3.1.21

.gitlab-ci.yml

@@ -34,6 +34,28 @@ snyk:
   - docker
   - notpriv
 
+sast:
+  stage: security
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+  tags:
+  - docker
+  - priv
+
 # ====================
 # test stage
 # ====================

npmextra.json

@@ -6,7 +6,8 @@
     },
     "npmci": {
         "npmGlobalTools": [],
-        "npmAccessLevel": "public"
+        "npmAccessLevel": "public",
+        "npmRegistryUrl": "registry.npmjs.org"
     },
     "npmdocker":{
         "baseImage":"hosttoday/ht-docker-node:npmci",

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@shipzone/npmci",
-  "version": "3.1.9",
+  "version": "3.1.21",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -102,7 +102,7 @@
     },
     "@pushrocks/projectinfo": {
       "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/@pushrocks/projectinfo/-/projectinfo-4.0.2.tgz",
+      "resolved": "https://verdaccio.lossless.one/@pushrocks%2fprojectinfo/-/projectinfo-4.0.2.tgz",
       "integrity": "sha512-u5tSlrJTdDb5r3qmPub5WkDWlW561WfjqylZMkswP4yNZSR2krhew4ra4Y2/6q2QUnMBXRmo1lj4n7ggXoDNWQ==",
       "requires": {
         "@pushrocks/smartfile": "^6.0.8",

package.json

@@ -1,6 +1,7 @@
 {
   "name": "@shipzone/npmci",
-  "version": "3.1.9",
+  "version": "3.1.21",
+  "private": false,
   "description": "node and docker in gitlab ci on steroids",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
@@ -53,6 +54,5 @@
     "smartanalytics": "^2.0.9",
     "smartsocket": "^1.1.19",
     "through2": "^3.0.0"
-  },
+  }
-  "private": false
 }

ts/mod_docker/mod.helpers.ts

@@ -165,7 +165,7 @@ export let getDockerBuildArgs = async (): Promise<string> => {
   let buildArgsString: string = '';
   for (const key in NpmciConfig.configObject.dockerBuildargEnvMap) {
     const targetValue = process.env[NpmciConfig.configObject.dockerBuildargEnvMap[key]];
-    buildArgsString = `${buildArgsString} --build-arg ${key}=${targetValue}`;
+    buildArgsString = `${buildArgsString} --build-arg ${key}="${targetValue}"`;
   }
   return buildArgsString;
 };

ts/mod_git/index.ts

@@ -3,6 +3,8 @@ import * as plugins from './mod.plugins';
 import { bash } from '../npmci.bash';
 import { repo } from '../npmci.env';
 
+import { configObject } from '../npmci.config';
+
 /**
  * handle cli input
  * @param argvArg
@@ -15,10 +17,10 @@ export let handleCli = async argvArg => {
         await mirror();
         break;
       default:
-        logger.log('error', `>>npmci git ...<< action >>${action}<< not supported`);
+        logger.log('error', `npmci git -> action >>${action}<< not supported!`);
     }
   } else {
-    logger.log('info', `>>npmci git ...<< cli arguments invalid... Please read the documentation.`);
+    logger.log('info', `npmci git -> cli arguments invalid! Please read the documentation.`);
   }
 };
 
@@ -26,6 +28,16 @@ export let mirror = async () => {
   const githubToken = process.env.NPMCI_GIT_GITHUBTOKEN;
   const githubUser = process.env.NPMCI_GIT_GITHUBGROUP || repo.user;
   const githubRepo = process.env.NPMCI_GIT_GITHUB || repo.repo;
+  if (
+    configObject.projectInfo.npm.packageJson.private === true ||
+    configObject.npmAccessLevel === 'private'
+  ) {
+    logger.log(
+      'warn',
+      `refusing to mirror due to private property use a private mirror location instead`
+    );
+    return;
+  }
   if (githubToken) {
     logger.log('info', 'found github token.');
     logger.log('info', 'attempting the mirror the repository to GitHub');

ts/mod_npm/index.ts

@@ -39,12 +39,17 @@ export let handleCli = async argvArg => {
 const prepare = async () => {
   const config = await configModule.getConfig();
   let npmrcFileString: string = '';
-  plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
+  await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
     const npmRegistryUrl = npmEnvArg.split('|')[0];
     const npmToken = npmEnvArg.split('|')[1];
-    npmrcFileString = `//${npmRegistryUrl}/:_authToken="${npmToken}"\n`;
+    npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode(
+      npmToken
+    )}"\n`;
   });
+  logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`);
+  npmrcFileString += `registry=https://${config.npmRegistryUrl}\n`;
 
+  // final check
   if (npmrcFileString.length > 0) {
     logger.log('info', 'found one or more access tokens');
   } else {
@@ -52,9 +57,8 @@ const prepare = async () => {
     process.exit(1);
   }
 
+  // lets save it to disk
   plugins.smartfile.memory.toFsSync(npmrcFileString, '/root/.npmrc');
-  logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`);
-  await bash(`npm set registry https://${config.npmRegistryUrl}`);
   return;
 };
 
@@ -76,7 +80,7 @@ const publish = async () => {
 
   // -> configure registry url
   if (config.npmRegistryUrl) {
-    npmAccessCliString = `--registry=${config.npmRegistryUrl}`;
+    npmRegistryCliString = `--registry=https://${config.npmRegistryUrl}`;
   } else {
     logger.log('error', `no registry url specified. Can't publish!`);
     process.exit(1);

ts/mod_trigger/index.ts

@@ -6,7 +6,7 @@ const triggerValueRegex = /^([a-zA-Z0-9\.]*)\|([a-zA-Z0-9\.]*)\|([a-zA-Z0-9\.]*)
 
 export let trigger = async () => {
   logger.log('info', 'now running triggers');
-  plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TRIGGER_*', evaluateTrigger);
+  await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TRIGGER_*', evaluateTrigger);
 };
 
 const evaluateTrigger = async triggerEnvVarArg => {

ts/npmci.config.ts

@@ -6,9 +6,10 @@ import { repo } from './npmci.env';
 import { KeyValueStore } from '@pushrocks/npmextra';
 
 export interface INpmciOptions {
+  projectInfo: plugins.projectinfo.ProjectInfo;
   npmGlobalTools: string[];
   npmAccessLevel?: 'private' | 'public';
-  npmRegistryUrl?: string;
+  npmRegistryUrl: string;
   dockerRegistryRepoMap: any;
   dockerBuildargEnvMap: any;
 }
@@ -19,8 +20,11 @@ export let kvStorage = new KeyValueStore('custom', `${repo.user}_${repo.repo}`);
 // handle config retrival
 const npmciNpmextra = new plugins.npmextra.Npmextra(paths.cwd);
 const defaultConfig: INpmciOptions = {
+  projectInfo: new plugins.projectinfo.ProjectInfo(paths.cwd),
   npmGlobalTools: [],
   dockerRegistryRepoMap: {},
+  npmAccessLevel: 'private',
+  npmRegistryUrl: 'registry.npmjs.org',
   dockerBuildargEnvMap: {}
 };
 export let configObject = npmciNpmextra.dataFor<INpmciOptions>('npmci', defaultConfig);