3.1.23

.gitlab-ci.yml

@@ -34,6 +34,31 @@ snyk:
   - docker
   - notpriv
 
+sast:
+  stage: security
+  image: registry.gitlab.com/hosttoday/ht-docker-dbase:npmci
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - npmci npm prepare
+    - npmci npm install
+    - npmci command npm run build
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+  tags:
+  - docker
+  - priv
+
 # ====================
 # test stage
 # ====================

npmextra.json

@@ -1,15 +1,26 @@
 {
-    "npmts":{
-        "mode":"default",
-        "coverageTreshold": "70",
-        "cli": true
-    },
-    "npmci": {
-        "npmGlobalTools": [],
-        "npmAccessLevel": "public"
-    },
-    "npmdocker":{
-        "baseImage":"hosttoday/ht-docker-node:npmci",
-        "command": "npmci test stable"
+  "npmts": {
+    "mode": "default",
+    "coverageTreshold": "70",
+    "cli": true
+  },
+  "npmci": {
+    "npmGlobalTools": [],
+    "npmAccessLevel": "public",
+    "npmRegistryUrl": "registry.npmjs.org"
+  },
+  "npmdocker": {
+    "baseImage": "hosttoday/ht-docker-node:npmci",
+    "command": "npmci test stable"
+  },
+  "gitzone": {
+    "module": {
+      "githost": "gitlab.com",
+      "gitscope": "shipzone",
+      "gitrepo": "npmci",
+      "shortDescription": "node and docker in gitlab ci on steroids",
+      "npmPackagename": "@shipzone/npmci",
+      "license": "MIT"
     }
+  }
 }

package.json

@@ -1,6 +1,7 @@
 {
   "name": "@shipzone/npmci",
-  "version": "3.1.9",
+  "version": "3.1.23",
+  "private": false,
   "description": "node and docker in gitlab ci on steroids",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
@@ -23,36 +24,35 @@
   },
   "homepage": "https://gitlab.com/gitzone/npmci#README",
   "devDependencies": {
-    "@gitzone/tsbuild": "^2.0.22",
-    "@gitzone/tsrun": "^1.1.13",
-    "@gitzone/tstest": "^1.0.15",
-    "@pushrocks/tapbundle": "^3.0.7",
-    "@types/node": "^10.12.10",
-    "tslint": "^5.11.0",
-    "tslint-config-prettier": "^1.17.0"
+    "@gitzone/tsbuild": "^2.1.11",
+    "@gitzone/tsrun": "^1.2.6",
+    "@gitzone/tstest": "^1.0.20",
+    "@pushrocks/tapbundle": "^3.0.9",
+    "@types/node": "^12.0.0",
+    "tslint": "^5.16.0",
+    "tslint-config-prettier": "^1.18.0"
   },
   "dependencies": {
-    "@pushrocks/lik": "^3.0.2",
+    "@pushrocks/lik": "^3.0.5",
     "@pushrocks/npmextra": "^3.0.1",
     "@pushrocks/projectinfo": "^4.0.2",
-    "@pushrocks/smartcli": "^3.0.6",
-    "@pushrocks/smartdelay": "^2.0.2",
-    "@pushrocks/smartfile": "^6.0.11",
-    "@pushrocks/smartlog": "^2.0.9",
+    "@pushrocks/smartanalytics": "^2.0.15",
+    "@pushrocks/smartcli": "^3.0.7",
+    "@pushrocks/smartdelay": "^2.0.3",
+    "@pushrocks/smartfile": "^7.0.2",
+    "@pushrocks/smartlog": "^2.0.19",
     "@pushrocks/smartlog-destination-local": "^7.0.5",
     "@pushrocks/smartparam": "^1.0.4",
-    "@pushrocks/smartpromise": "^2.0.5",
-    "@pushrocks/smartrequest": "^1.1.14",
-    "@pushrocks/smartshell": "^2.0.11",
+    "@pushrocks/smartpromise": "^3.0.2",
+    "@pushrocks/smartrequest": "^1.1.15",
+    "@pushrocks/smartshell": "^2.0.13",
+    "@pushrocks/smartsocket": "^1.1.36",
     "@pushrocks/smartssh": "^1.2.3",
-    "@pushrocks/smartstring": "^3.0.5",
-    "@types/lodash": "^4.14.118",
-    "@types/shelljs": "^0.8.0",
+    "@pushrocks/smartstring": "^3.0.10",
+    "@types/lodash": "^4.14.124",
+    "@types/shelljs": "^0.8.5",
     "@types/through2": "^2.0.34",
     "lodash": "^4.17.11",
-    "smartanalytics": "^2.0.9",
-    "smartsocket": "^1.1.19",
-    "through2": "^3.0.0"
-  },
-  "private": false
+    "through2": "^3.0.1"
+  }
 }

readme.md

@@ -1,25 +1,20 @@
-# npmci
-
+# @shipzone/npmci
 node and docker in gitlab ci on steroids
 
-## Availabililty
-
-[![npm](https://shipzone.gitlab.io/assets/repo-button-npm.svg)](https://www.npmjs.com/package/@shipzone/npmci)
-[![git](https://shipzone.gitlab.io/assets/repo-button-git.svg)](https://GitLab.com/shipzone/npmci)
-[![git](https://shipzone.gitlab.io/assets/repo-button-mirror.svg)](https://github.com/shipzone/npmci)
-[![docs](https://shipzone.gitlab.io/assets/repo-button-docs.svg)](https://shipzone.gitlab.io/npmci/)
+## Availabililty and Links
+* [npmjs.org (npm package)](https://www.npmjs.com/package/@shipzone/npmci)
+* [gitlab.com (source)](https://gitlab.com/shipzone/npmci)
+* [github.com (source mirror)](https://github.com/shipzone/npmci)
+* [docs (typedoc)](https://shipzone.gitlab.io/npmci/)
 
 ## Status for master
-
-[![build status](https://GitLab.com/shipzone/npmci/badges/master/build.svg)](https://GitLab.com/shipzone/npmci/commits/master)
-[![coverage report](https://GitLab.com/shipzone/npmci/badges/master/coverage.svg)](https://GitLab.com/shipzone/npmci/commits/master)
-[![npm downloads per month](https://img.shields.io/npm/dm/npmci.svg)](https://www.npmjs.com/package/@shipzone/npmci)
-[![Dependency Status](https://david-dm.org/shipzone/npmci.svg)](https://david-dm.org/shipzone/npmci)
-[![bitHound Dependencies](https://www.bithound.io/github/shipzone/npmci/badges/dependencies.svg)](https://www.bithound.io/github/shipzone/npmci/master/dependencies/npm)
-[![bitHound Code](https://www.bithound.io/github/shipzone/npmci/badges/code.svg)](https://www.bithound.io/github/shipzone/npmci)
-[![TypeScript](https://img.shields.io/badge/TypeScript-2.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
-[![node](https://img.shields.io/badge/node->=%206.x.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
-[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
+[![build status](https://gitlab.com/shipzone/npmci/badges/master/build.svg)](https://gitlab.com/shipzone/npmci/commits/master)
+[![coverage report](https://gitlab.com/shipzone/npmci/badges/master/coverage.svg)](https://gitlab.com/shipzone/npmci/commits/master)
+[![npm downloads per month](https://img.shields.io/npm/dm/@shipzone/npmci.svg)](https://www.npmjs.com/package/@shipzone/npmci)
+[![Known Vulnerabilities](https://snyk.io/test/npm/@shipzone/npmci/badge.svg)](https://snyk.io/test/npm/@shipzone/npmci)
+[![TypeScript](https://img.shields.io/badge/TypeScript->=%203.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
+[![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
+[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-prettier-ff69b4.svg)](https://prettier.io/)
 
 ## Usage
 
@@ -98,9 +93,9 @@ For further information read the linked docs at the top of this README.
 
 Use TypeScript for best in class instellisense.
 
-For further information read the linked docs at the top of this README.
+For further information read the linked docs at the top of this readme.
 
 > MIT licensed | **©** [Lossless GmbH](https://lossless.gmbh)
-> | By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html)
+| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html)
 
-[![repo-footer](https://shipzone.gitlab.io/assets/repo-footer.svg)](https://push.rocks)
+[![repo-footer](https://shipzone.gitlab.io/assets/repo-footer.svg)](https://maintainedby.lossless.com)

ts/mod_docker/mod.helpers.ts

@@ -165,7 +165,7 @@ export let getDockerBuildArgs = async (): Promise<string> => {
   let buildArgsString: string = '';
   for (const key in NpmciConfig.configObject.dockerBuildargEnvMap) {
     const targetValue = process.env[NpmciConfig.configObject.dockerBuildargEnvMap[key]];
-    buildArgsString = `${buildArgsString} --build-arg ${key}=${targetValue}`;
+    buildArgsString = `${buildArgsString} --build-arg ${key}="${targetValue}"`;
   }
   return buildArgsString;
 };

ts/mod_git/index.ts

@@ -3,6 +3,8 @@ import * as plugins from './mod.plugins';
 import { bash } from '../npmci.bash';
 import { repo } from '../npmci.env';
 
+import { configObject } from '../npmci.config';
+
 /**
  * handle cli input
  * @param argvArg
@@ -15,10 +17,10 @@ export let handleCli = async argvArg => {
         await mirror();
         break;
       default:
-        logger.log('error', `>>npmci git ...<< action >>${action}<< not supported`);
+        logger.log('error', `npmci git -> action >>${action}<< not supported!`);
     }
   } else {
-    logger.log('info', `>>npmci git ...<< cli arguments invalid... Please read the documentation.`);
+    logger.log('info', `npmci git -> cli arguments invalid! Please read the documentation.`);
   }
 };
 
@@ -26,6 +28,16 @@ export let mirror = async () => {
   const githubToken = process.env.NPMCI_GIT_GITHUBTOKEN;
   const githubUser = process.env.NPMCI_GIT_GITHUBGROUP || repo.user;
   const githubRepo = process.env.NPMCI_GIT_GITHUB || repo.repo;
+  if (
+    configObject.projectInfo.npm.packageJson.private === true ||
+    configObject.npmAccessLevel === 'private'
+  ) {
+    logger.log(
+      'warn',
+      `refusing to mirror due to private property use a private mirror location instead`
+    );
+    return;
+  }
   if (githubToken) {
     logger.log('info', 'found github token.');
     logger.log('info', 'attempting the mirror the repository to GitHub');

ts/mod_npm/index.ts

@@ -39,12 +39,17 @@ export let handleCli = async argvArg => {
 const prepare = async () => {
   const config = await configModule.getConfig();
   let npmrcFileString: string = '';
-  plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
+  await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TOKEN_NPM*', npmEnvArg => {
     const npmRegistryUrl = npmEnvArg.split('|')[0];
     const npmToken = npmEnvArg.split('|')[1];
-    npmrcFileString = `//${npmRegistryUrl}/:_authToken="${npmToken}"\n`;
+    npmrcFileString += `//${npmRegistryUrl}/:_authToken="${plugins.smartstring.base64.decode(
+      npmToken
+    )}"\n`;
   });
+  logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`);
+  npmrcFileString += `registry=https://${config.npmRegistryUrl}\n`;
 
+  // final check
   if (npmrcFileString.length > 0) {
     logger.log('info', 'found one or more access tokens');
   } else {
@@ -52,9 +57,8 @@ const prepare = async () => {
     process.exit(1);
   }
 
+  // lets save it to disk
   plugins.smartfile.memory.toFsSync(npmrcFileString, '/root/.npmrc');
-  logger.log('info', `setting default npm registry to ${config.npmRegistryUrl}`);
-  await bash(`npm set registry https://${config.npmRegistryUrl}`);
   return;
 };
 
@@ -76,7 +80,7 @@ const publish = async () => {
 
   // -> configure registry url
   if (config.npmRegistryUrl) {
-    npmAccessCliString = `--registry=${config.npmRegistryUrl}`;
+    npmRegistryCliString = `--registry=https://${config.npmRegistryUrl}`;
   } else {
     logger.log('error', `no registry url specified. Can't publish!`);
     process.exit(1);

ts/mod_trigger/index.ts

@@ -6,7 +6,7 @@ const triggerValueRegex = /^([a-zA-Z0-9\.]*)\|([a-zA-Z0-9\.]*)\|([a-zA-Z0-9\.]*)
 
 export let trigger = async () => {
   logger.log('info', 'now running triggers');
-  plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TRIGGER_*', evaluateTrigger);
+  await plugins.smartparam.forEachMinimatch(process.env, 'NPMCI_TRIGGER_*', evaluateTrigger);
 };
 
 const evaluateTrigger = async triggerEnvVarArg => {

ts/npmci.config.ts

@@ -6,9 +6,10 @@ import { repo } from './npmci.env';
 import { KeyValueStore } from '@pushrocks/npmextra';
 
 export interface INpmciOptions {
+  projectInfo: plugins.projectinfo.ProjectInfo;
   npmGlobalTools: string[];
   npmAccessLevel?: 'private' | 'public';
-  npmRegistryUrl?: string;
+  npmRegistryUrl: string;
   dockerRegistryRepoMap: any;
   dockerBuildargEnvMap: any;
 }
@@ -19,8 +20,11 @@ export let kvStorage = new KeyValueStore('custom', `${repo.user}_${repo.repo}`);
 // handle config retrival
 const npmciNpmextra = new plugins.npmextra.Npmextra(paths.cwd);
 const defaultConfig: INpmciOptions = {
+  projectInfo: new plugins.projectinfo.ProjectInfo(paths.cwd),
   npmGlobalTools: [],
   dockerRegistryRepoMap: {},
+  npmAccessLevel: 'private',
+  npmRegistryUrl: 'registry.npmjs.org',
   dockerBuildargEnvMap: {}
 };
 export let configObject = npmciNpmextra.dataFor<INpmciOptions>('npmci', defaultConfig);

ts/npmci.monitor.ts

@@ -2,7 +2,7 @@ import { logger } from './npmci.logging';
 import * as plugins from './npmci.plugins';
 import * as env from './npmci.env';
 
-import { Analytics } from 'smartanalytics';
+import { Analytics } from '@pushrocks/smartanalytics';
 
 export let npmciAnalytics = new Analytics({
   apiEndPoint: 'https://pubapi.lossless.one/analytics',

ts/npmci.plugins.ts

@@ -15,7 +15,7 @@ import * as smartparam from '@pushrocks/smartparam';
 import * as smartpromise from '@pushrocks/smartpromise';
 import * as smartrequest from '@pushrocks/smartrequest';
 import * as smartshell from '@pushrocks/smartshell';
-import * as smartsocket from 'smartsocket';
+import * as smartsocket from '@pushrocks/smartsocket';
 import * as smartssh from '@pushrocks/smartssh';
 import * as smartstring from '@pushrocks/smartstring';