Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add postbuild dependencies check #130

Merged
merged 4 commits into from
Feb 25, 2021
Merged

Conversation

gquadrati
Copy link
Contributor

In order to avoid missing dependencies after yarn install --prod command, a postbuild check has been added to prompt all dependencies not listed in package.json

@pagopa-github-bot
Copy link
Contributor

pagopa-github-bot commented Feb 19, 2021

Warnings
⚠️

Please include a Pivotal story at the beginning of the PR title (see below).

Example of PR titles that include pivotal stories:

  • single story: [#123456] my PR title
  • multiple stories: [#123456,#123457,#123458] my PR title

New dependencies added: @azure/ms-rest-js, @pagopa/ts-commons, applicationinsights, body-parser, dotenv and node-fetch.

@azure/ms-rest-js

Author: Microsoft Corporation

Description: Isomorphic client Runtime for Typescript/node.js/browser javascript client libraries generated using AutoRest

Homepage: /~https://github.com/Azure/ms-rest-js

Createdover 2 years ago
Last Updated8 days ago
LicenseMIT
Maintainers6
Releases53
Direct Dependencies@azure/core-auth, @types/node-fetch, @types/tunnel, abort-controller, form-data, node-fetch, tough-cookie, tslib, tunnel, uuid and xml2js
Keywordsisomorphic, browser, javascript, node, microsoft, autorest and clientruntime
README

ms-rest-js

Build Status

Runtime for isomorphic javascript libraries (that work in the browser and node.js environment) generated via Autorest.

Requirements

  • Node.js version > 6.x
  • npm install -g typescript

Installation

  • After cloning the repo, execute npm install

Execution

Node.js

  • Set the subscriptionId and token as instructed in samples/node-samples.ts
  • Run npx ts-node samples/node-sample.js

In the browser

  • Run npm run build
  • Set the subscriptionId and token then
  • Open index.html file in the browser. It should show the response from GET request on the storage account. From Chrome type Ctrl + Shift + I and you can see the logs in console.

Architecture Overview

You can find an explanation of how this repository's code works by going to our architecture overview.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct.
For more information see the Code of Conduct FAQ or
contact opencode@microsoft.com with any additional questions or comments.

@pagopa/ts-commons

Author: https://www.pagopa.gov.it

Description: Shared TypeScript code for the IO project

Homepage: /~https://github.com/pagopa/io-ts-commons#readme

Created28 days ago
Last Updated14 days ago
LicenseMIT
Maintainers5
Releases2
Direct Dependenciesabort-controller, agentkeepalive, applicationinsights, fp-ts, io-ts, json-set-map, node-fetch and validator
README

Build Status

FOSSA Status

codecov

Maintainability

TypeScript Commons

This module provides code shared by the projects of the
IO App
initiative.

Documentation is available here

Contributing

In the following there are instructions to build the app in your computer for development purposes.

Pre-requisites

We built a script for helping setting up the laptop, you can find it here

Otherwise, please follow the following steps:

Install NodeJS

To run the project you need to install a properly version of NodeJS.

On macOS and Linux we recommend the use of a virtual environment, such as nodenv for managing multiple versions of NodeJS.
The node version used in this project is stored in .node-version.

If you already have nodenv installed and configured on your system, the correct version node will be set when you access the app directory.

To install, follow the steps described below.

Install brew

If you do not have it already, install brew following the installation instructions in the home page.

Install nodenv

brew install nodenv

Install yarn

For the management of javascript dependencies we use Yarn.

Yarn is a node application. IF you have already installed in your system version of node compatible with yarn, you can install it as a global command with:

npm install -g yarn

Install dependencies

Install the libraries used by the project:

$ yarn install --frozen-lockfile

Run Tests

Run Unit Tests

$ yarn test

Run Lint Check

$ yarn lint

Updating/publishing online docs

$ yarn docs

Releasing a version

Release has been automatized by using Azure Pipelines.

To release a new version please go to io-ts-commons project on Azure and manually run pagopa.io-ts-commons.deploy the pipeline.
Be aware to choose the right release version between major|minor|patch

License

FOSSA Status

applicationinsights

Author: Unknown

Description: Microsoft Application Insights module for Node.js

Homepage: /~https://github.com/microsoft/ApplicationInsights-node.js#readme

Createdover 6 years ago
Last Updated8 days ago
LicenseMIT
Maintainers1
Releases90
Direct Dependenciescls-hooked, continuation-local-storage, diagnostic-channel and diagnostic-channel-publishers
Keywordsexception monitoring, request monitoring, performance monitoring, application insights, microsoft, azure, cloud, tracing, telemetry, analytics and apm
This README is too long to show.

body-parser

Author: Unknown

Description: Node.js body parsing middleware

Homepage: /~https://github.com/expressjs/body-parser#readme

Createdabout 7 years ago
Last Updatedabout 1 year ago
LicenseMIT
Maintainers1
Releases65
Direct Dependenciesbytes, content-type, debug, depd, http-errors, iconv-lite, on-finished, qs, raw-body and type-is
This README is too long to show.

dotenv

Author: Unknown

Description: Loads environment variables from .env file

Homepage: /~https://github.com/motdotla/dotenv#readme

Createdover 7 years ago
Last Updated12 months ago
LicenseBSD-2-Clause
Maintainers4
Releases38
Direct Dependencies
Keywordsdotenv, env, .env, environment, variables, config and settings
README

dotenv

dotenv

Dotenv is a zero-dependency module that loads environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.

BuildStatus
Build status
NPM version
js-standard-style
Coverage Status
LICENSE
Conventional Commits

Install

# with npm
npm install dotenv

# or with Yarn
yarn add dotenv

Usage

As early as possible in your application, require and configure dotenv.

require('dotenv').config()

Create a .env file in the root directory of your project. Add
environment-specific variables on new lines in the form of NAME=VALUE.
For example:

DB_HOST=localhost
DB_USER=root
DB_PASS=s1mpl3

process.env now has the keys and values you defined in your .env file.

const db = require('db')
db.connect({
  host: process.env.DB_HOST,
  username: process.env.DB_USER,
  password: process.env.DB_PASS
})

Preload

You can use the --require (-r) command line option to preload dotenv. By doing this, you do not need to require and load dotenv in your application code. This is the preferred approach when using import instead of require.

$ node -r dotenv/config your_script.js

The configuration options below are supported as command line arguments in the format dotenv_config_<option>=value

$ node -r dotenv/config your_script.js dotenv_config_path=/custom/path/to/your/env/vars

Additionally, you can use environment variables to set configuration options. Command line arguments will precede these.

$ DOTENV_CONFIG_<OPTION>=value node -r dotenv/config your_script.js
$ DOTENV_CONFIG_ENCODING=latin1 node -r dotenv/config your_script.js dotenv_config_path=/custom/path/to/.env

Config

config will read your .env file, parse the contents, assign it to
process.env,
and return an Object with a parsed key containing the loaded content or an error key if it failed.

const result = dotenv.config()

if (result.error) {
  throw result.error
}

console.log(result.parsed)

You can additionally, pass options to config.

Options

Path

Default: path.resolve(process.cwd(), '.env')

You may specify a custom path if your file containing environment variables is located elsewhere.

require('dotenv').config({ path: '/full/custom/path/to/your/env/vars' })

Encoding

Default: utf8

You may specify the encoding of your file containing environment variables.

require('dotenv').config({ encoding: 'latin1' })

Debug

Default: false

You may turn on logging to help debug why certain keys or values are not being set as you expect.

require('dotenv').config({ debug: process.env.DEBUG })

Parse

The engine which parses the contents of your file containing environment
variables is available to use. It accepts a String or Buffer and will return
an Object with the parsed keys and values.

const dotenv = require('dotenv')
const buf = Buffer.from('BASIC=basic')
const config = dotenv.parse(buf) // will return an object
console.log(typeof config, config) // object { BASIC : 'basic' }

Options

Debug

Default: false

You may turn on logging to help debug why certain keys or values are not being set as you expect.

const dotenv = require('dotenv')
const buf = Buffer.from('hello world')
const opt = { debug: true }
const config = dotenv.parse(buf, opt)
// expect a debug message because the buffer is not in KEY=VAL form

Rules

The parsing engine currently supports the following rules:

  • BASIC=basic becomes {BASIC: 'basic'}
  • empty lines are skipped
  • lines beginning with # are treated as comments
  • empty values become empty strings (EMPTY= becomes {EMPTY: ''})
  • inner quotes are maintained (think JSON) (JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")
  • whitespace is removed from both ends of unquoted values (see more on trim) (FOO= some value becomes {FOO: 'some value'})
  • single and double quoted values are escaped (SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})
  • single and double quoted values maintain whitespace from both ends (FOO=" some value " becomes {FOO: ' some value '})
  • double quoted values expand new lines (MULTILINE="new\nline" becomes
{MULTILINE: 'new
line'}

FAQ

Should I commit my .env file?

No. We strongly recommend against committing your .env file to version
control. It should only include environment-specific values such as database
passwords or API keys. Your production database should have a different
password than your development database.

Should I have multiple .env files?

No. We strongly recommend against having a "main" .env file and an "environment" .env file like .env.test. Your config should vary between deploys, and you should not be sharing values between environments.

In a twelve-factor app, env vars are granular controls, each fully orthogonal to other env vars. They are never grouped together as “environments”, but instead are independently managed for each deploy. This is a model that scales up smoothly as the app naturally expands into more deploys over its lifetime.

The Twelve-Factor App

What happens to environment variables that were already set?

We will never modify any environment variables that have already been set. In particular, if there is a variable in your .env file which collides with one that already exists in your environment, then that variable will be skipped. This behavior allows you to override all .env configurations with a machine-specific environment, although it is not recommended.

If you want to override process.env you can do something like this:

const fs = require('fs')
const dotenv = require('dotenv')
const envConfig = dotenv.parse(fs.readFileSync('.env.override'))
for (const k in envConfig) {
  process.env[k] = envConfig[k]
}

Can I customize/write plugins for dotenv?

For dotenv@2.x.x: Yes. dotenv.config() now returns an object representing
the parsed .env file. This gives you everything you need to continue
setting values on process.env. For example:

const dotenv = require('dotenv')
const variableExpansion = require('dotenv-expand')
const myEnv = dotenv.config()
variableExpansion(myEnv)

What about variable expansion?

Try dotenv-expand

How do I use dotenv with import?

ES2015 and beyond offers modules that allow you to export any top-level function, class, var, let, or const.

When you run a module containing an import declaration, the modules it imports are loaded first, then each module body is executed in a depth-first traversal of the dependency graph, avoiding cycles by skipping anything already executed.

ES6 In Depth: Modules

You must run dotenv.config() before referencing any environment variables. Here's an example of problematic code:

errorReporter.js:

import { Client } from 'best-error-reporting-service'

export const client = new Client(process.env.BEST_API_KEY)

index.js:

import dotenv from 'dotenv'
import errorReporter from './errorReporter'

dotenv.config()
errorReporter.client.report(new Error('faq example'))

client will not be configured correctly because it was constructed before dotenv.config() was executed. There are (at least) 3 ways to make this work.

  1. Preload dotenv: node --require dotenv/config index.js (Note: you do not need to import dotenv with this approach)
  2. Import dotenv/config instead of dotenv (Note: you do not need to call dotenv.config() and must pass options via the command line or environment variables with this approach)
  3. Create a separate file that will execute config first as outlined in this comment on #133

Contributing Guide

See CONTRIBUTING.md

Change Log

See CHANGELOG.md

Who's using dotenv?

These npm modules depend on it.

Projects that expand it often use the keyword "dotenv" on npm.

node-fetch

Author: David Frank

Description: A light-weight module that brings window.fetch to node.js

Homepage: /~https://github.com/bitinn/node-fetch

Createdabout 6 years ago
Last Updated6 months ago
LicenseMIT
Maintainers4
Releases61
Direct Dependencies
Keywordsfetch, http and promise
This README is too long to show.

Generated by 🚫 dangerJS

package.json Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Feb 19, 2021

Codecov Report

Merging #130 (cc7dd16) into master (58fda03) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #130   +/-   ##
=======================================
  Coverage   84.20%   84.20%           
=======================================
  Files          49       49           
  Lines        1665     1665           
  Branches      133      133           
=======================================
  Hits         1402     1402           
  Misses        258      258           
  Partials        5        5           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 999570b...cc7dd16. Read the comment docs.

gquadrati and others added 2 commits February 19, 2021 15:23
Co-authored-by: Emanuele De Cupis <emanuele.decupis@pagopa.it>
@balanza
Copy link
Contributor

balanza commented Feb 19, 2021

Ok, let's say we are fine with this check. We now have a failing check, and we must fix the build ;)

@gquadrati
Copy link
Contributor Author

Ok, let's say we are fine with this check. We now have a failing check, and we must fix the build ;)

I wanted to try the Dangerfile before adding dependencies :) I'm doing it

@gquadrati gquadrati marked this pull request as ready for review February 25, 2021 08:09
@gquadrati gquadrati requested a review from balanza February 25, 2021 08:09
@balanza balanza enabled auto-merge (squash) February 25, 2021 08:50
@balanza balanza merged commit 6c51073 into master Feb 25, 2021
@balanza balanza deleted the postbuild_dependency_check branch February 25, 2021 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants