From ea142a4dd65c45694f663885d509aae147430f97 Mon Sep 17 00:00:00 2001 From: Whymarrh Whitby Date: Thu, 6 Jun 2019 13:26:27 -0230 Subject: ci: Enable npm audit check --- .circleci/config.yml | 26 +++++++++++++------------- .circleci/scripts/npm-audit | 12 ++++++++++++ .circleci/scripts/npm-audit-check.js | 24 ++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 13 deletions(-) create mode 100755 .circleci/scripts/npm-audit create mode 100644 .circleci/scripts/npm-audit-check.js diff --git a/.circleci/config.yml b/.circleci/config.yml index 686a996c1..f4dd245f2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,9 +17,9 @@ workflows: - test-lint: requires: - prep-deps-npm - # - test-deps: - # requires: - # - prep-deps-npm + - test-deps: + requires: + - prep-deps-npm - test-e2e-chrome: requires: - prep-deps-npm @@ -156,16 +156,16 @@ jobs: name: Test command: npm run lint - # test-deps: - # docker: - # - image: circleci/node:8.11.3-browsers - # steps: - # - checkout - # - attach_workspace: - # at: . - # - run: - # name: Test - # command: sudo npm install -g npm@6 && npm audit + test-deps: + docker: + - image: circleci/node:8.15.1-browsers + steps: + - checkout + - attach_workspace: + at: . + - run: + name: npm audit + command: .circleci/scripts/npm-audit # test-e2e-beta-drizzle: # docker: diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit new file mode 100755 index 000000000..00a6876ff --- /dev/null +++ b/.circleci/scripts/npm-audit @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -e +set -u +set -o pipefail + +if ! npm audit +then + ! npm audit --json > audit.json + printf '%s\n' '' + node .circleci/scripts/npm-audit-check.js +fi diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js new file mode 100644 index 000000000..2fb408add --- /dev/null +++ b/.circleci/scripts/npm-audit-check.js @@ -0,0 +1,24 @@ +const path = require('path') +const audit = require(path.join(__dirname, '..', '..', 'audit.json')) +const error = audit.error +const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k]) + +if (error) { + process.exit(1) +} + +let count = 0 +for (const advisory of advisories) { + if (advisory.severity === 'low') { + continue + } + + count += advisory.findings.some((finding) => (!finding.dev && !finding.optional)) +} + +if (count > 0) { + console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`) + process.exit(1) +} else { + console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`) +} -- cgit v1.2.3