3.1.22

.gitlab-ci.yml

@@ -34,6 +34,31 @@ snyk:
   - docker
   - notpriv
 
+sast:
+  stage: security
+  image: registry.gitlab.com/hosttoday/ht-docker-dbase:npmci
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - npmci npm prepare
+    - npmci npm install
+    - npmci command npm run build
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+  tags:
+  - docker
+  - priv
+
 # ====================
 # test stage
 # ====================

npmextra.json

@@ -1,16 +1,26 @@
 {
-    "npmts":{
-        "mode":"default",
-        "coverageTreshold": "70",
-        "cli": true
-    },
-    "npmci": {
-        "npmGlobalTools": [],
-        "npmAccessLevel": "public",
-        "npmRegistryUrl": "registry.npmjs.org"
-    },
-    "npmdocker":{
-        "baseImage":"hosttoday/ht-docker-node:npmci",
-        "command": "npmci test stable"
+  "npmts": {
+    "mode": "default",
+    "coverageTreshold": "70",
+    "cli": true
+  },
+  "npmci": {
+    "npmGlobalTools": [],
+    "npmAccessLevel": "public",
+    "npmRegistryUrl": "registry.npmjs.org"
+  },
+  "npmdocker": {
+    "baseImage": "hosttoday/ht-docker-node:npmci",
+    "command": "npmci test stable"
+  },
+  "gitzone": {
+    "module": {
+      "githost": "gitlab.com",
+      "gitscope": "shipzone",
+      "gitrepo": "npmci",
+      "shortDescription": "node and docker in gitlab ci on steroids",
+      "npmPackagename": "@shipzone/npmci",
+      "license": "MIT"
     }
+  }
 }

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@shipzone/npmci",
-  "version": "3.1.15",
+  "version": "3.1.22",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -102,7 +102,7 @@
     },
     "@pushrocks/projectinfo": {
       "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/@pushrocks/projectinfo/-/projectinfo-4.0.2.tgz",
+      "resolved": "https://verdaccio.lossless.one/@pushrocks%2fprojectinfo/-/projectinfo-4.0.2.tgz",
       "integrity": "sha512-u5tSlrJTdDb5r3qmPub5WkDWlW561WfjqylZMkswP4yNZSR2krhew4ra4Y2/6q2QUnMBXRmo1lj4n7ggXoDNWQ==",
       "requires": {
         "@pushrocks/smartfile": "^6.0.8",

package.json

@@ -1,6 +1,7 @@
 {
   "name": "@shipzone/npmci",
-  "version": "3.1.15",
+  "version": "3.1.22",
+  "private": false,
   "description": "node and docker in gitlab ci on steroids",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
@@ -53,6 +54,5 @@
     "smartanalytics": "^2.0.9",
     "smartsocket": "^1.1.19",
     "through2": "^3.0.0"
-  },
-  "private": false
+  }
 }

readme.md

@@ -1,25 +1,20 @@
-# npmci
-
+# @shipzone/npmci
 node and docker in gitlab ci on steroids
 
-## Availabililty
-
-[![npm](https://shipzone.gitlab.io/assets/repo-button-npm.svg)](https://www.npmjs.com/package/@shipzone/npmci)
-[![git](https://shipzone.gitlab.io/assets/repo-button-git.svg)](https://GitLab.com/shipzone/npmci)
-[![git](https://shipzone.gitlab.io/assets/repo-button-mirror.svg)](https://github.com/shipzone/npmci)
-[![docs](https://shipzone.gitlab.io/assets/repo-button-docs.svg)](https://shipzone.gitlab.io/npmci/)
+## Availabililty and Links
+* [npmjs.org (npm package)](https://www.npmjs.com/package/@shipzone/npmci)
+* [gitlab.com (source)](https://gitlab.com/shipzone/npmci)
+* [github.com (source mirror)](https://github.com/shipzone/npmci)
+* [docs (typedoc)](https://shipzone.gitlab.io/npmci/)
 
 ## Status for master
-
-[![build status](https://GitLab.com/shipzone/npmci/badges/master/build.svg)](https://GitLab.com/shipzone/npmci/commits/master)
-[![coverage report](https://GitLab.com/shipzone/npmci/badges/master/coverage.svg)](https://GitLab.com/shipzone/npmci/commits/master)
-[![npm downloads per month](https://img.shields.io/npm/dm/npmci.svg)](https://www.npmjs.com/package/@shipzone/npmci)
-[![Dependency Status](https://david-dm.org/shipzone/npmci.svg)](https://david-dm.org/shipzone/npmci)
-[![bitHound Dependencies](https://www.bithound.io/github/shipzone/npmci/badges/dependencies.svg)](https://www.bithound.io/github/shipzone/npmci/master/dependencies/npm)
-[![bitHound Code](https://www.bithound.io/github/shipzone/npmci/badges/code.svg)](https://www.bithound.io/github/shipzone/npmci)
-[![TypeScript](https://img.shields.io/badge/TypeScript-2.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
-[![node](https://img.shields.io/badge/node->=%206.x.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
-[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
+[![build status](https://gitlab.com/shipzone/npmci/badges/master/build.svg)](https://gitlab.com/shipzone/npmci/commits/master)
+[![coverage report](https://gitlab.com/shipzone/npmci/badges/master/coverage.svg)](https://gitlab.com/shipzone/npmci/commits/master)
+[![npm downloads per month](https://img.shields.io/npm/dm/@shipzone/npmci.svg)](https://www.npmjs.com/package/@shipzone/npmci)
+[![Known Vulnerabilities](https://snyk.io/test/npm/@shipzone/npmci/badge.svg)](https://snyk.io/test/npm/@shipzone/npmci)
+[![TypeScript](https://img.shields.io/badge/TypeScript->=%203.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
+[![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
+[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-prettier-ff69b4.svg)](https://prettier.io/)
 
 ## Usage
 
@@ -98,9 +93,9 @@ For further information read the linked docs at the top of this README.
 
 Use TypeScript for best in class instellisense.
 
-For further information read the linked docs at the top of this README.
+For further information read the linked docs at the top of this readme.
 
 > MIT licensed | **©** [Lossless GmbH](https://lossless.gmbh)
-> | By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html)
+| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html)
 
-[![repo-footer](https://shipzone.gitlab.io/assets/repo-footer.svg)](https://push.rocks)
+[![repo-footer](https://shipzone.gitlab.io/assets/repo-footer.svg)](https://maintainedby.lossless.com)

ts/mod_docker/mod.helpers.ts

@@ -165,7 +165,7 @@ export let getDockerBuildArgs = async (): Promise<string> => {
   let buildArgsString: string = '';
   for (const key in NpmciConfig.configObject.dockerBuildargEnvMap) {
     const targetValue = process.env[NpmciConfig.configObject.dockerBuildargEnvMap[key]];
-    buildArgsString = `${buildArgsString} --build-arg ${key}=${targetValue}`;
+    buildArgsString = `${buildArgsString} --build-arg ${key}="${targetValue}"`;
   }
   return buildArgsString;
 };

ts/mod_git/index.ts

@@ -3,6 +3,8 @@ import * as plugins from './mod.plugins';
 import { bash } from '../npmci.bash';
 import { repo } from '../npmci.env';
 
+import { configObject } from '../npmci.config';
+
 /**
  * handle cli input
  * @param argvArg
@@ -15,10 +17,10 @@ export let handleCli = async argvArg => {
         await mirror();
         break;
       default:
-        logger.log('error', `>>npmci git ...<< action >>${action}<< not supported`);
+        logger.log('error', `npmci git -> action >>${action}<< not supported!`);
     }
   } else {
-    logger.log('info', `>>npmci git ...<< cli arguments invalid... Please read the documentation.`);
+    logger.log('info', `npmci git -> cli arguments invalid! Please read the documentation.`);
   }
 };
 
@@ -26,6 +28,16 @@ export let mirror = async () => {
   const githubToken = process.env.NPMCI_GIT_GITHUBTOKEN;
   const githubUser = process.env.NPMCI_GIT_GITHUBGROUP || repo.user;
   const githubRepo = process.env.NPMCI_GIT_GITHUB || repo.repo;
+  if (
+    configObject.projectInfo.npm.packageJson.private === true ||
+    configObject.npmAccessLevel === 'private'
+  ) {
+    logger.log(
+      'warn',
+      `refusing to mirror due to private property use a private mirror location instead`
+    );
+    return;
+  }
   if (githubToken) {
     logger.log('info', 'found github token.');
     logger.log('info', 'attempting the mirror the repository to GitHub');

ts/mod_npm/index.ts

@@ -42,7 +42,9 @@ const prepare = async () => {
   await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
     const npmRegistryUrl = npmEnvArg.split('|')[0];
     const npmToken = npmEnvArg.split('|')[1];
-    npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode(npmToken)}"\n`;
+    npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode(
+      npmToken
+    )}"\n`;
   });
   logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`);
   npmrcFileString += `registry=https://${config.npmRegistryUrl}\n`;

ts/npmci.config.ts

@@ -6,9 +6,10 @@ import { repo } from './npmci.env';
 import { KeyValueStore } from '@pushrocks/npmextra';
 
 export interface INpmciOptions {
+  projectInfo: plugins.projectinfo.ProjectInfo;
   npmGlobalTools: string[];
   npmAccessLevel?: 'private' | 'public';
-  npmRegistryUrl?: string;
+  npmRegistryUrl: string;
   dockerRegistryRepoMap: any;
   dockerBuildargEnvMap: any;
 }
@@ -19,8 +20,11 @@ export let kvStorage = new KeyValueStore('custom', `${repo.user}_${repo.repo}`);
 // handle config retrival
 const npmciNpmextra = new plugins.npmextra.Npmextra(paths.cwd);
 const defaultConfig: INpmciOptions = {
+  projectInfo: new plugins.projectinfo.ProjectInfo(paths.cwd),
   npmGlobalTools: [],
   dockerRegistryRepoMap: {},
+  npmAccessLevel: 'private',
+  npmRegistryUrl: 'registry.npmjs.org',
   dockerBuildargEnvMap: {}
 };
 export let configObject = npmciNpmextra.dataFor<INpmciOptions>('npmci', defaultConfig);