chore(mojaloop/#3461): nodejs upgrade (#8)

* chore(mojaloop/#3461): nodejs upgrade

* fix broken ci step job reference

* add missing steps for npm packages

* trigger ci pipeline

* update deps

* update deps

* add EOF lines

* update deps

* Update package.json

Co-authored-by: Steven Oderayi <oderayi@gmail.com>

* chore: dep update

---------

Co-authored-by: Steven Oderayi <oderayi@gmail.com>

.nvmrc

@@ -1 +1 @@
-16.15.0
+18.17.1

.versionrc

@@ -0,0 +1,15 @@
+{
+  "types": [
+    {"type": "feat", "section": "Features"},
+    {"type": "fix", "section": "Bug Fixes"},
+    {"type": "docs", "section": "Documentation"},
+    {"type": "style", "section": "Styling"},
+    {"type": "refactor", "section": "Refactors"},
+    {"type": "perf", "section": "Performance"},
+    {"type": "test", "section": "Tests"},
+    {"type": "build", "section": "Build System"},
+    {"type": "ci", "section": "CI"},
+    {"type": "chore", "section": "Chore"},
+    {"type": "revert", "section": "Reverts"}
+  ]
+}

Dockerfile

@@ -1,28 +1,47 @@
-FROM node:16.15.0-alpine as builder
+# Arguments
+ARG NODE_VERSION=lts-alpine
+
+# NOTE: Ensure you set NODE_VERSION Build Argument as follows...
+#
+#  export NODE_VERSION="$(cat .nvmrc)-alpine" \
+#  docker build \
+#    --build-arg NODE_VERSION=$NODE_VERSION \
+#    -t mojaloop/sdk-scheme-adapter:local \
+#    . \
+#
+
+# Build Image
+FROM node:${NODE_VERSION} as builder
+USER root
+
 WORKDIR /opt/app
 
-RUN apk add --no-cache -t build-dependencies make gcc g++ python3 libtool libressl-dev openssl-dev autoconf automake \
-    && cd $(npm root -g)/npm \
-    && npm config set unsafe-perm true \
-    && npm install -g node-gyp
+RUN apk --no-cache add git
+RUN apk add --no-cache -t build-dependencies make gcc g++ python3 libtool openssl-dev autoconf automake bash \
+    && cd $(npm root -g)/npm
 
 COPY package.json package-lock.json* /opt/app/
 
-RUN npm install
+RUN npm ci
+
+RUN apk del build-dependencies
 
 COPY src /opt/app/src
 
-FROM node:16.15.0-alpine
-WORKDIR /opt/app
+FROM node:${NODE_VERSION}
 
-# Create a non-root user: ml-user
-RUN adduser -D ml-user
+WORKDIR /opt/app
 
-COPY --chown=ml-user --from=builder /opt/app .
-RUN chown ml-user:ml-user /opt/app
+# Create empty log file & link stdout to the application log file
+RUN mkdir ./logs && touch ./logs/combined.log
+# Links combined to stdout
+RUN ln -sf /dev/stdout ./logs/combined.log
 
-USER ml-user
+# Create a non-root user:app-user
+RUN adduser -D app-user
+USER app-user
 
+COPY --chown=app-user --from=builder /opt/app .
 RUN npm prune --production
 
 CMD ["npm", "run", "cli"]

README.md

@@ -3,7 +3,7 @@ Mojaloop Testing Toolkit Client Library and Tools
 
 This package is intended to provide various clients and tools to connect with **Mojaloop Testing Toolkit** instead of using web interface.
 
-For additional back ground information on the `Mojaloop Testing Toolkit`, please see [Mojaloop Testing Toolkit Documentation](https://github.com/mojaloop/ml-testing-toolkit/blob/master/documents/User-Guide.md). It would be to the particpant's benefit to familiarise themselves with the understanding of the  [Architecture Diagram](https://github.com/mojaloop/ml-testing-toolkit/blob/master/documents/Mojaloop-Testing-Toolkit.md#7-architecture) that explains the various components and related flows.
+For additional back ground information on the `Mojaloop Testing Toolkit`, please see [Mojaloop Testing Toolkit Documentation](https://github.com/mojaloop/ml-testing-toolkit/blob/main/documents/User-Guide.md). It would be to the particpant's benefit to familiarise themselves with the understanding of the  [Architecture Diagram](https://github.com/mojaloop/ml-testing-toolkit/blob/main/documents/Mojaloop-Testing-Toolkit.md#7-architecture) that explains the various components and related flows.
 
 ## Testing Toolkit Command Line Client
 
@@ -282,8 +282,8 @@ As part of our CI/CD process, we use a combination of CircleCI, standard-version
 npm package and github-release CircleCI orb to automatically trigger our releases
 and image builds. This process essentially mimics a manual tag and release.
 
-On a merge to master, CircleCI is configured to use the mojaloopci github account
+On a merge to main, CircleCI is configured to use the mojaloopci github account
 to push the latest generated CHANGELOG and package version number.
 
-Once those changes are pushed, CircleCI will pull the updated master, tag and
+Once those changes are pushed, CircleCI will pull the updated main, tag and
 push a release triggering another subsequent build that also publishes a docker image.

audit-ci.jsonc

@@ -4,11 +4,8 @@
   // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
   "moderate": true,
   "allowlist": [
-    // @mojaloop/sdk-standard-components>jsonwebtoken
-    "GHSA-hjrf-2m68-5959",
-    "GHSA-qwph-4952-7xr6",
-    "GHSA-8cf7-32gw-wr33",
-    // request-promise-native>request-promise-core>request
-    "GHSA-p8p7-x288-28g6"
+    // request-promise-native>request-promise-core>request - Library is now deprecated. see https://github.com/mojaloop/project/issues/3545
+    "GHSA-p8p7-x288-28g6",
+    "GHSA-72xf-g2v4-qvf3"
   ]
 }