Remove dependency on org secret for build pipeline #61
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KamuelaFranco
requested review from
aaronreynoza,
partiallyordered,
oderayi and
shashi165
|
I'm wary of the removal of the anchore stuff. Can you explain that a bit more please? |
It's removing the upload to S3 of the anchore report, which will still be available as an artifact in CircleCI. This is a temporary measure until someone decides it's ok to allow the directory it goes to to be public, or another solution is found. |
|
How do other repos enable this workflow? Do they test whether an env var is present, perhaps? |
It is currently an unsolved problem, I'd venture. Generally, the repos that we've been touching are the ones that expect images to be built during PR's rather than after a tag. So this is one of the first times a PR from a forked repository has come into contact with the new pipeline. |
|
Do you know what dependencies exist on those reports being available on S3 are? |
I suppose the question you're asking is:
The correct answer, in the long-term, is to enable both. In the short-term, I have made the decision to unblock @oderayi's workflow by temporarily disabling the uploading of reports. |
|
Okay that seems reasonable to me. I'm going to approve the PR and in my opinion you should merge it to enable @oderayi. Could you raise the issue somewhere appropriate so that it hopefully eventually gets solved? |
partiallyordered
approved these changes
Jul 13, 2020
oderayi
approved these changes
Jul 13, 2020
Closed
23 tasks
kleyow
added a commit
that referenced
this pull request
Dec 29, 2020
* #1325: Bulk transfers and bulk quotes support (#49) * Add support for bulk transfers * Add bulkTransfers call from backend to outbound API * Add bulk quotes support * WIP: Add bulk transfer model and handler * Fix audit issues * Make sim, report, and test ports configuraable * Restore default ports in docker-compose * Port config update * Updates for bulk quotes and bulk transfers * Add POST /bulkQuotes, remove PUT /bulkTransfers/{bulkTransferId}. Fix API spec bugs * Update unit test for config.js * Add tests for bulkQuotes model * Fix audit issues * Add tests for bulk quotes * Update unit tests for simulator handler * Format code * Update contributors list * Fix bug with POST bulkQuotes and tests * Update contributors list * Update api spec * Add getBulkQuoteById and getBulkTransferById * Add unit tests for bulk quotes and bulk transfers handlers * Resolve audit issues * Cleanup * Update package.json * Update src/package.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Fix audit issues Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Hotfix: Fix python dependencies in CI (#53) * Upgrade python for CI build * Update ci config * Bump version * Update pipeline (#54) * Add orbs * Update dependencies to Python@3 * Simplify defaults * Update to Python@3 * Remove comments * Remove unecessary executor * Update config * Use pip3 * Remove unused step * Update * Test * Test * Remove anchor for working directory * Update node * Test * Fix YAML syntax * Use anchor * Fix directory issue * Fix path * Add path to restore_cache * Test * Test * Update key * Update dependencies * Fix path * Add submodule dependencies to cache * Version dependency cache * Fix path * Test * Change directory to src * Allow build-local to run in parallel from the start * Add Init Container To Onboard MSISDN's (#55) * Add init container to onboard with central-ledger * Remove environment var processing script * Switch RUN to CMD * Add OCI labels * Add contributor * Update init/central-ledger/Dockerfile Co-Authored-By: Matt Kingston <mattkingston@gmail.com> * Clear whitespace and unused comments * Add build and publish to CI for init-central-ledger * Fix indentation * created insert msisnd script * complete docker container and MSISDN onboarding script * change MSISDN_LIST name * change script to handle MSISDN data * ignore dependency vulneravility * update dockerfile * rename * change pathfinder url name * modify scripts * fix script and docker container * add CI pipeline and remove unused files * fix docker command * fix indentation * fix tag implementation * yaml is fun * resolve vulnerabilities and fix docker save * fix docker build * fix docker image naming and add Matt suggestion * log current images * idk why but it works now * Clean up naming and pipeline * Bump version Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Fix publish for onboard-msisdn-oracle in pipeline (#58) * Fix publish for onboard-msisdn-oracle in pipeline * Bump version * Add init container to onboard with central-ledger (#48) * Add init container to onboard with central-ledger * Remove environment var processing script * Switch RUN to CMD * Add OCI labels * Add contributor * Update init/central-ledger/Dockerfile Co-Authored-By: Matt Kingston <mattkingston@gmail.com> * Clear whitespace and unused comments * Add build and publish to CI for init-central-ledger * Fix indentation * Update .circleci/config.yml Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Add ESLint and node-fetch * Update config to master branch * Add onboarding steps * Update finance-portal-lib dependency * Add logging * Update Dockerfile * Add items to .gitignore * Align output * Graceful exit on failure * Add log output * Add detailed logging on error * Update finance-portal-lib dependency * Add more detailed logging * Allow re-registration of same DFSP name and currency * Fix bug * Fix output by calling script directly * Fix logging and request edge cases * Add onboard-central-ledger to pipeline * Bump version * Add comments * Fix build argument references * Require setup for local builds * Update init/onboard-central-ledger/onboard-dfsp.js Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Log script commands and exit on error * Exit when required variable is not present Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Fix erroneous file name in pipeline (#59) * Fix file name * Bump version * Remove dependency on org secret for build pipeline (#61) * Remove dependency on org secret for build pipeline * Update config.yml * Fix bugs with API spec and model for bulk transfers (#62) * Fix erroneous use of environment variables for onboarding (#63) * Fix erroneous use of PARTY_ID and PARTY_ID_TYPE * Bump version * Fix build artifacts (#65) * Fix build artifacts * Bump version * Fix security issues * Fix build order dependency (#66) * Update finance-portal-lib in init container (#67) * Modified to reflect changes in dependency (#68) * Modified to reflect changes in dependency * Modified package version more * version stuff * Version bump * Version bump * Add hub onboarding image (#69) * Code written * Fixes, changes * Added onboard hub accounts to CI * Updated CI * Update init/onboard-hub-accounts/Dockerfile Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> * Bump versions (#70) * Fixed onboard-hub-accounts Dockerfile error, bumped versions (#71) * Add image scans and vulnerability checks for inits (#74) * The chart in this repo is now redundant. Removing in favour of https://github.com/mojaloop/helm/tree/master/mojaloop-simulator. (#73) * Update README with init container docs (#76) * Update README with init container docs * Add values-sims.example.yaml * Remove link * [WIP] Feature/#1572 payee notification (#75) * upstream merge * added PUT /transfers/transferId handling for notifications to payee * added unit tests * ordered package.json to trigger ci/cd pipeline * removed homeTransactionId from transfer.update Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> * Environment variable configuration of parties (#77) * Initial work- parties addable, but no tests, no functionality * Added test for preconfigured parties * Added config unit test * Update src/config.js * Update src/config.js * Updated config correctly. Duh. * Bumped version * Improved Model.init doc. Fixed bug with server start. Bumped version. (#78) * Bump node-fetch from 2.6.0 to 2.6.1 in /src (#79) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump node-fetch from 2.6.0 to 2.6.1 in /init/onboard-hub-accounts (#81) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump node-fetch from 2.6.0 to 2.6.1 in /init/onboard-central-ledger (#80) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(package): bump package to `11.2.2` (#83) * chore: update license file (#84) * Add "subIdValue" parameter for parties in simulator (#85) * added endpoint for subIdValue * added unit/coverage tests * fix linting * added simulator endpoints for subIdValue * fix audit issue * chore: fix merge issues Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Aarón Reynoza <ldaaron38@gmail.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com>
lewisdaly
added a commit
that referenced
this pull request
Oct 8, 2021
* Updated parties to support account information. (#50) * Updated parties to support account information. * Added yars-parser to audit ignore list. * Addressed comments. * Edited CI to build PISP docker image. (#51) * Updated CI. (#52) * #321 Added getSignedChallenge to return U2F resp (#56) * #321 Added getSignedChallenge to return U2F resp * #321 fixed vulnerability issues * Pisp/305 authorizations (#64) * chore(swagger): add post /authorizations path * fix: rewrite content-type header to be compatible with sdk-standard-components * Pisp/305 POST /authorizations (#64) * chore(swagger): add post /authorizations path * fix: rewrite content-type header to be compatible with sdk-standard-components * ci: setup checkout after installing default dependenices * feat: 1671 verify authorization (#82) * feat(api): add /verify-authorization endpoint * chore(audit): ignore for one month * chore: sync pisp/master to v11.3.0 (#87) * #1325: Bulk transfers and bulk quotes support (#49) * Add support for bulk transfers * Add bulkTransfers call from backend to outbound API * Add bulk quotes support * WIP: Add bulk transfer model and handler * Fix audit issues * Make sim, report, and test ports configuraable * Restore default ports in docker-compose * Port config update * Updates for bulk quotes and bulk transfers * Add POST /bulkQuotes, remove PUT /bulkTransfers/{bulkTransferId}. Fix API spec bugs * Update unit test for config.js * Add tests for bulkQuotes model * Fix audit issues * Add tests for bulk quotes * Update unit tests for simulator handler * Format code * Update contributors list * Fix bug with POST bulkQuotes and tests * Update contributors list * Update api spec * Add getBulkQuoteById and getBulkTransferById * Add unit tests for bulk quotes and bulk transfers handlers * Resolve audit issues * Cleanup * Update package.json * Update src/package.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Fix audit issues Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Hotfix: Fix python dependencies in CI (#53) * Upgrade python for CI build * Update ci config * Bump version * Update pipeline (#54) * Add orbs * Update dependencies to Python@3 * Simplify defaults * Update to Python@3 * Remove comments * Remove unecessary executor * Update config * Use pip3 * Remove unused step * Update * Test * Test * Remove anchor for working directory * Update node * Test * Fix YAML syntax * Use anchor * Fix directory issue * Fix path * Add path to restore_cache * Test * Test * Update key * Update dependencies * Fix path * Add submodule dependencies to cache * Version dependency cache * Fix path * Test * Change directory to src * Allow build-local to run in parallel from the start * Add Init Container To Onboard MSISDN's (#55) * Add init container to onboard with central-ledger * Remove environment var processing script * Switch RUN to CMD * Add OCI labels * Add contributor * Update init/central-ledger/Dockerfile Co-Authored-By: Matt Kingston <mattkingston@gmail.com> * Clear whitespace and unused comments * Add build and publish to CI for init-central-ledger * Fix indentation * created insert msisnd script * complete docker container and MSISDN onboarding script * change MSISDN_LIST name * change script to handle MSISDN data * ignore dependency vulneravility * update dockerfile * rename * change pathfinder url name * modify scripts * fix script and docker container * add CI pipeline and remove unused files * fix docker command * fix indentation * fix tag implementation * yaml is fun * resolve vulnerabilities and fix docker save * fix docker build * fix docker image naming and add Matt suggestion * log current images * idk why but it works now * Clean up naming and pipeline * Bump version Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Fix publish for onboard-msisdn-oracle in pipeline (#58) * Fix publish for onboard-msisdn-oracle in pipeline * Bump version * Add init container to onboard with central-ledger (#48) * Add init container to onboard with central-ledger * Remove environment var processing script * Switch RUN to CMD * Add OCI labels * Add contributor * Update init/central-ledger/Dockerfile Co-Authored-By: Matt Kingston <mattkingston@gmail.com> * Clear whitespace and unused comments * Add build and publish to CI for init-central-ledger * Fix indentation * Update .circleci/config.yml Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Add ESLint and node-fetch * Update config to master branch * Add onboarding steps * Update finance-portal-lib dependency * Add logging * Update Dockerfile * Add items to .gitignore * Align output * Graceful exit on failure * Add log output * Add detailed logging on error * Update finance-portal-lib dependency * Add more detailed logging * Allow re-registration of same DFSP name and currency * Fix bug * Fix output by calling script directly * Fix logging and request edge cases * Add onboard-central-ledger to pipeline * Bump version * Add comments * Fix build argument references * Require setup for local builds * Update init/onboard-central-ledger/onboard-dfsp.js Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Log script commands and exit on error * Exit when required variable is not present Co-authored-by: Matt Kingston <mattkingston@gmail.com> * Fix erroneous file name in pipeline (#59) * Fix file name * Bump version * Remove dependency on org secret for build pipeline (#61) * Remove dependency on org secret for build pipeline * Update config.yml * Fix bugs with API spec and model for bulk transfers (#62) * Fix erroneous use of environment variables for onboarding (#63) * Fix erroneous use of PARTY_ID and PARTY_ID_TYPE * Bump version * Fix build artifacts (#65) * Fix build artifacts * Bump version * Fix security issues * Fix build order dependency (#66) * Update finance-portal-lib in init container (#67) * Modified to reflect changes in dependency (#68) * Modified to reflect changes in dependency * Modified package version more * version stuff * Version bump * Version bump * Add hub onboarding image (#69) * Code written * Fixes, changes * Added onboard hub accounts to CI * Updated CI * Update init/onboard-hub-accounts/Dockerfile Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> * Bump versions (#70) * Fixed onboard-hub-accounts Dockerfile error, bumped versions (#71) * Add image scans and vulnerability checks for inits (#74) * The chart in this repo is now redundant. Removing in favour of https://github.com/mojaloop/helm/tree/master/mojaloop-simulator. (#73) * Update README with init container docs (#76) * Update README with init container docs * Add values-sims.example.yaml * Remove link * [WIP] Feature/#1572 payee notification (#75) * upstream merge * added PUT /transfers/transferId handling for notifications to payee * added unit tests * ordered package.json to trigger ci/cd pipeline * removed homeTransactionId from transfer.update Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> * Environment variable configuration of parties (#77) * Initial work- parties addable, but no tests, no functionality * Added test for preconfigured parties * Added config unit test * Update src/config.js * Update src/config.js * Updated config correctly. Duh. * Bumped version * Improved Model.init doc. Fixed bug with server start. Bumped version. (#78) * Bump node-fetch from 2.6.0 to 2.6.1 in /src (#79) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump node-fetch from 2.6.0 to 2.6.1 in /init/onboard-hub-accounts (#81) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump node-fetch from 2.6.0 to 2.6.1 in /init/onboard-central-ledger (#80) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](node-fetch/node-fetch@v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(package): bump package to `11.2.2` (#83) * chore: update license file (#84) * Add "subIdValue" parameter for parties in simulator (#85) * added endpoint for subIdValue * added unit/coverage tests * fix linting * added simulator endpoints for subIdValue * fix audit issue * chore: fix merge issues Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Aarón Reynoza <ldaaron38@gmail.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> * feat(api): add get /accounts/{ID} endpoint (#90) * chore: add accounts handler and update API def (#91) * chore: add accounts handler and update API def * chore: improve test coverage * feat: add dfsp backend endpoints for authentication testing (#92) * feat: add endpoints for authentication testing * chore: fix interface * chore: fix audit check * chore: change path * chore: fix coverage * chore: fix test * feat: add consentRequests related endpoints (#94) * feat: add consentRequests related endpoints * chore: improve test coverage * chore: update consentRequests response structure (#95) * chore: update consentRequests response structure * chore: fix linting issue * feat: 2108 validate thirdparty transaction request (#97) * feat(dfspTransactions): verify thridparty request transaction and proper scheme for verify authorization * postpone vulnerabilites * fix api.yaml * fix api.yaml * chore: update contrib list * chore: update accounts interface (#103) * chore: update validateConsentRequest and validateAuthToken (#105) * chore: add new endpoints to store consent info for accountId (#112) * chore: add new endpoints to store consent info for accountId * chore: address vulnerabilities * chore: update endpoints * feat: update `ValidateThirdpartyRequestsTransactionsPostResponse` to include transaction context required by the 3p-scheme-adapter (#113) * chore: noting conflicts * chore: resolving conflicts * chore: resolving conflicts * fix: unit * fix(vulns): run npm audit, fix and ignore unfixable low and moderate for 1 month * fix: cleaning up circleci * feat: tidy up circleci config, add autoreleases * fix(ci): fix ci * fix(ci): fix ci * chore: fix linting * fix: ci * fix: ci * fix: ci * fix: ci Co-authored-by: Kevin Leyow <kleyow@gmail.com> Co-authored-by: sridharvoruganti <36686863+sridharvoruganti@users.noreply.github.com> Co-authored-by: eoln <2881004+eoln@users.noreply.github.com> Co-authored-by: Paweł Marzec <pm@eoln.eu> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Kamuela Franco <kamuela.franco@gmail.com> Co-authored-by: Aarón Reynoza <ldaaron38@gmail.com> Co-authored-by: Matt Kingston <mattkingston@gmail.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: James Bush <37296643+bushjames@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DOCKER_ORGsecret by using a static value during the local build stepsAWS_S3_DIR_ANCHORE_REPORTSsecret by disabling S3 upload of reportThe original idea of a build pipeline allowed things to be merged and then fail during the release/tagging stage. And the original idea was that a bunch of environment variables could be used since they'd never expose themselves to 3rd party code. But now that builds and security scans happen on PR's, those build steps need to be fashioned to not rely on secrets.