diff options
-rw-r--r-- | .circleci/config.yml | 26 | ||||
-rwxr-xr-x | .circleci/scripts/npm-audit | 12 | ||||
-rw-r--r-- | .circleci/scripts/npm-audit-check.js | 24 |
3 files changed, 49 insertions, 13 deletions
diff --git a/.circleci/config.yml b/.circleci/config.yml index 686a996c1..f4dd245f2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,9 +17,9 @@ workflows: - test-lint: requires: - prep-deps-npm - # - test-deps: - # requires: - # - prep-deps-npm + - test-deps: + requires: + - prep-deps-npm - test-e2e-chrome: requires: - prep-deps-npm @@ -156,16 +156,16 @@ jobs: name: Test command: npm run lint - # test-deps: - # docker: - # - image: circleci/node:8.11.3-browsers - # steps: - # - checkout - # - attach_workspace: - # at: . - # - run: - # name: Test - # command: sudo npm install -g npm@6 && npm audit + test-deps: + docker: + - image: circleci/node:8.15.1-browsers + steps: + - checkout + - attach_workspace: + at: . + - run: + name: npm audit + command: .circleci/scripts/npm-audit # test-e2e-beta-drizzle: # docker: diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit new file mode 100755 index 000000000..00a6876ff --- /dev/null +++ b/.circleci/scripts/npm-audit @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -e +set -u +set -o pipefail + +if ! npm audit +then + ! npm audit --json > audit.json + printf '%s\n' '' + node .circleci/scripts/npm-audit-check.js +fi diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js new file mode 100644 index 000000000..2fb408add --- /dev/null +++ b/.circleci/scripts/npm-audit-check.js @@ -0,0 +1,24 @@ +const path = require('path') +const audit = require(path.join(__dirname, '..', '..', 'audit.json')) +const error = audit.error +const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k]) + +if (error) { + process.exit(1) +} + +let count = 0 +for (const advisory of advisories) { + if (advisory.severity === 'low') { + continue + } + + count += advisory.findings.some((finding) => (!finding.dev && !finding.optional)) +} + +if (count > 0) { + console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`) + process.exit(1) +} else { + console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`) +} |