Fix vulnerabilities in dependencies (#50)

elasticio · Apr 13, 2022 · cead5f6 · cead5f6
1 parent f8221be
commit cead5f6
Show file tree

Hide file tree

Showing 6 changed files with 443 additions and 5,028 deletions.
diff --git a/.circleci/build_slug.sh b/.circleci/build_slug.sh
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,54 +1,124 @@
-# Javascript Node CircleCI 2.0 configuration file
-#
-# Check https://circleci.com/docs/2.0/language-javascript/ for more details
-#
-version: 2
+version: 2.1
+parameters:
+  node-version:
+    type: string
+    default: "14"
+orbs:
+  node: circleci/[email protected]
+  slack: circleci/[email protected]
+commands:
+  notify_on_failure:
+    steps:
+      - slack/notify:
+          event: fail
+          custom: |
+            {
+            	"blocks": [
+            		{
+            			"type": "section",
+            			"fields": [
+            				{
+            					"type": "mrkdwn",
+            					"text": ":red_circle: *$CIRCLE_PROJECT_REPONAME*:*$CIRCLE_TAG* build failed"
+            				}
+            			]
+            		},
+            		{
+            			"type": "actions",
+            			"elements": [
+            				{
+            					"type": "button",
+            					"text": {
+            						"type": "plain_text",
+            						"text": "View Job"
+            					},
+            					"url": "${CIRCLE_BUILD_URL}"
+            				}
+            			]
+            		}
+            	]
+            }
+  notify_on_pass:
+    steps:
+      - slack/notify:
+          event: pass
+          custom: |
+            {
+            	"blocks": [
+            		{
+            			"type": "section",
+            			"fields": [
+            				{
+            					"type": "mrkdwn",
+            					"text": ":tada: *$CIRCLE_PROJECT_REPONAME*:*$CIRCLE_TAG* was successfully built and published"
+            				}
+            			]
+            		},
+            		{
+            			"type": "actions",
+            			"elements": [
+            				{
+            					"type": "button",
+            					"text": {
+            						"type": "plain_text",
+            						"text": "View Job"
+            					},
+            					"url": "${CIRCLE_BUILD_URL}"
+            				}
+            			]
+            		}
+            	]
+            }
 jobs:
-  build:
+  test:
     docker:
-      # specify the version you desire here
-      - image: cimg/node:14.17.5
-
-      # Specify service dependencies here if necessary
-      # CircleCI maintains a library of pre-built images
-      # documented at https://circleci.com/docs/2.0/circleci-images/
-      # - image: circleci/mongo:3.4.4
-
-    working_directory: ~/repo
-
+      - image: cimg/base:stable
     steps:
       - checkout
-
-      # Download and cache dependencies
-      - restore_cache:
-          keys:
-            - v1-dependencies-{{ checksum "package.json" }}
-            # fallback to using the latest cache if no exact match is found
-            - v1-dependencies-
-
-      - run: npm install
-
-      - save_cache:
-          paths:
-            - node_modules
-          key: v1-dependencies-{{ checksum "package.json" }}
-
-      # run tests!
-      - run: npm test
-  docs:
+      - node/install:
+          node-version: << pipeline.parameters.node-version >>
+      - run:
+          name: Audit Dependencies
+          command: npm audit --audit-level=high
+      - node/install-packages:
+          cache-path: ./node_modules
+          override-ci-command: npm install
+      - run:
+          name: test
+          command: npm test
+  build:
     docker:
-      - image: circleci/node:12-stretch
+      - image: circleci/node:14-stretch
+        user: root
     steps:
       - checkout
+      - node/install:
+          node-version: << pipeline.parameters.node-version >>
+      - setup_remote_docker:
+          version: 19.03.13
+          docker_layer_caching: true
       - run:
-          name: Download Script
-          command: mkdir $HOME/script && curl -o $HOME/script/create_pr.bash https://raw.githubusercontent.com/elasticio/elasticio.github.io/master/scripts/create_pr.bash
+          name: Install component-build-helper lib
+          command: npm install -g @elastic.io/component-build-helper
       - run:
-          shell: /bin/bash
-          name: Create PR
-          command: bash $HOME/script/create_pr.bash -p $PWD -n request-reply-component
+          name: Build and publish docker image
+          command: build_component_docker
+      - notify_on_failure
+      - notify_on_pass
 workflows:
-  version: 2
-  build_and_test:
+  test:
+    jobs:
+      - test:
+          name: "Running tests"
+          filters:
+            tags:
+              ignore: /.*/
+  publish_release:
     jobs:
-      - build
+      - build:
+          name: "Build and publish docker image"
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 1.2.3 (April 14, 2022)
+* Update Sailor version to 2.6.27
+* Get rid of vulnerabilities in dependencies
+* Add component pusher job to Circle.ci config
+
 ## 1.2.2 (November 12, 2021)
 * Update sailor version to 2.6.26
 * Fix a bug in the build with different error message

diff --git a/component.json b/component.json
@@ -2,8 +2,7 @@
   "title": "HTTP Reply",
   "service": "request-reply",
   "description": "Used to reply to HTTP webhooks",
-  "buildType": "docker",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "actions": {
     "reply": {
       "title": "Reply",