Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: [OSM-1039] move nodejs plugin functionality #3

Merged
merged 1 commit into from
Apr 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 115 additions & 2 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,22 +1,135 @@
version: 2.1

orbs:
prodsec: snyk/prodsec-orb@1
win: circleci/windows@2.4.0
prodsec: snyk/prodsec-orb@1.0

filters_branches_ignore_main: &filters_branches_ignore_main
filters:
branches:
ignore:
- main

defaults: &defaults
parameters:
node_version:
type: string
default: "18.19.1"
working_directory: ~/snyk-nodejs-plugin

windows_defaults: &windows_defaults
environment:
npm_config_loglevel: silent
executor:
name: win/default

test_matrix: &test_matrix
node_version: ['14.17.6', '16.13.2', '18.19.1']

commands:
install_deps:
description: Install dependencies
steps:
- checkout
- run:
name: Use snyk-main npmjs user
command: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
- run:
name: Install dependencies
command: npm install
install_node_npm:
description: Install correct Node version
parameters:
node_version:
type: string
default: ""
steps:
- run:
name: Install correct version of Node
command: nvm install << parameters.node_version >>
- run:
name: Use correct version of Node
command: nvm use << parameters.node_version >>
show_node_version:
description: Log Node and npm version
steps:
- run:
name: Node version
command: node --version
- run:
name: NPM version
command: npm --version

jobs:
lint:
<<: *defaults
docker:
- image: cimg/node:<< parameters.node_version >>
steps:
- checkout
- install_deps
- show_node_version
- run:
name: Run lint
command: npm run lint

test-windows:
<<: *defaults
<<: *windows_defaults
steps:
- run: git config --global core.autocrlf false
- checkout
- install_node_npm:
node_version: << parameters.node_version >>
- install_deps
- show_node_version
- run:
name: Run tests
command: npm test

test-unix:
<<: *defaults
docker:
- image: cimg/node:<< parameters.node_version >>
steps:
- checkout
- install_deps
- show_node_version
- run:
name: Run tests
command: npm test

workflows:
version: 2
test_and_release:
jobs:
- prodsec/secrets-scan:
name: Scan repository for secrets
trusted-branch: main
context:
- snyk-bot-slack
channel: os-team-managed-alerts
- lint:
name: Lint
context: nodejs-install
node_version: "lts"
- test-windows:
matrix:
alias: test-windows
parameters:
<<: *test_matrix
name: Windows Tests for Node=<< matrix.node_version >>
context: nodejs-install
requires:
- Lint
<<: *filters_branches_ignore_main
- test-unix:
matrix:
alias: test-unix
parameters:
<<: *test_matrix
name: Unix Tests for Node=<< matrix.node_version >>
context: nodejs-install
requires:
- Lint
<<: *filters_branches_ignore_main

29 changes: 29 additions & 0 deletions .eslintrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{
"root": true,
"parser": "@typescript-eslint/parser",
"plugins": [
"@typescript-eslint"
],
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/recommended"
],
"rules": {
"@typescript-eslint/no-explicit-any": "off",
"require-await": "warn",
"camelcase": "error",
"default-case": "error",
"default-case-last": "error",
"no-constant-binary-expression": "error",
"no-duplicate-imports": "error",
"no-else-return": "error",
"no-invalid-this": "error",
"no-template-curly-in-string": "error",
"no-use-before-define": "error",
"no-var": "error",
"prefer-const": "error",
"require-atomic-updates": "error",
"spaced-comment": "error",
"yoda": "error"
}
}
48 changes: 48 additions & 0 deletions .github/CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Contributing

## Commit messages

Commit messages must follow the [Angular-style](https://github.com/angular/angular.js/blob/master/CONTRIBUTING.md#commit-message-format) commit format (but excluding the scope).

i.e:

```text
fix: minified scripts being removed

Also includes tests
```

This will allow for the automatic changelog to generate correctly.

### Commit types

Must be one of the following:

- **feat**: A new feature
- **fix**: A bug fix
- **docs**: Documentation only changes
- **test**: Adding missing tests
- **chore**: Changes to the build process or auxiliary tools and libraries such as documentation generation
- **refactor**: A code change that neither fixes a bug nor adds a feature
- **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
- **perf**: A code change that improves performance

To release a major you need to add `BREAKING CHANGE: ` to the start of the body and the detail of the breaking change.

## Code standards

Ensure that your code adheres to the included `.eslintrc` config by running `npm run lint`.

## Sending pull requests

- add tests for newly added code (and try to mirror directory and file structure if possible)
- spell check
- PRs will not be code reviewed unless all tests are passing (run `npm test`)

_Important:_ when fixing a bug, please commit a **failing test** first demonstrate the current code is failing. Once that commit is in place, then commit the bug fix, so that we can test _before_ and _after_.

Remember that you're developing for multiple platforms and versions of node, so if the tests pass on your Mac or Linux or Windows machine, it _may_ not pass elsewhere.

## Contributor Agreement

A pull-request will only be considered for merging into the upstream codebase after you have signed our [contributor agreement](https://github.com/snyk/snyk-nuget-plugin/blob/main/Contributor-Agreement.md), assigning us the rights to the contributed code and granting you a license to use it in return. If you submit a pull request, you will be prompted to review and sign the agreement with one click (we use [CLA assistant](https://cla-assistant.io/)).
22 changes: 22 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
- [ ] Tests written and linted
- [ ] Documentation written / README.md updated [https://snyk.io/docs/snyk-for-node/](i)
- [ ] Follows [CONTRIBUTING agreement](CONTRIBUTING.md)
- [ ] Commit history is tidy [https://git-scm.com/book/en/v2/Git-Branching-Rebasing](i)
- [ ] Reviewed by Snyk team

### What this does

_Explain why this PR exists_

### Notes for the reviewer

_Instructions on how to run this locally, background context, what to review, questions…_

### More information

- [SC-XXXX]()
- [Link to documentation]()

### Screenshots

_Visuals that may help the reviewer_
13 changes: 13 additions & 0 deletions .github/workflows/pr-housekeeping.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
on:
schedule:
- cron: "0 0 * * *" # Every day at midnight
workflow_dispatch:

jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v7
with:
stale-pr-message: "Your PR has not had any activity for 60 days. In 7 days I'll close it. Make some activity to remove this."
close-pr-message: "Your PR has now been stale for 7 days. I'm closing it."
16 changes: 16 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
.DS_Store

dist
node_modules
./package-lock.json

.eslintcache

# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
coverage/

# IDEs
.idea
.vscode
.ionide/
7 changes: 7 additions & 0 deletions .npmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
.github
.jscsrc
.travis.yml
.vscode
.idea
/dev-test.js
/test
1 change: 1 addition & 0 deletions .npmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
package-lock=false
1 change: 1 addition & 0 deletions .nvmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
18
15 changes: 15 additions & 0 deletions .prettierrc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
"singleQuote": true,
"trailingComma": "all",
"overrides": [
{
"files": "*.json",
"options": {
"printWidth": 40,
"parser": "json",
"bracketSpacing": true,
"trailingComma": "none"
}
}
]
}
42 changes: 42 additions & 0 deletions Contributor-Agreement.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Snyk CLI tool contributor agreement

This Snyk CLI tool Agreement (this **"Agreement"**) applies to any Contribution you make to any Work.

This is a binding legal agreement on you and any organization you represent. If you are signing this Agreement on behalf of your employer or other organization, you represent and warrant that you have the authority to agree to this Agreement on behalf of the organization.

## 1. Definitions

**"Contribution"** means any original work, including any modification of or addition to an existing work, that you submit to Snyk CLI tool repo in any manner for inclusion in any Work.

**"Snyk", "we"** and **"us"** means Snyk Ltd.

**"Work"** means any project, work or materials owned or managed by Snyk Ltd.

**"You"** and **"your"** means you and any organization on whose behalf you are entering this Agreement.

## 2. Copyright Assignment, License and Waiver

**(a) Assignment.** By submitting a Contribution, you assign to Snyk all right, title and interest in any copright you have in the Contribution, and you waive any rights, including any moral rights, database rights, etc., that may affect your ownership of the copyright in the Contribution.

**(b) License to Snyk.** If your assignment in Section 2(a) is ineffective for any reason, you grant to us and to any recipient of any Work distributed by use, a perpetual, worldwide, transferable, non-exclusive, no-charge, royalty-free, irrevocable, and sublicensable licence to use, reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Contributions and any derivative work created based on a Contribution. If your license grant is ineffective for any reason, you irrevocably waive and covenant to not assert any claim you may have against us, our successors in interest, and any of our direct or indirect licensees and customers, arising out of our, our successors in interest's, or any of our direct or indirect licensees' or customers' use, reproduction, preparation of derivative works, public display, public performance, sublicense, and distribution of a Contribution. You also agree that we may publicly use your name and the name of any organization on whose behalf you're entering into this Agreement in connection with publicizing the Work.

**(c) License to you.** We grant to you a perpetual, worldwide, transferable, non-exclusive, no-charge, royalty-free, irrevocable, and sublicensable license to use, reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute a Contribution and any derivative works you create based on a Contribution.

## 3. Patent License

You grant to us and to any recipient of any Work distributed by us, a perpetual, worldwide, transferable, non-exclusive, no-charge, royalty-free, irrevocable, and sublicensable patent license to make, have made, use, sell, offer to sell, import, and otherwise transfer the Contribution in whole or in part, along or included in any Work under any patent you own, or license from a third party, that is necessarily infringed by the Contribution or by combination of the Contribution with any Work.

## 4. Your Representation and Warranties.

By submitting a Contribution, you represent and warrant that: (a) each Contribution you submit is an original work and you can legally grant the rights set out in this Agreement; (b) the Contribution does not, and any exercise of the rights granted by you will not, infringe any third party's intellectual property or other right; and (c) you are not aware of any claims, suits, or actions pertaining to the Contribution. You will notify us immediately if you become aware or have reason to believe that any of your representations and warranties is or becomes inaccurate.

##5. Intellectual Property
Except for the assignment and licenses set forth in this Agreement, this Agreement does not transfer any right, title or interest in any intellectual property right of either party to the other. If you choose to provide us with suggestions, ideas for improvement, recommendations or other feedback, on any Work we may use your feedback without any restriction or payment.

## Miscellaneous

English law governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of the courts in England, UK. This Agreement does not create a partnership, agency relationship, or joint venture between the parties. We may assign this Agreement without notice or restriction. If any provision of this Agreement is unenforcable, that provision will be modified to render it enforceable to the extent possible to effect the parties' intention and the remaining provisions will not be affected. The parties may amend this Agreement only in a written amendment signed by both parties. This Agreement comprises the parties' entire agreement relating to the subject matter of this Agreement.

**Agreed and accepted on my behalf and on behalf of my organization**

Our contributor agreement is based on the [mongoDB contributor agreement] (https://www.mongodb.com/legal/contributor-agreement).
Loading