	2dcbca2362	3.1.13	2018-12-09 16:26:28 +01:00
Phil Kunz	bd63194f4b	fix(core): update	2018-12-09 16:26:28 +01:00