From 9f886abe6358fe09b79feb9a4e7ccc8dd659844e Mon Sep 17 00:00:00 2001 From: Juan Correa Date: Tue, 4 Mar 2025 18:43:12 -0500 Subject: [PATCH 1/4] chore: add grype image scan config update node ver --- .circleci/config.yml | 786 ++++++++++++++++++++++++++++++++++++++++++- .grype.yaml | 18 + .nvmrc | 2 +- 3 files changed, 800 insertions(+), 6 deletions(-) create mode 100644 .grype.yaml diff --git a/.circleci/config.yml b/.circleci/config.yml index 3b9b1ea7..260e77b7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,12 +1,788 @@ +# CircleCI v2.1 Config version: 2.1 -setup: true + +## +# orbs +# +# Orbs used in this pipeline +## orbs: - build: mojaloop/build@1.0.53 -workflows: + slack: circleci/slack@4.12.5 # Ref: https://github.com/mojaloop/ci-config/tree/master/slack-templates + pr-tools: mojaloop/pr-tools@0.1.10 # Ref: https://github.com/mojaloop/ci-config/ + gh: circleci/github-cli@2.2.0 + grype: anchore/grype@0.2.0 +# trivy: cci-labs/trivy@1.0.0 + +## +# defaults +# +# YAML defaults templates, in alphabetical order +## +defaults_docker_Dependencies: &defaults_docker_Dependencies | + apk --no-cache add bash + apk --no-cache add git + apk --no-cache add ca-certificates + apk --no-cache add curl + apk --no-cache add openssh-client + apk add --no-cache -t build-dependencies make gcc g++ python3 libtool autoconf automake jq + apk add --no-cache -t openssl ncurses coreutils libgcc linux-headers grep util-linux binutils findutils + apk --no-cache add librdkafka-dev + +defaults_awsCliDependencies: &defaults_awsCliDependencies | + apk --no-cache add aws-cli + +defaults_license_scanner: &defaults_license_scanner + name: Install and set up license-scanner + command: | + git clone https://github.com/mojaloop/license-scanner /tmp/license-scanner + cd /tmp/license-scanner && make build default-files set-up + +defaults_export_version_from_package: &defaults_export_version_from_package + name: Format the changelog into the github release body and get release tag + command: | + git diff --no-indent-heuristic main~1 HEAD CHANGELOG.md | sed -n '/^+[^+]/ s/^+//p' > /tmp/changes + echo 'export RELEASE_CHANGES=`cat /tmp/changes`' >> $BASH_ENV + echo 'export RELEASE_TAG=`cat package-lock.json | jq -r .version`' >> $BASH_ENV + +defaults_configure_git: &defaults_configure_git + name: Configure git + command: | + git config user.email ${GIT_CI_EMAIL} + git config user.name ${GIT_CI_USER} + +defaults_configure_nvmrc: &defaults_configure_nvmrc + name: Configure NVMRC + command: | + if [ -z "$NVMRC_VERSION" ]; then + echo "==> Configuring NVMRC_VERSION!" + + export ENV_DOT_PROFILE=$HOME/.profile + touch $ENV_DOT_PROFILE + + export NVMRC_VERSION=$(cat $CIRCLE_WORKING_DIRECTORY/.nvmrc) + echo "export NVMRC_VERSION=$NVMRC_VERSION" >> $ENV_DOT_PROFILE + fi + echo "NVMRC_VERSION=$NVMRC_VERSION" + +defaults_configure_nvm: &defaults_configure_nvm + name: Configure NVM + command: | + cd $HOME + export ENV_DOT_PROFILE=$HOME/.profile + touch $ENV_DOT_PROFILE + echo "1. Check/Set NVM_DIR env variable" + if [ -z "$NVM_DIR" ]; then + export NVM_DIR="$HOME/.nvm" + echo "==> NVM_DIR has been exported - $NVM_DIR" + else + echo "==> NVM_DIR already exists - $NVM_DIR" + fi + echo "2. Check/Set NVMRC_VERSION env variable" + if [ -z "$NVMRC_VERSION" ]; then + echo "==> Configuring NVMRC_VERSION!" + export NVMRC_VERSION=$(cat $CIRCLE_WORKING_DIRECTORY/.nvmrc) + echo "export NVMRC_VERSION=$NVMRC_VERSION" >> $ENV_DOT_PROFILE + fi + echo "3. Configure NVM" + ## Lets check if an existing NVM_DIR exists, if it does lets skil + if [ -e "$NVM_DIR" ]; then + echo "==> $NVM_DIR exists. Skipping steps 3!" + # echo "5. Executing $NVM_DIR/nvm.sh" + # [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + else + echo "==> $NVM_DIR does not exists. Executing steps 4-5!" + echo "4. Installing NVM" + curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash + echo "5. Executing $NVM_DIR/nvm.sh" + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + fi + ## Ref: https://github.com/nvm-sh/nvm/issues/1102#issuecomment-550572252 + if [ ! -z "$NVM_ARCH_UNOFFICIAL_OVERRIDE" ]; then + echo "==> Handle NVM_ARCH_UNOFFICIAL_OVERRIDE=$NVM_ARCH_UNOFFICIAL_OVERRIDE!" + echo "nvm_get_arch() { nvm_echo \"${NVM_ARCH_UNOFFICIAL_OVERRIDE}\"; }" >> $ENV_DOT_PROFILE + echo "export NVM_NODEJS_ORG_MIRROR=https://unofficial-builds.nodejs.org/download/release" >> $ENV_DOT_PROFILE + source $ENV_DOT_PROFILE + fi + echo "6. Setup Node version" + if [ -n "$NVMRC_VERSION" ]; then + echo "==> Installing Node version: $NVMRC_VERSION" + nvm install $NVMRC_VERSION + nvm alias default $NVMRC_VERSION + nvm use $NVMRC_VERSION + cd $CIRCLE_WORKING_DIRECTORY + else + echo "==> ERROR - NVMRC_VERSION has not been set! - NVMRC_VERSION: $NVMRC_VERSION" + exit 1 + fi + +defaults_display_versions: &defaults_display_versions + name: Display Versions + command: | + echo "What is the active version of Nodejs?" + echo "node: $(node --version)" + echo "yarn: $(yarn --version)" + echo "npm: $(npm --version)" + echo "nvm: $(nvm --version)" + +defaults_environment: &defaults_environment + ## env var for nx to set main branch + MAIN_BRANCH_NAME: main + ## Disable LIBRDKAFKA build since we install it via general dependencies + # BUILD_LIBRDKAFKA: 0 + +## +# Executors +# +# CircleCI Executors +## +executors: + default-docker: + working_directory: &WORKING_DIR /home/circleci/project + shell: "/bin/sh -leo pipefail" ## Ref: https://circleci.com/docs/env-vars/#alpine-linux + environment: + BASH_ENV: /etc/profile ## Ref: https://circleci.com/docs/env-vars/#alpine-linux + NVM_ARCH_UNOFFICIAL_OVERRIDE: x64-musl ## Ref: https://github.com/nvm-sh/nvm/issues/1102#issuecomment-550572252 + docker: + - image: node:lts-alpine # Ref: https://hub.docker.com/_/node?tab=tags&page=1&name=alpine + + default-machine: + working_directory: *WORKING_DIR + shell: "/bin/bash -leo pipefail" + machine: + image: ubuntu-2404:2024.11.1 # Ref: https://circleci.com/developer/machine/image/ubuntu-2404 + +## +# Jobs +# +# A map of CircleCI jobs +## +jobs: setup: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - checkout + - run: + <<: *defaults_configure_nvm + - run: + <<: *defaults_display_versions + - run: + name: Update NPM install + command: npm ci + - save_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + paths: + - node_modules + + test-dependencies: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - checkout + - run: + <<: *defaults_configure_nvm + - run: + <<: *defaults_display_versions + - restore_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + name: Execute dependency tests + command: npm run dep:check + + test-lint: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - checkout + - run: + <<: *defaults_configure_nvm + - run: + <<: *defaults_display_versions + - restore_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + name: Execute lint tests + command: npm run lint + + test-unit: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - checkout + - run: + <<: *defaults_configure_nvm + - run: + <<: *defaults_display_versions + - restore_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + name: Install jest + command: npm install jest + - run: + name: Create dir for test results + command: mkdir -p ./test/results + - run: + name: Execute unit tests + command: npm -s run test:junit + - store_artifacts: + path: ./test/results + destination: test + - store_test_results: + path: ./test/results + + test-coverage: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - run: + name: Install AWS CLI dependencies + command: *defaults_awsCliDependencies + - checkout + - run: + <<: *defaults_configure_nvm + - run: + <<: *defaults_display_versions + - restore_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + name: Execute code coverage check + command: npm -s run test:coverage-check + - store_artifacts: + path: coverage + destination: test + + vulnerability-check: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - checkout + - run: + <<: *defaults_configure_nvm + - run: + <<: *defaults_display_versions + - restore_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + name: Create dir for test results + command: mkdir -p ./audit/results + - run: + name: Check for new npm vulnerabilities + command: npm run audit:check -- -o json > ./audit/results/auditResults.json + - store_artifacts: + path: ./audit/results + destination: audit + + audit-licenses: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - run: + <<: *defaults_license_scanner + - checkout + - restore_cache: + key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + name: Run the license-scanner + command: cd /tmp/license-scanner && pathToRepo=$CIRCLE_WORKING_DIRECTORY make run + - store_artifacts: + path: /tmp/license-scanner/results + destination: licenses + + build-local: + executor: default-machine + environment: + <<: *defaults_environment + steps: + - checkout + - run: + <<: *defaults_configure_nvmrc + - run: + <<: *defaults_display_versions + - run: + name: Build Docker local image + command: | + source ~/.profile + export DOCKER_NODE_VERSION="$NVMRC_VERSION-alpine" + echo "export DOCKER_NODE_VERSION=$NVMRC_VERSION-alpine" >> $BASH_ENV + echo "Building Docker image: ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local --build-arg NODE_VERSION=$DOCKER_NODE_VERSION" + docker build -t ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local --build-arg NODE_VERSION=$DOCKER_NODE_VERSION . + - run: + name: Save docker image to workspace + command: docker save -o /tmp/docker-image.tar ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local + - persist_to_workspace: + root: /tmp + paths: + - ./docker-image.tar + + license-scan: + executor: default-machine + environment: + <<: *defaults_environment + steps: + - attach_workspace: + at: /tmp + - run: + name: Load the pre-built docker image from workspace + command: docker load -i /tmp/docker-image.tar + - run: + <<: *defaults_license_scanner + - run: + name: Run the license-scanner + command: cd /tmp/license-scanner && mode=docker dockerImages=${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local make run + - store_artifacts: + path: /tmp/license-scanner/results + destination: licenses + + grype-scan: + executor: default-machine + environment: + <<: *defaults_environment + steps: + - checkout + - attach_workspace: + at: /tmp + - run: + name: Load the pre-built docker image from workspace + command: docker load -i /tmp/docker-image.tar + - run: + name: Install Grype + command: | + curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin + - run: + name: Run Grype scan with custom config + command: | + IMAGE_NAME="${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local" + echo "Scanning image: $IMAGE_NAME" + # Use the config file in your repo + grype $IMAGE_NAME -c .grype.yaml -o table > grype-results.txt + grype $IMAGE_NAME -c .grype.yaml -o json > grype-results.json + cat grype-results.txt + cat grype-results.json + - run: + name: Check for critical, high and medium vulnerabilities + command: | + # Count vulnerabilities in the filtered results + CRITICAL_COUNT=$(cat grype-results.json | jq '[.matches[] | select(.vulnerability.severity == "Critical")] | length') + HIGH_COUNT=$(cat grype-results.json | jq '[.matches[] | select(.vulnerability.severity == "High")] | length') + MEDIUM_COUNT=$(cat grype-results.json | jq '[.matches[] | select(.vulnerability.severity == "Medium")] | length') + + echo "Critical vulnerabilities found: $CRITICAL_COUNT" + echo "High vulnerabilities found: $HIGH_COUNT" + echo "Medium vulnerabilities found: $MEDIUM_COUNT" + + # List remaining critical, high and medium vulnerabilities for awareness + echo "Critical severity vulnerabilities:" + cat grype-results.json | jq -r '.matches[] | select(.vulnerability.severity == "Critical") | "- \(.artifact.name) \(.artifact.version): \(.vulnerability.id)"' + + echo "High severity vulnerabilities:" + cat grype-results.json | jq -r '.matches[] | select(.vulnerability.severity == "High") | "- \(.artifact.name) \(.artifact.version): \(.vulnerability.id)"' + + echo "Medium severity vulnerabilities:" + cat grype-results.json | jq -r '.matches[] | select(.vulnerability.severity == "Medium") | "- \(.artifact.name) \(.artifact.version): \(.vulnerability.id)"' + + # Fail if any critical, high, or medium vulnerabilities are found + if [ "$CRITICAL_COUNT" -gt 0 ] || [ "$HIGH_COUNT" -gt 0 ] || [ "$MEDIUM_COUNT" -gt 0 ]; then + echo "Critical, High, or Medium vulnerabilities found. Failing the build." + exit 1 + fi + - store_artifacts: + path: grype-results.json + destination: grype-scan/scan-results.json + - store_artifacts: + path: grype-results.txt + destination: grype-scan/scan-results.txt + + release: + executor: default-docker + environment: + <<: *defaults_environment + steps: + - run: + name: Install general dependencies + command: *defaults_docker_Dependencies + - checkout + - restore_cache: + keys: + - dependency-cache-{{ .Environment.CIRCLE_SHA1 }} + - run: + <<: *defaults_configure_git + - run: + name: Setup Slack config + command: | + echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV + echo "export SLACK_RELEASE_TYPE='GitHub Release'" >> $BASH_ENV + echo "export SLACK_RELEASE_TAG='${RELEASE_TAG} on ${CIRCLE_BRANCH} branch'" >> $BASH_ENV + echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV + echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV + - run: + name: Generate changelog and bump package version + command: npm run release -- --no-verify + - run: + name: Push the release + command: git push --follow-tags origin ${CIRCLE_BRANCH} + - slack/notify: + event: fail + template: SLACK_TEMP_RELEASE_FAILURE + + github-release: + executor: default-machine + shell: "/bin/bash -eo pipefail" + environment: + <<: *defaults_environment + steps: + - run: + name: Install git + command: | + sudo apt-get update && sudo apt-get install -y git + - gh/install + - checkout + - run: + <<: *defaults_configure_git + - run: + name: Fetch updated release branch + command: | + git fetch origin + git checkout origin/${CIRCLE_BRANCH} + - run: + <<: *defaults_export_version_from_package + - run: + name: Check the release changes + command: | + echo "Changes are: ${RELEASE_CHANGES}" + - run: + name: Setup Slack config + command: | + echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV + echo "export SLACK_RELEASE_TYPE='Github Release'" >> $BASH_ENV + echo "export SLACK_RELEASE_TAG=v${RELEASE_TAG}" >> $BASH_ENV + echo "export SLACK_RELEASE_URL=https://github.com/mojaloop/${CIRCLE_PROJECT_REPONAME}/releases/tag/v${RELEASE_TAG}" >> $BASH_ENV + echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV + echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV + - run: + name: Create Release + command: | + gh release create "v${RELEASE_TAG}" --title "v${RELEASE_TAG} Release" --draft=false --notes "${RELEASE_CHANGES}" ./CHANGELOG.md + - slack/notify: + event: pass + template: SLACK_TEMP_RELEASE_SUCCESS + - slack/notify: + event: fail + template: SLACK_TEMP_RELEASE_FAILURE + + publish: + executor: default-machine + shell: "/bin/bash -eo pipefail" + environment: + <<: *defaults_environment + steps: + - checkout + - run: + name: Setup for LATEST release + command: | + echo "export RELEASE_TAG=$RELEASE_TAG_PROD" >> $BASH_ENV + echo "RELEASE_TAG=$RELEASE_TAG_PROD" + + PACKAGE_VERSION=$(cat package-lock.json | jq -r .version) + echo "export PACKAGE_VERSION=${PACKAGE_VERSION}" >> $BASH_ENV + echo "PACKAGE_VERSION=${PACKAGE_VERSION}" + - run: + name: Setup Slack config + command: | + echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV + echo "export SLACK_RELEASE_TYPE='Docker Release'" >> $BASH_ENV + echo "export SLACK_RELEASE_TAG=v${CIRCLE_TAG:1}" >> $BASH_ENV + echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV + echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV + - attach_workspace: + at: /tmp + - run: + name: Load the pre-built docker image from workspace + command: | + docker load -i /tmp/docker-image.tar + - run: + name: Login to Docker Hub + command: docker login -u $DOCKER_USER -p $DOCKER_PASS + - run: + name: Re-tag pre built image + command: | + docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG + docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG + - run: + name: Publish Docker image $CIRCLE_TAG & Latest tag to Docker Hub + command: | + echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG" + docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG + echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG" + docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG + - run: + name: Set Image Digest + command: | + IMAGE_DIGEST=$(docker inspect ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:v${CIRCLE_TAG:1} | jq '.[0].RepoDigests | .[]') + echo "IMAGE_DIGEST=${IMAGE_DIGEST}" + echo "export IMAGE_DIGEST=${IMAGE_DIGEST}" >> $BASH_ENV + - run: + name: Update Slack config + command: | + echo "export SLACK_RELEASE_URL='https://hub.docker.com/layers/${CIRCLE_PROJECT_REPONAME}/${DOCKER_ORG}/${CIRCLE_PROJECT_REPONAME}/v${CIRCLE_TAG:1}/images/${IMAGE_DIGEST}?context=explore'" | sed -r "s/${DOCKER_ORG}\/${CIRCLE_PROJECT_REPONAME}@sha256:/sha256-/g" >> $BASH_ENV + - slack/notify: + event: pass + template: SLACK_TEMP_RELEASE_SUCCESS + - slack/notify: + event: fail + template: SLACK_TEMP_RELEASE_FAILURE + + publish-snapshot: + executor: default-machine + shell: "/bin/bash -eo pipefail" + environment: + <<: *defaults_environment + steps: + - checkout + - run: + name: Setup for SNAPSHOT release + command: | + echo "export RELEASE_TAG=$RELEASE_TAG_SNAPSHOT" >> $BASH_ENV + echo "RELEASE_TAG=$RELEASE_TAG_SNAPSHOT" + + PACKAGE_VERSION=$(cat package-lock.json | jq -r .version) + echo "export PACKAGE_VERSION=${PACKAGE_VERSION}" >> $BASH_ENV + echo "PACKAGE_VERSION=${PACKAGE_VERSION}" + - run: + name: Setup Slack config + command: | + echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV + echo "export SLACK_RELEASE_TYPE='Docker Release'" >> $BASH_ENV + echo "export SLACK_RELEASE_TAG=v${CIRCLE_TAG:1}" >> $BASH_ENV + echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV + echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV + - attach_workspace: + at: /tmp + - run: + name: Load the pre-built docker image from workspace + command: | + docker load -i /tmp/docker-image.tar + - run: + name: Login to Docker Hub + command: docker login -u $DOCKER_USER -p $DOCKER_PASS + - run: + name: Re-tag pre built image + command: | + docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG + docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG + - run: + name: Publish Docker image $CIRCLE_TAG & Latest tag to Docker Hub + command: | + echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG" + docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG + echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG" + docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG + - run: + name: Set Image Digest + command: | + IMAGE_DIGEST=$(docker inspect ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:v${CIRCLE_TAG:1} | jq '.[0].RepoDigests | .[]') + echo "IMAGE_DIGEST=${IMAGE_DIGEST}" + echo "export IMAGE_DIGEST=${IMAGE_DIGEST}" >> $BASH_ENV + - run: + name: Update Slack config + command: | + echo "export SLACK_RELEASE_URL='https://hub.docker.com/layers/${CIRCLE_PROJECT_REPONAME}/${DOCKER_ORG}/${CIRCLE_PROJECT_REPONAME}/v${CIRCLE_TAG:1}/images/${IMAGE_DIGEST}?context=explore'" | sed -r "s/${DOCKER_ORG}\/${CIRCLE_PROJECT_REPONAME}@sha256:/sha256-/g" >> $BASH_ENV + - slack/notify: + event: pass + template: SLACK_TEMP_RELEASE_SUCCESS + - slack/notify: + event: fail + template: SLACK_TEMP_RELEASE_FAILURE + +## +# Workflows +# +# CircleCI Workflow config +## +workflows: + build_and_test: jobs: - - build/workflow: + - pr-tools/pr-title-check: + context: org-global + - setup: + context: org-global + filters: + tags: + only: /.*/ + branches: + ignore: + - /feature*/ + - /bugfix*/ + - test-dependencies: + context: org-global + requires: + - setup + filters: + tags: + ignore: /.*/ + branches: + ignore: + - main + - test-lint: + context: org-global + requires: + - setup + filters: + tags: + only: /.*/ + branches: + ignore: + - /feature*/ + - /bugfix*/ + - vulnerability-check: + context: org-global + requires: + - setup + filters: + tags: + only: /.*/ + branches: + ignore: + - /feature*/ + - /bugfix*/ + - audit-licenses: + context: org-global + requires: + - setup + filters: + tags: + only: /.*/ + branches: + ignore: + - /feature*/ + - /bugfix*/ + - build-local: + context: org-global + requires: + - setup + - test-lint + # - test-unit + # - test-coverage + # - test-integration + # - test-functional + - vulnerability-check + - audit-licenses + filters: + tags: + only: /v[0-9]+(\.[0-9]+)*(\-snapshot(\.[0-9]+)?)?(\-hotfix(\.[0-9]+)?)?(\-perf(\.[0-9]+)?)?/ + branches: + only: /.*/ + - license-scan: + context: org-global + requires: + - build-local + filters: + tags: + only: /v[0-9]+(\.[0-9]+)*(\-snapshot(\.[0-9]+)?)?(\-hotfix(\.[0-9]+)?)?(\-perf(\.[0-9]+)?)?/ + branches: + ignore: + - /.*/ + - grype-scan: + context: org-global + requires: + - build-local + filters: + tags: + only: /v[0-9]+(\.[0-9]+)*(\-snapshot(\.[0-9]+)?)?(\-hotfix(\.[0-9]+)?)?(\-perf(\.[0-9]+)?)?/ + branches: + only: /.*/ + # New commits to main release automatically + - release: + context: org-global + requires: + - pr-tools/pr-title-check + - test-lint + # - test-unit + # - test-coverage + # - test-integration + # - test-functional + - vulnerability-check + - audit-licenses + - license-scan + - grype-scan + filters: + branches: + only: + - main + - /release\/v.*/ + - github-release: + context: org-global + requires: + - release + filters: + branches: + only: + - main + - /release\/v.*/ + - publish: + context: org-global + requires: + - pr-tools/pr-title-check + - test-lint + # - test-unit + # - test-coverage + # - test-integration + # - test-functional + - vulnerability-check + - audit-licenses + # - test-integration + - license-scan + - grype-scan + filters: + tags: + only: /v[0-9]+(\.[0-9]+)*/ + branches: + ignore: + - /.*/ + - publish-snapshot: context: org-global + requires: + - pr-tools/pr-title-check + - test-lint + # - test-unit + # - test-coverage + # - test-integration + # - test-functional + - vulnerability-check + - audit-licenses + # - test-integration + - license-scan + - grype-scan filters: tags: - only: /v\d+(\.\d+){2}(-[a-zA-Z-][0-9a-zA-Z-]*\.\d+)?/ + only: /v[0-9]+(\.[0-9]+)*\-snapshot+((\.[0-9]+)?)/ + branches: + ignore: + - /.*/ diff --git a/.grype.yaml b/.grype.yaml new file mode 100644 index 00000000..ef2d2220 --- /dev/null +++ b/.grype.yaml @@ -0,0 +1,18 @@ +ignore: + # Ignore cross-spawn vulnerabilities by CVE ID due to false positive + # as grype looks at package-lock.json where it shows versions with + # vulnerabilities, npm ls shows only 7.0.6 verion is used + - vulnerability: "GHSA-3xgq-45jj-v275" + package: + name: "cross-spawn" + +# Set output format defaults +output: + - "table" + - "json" + +# Modify your CircleCI job to check critical count +search: + scope: "squashed" +quiet: false +check-for-app-update: false diff --git a/.nvmrc b/.nvmrc index 17719ce2..1fc51668 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -18.20.4 +18.20.6 From 87ab5c6562e275067b9df0a8352b4fabd8b6812a Mon Sep 17 00:00:00 2001 From: Juan Correa Date: Wed, 5 Mar 2025 13:13:04 -0500 Subject: [PATCH 2/4] chore: use ml orb with grype image scan --- .circleci/config.yml | 786 +------------------------------------------ package-lock.json | 537 ++++++++++++++++++----------- package.json | 6 +- 3 files changed, 349 insertions(+), 980 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 260e77b7..e6831667 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,788 +1,12 @@ -# CircleCI v2.1 Config version: 2.1 - -## -# orbs -# -# Orbs used in this pipeline -## +setup: true orbs: - slack: circleci/slack@4.12.5 # Ref: https://github.com/mojaloop/ci-config/tree/master/slack-templates - pr-tools: mojaloop/pr-tools@0.1.10 # Ref: https://github.com/mojaloop/ci-config/ - gh: circleci/github-cli@2.2.0 - grype: anchore/grype@0.2.0 -# trivy: cci-labs/trivy@1.0.0 - -## -# defaults -# -# YAML defaults templates, in alphabetical order -## -defaults_docker_Dependencies: &defaults_docker_Dependencies | - apk --no-cache add bash - apk --no-cache add git - apk --no-cache add ca-certificates - apk --no-cache add curl - apk --no-cache add openssh-client - apk add --no-cache -t build-dependencies make gcc g++ python3 libtool autoconf automake jq - apk add --no-cache -t openssl ncurses coreutils libgcc linux-headers grep util-linux binutils findutils - apk --no-cache add librdkafka-dev - -defaults_awsCliDependencies: &defaults_awsCliDependencies | - apk --no-cache add aws-cli - -defaults_license_scanner: &defaults_license_scanner - name: Install and set up license-scanner - command: | - git clone https://github.com/mojaloop/license-scanner /tmp/license-scanner - cd /tmp/license-scanner && make build default-files set-up - -defaults_export_version_from_package: &defaults_export_version_from_package - name: Format the changelog into the github release body and get release tag - command: | - git diff --no-indent-heuristic main~1 HEAD CHANGELOG.md | sed -n '/^+[^+]/ s/^+//p' > /tmp/changes - echo 'export RELEASE_CHANGES=`cat /tmp/changes`' >> $BASH_ENV - echo 'export RELEASE_TAG=`cat package-lock.json | jq -r .version`' >> $BASH_ENV - -defaults_configure_git: &defaults_configure_git - name: Configure git - command: | - git config user.email ${GIT_CI_EMAIL} - git config user.name ${GIT_CI_USER} - -defaults_configure_nvmrc: &defaults_configure_nvmrc - name: Configure NVMRC - command: | - if [ -z "$NVMRC_VERSION" ]; then - echo "==> Configuring NVMRC_VERSION!" - - export ENV_DOT_PROFILE=$HOME/.profile - touch $ENV_DOT_PROFILE - - export NVMRC_VERSION=$(cat $CIRCLE_WORKING_DIRECTORY/.nvmrc) - echo "export NVMRC_VERSION=$NVMRC_VERSION" >> $ENV_DOT_PROFILE - fi - echo "NVMRC_VERSION=$NVMRC_VERSION" - -defaults_configure_nvm: &defaults_configure_nvm - name: Configure NVM - command: | - cd $HOME - export ENV_DOT_PROFILE=$HOME/.profile - touch $ENV_DOT_PROFILE - echo "1. Check/Set NVM_DIR env variable" - if [ -z "$NVM_DIR" ]; then - export NVM_DIR="$HOME/.nvm" - echo "==> NVM_DIR has been exported - $NVM_DIR" - else - echo "==> NVM_DIR already exists - $NVM_DIR" - fi - echo "2. Check/Set NVMRC_VERSION env variable" - if [ -z "$NVMRC_VERSION" ]; then - echo "==> Configuring NVMRC_VERSION!" - export NVMRC_VERSION=$(cat $CIRCLE_WORKING_DIRECTORY/.nvmrc) - echo "export NVMRC_VERSION=$NVMRC_VERSION" >> $ENV_DOT_PROFILE - fi - echo "3. Configure NVM" - ## Lets check if an existing NVM_DIR exists, if it does lets skil - if [ -e "$NVM_DIR" ]; then - echo "==> $NVM_DIR exists. Skipping steps 3!" - # echo "5. Executing $NVM_DIR/nvm.sh" - # [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" - else - echo "==> $NVM_DIR does not exists. Executing steps 4-5!" - echo "4. Installing NVM" - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash - echo "5. Executing $NVM_DIR/nvm.sh" - [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" - fi - ## Ref: https://github.com/nvm-sh/nvm/issues/1102#issuecomment-550572252 - if [ ! -z "$NVM_ARCH_UNOFFICIAL_OVERRIDE" ]; then - echo "==> Handle NVM_ARCH_UNOFFICIAL_OVERRIDE=$NVM_ARCH_UNOFFICIAL_OVERRIDE!" - echo "nvm_get_arch() { nvm_echo \"${NVM_ARCH_UNOFFICIAL_OVERRIDE}\"; }" >> $ENV_DOT_PROFILE - echo "export NVM_NODEJS_ORG_MIRROR=https://unofficial-builds.nodejs.org/download/release" >> $ENV_DOT_PROFILE - source $ENV_DOT_PROFILE - fi - echo "6. Setup Node version" - if [ -n "$NVMRC_VERSION" ]; then - echo "==> Installing Node version: $NVMRC_VERSION" - nvm install $NVMRC_VERSION - nvm alias default $NVMRC_VERSION - nvm use $NVMRC_VERSION - cd $CIRCLE_WORKING_DIRECTORY - else - echo "==> ERROR - NVMRC_VERSION has not been set! - NVMRC_VERSION: $NVMRC_VERSION" - exit 1 - fi - -defaults_display_versions: &defaults_display_versions - name: Display Versions - command: | - echo "What is the active version of Nodejs?" - echo "node: $(node --version)" - echo "yarn: $(yarn --version)" - echo "npm: $(npm --version)" - echo "nvm: $(nvm --version)" - -defaults_environment: &defaults_environment - ## env var for nx to set main branch - MAIN_BRANCH_NAME: main - ## Disable LIBRDKAFKA build since we install it via general dependencies - # BUILD_LIBRDKAFKA: 0 - -## -# Executors -# -# CircleCI Executors -## -executors: - default-docker: - working_directory: &WORKING_DIR /home/circleci/project - shell: "/bin/sh -leo pipefail" ## Ref: https://circleci.com/docs/env-vars/#alpine-linux - environment: - BASH_ENV: /etc/profile ## Ref: https://circleci.com/docs/env-vars/#alpine-linux - NVM_ARCH_UNOFFICIAL_OVERRIDE: x64-musl ## Ref: https://github.com/nvm-sh/nvm/issues/1102#issuecomment-550572252 - docker: - - image: node:lts-alpine # Ref: https://hub.docker.com/_/node?tab=tags&page=1&name=alpine - - default-machine: - working_directory: *WORKING_DIR - shell: "/bin/bash -leo pipefail" - machine: - image: ubuntu-2404:2024.11.1 # Ref: https://circleci.com/developer/machine/image/ubuntu-2404 - -## -# Jobs -# -# A map of CircleCI jobs -## -jobs: - setup: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - checkout - - run: - <<: *defaults_configure_nvm - - run: - <<: *defaults_display_versions - - run: - name: Update NPM install - command: npm ci - - save_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - paths: - - node_modules - - test-dependencies: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - checkout - - run: - <<: *defaults_configure_nvm - - run: - <<: *defaults_display_versions - - restore_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Execute dependency tests - command: npm run dep:check - - test-lint: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - checkout - - run: - <<: *defaults_configure_nvm - - run: - <<: *defaults_display_versions - - restore_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Execute lint tests - command: npm run lint - - test-unit: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - checkout - - run: - <<: *defaults_configure_nvm - - run: - <<: *defaults_display_versions - - restore_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Install jest - command: npm install jest - - run: - name: Create dir for test results - command: mkdir -p ./test/results - - run: - name: Execute unit tests - command: npm -s run test:junit - - store_artifacts: - path: ./test/results - destination: test - - store_test_results: - path: ./test/results - - test-coverage: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - run: - name: Install AWS CLI dependencies - command: *defaults_awsCliDependencies - - checkout - - run: - <<: *defaults_configure_nvm - - run: - <<: *defaults_display_versions - - restore_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Execute code coverage check - command: npm -s run test:coverage-check - - store_artifacts: - path: coverage - destination: test - - vulnerability-check: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - checkout - - run: - <<: *defaults_configure_nvm - - run: - <<: *defaults_display_versions - - restore_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Create dir for test results - command: mkdir -p ./audit/results - - run: - name: Check for new npm vulnerabilities - command: npm run audit:check -- -o json > ./audit/results/auditResults.json - - store_artifacts: - path: ./audit/results - destination: audit - - audit-licenses: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - run: - <<: *defaults_license_scanner - - checkout - - restore_cache: - key: dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Run the license-scanner - command: cd /tmp/license-scanner && pathToRepo=$CIRCLE_WORKING_DIRECTORY make run - - store_artifacts: - path: /tmp/license-scanner/results - destination: licenses - - build-local: - executor: default-machine - environment: - <<: *defaults_environment - steps: - - checkout - - run: - <<: *defaults_configure_nvmrc - - run: - <<: *defaults_display_versions - - run: - name: Build Docker local image - command: | - source ~/.profile - export DOCKER_NODE_VERSION="$NVMRC_VERSION-alpine" - echo "export DOCKER_NODE_VERSION=$NVMRC_VERSION-alpine" >> $BASH_ENV - echo "Building Docker image: ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local --build-arg NODE_VERSION=$DOCKER_NODE_VERSION" - docker build -t ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local --build-arg NODE_VERSION=$DOCKER_NODE_VERSION . - - run: - name: Save docker image to workspace - command: docker save -o /tmp/docker-image.tar ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local - - persist_to_workspace: - root: /tmp - paths: - - ./docker-image.tar - - license-scan: - executor: default-machine - environment: - <<: *defaults_environment - steps: - - attach_workspace: - at: /tmp - - run: - name: Load the pre-built docker image from workspace - command: docker load -i /tmp/docker-image.tar - - run: - <<: *defaults_license_scanner - - run: - name: Run the license-scanner - command: cd /tmp/license-scanner && mode=docker dockerImages=${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local make run - - store_artifacts: - path: /tmp/license-scanner/results - destination: licenses - - grype-scan: - executor: default-machine - environment: - <<: *defaults_environment - steps: - - checkout - - attach_workspace: - at: /tmp - - run: - name: Load the pre-built docker image from workspace - command: docker load -i /tmp/docker-image.tar - - run: - name: Install Grype - command: | - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin - - run: - name: Run Grype scan with custom config - command: | - IMAGE_NAME="${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local" - echo "Scanning image: $IMAGE_NAME" - # Use the config file in your repo - grype $IMAGE_NAME -c .grype.yaml -o table > grype-results.txt - grype $IMAGE_NAME -c .grype.yaml -o json > grype-results.json - cat grype-results.txt - cat grype-results.json - - run: - name: Check for critical, high and medium vulnerabilities - command: | - # Count vulnerabilities in the filtered results - CRITICAL_COUNT=$(cat grype-results.json | jq '[.matches[] | select(.vulnerability.severity == "Critical")] | length') - HIGH_COUNT=$(cat grype-results.json | jq '[.matches[] | select(.vulnerability.severity == "High")] | length') - MEDIUM_COUNT=$(cat grype-results.json | jq '[.matches[] | select(.vulnerability.severity == "Medium")] | length') - - echo "Critical vulnerabilities found: $CRITICAL_COUNT" - echo "High vulnerabilities found: $HIGH_COUNT" - echo "Medium vulnerabilities found: $MEDIUM_COUNT" - - # List remaining critical, high and medium vulnerabilities for awareness - echo "Critical severity vulnerabilities:" - cat grype-results.json | jq -r '.matches[] | select(.vulnerability.severity == "Critical") | "- \(.artifact.name) \(.artifact.version): \(.vulnerability.id)"' - - echo "High severity vulnerabilities:" - cat grype-results.json | jq -r '.matches[] | select(.vulnerability.severity == "High") | "- \(.artifact.name) \(.artifact.version): \(.vulnerability.id)"' - - echo "Medium severity vulnerabilities:" - cat grype-results.json | jq -r '.matches[] | select(.vulnerability.severity == "Medium") | "- \(.artifact.name) \(.artifact.version): \(.vulnerability.id)"' - - # Fail if any critical, high, or medium vulnerabilities are found - if [ "$CRITICAL_COUNT" -gt 0 ] || [ "$HIGH_COUNT" -gt 0 ] || [ "$MEDIUM_COUNT" -gt 0 ]; then - echo "Critical, High, or Medium vulnerabilities found. Failing the build." - exit 1 - fi - - store_artifacts: - path: grype-results.json - destination: grype-scan/scan-results.json - - store_artifacts: - path: grype-results.txt - destination: grype-scan/scan-results.txt - - release: - executor: default-docker - environment: - <<: *defaults_environment - steps: - - run: - name: Install general dependencies - command: *defaults_docker_Dependencies - - checkout - - restore_cache: - keys: - - dependency-cache-{{ .Environment.CIRCLE_SHA1 }} - - run: - <<: *defaults_configure_git - - run: - name: Setup Slack config - command: | - echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV - echo "export SLACK_RELEASE_TYPE='GitHub Release'" >> $BASH_ENV - echo "export SLACK_RELEASE_TAG='${RELEASE_TAG} on ${CIRCLE_BRANCH} branch'" >> $BASH_ENV - echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV - echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV - - run: - name: Generate changelog and bump package version - command: npm run release -- --no-verify - - run: - name: Push the release - command: git push --follow-tags origin ${CIRCLE_BRANCH} - - slack/notify: - event: fail - template: SLACK_TEMP_RELEASE_FAILURE - - github-release: - executor: default-machine - shell: "/bin/bash -eo pipefail" - environment: - <<: *defaults_environment - steps: - - run: - name: Install git - command: | - sudo apt-get update && sudo apt-get install -y git - - gh/install - - checkout - - run: - <<: *defaults_configure_git - - run: - name: Fetch updated release branch - command: | - git fetch origin - git checkout origin/${CIRCLE_BRANCH} - - run: - <<: *defaults_export_version_from_package - - run: - name: Check the release changes - command: | - echo "Changes are: ${RELEASE_CHANGES}" - - run: - name: Setup Slack config - command: | - echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV - echo "export SLACK_RELEASE_TYPE='Github Release'" >> $BASH_ENV - echo "export SLACK_RELEASE_TAG=v${RELEASE_TAG}" >> $BASH_ENV - echo "export SLACK_RELEASE_URL=https://github.com/mojaloop/${CIRCLE_PROJECT_REPONAME}/releases/tag/v${RELEASE_TAG}" >> $BASH_ENV - echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV - echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV - - run: - name: Create Release - command: | - gh release create "v${RELEASE_TAG}" --title "v${RELEASE_TAG} Release" --draft=false --notes "${RELEASE_CHANGES}" ./CHANGELOG.md - - slack/notify: - event: pass - template: SLACK_TEMP_RELEASE_SUCCESS - - slack/notify: - event: fail - template: SLACK_TEMP_RELEASE_FAILURE - - publish: - executor: default-machine - shell: "/bin/bash -eo pipefail" - environment: - <<: *defaults_environment - steps: - - checkout - - run: - name: Setup for LATEST release - command: | - echo "export RELEASE_TAG=$RELEASE_TAG_PROD" >> $BASH_ENV - echo "RELEASE_TAG=$RELEASE_TAG_PROD" - - PACKAGE_VERSION=$(cat package-lock.json | jq -r .version) - echo "export PACKAGE_VERSION=${PACKAGE_VERSION}" >> $BASH_ENV - echo "PACKAGE_VERSION=${PACKAGE_VERSION}" - - run: - name: Setup Slack config - command: | - echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV - echo "export SLACK_RELEASE_TYPE='Docker Release'" >> $BASH_ENV - echo "export SLACK_RELEASE_TAG=v${CIRCLE_TAG:1}" >> $BASH_ENV - echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV - echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV - - attach_workspace: - at: /tmp - - run: - name: Load the pre-built docker image from workspace - command: | - docker load -i /tmp/docker-image.tar - - run: - name: Login to Docker Hub - command: docker login -u $DOCKER_USER -p $DOCKER_PASS - - run: - name: Re-tag pre built image - command: | - docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG - docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG - - run: - name: Publish Docker image $CIRCLE_TAG & Latest tag to Docker Hub - command: | - echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG" - docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG - echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG" - docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG - - run: - name: Set Image Digest - command: | - IMAGE_DIGEST=$(docker inspect ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:v${CIRCLE_TAG:1} | jq '.[0].RepoDigests | .[]') - echo "IMAGE_DIGEST=${IMAGE_DIGEST}" - echo "export IMAGE_DIGEST=${IMAGE_DIGEST}" >> $BASH_ENV - - run: - name: Update Slack config - command: | - echo "export SLACK_RELEASE_URL='https://hub.docker.com/layers/${CIRCLE_PROJECT_REPONAME}/${DOCKER_ORG}/${CIRCLE_PROJECT_REPONAME}/v${CIRCLE_TAG:1}/images/${IMAGE_DIGEST}?context=explore'" | sed -r "s/${DOCKER_ORG}\/${CIRCLE_PROJECT_REPONAME}@sha256:/sha256-/g" >> $BASH_ENV - - slack/notify: - event: pass - template: SLACK_TEMP_RELEASE_SUCCESS - - slack/notify: - event: fail - template: SLACK_TEMP_RELEASE_FAILURE - - publish-snapshot: - executor: default-machine - shell: "/bin/bash -eo pipefail" - environment: - <<: *defaults_environment - steps: - - checkout - - run: - name: Setup for SNAPSHOT release - command: | - echo "export RELEASE_TAG=$RELEASE_TAG_SNAPSHOT" >> $BASH_ENV - echo "RELEASE_TAG=$RELEASE_TAG_SNAPSHOT" - - PACKAGE_VERSION=$(cat package-lock.json | jq -r .version) - echo "export PACKAGE_VERSION=${PACKAGE_VERSION}" >> $BASH_ENV - echo "PACKAGE_VERSION=${PACKAGE_VERSION}" - - run: - name: Setup Slack config - command: | - echo "export SLACK_PROJECT_NAME=${CIRCLE_PROJECT_REPONAME}" >> $BASH_ENV - echo "export SLACK_RELEASE_TYPE='Docker Release'" >> $BASH_ENV - echo "export SLACK_RELEASE_TAG=v${CIRCLE_TAG:1}" >> $BASH_ENV - echo "export SLACK_BUILD_ID=${CIRCLE_BUILD_NUM}" >> $BASH_ENV - echo "export SLACK_CI_URL=${CIRCLE_BUILD_URL}" >> $BASH_ENV - - attach_workspace: - at: /tmp - - run: - name: Load the pre-built docker image from workspace - command: | - docker load -i /tmp/docker-image.tar - - run: - name: Login to Docker Hub - command: docker login -u $DOCKER_USER -p $DOCKER_PASS - - run: - name: Re-tag pre built image - command: | - docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG - docker tag ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:local ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG - - run: - name: Publish Docker image $CIRCLE_TAG & Latest tag to Docker Hub - command: | - echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG" - docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$CIRCLE_TAG - echo "Publishing ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG" - docker push ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:$RELEASE_TAG - - run: - name: Set Image Digest - command: | - IMAGE_DIGEST=$(docker inspect ${DOCKER_ORG:-mojaloop}/$CIRCLE_PROJECT_REPONAME:v${CIRCLE_TAG:1} | jq '.[0].RepoDigests | .[]') - echo "IMAGE_DIGEST=${IMAGE_DIGEST}" - echo "export IMAGE_DIGEST=${IMAGE_DIGEST}" >> $BASH_ENV - - run: - name: Update Slack config - command: | - echo "export SLACK_RELEASE_URL='https://hub.docker.com/layers/${CIRCLE_PROJECT_REPONAME}/${DOCKER_ORG}/${CIRCLE_PROJECT_REPONAME}/v${CIRCLE_TAG:1}/images/${IMAGE_DIGEST}?context=explore'" | sed -r "s/${DOCKER_ORG}\/${CIRCLE_PROJECT_REPONAME}@sha256:/sha256-/g" >> $BASH_ENV - - slack/notify: - event: pass - template: SLACK_TEMP_RELEASE_SUCCESS - - slack/notify: - event: fail - template: SLACK_TEMP_RELEASE_FAILURE - -## -# Workflows -# -# CircleCI Workflow config -## + build: mojaloop/build@1.0.57 workflows: - build_and_test: + setup: jobs: - - pr-tools/pr-title-check: - context: org-global - - setup: - context: org-global - filters: - tags: - only: /.*/ - branches: - ignore: - - /feature*/ - - /bugfix*/ - - test-dependencies: - context: org-global - requires: - - setup - filters: - tags: - ignore: /.*/ - branches: - ignore: - - main - - test-lint: - context: org-global - requires: - - setup - filters: - tags: - only: /.*/ - branches: - ignore: - - /feature*/ - - /bugfix*/ - - vulnerability-check: - context: org-global - requires: - - setup - filters: - tags: - only: /.*/ - branches: - ignore: - - /feature*/ - - /bugfix*/ - - audit-licenses: - context: org-global - requires: - - setup - filters: - tags: - only: /.*/ - branches: - ignore: - - /feature*/ - - /bugfix*/ - - build-local: - context: org-global - requires: - - setup - - test-lint - # - test-unit - # - test-coverage - # - test-integration - # - test-functional - - vulnerability-check - - audit-licenses - filters: - tags: - only: /v[0-9]+(\.[0-9]+)*(\-snapshot(\.[0-9]+)?)?(\-hotfix(\.[0-9]+)?)?(\-perf(\.[0-9]+)?)?/ - branches: - only: /.*/ - - license-scan: - context: org-global - requires: - - build-local - filters: - tags: - only: /v[0-9]+(\.[0-9]+)*(\-snapshot(\.[0-9]+)?)?(\-hotfix(\.[0-9]+)?)?(\-perf(\.[0-9]+)?)?/ - branches: - ignore: - - /.*/ - - grype-scan: - context: org-global - requires: - - build-local - filters: - tags: - only: /v[0-9]+(\.[0-9]+)*(\-snapshot(\.[0-9]+)?)?(\-hotfix(\.[0-9]+)?)?(\-perf(\.[0-9]+)?)?/ - branches: - only: /.*/ - # New commits to main release automatically - - release: - context: org-global - requires: - - pr-tools/pr-title-check - - test-lint - # - test-unit - # - test-coverage - # - test-integration - # - test-functional - - vulnerability-check - - audit-licenses - - license-scan - - grype-scan - filters: - branches: - only: - - main - - /release\/v.*/ - - github-release: - context: org-global - requires: - - release - filters: - branches: - only: - - main - - /release\/v.*/ - - publish: - context: org-global - requires: - - pr-tools/pr-title-check - - test-lint - # - test-unit - # - test-coverage - # - test-integration - # - test-functional - - vulnerability-check - - audit-licenses - # - test-integration - - license-scan - - grype-scan - filters: - tags: - only: /v[0-9]+(\.[0-9]+)*/ - branches: - ignore: - - /.*/ - - publish-snapshot: + - build/workflow: context: org-global - requires: - - pr-tools/pr-title-check - - test-lint - # - test-unit - # - test-coverage - # - test-integration - # - test-functional - - vulnerability-check - - audit-licenses - # - test-integration - - license-scan - - grype-scan filters: tags: - only: /v[0-9]+(\.[0-9]+)*\-snapshot+((\.[0-9]+)?)/ - branches: - ignore: - - /.*/ + only: /v\d+(\.\d+){2}(-[a-zA-Z-][0-9a-zA-Z-]*\.\d+)?/ diff --git a/package-lock.json b/package-lock.json index 90f42226..6217ec41 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@hapi/basic": "7.0.2", "@hapi/boom": "10.0.1", "@hapi/good": "9.0.1", - "@hapi/hapi": "21.3.12", + "@hapi/hapi": "21.4.0", "@hapi/inert": "7.1.0", "@hapi/vision": "7.0.3", "@mojaloop/central-services-error-handling": "13.0.7", @@ -23,7 +23,7 @@ "@mojaloop/central-services-stream": "11.5.1", "@mojaloop/event-sdk": "14.1.5", "@mojaloop/ml-schema-transformer-lib": "2.5.6", - "@mojaloop/sdk-standard-components": "19.7.1", + "@mojaloop/sdk-standard-components": "19.9.0", "@now-ims/hapi-now-auth": "2.1.0", "axios": "1.8.1", "blipp": "4.0.2", @@ -39,7 +39,7 @@ }, "devDependencies": { "@mojaloop/database-lib": "11.1.3", - "@mojaloop/inter-scheme-proxy-cache-lib": "2.3.3", + "@mojaloop/inter-scheme-proxy-cache-lib": "2.3.7", "audit-ci": "7.1.0", "get-port": "5.1.1", "jsdoc": "4.0.4", @@ -672,6 +672,7 @@ "version": "6.0.1", "resolved": "https://registry.npmjs.org/@hapi/cryptiles/-/cryptiles-6.0.1.tgz", "integrity": "sha512-9GM9ECEHfR8lk5ASOKG4+4ZsEzFqLfhiryIJ2ISePVB92OHLp/yne4m+zn7z9dgvM98TLpiFebjDFQ0UHcqxXQ==", + "license": "BSD-3-Clause", "dependencies": { "@hapi/boom": "^10.0.1" }, @@ -701,9 +702,10 @@ "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==" }, "node_modules/@hapi/hapi": { - "version": "21.3.12", - "resolved": "https://registry.npmjs.org/@hapi/hapi/-/hapi-21.3.12.tgz", - "integrity": "sha512-GCUP12dkb3QMjpFl+wEFO73nqKRmsnD5um/QDOn6lj2GjGBrDXPcT194mNARO+PPNXZOR4KmvIpHt/lceUncfg==", + "version": "21.4.0", + "resolved": "https://registry.npmjs.org/@hapi/hapi/-/hapi-21.4.0.tgz", + "integrity": "sha512-kqiRWbYYLSSt2rYbxyNj8svPsXP715p4W/K3OXpXeiiVLNSdBX4f+zfmC+dY6eyb6rqTqTAbx6x8b5HpJTkviQ==", + "license": "BSD-3-Clause", "dependencies": { "@hapi/accept": "^6.0.3", "@hapi/ammo": "^6.0.1", @@ -718,7 +720,7 @@ "@hapi/podium": "^5.0.1", "@hapi/shot": "^6.0.1", "@hapi/somever": "^4.1.1", - "@hapi/statehood": "^8.1.1", + "@hapi/statehood": "^8.2.0", "@hapi/subtext": "^8.1.0", "@hapi/teamwork": "^6.0.0", "@hapi/topo": "^6.0.2", @@ -787,6 +789,7 @@ "version": "7.0.1", "resolved": "https://registry.npmjs.org/@hapi/iron/-/iron-7.0.1.tgz", "integrity": "sha512-tEZnrOujKpS6jLKliyWBl3A9PaE+ppuL/+gkbyPPDb/l2KSKQyH4lhMkVb+sBhwN+qaxxlig01JRqB8dk/mPxQ==", + "license": "BSD-3-Clause", "dependencies": { "@hapi/b64": "^6.0.1", "@hapi/boom": "^10.0.1", @@ -896,9 +899,10 @@ } }, "node_modules/@hapi/statehood": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/@hapi/statehood/-/statehood-8.1.1.tgz", - "integrity": "sha512-YbK7PSVUA59NArAW5Np0tKRoIZ5VNYUicOk7uJmWZF6XyH5gGL+k62w77SIJb0AoAJ0QdGQMCQ/WOGL1S3Ydow==", + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/@hapi/statehood/-/statehood-8.2.0.tgz", + "integrity": "sha512-63JlCVIrsmuunWsyc3OeuFO+gH6v56swLCl7OM1w09l/exQKPUxSUDF2Slkuw8k91nIzr0A2/aPvjLOWf9ksrg==", + "license": "BSD-3-Clause", "dependencies": { "@hapi/boom": "^10.0.1", "@hapi/bounce": "^3.0.1", @@ -913,6 +917,7 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/@hapi/validate/-/validate-2.0.1.tgz", "integrity": "sha512-NZmXRnrSLK8MQ9y/CMqE9WSspgB9xA41/LlYR0k967aSZebWr4yNrpxIbov12ICwKy4APSlWXZga9jN5p6puPA==", + "license": "BSD-3-Clause", "dependencies": { "@hapi/hoek": "^11.0.2", "@hapi/topo": "^6.0.1" @@ -1277,6 +1282,45 @@ } } }, + "node_modules/@mojaloop/central-services-health/node_modules/@hapi/hapi": { + "version": "21.3.12", + "resolved": "https://registry.npmjs.org/@hapi/hapi/-/hapi-21.3.12.tgz", + "integrity": "sha512-GCUP12dkb3QMjpFl+wEFO73nqKRmsnD5um/QDOn6lj2GjGBrDXPcT194mNARO+PPNXZOR4KmvIpHt/lceUncfg==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/accept": "^6.0.3", + "@hapi/ammo": "^6.0.1", + "@hapi/boom": "^10.0.1", + "@hapi/bounce": "^3.0.2", + "@hapi/call": "^9.0.1", + "@hapi/catbox": "^12.1.1", + "@hapi/catbox-memory": "^6.0.2", + "@hapi/heavy": "^8.0.1", + "@hapi/hoek": "^11.0.6", + "@hapi/mimos": "^7.0.1", + "@hapi/podium": "^5.0.1", + "@hapi/shot": "^6.0.1", + "@hapi/somever": "^4.1.1", + "@hapi/statehood": "^8.1.1", + "@hapi/subtext": "^8.1.0", + "@hapi/teamwork": "^6.0.0", + "@hapi/topo": "^6.0.2", + "@hapi/validate": "^2.0.1" + }, + "engines": { + "node": ">=14.15.0" + } + }, + "node_modules/@mojaloop/central-services-health/node_modules/@hapi/validate": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@hapi/validate/-/validate-2.0.1.tgz", + "integrity": "sha512-NZmXRnrSLK8MQ9y/CMqE9WSspgB9xA41/LlYR0k967aSZebWr4yNrpxIbov12ICwKy4APSlWXZga9jN5p6puPA==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^11.0.2", + "@hapi/topo": "^6.0.1" + } + }, "node_modules/@mojaloop/central-services-logger": { "version": "11.5.5", "resolved": "https://registry.npmjs.org/@mojaloop/central-services-logger/-/central-services-logger-11.5.5.tgz", @@ -1372,174 +1416,86 @@ "@hapi/hoek": "9.x.x" } }, - "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/hoek": { - "version": "9.3.0", - "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz", - "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==" - }, - "node_modules/@mojaloop/central-services-stream": { - "version": "11.5.1", - "resolved": "https://registry.npmjs.org/@mojaloop/central-services-stream/-/central-services-stream-11.5.1.tgz", - "integrity": "sha512-87Dr5szvUMIL6HtIe8t0G+AR7no7BvwcwoayFGIDi99r7YzLEPeEn5Oi/au4pTeJZjLh/VhMzrvRJzYELUszug==", - "dependencies": { - "@opentelemetry/api": "1.9.0", - "async": "3.2.6", - "async-exit-hook": "2.0.1", - "events": "3.3.0", - "node-rdkafka": "2.18.0" - }, - "peerDependencies": { - "@mojaloop/central-services-error-handling": ">=13.x.x", - "@mojaloop/central-services-logger": ">=11.x.x" - }, - "peerDependenciesMeta": { - "@mojaloop/central-services-error-handling": { - "optional": false - }, - "@mojaloop/central-services-logger": { - "optional": false - } - } - }, - "node_modules/@mojaloop/database-lib": { - "version": "11.1.3", - "resolved": "https://registry.npmjs.org/@mojaloop/database-lib/-/database-lib-11.1.3.tgz", - "integrity": "sha512-MjEVG9119USc7S787+BqayZfF8HQDRMJCr8XaO8YZf9GAzu/N06e54qhCQLJ/zRl9BvmRYmeI+FYirczGF+RmA==", - "dev": true, - "dependencies": { - "@mojaloop/central-services-error-handling": "13.0.6", - "knex": "3.1.0", - "lodash": "4.17.21", - "mysql": "2.18.1" - } - }, - "node_modules/@mojaloop/database-lib/node_modules/@mojaloop/central-services-error-handling": { - "version": "13.0.6", - "resolved": "https://registry.npmjs.org/@mojaloop/central-services-error-handling/-/central-services-error-handling-13.0.6.tgz", - "integrity": "sha512-tDOhUSr9MSVpqtBkn3oNc8TGJ/TGav8W/UmqW71WskF8musL5toEv0nZOAEn9nxKPb/Xj0b83EYeAOBiOD6ozA==", - "dev": true, - "dependencies": { - "fast-safe-stringify": "2.1.1", - "lodash": "4.17.21" - } - }, - "node_modules/@mojaloop/event-sdk": { - "version": "14.1.5", - "resolved": "https://registry.npmjs.org/@mojaloop/event-sdk/-/event-sdk-14.1.5.tgz", - "integrity": "sha512-lOI9HgwyqJ2BXqYaVEYkbfxPqgSXAulMPwW1MiK0VapDKqxbI7lSUkm2X0E109jc41kiApS0CV1IewUL1HSvzQ==", - "dependencies": { - "@grpc/grpc-js": "1.12.6", - "@grpc/proto-loader": "0.7.13", - "brototype": "0.0.6", - "error-callsites": "2.0.4", - "lodash": "4.17.21", - "moment": "2.30.1", - "parse-strings-in-object": "2.0.0", - "protobufjs": "7.4.0", - "rc": "1.2.8", - "serialize-error": "8.1.0", - "traceparent": "1.0.0", - "tslib": "2.8.1", - "uuid4": "2.0.3", - "winston": "3.17.0" - }, - "peerDependencies": { - "@mojaloop/central-services-logger": "11.5.5", - "@mojaloop/central-services-stream": "11.5.1" - }, - "peerDependenciesMeta": { - "@mojaloop/central-services-logger": { - "optional": false - }, - "@mojaloop/central-services-stream": { - "optional": true - } - } - }, - "node_modules/@mojaloop/inter-scheme-proxy-cache-lib": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/@mojaloop/inter-scheme-proxy-cache-lib/-/inter-scheme-proxy-cache-lib-2.3.3.tgz", - "integrity": "sha512-WViXF8++KZULO/Rf45VBWS7sOCx8pf82EauuERHFB5EcIq32QI+9SsvcDbe8dgecGW5PevXjaHuV+30FQ4YijQ==", - "dependencies": { - "@mojaloop/central-services-logger": "11.5.5", - "ajv": "8.17.1", - "convict": "6.2.4", - "fast-safe-stringify": "2.1.1", - "ioredis": "5.5.0" - }, - "engines": { - "node": ">=18.x" - } - }, - "node_modules/@mojaloop/ml-schema-transformer-lib": { - "version": "2.5.6", - "resolved": "https://registry.npmjs.org/@mojaloop/ml-schema-transformer-lib/-/ml-schema-transformer-lib-2.5.6.tgz", - "integrity": "sha512-1VQn5CBmVKI89jeoW8pGJKM3J+PyQiw70eQIv5udSJsdBArFnpABxl72Ht5XupUaInHFLm2nm2C9UcVBxJl1KA==", + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/hapi": { + "version": "21.3.12", + "resolved": "https://registry.npmjs.org/@hapi/hapi/-/hapi-21.3.12.tgz", + "integrity": "sha512-GCUP12dkb3QMjpFl+wEFO73nqKRmsnD5um/QDOn6lj2GjGBrDXPcT194mNARO+PPNXZOR4KmvIpHt/lceUncfg==", + "license": "BSD-3-Clause", "dependencies": { - "@mojaloop/central-services-error-handling": "13.0.7", - "@mojaloop/central-services-logger": "11.5.5", - "@mojaloop/central-services-shared": "18.21.0", - "ilp-packet": "2.2.0", - "map-transform-cjs": "0.2.0" + "@hapi/accept": "^6.0.3", + "@hapi/ammo": "^6.0.1", + "@hapi/boom": "^10.0.1", + "@hapi/bounce": "^3.0.2", + "@hapi/call": "^9.0.1", + "@hapi/catbox": "^12.1.1", + "@hapi/catbox-memory": "^6.0.2", + "@hapi/heavy": "^8.0.1", + "@hapi/hoek": "^11.0.6", + "@hapi/mimos": "^7.0.1", + "@hapi/podium": "^5.0.1", + "@hapi/shot": "^6.0.1", + "@hapi/somever": "^4.1.1", + "@hapi/statehood": "^8.1.1", + "@hapi/subtext": "^8.1.0", + "@hapi/teamwork": "^6.0.0", + "@hapi/topo": "^6.0.2", + "@hapi/validate": "^2.0.1" }, "engines": { - "node": ">=18.x" - }, - "optionalDependencies": { - "@rollup/rollup-linux-x64-musl": "4.34.9" + "node": ">=14.15.0" } }, - "node_modules/@mojaloop/sdk-standard-components": { - "version": "19.7.1", - "resolved": "https://registry.npmjs.org/@mojaloop/sdk-standard-components/-/sdk-standard-components-19.7.1.tgz", - "integrity": "sha512-VnfhZANqpa+4iVybwPeafB7bfcQkiochO95X3oQ1YFuxblmFf9WyxMLtevG6PGv2OK9j/tI17QQqbuoL60/Gag==", + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/hapi/node_modules/@hapi/boom": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-10.0.1.tgz", + "integrity": "sha512-ERcCZaEjdH3OgSJlyjVk8pHIFeus91CjKP3v+MpgBNp5IvGzP2l/bRiD78nqYcKPaZdbKkK5vDBVPd2ohHBlsA==", + "license": "BSD-3-Clause", "dependencies": { - "@mojaloop/ml-schema-transformer-lib": "2.5.4", - "axios": "1.8.1", - "axios-retry": "4.5.0", - "base64url": "3.0.1", - "fast-safe-stringify": "2.1.1", - "ilp-packet": "3.1.3", - "ilp-packet-v1": "2.2.0", - "jsonwebtoken": "9.0.2", - "jws": "4.0.0" + "@hapi/hoek": "^11.0.2" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@hapi/boom": { - "version": "9.1.4", - "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-9.1.4.tgz", - "integrity": "sha512-Ls1oH8jaN1vNsqcaHVYJrKmgMcKsC1wcp8bujvXrHaAqD2iDYq3HoOwsxwo09Cuda5R5nC0o0IxlrlTuvPuzSw==", + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/hapi/node_modules/@hapi/catbox-memory": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/@hapi/catbox-memory/-/catbox-memory-6.0.2.tgz", + "integrity": "sha512-H1l4ugoFW/ZRkqeFrIo8p1rWN0PA4MDTfu4JmcoNDvnY975o29mqoZblqFTotxNHlEkMPpIiIBJTV+Mbi+aF0g==", + "license": "BSD-3-Clause", "dependencies": { - "@hapi/hoek": "9.x.x" + "@hapi/boom": "^10.0.1", + "@hapi/hoek": "^11.0.2" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@hapi/catbox-memory": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@hapi/catbox-memory/-/catbox-memory-5.0.1.tgz", - "integrity": "sha512-QWw9nOYJq5PlvChLWV8i6hQHJYfvdqiXdvTupJFh0eqLZ64Xir7mKNi96d5/ZMUAqXPursfNDIDxjFgoEDUqeQ==", - "dependencies": { - "@hapi/boom": "9.x.x", - "@hapi/hoek": "9.x.x" - } + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/hapi/node_modules/@hapi/hoek": { + "version": "11.0.7", + "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-11.0.7.tgz", + "integrity": "sha512-HV5undWkKzcB4RZUusqOpcgxOaq6VOAH7zhhIr2g3G8NF/MlFO75SjOr2NfuSx0Mh40+1FqCkagKLJRykUWoFQ==", + "license": "BSD-3-Clause" }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@hapi/hoek": { + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/hoek": { "version": "9.3.0", "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz", "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==" }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/central-services-error-handling": { - "version": "13.0.6", - "resolved": "https://registry.npmjs.org/@mojaloop/central-services-error-handling/-/central-services-error-handling-13.0.6.tgz", - "integrity": "sha512-tDOhUSr9MSVpqtBkn3oNc8TGJ/TGav8W/UmqW71WskF8musL5toEv0nZOAEn9nxKPb/Xj0b83EYeAOBiOD6ozA==", + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/validate": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@hapi/validate/-/validate-2.0.1.tgz", + "integrity": "sha512-NZmXRnrSLK8MQ9y/CMqE9WSspgB9xA41/LlYR0k967aSZebWr4yNrpxIbov12ICwKy4APSlWXZga9jN5p6puPA==", + "license": "BSD-3-Clause", "dependencies": { - "fast-safe-stringify": "2.1.1", - "lodash": "4.17.21" + "@hapi/hoek": "^11.0.2", + "@hapi/topo": "^6.0.1" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/central-services-shared": { + "node_modules/@mojaloop/central-services-shared/node_modules/@hapi/validate/node_modules/@hapi/hoek": { + "version": "11.0.7", + "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-11.0.7.tgz", + "integrity": "sha512-HV5undWkKzcB4RZUusqOpcgxOaq6VOAH7zhhIr2g3G8NF/MlFO75SjOr2NfuSx0Mh40+1FqCkagKLJRykUWoFQ==", + "license": "BSD-3-Clause" + }, + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/central-services-shared": { "version": "18.18.2", "resolved": "https://registry.npmjs.org/@mojaloop/central-services-shared/-/central-services-shared-18.18.2.tgz", "integrity": "sha512-hBXcuxwhdu4IBDd3wG5FYLJUOZE2bR31KPbPAd3j1gHCDBZMAPf0PEPh6GKNHor4v1pzlrPl5PcvctXDit6j5A==", + "license": "Apache-2.0", "dependencies": { "@hapi/catbox": "12.1.1", "@hapi/catbox-memory": "5.0.1", @@ -1595,20 +1551,65 @@ } } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/central-services-shared/node_modules/axios": { + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/sdk-standard-components": { + "version": "19.6.6", + "resolved": "https://registry.npmjs.org/@mojaloop/sdk-standard-components/-/sdk-standard-components-19.6.6.tgz", + "integrity": "sha512-6zRplfMu1DZfgxdoyu58RK8O4UVAV7Ghb62UNGlUkvGT5woo/ebt9ZJKSbR6YjzkFhPXfrVo1+NaYRfGSRdRig==", + "license": "Apache-2.0", + "dependencies": { + "@mojaloop/ml-schema-transformer-lib": "^2.5.3", + "axios": "1.7.9", + "axios-retry": "4.5.0", + "base64url": "3.0.1", + "fast-safe-stringify": "^2.1.1", + "ilp-packet": "3.1.3", + "ilp-packet-v1": "2.2.0", + "jsonwebtoken": "9.0.2", + "jws": "4.0.0" + } + }, + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/central-services-shared/node_modules/axios": { "version": "1.7.9", "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz", "integrity": "sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==", + "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/ml-schema-transformer-lib": { + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/central-services-shared/node_modules/ilp-packet": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/ilp-packet/-/ilp-packet-3.1.3.tgz", + "integrity": "sha512-FBsiPQbHPdLPI6jdA+sQO+4fFBuMc212yCdNXMqoGJdic2GFHF/E8P9bTorIVRZRVExhWDE5givqCMguupW8VA==", + "license": "Apache-2.0", + "dependencies": { + "extensible-error": "^1.0.2", + "oer-utils": "^5.1.2" + } + }, + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/inter-scheme-proxy-cache-lib": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/@mojaloop/inter-scheme-proxy-cache-lib/-/inter-scheme-proxy-cache-lib-2.3.3.tgz", + "integrity": "sha512-WViXF8++KZULO/Rf45VBWS7sOCx8pf82EauuERHFB5EcIq32QI+9SsvcDbe8dgecGW5PevXjaHuV+30FQ4YijQ==", + "license": "Apache-2.0", + "dependencies": { + "@mojaloop/central-services-logger": "11.5.5", + "ajv": "8.17.1", + "convict": "6.2.4", + "fast-safe-stringify": "2.1.1", + "ioredis": "5.5.0" + }, + "engines": { + "node": ">=18.x" + } + }, + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/ml-schema-transformer-lib": { "version": "2.5.4", "resolved": "https://registry.npmjs.org/@mojaloop/ml-schema-transformer-lib/-/ml-schema-transformer-lib-2.5.4.tgz", "integrity": "sha512-ENHrRiR52ZgG7VbKIHBcWnKE9R1NQntgUSD6xG6o961+PM3Cq/qTXirGhjiAjO8Q9IaxlU9LoyOBZHTZs5raYQ==", + "license": "Apache-2.0", "dependencies": { "@mojaloop/central-services-error-handling": "13.0.6", "@mojaloop/central-services-logger": "11.5.5", @@ -1623,72 +1624,207 @@ "@rollup/rollup-linux-x64-musl": "4.34.8" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/ml-schema-transformer-lib/node_modules/ilp-packet": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/ilp-packet/-/ilp-packet-2.2.0.tgz", - "integrity": "sha512-QEGqY0HzGrue4r+4GWWe7lB7Xvjij4cyc2XeOTHYmwkO0BjgwzJW85mZJzR9q5HmK8zdFkN6C0CfedAaYiUv9w==", + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/ml-schema-transformer-lib/node_modules/@mojaloop/central-services-error-handling": { + "version": "13.0.6", + "resolved": "https://registry.npmjs.org/@mojaloop/central-services-error-handling/-/central-services-error-handling-13.0.6.tgz", + "integrity": "sha512-tDOhUSr9MSVpqtBkn3oNc8TGJ/TGav8W/UmqW71WskF8musL5toEv0nZOAEn9nxKPb/Xj0b83EYeAOBiOD6ozA==", + "license": "Apache-2.0", "dependencies": { - "bignumber.js": "^5.0.0", - "extensible-error": "^1.0.2", - "long": "^3.2.0", - "oer-utils": "^1.3.2" - } - }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/ml-schema-transformer-lib/node_modules/long": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/long/-/long-3.2.0.tgz", - "integrity": "sha512-ZYvPPOMqUwPoDsbJaR10iQJYnMuZhRTvHYl62ErLIEX7RgFlziSBUUvrt3OVfc47QlHHpzPZYP17g3Fv7oeJkg==", - "engines": { - "node": ">=0.6" + "fast-safe-stringify": "2.1.1", + "lodash": "4.17.21" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/ml-schema-transformer-lib/node_modules/oer-utils": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/oer-utils/-/oer-utils-1.3.4.tgz", - "integrity": "sha512-JTRqe1iQuB0weu1Mppu0YUApL6CU0CxtmB8pJIhTyTm4X7rmps6p18GVRzwHRfvSP7YUGakzgA+xPqZseF1FOA==" - }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/sdk-standard-components": { - "version": "19.6.6", - "resolved": "https://registry.npmjs.org/@mojaloop/sdk-standard-components/-/sdk-standard-components-19.6.6.tgz", - "integrity": "sha512-6zRplfMu1DZfgxdoyu58RK8O4UVAV7Ghb62UNGlUkvGT5woo/ebt9ZJKSbR6YjzkFhPXfrVo1+NaYRfGSRdRig==", + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/sdk-standard-components": { + "version": "19.7.1", + "resolved": "https://registry.npmjs.org/@mojaloop/sdk-standard-components/-/sdk-standard-components-19.7.1.tgz", + "integrity": "sha512-VnfhZANqpa+4iVybwPeafB7bfcQkiochO95X3oQ1YFuxblmFf9WyxMLtevG6PGv2OK9j/tI17QQqbuoL60/Gag==", + "license": "Apache-2.0", "dependencies": { - "@mojaloop/ml-schema-transformer-lib": "^2.5.3", - "axios": "1.7.9", + "@mojaloop/ml-schema-transformer-lib": "2.5.4", + "axios": "1.8.1", "axios-retry": "4.5.0", "base64url": "3.0.1", - "fast-safe-stringify": "^2.1.1", + "fast-safe-stringify": "2.1.1", "ilp-packet": "3.1.3", "ilp-packet-v1": "2.2.0", "jsonwebtoken": "9.0.2", "jws": "4.0.0" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@mojaloop/sdk-standard-components/node_modules/axios": { - "version": "1.7.9", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz", - "integrity": "sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==", + "node_modules/@mojaloop/central-services-shared/node_modules/@mojaloop/sdk-standard-components/node_modules/ilp-packet": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/ilp-packet/-/ilp-packet-3.1.3.tgz", + "integrity": "sha512-FBsiPQbHPdLPI6jdA+sQO+4fFBuMc212yCdNXMqoGJdic2GFHF/E8P9bTorIVRZRVExhWDE5givqCMguupW8VA==", + "license": "Apache-2.0", "dependencies": { - "follow-redirects": "^1.15.6", - "form-data": "^4.0.0", - "proxy-from-env": "^1.1.0" + "extensible-error": "^1.0.2", + "oer-utils": "^5.1.2" } }, - "node_modules/@mojaloop/sdk-standard-components/node_modules/@rollup/rollup-linux-x64-musl": { + "node_modules/@mojaloop/central-services-shared/node_modules/@rollup/rollup-linux-x64-musl": { "version": "4.34.8", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.34.8.tgz", "integrity": "sha512-SCXcP0ZpGFIe7Ge+McxY5zKxiEI5ra+GT3QRxL0pMMtxPfpyLAKleZODi1zdRHkz5/BhueUrYtYVgubqe9JBNQ==", "cpu": [ "x64" ], + "license": "MIT", "optional": true, "os": [ "linux" ] }, + "node_modules/@mojaloop/central-services-shared/node_modules/long": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", + "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==", + "license": "Apache-2.0" + }, + "node_modules/@mojaloop/central-services-shared/node_modules/oer-utils": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/oer-utils/-/oer-utils-5.1.2.tgz", + "integrity": "sha512-VhkvT3bthHrbnwBOG9vGpDFB8XHrIitpZY2nC+3scZI2Tf17g8YmeDK6wsA7HpdjGXMsbf14fRgltBXwhzrWOw==", + "dependencies": { + "@types/long": "4.0.1", + "long": "^4.0.0" + } + }, + "node_modules/@mojaloop/central-services-stream": { + "version": "11.5.1", + "resolved": "https://registry.npmjs.org/@mojaloop/central-services-stream/-/central-services-stream-11.5.1.tgz", + "integrity": "sha512-87Dr5szvUMIL6HtIe8t0G+AR7no7BvwcwoayFGIDi99r7YzLEPeEn5Oi/au4pTeJZjLh/VhMzrvRJzYELUszug==", + "dependencies": { + "@opentelemetry/api": "1.9.0", + "async": "3.2.6", + "async-exit-hook": "2.0.1", + "events": "3.3.0", + "node-rdkafka": "2.18.0" + }, + "peerDependencies": { + "@mojaloop/central-services-error-handling": ">=13.x.x", + "@mojaloop/central-services-logger": ">=11.x.x" + }, + "peerDependenciesMeta": { + "@mojaloop/central-services-error-handling": { + "optional": false + }, + "@mojaloop/central-services-logger": { + "optional": false + } + } + }, + "node_modules/@mojaloop/database-lib": { + "version": "11.1.3", + "resolved": "https://registry.npmjs.org/@mojaloop/database-lib/-/database-lib-11.1.3.tgz", + "integrity": "sha512-MjEVG9119USc7S787+BqayZfF8HQDRMJCr8XaO8YZf9GAzu/N06e54qhCQLJ/zRl9BvmRYmeI+FYirczGF+RmA==", + "dev": true, + "dependencies": { + "@mojaloop/central-services-error-handling": "13.0.6", + "knex": "3.1.0", + "lodash": "4.17.21", + "mysql": "2.18.1" + } + }, + "node_modules/@mojaloop/database-lib/node_modules/@mojaloop/central-services-error-handling": { + "version": "13.0.6", + "resolved": "https://registry.npmjs.org/@mojaloop/central-services-error-handling/-/central-services-error-handling-13.0.6.tgz", + "integrity": "sha512-tDOhUSr9MSVpqtBkn3oNc8TGJ/TGav8W/UmqW71WskF8musL5toEv0nZOAEn9nxKPb/Xj0b83EYeAOBiOD6ozA==", + "dev": true, + "dependencies": { + "fast-safe-stringify": "2.1.1", + "lodash": "4.17.21" + } + }, + "node_modules/@mojaloop/event-sdk": { + "version": "14.1.5", + "resolved": "https://registry.npmjs.org/@mojaloop/event-sdk/-/event-sdk-14.1.5.tgz", + "integrity": "sha512-lOI9HgwyqJ2BXqYaVEYkbfxPqgSXAulMPwW1MiK0VapDKqxbI7lSUkm2X0E109jc41kiApS0CV1IewUL1HSvzQ==", + "dependencies": { + "@grpc/grpc-js": "1.12.6", + "@grpc/proto-loader": "0.7.13", + "brototype": "0.0.6", + "error-callsites": "2.0.4", + "lodash": "4.17.21", + "moment": "2.30.1", + "parse-strings-in-object": "2.0.0", + "protobufjs": "7.4.0", + "rc": "1.2.8", + "serialize-error": "8.1.0", + "traceparent": "1.0.0", + "tslib": "2.8.1", + "uuid4": "2.0.3", + "winston": "3.17.0" + }, + "peerDependencies": { + "@mojaloop/central-services-logger": "11.5.5", + "@mojaloop/central-services-stream": "11.5.1" + }, + "peerDependenciesMeta": { + "@mojaloop/central-services-logger": { + "optional": false + }, + "@mojaloop/central-services-stream": { + "optional": true + } + } + }, + "node_modules/@mojaloop/inter-scheme-proxy-cache-lib": { + "version": "2.3.7", + "resolved": "https://registry.npmjs.org/@mojaloop/inter-scheme-proxy-cache-lib/-/inter-scheme-proxy-cache-lib-2.3.7.tgz", + "integrity": "sha512-6BeV+JTuHDBrLlcT3QIfK9yZKArjdwbdggC7KSJhONCORjXWifZWewktlQ88gUfRXzVGFp2+jM6QEJ4CTm2Mpg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@mojaloop/central-services-logger": "11.5.5", + "ajv": "8.17.1", + "convict": "6.2.4", + "fast-safe-stringify": "2.1.1", + "ioredis": "5.5.0" + }, + "engines": { + "node": ">=18.x" + } + }, + "node_modules/@mojaloop/ml-schema-transformer-lib": { + "version": "2.5.6", + "resolved": "https://registry.npmjs.org/@mojaloop/ml-schema-transformer-lib/-/ml-schema-transformer-lib-2.5.6.tgz", + "integrity": "sha512-1VQn5CBmVKI89jeoW8pGJKM3J+PyQiw70eQIv5udSJsdBArFnpABxl72Ht5XupUaInHFLm2nm2C9UcVBxJl1KA==", + "dependencies": { + "@mojaloop/central-services-error-handling": "13.0.7", + "@mojaloop/central-services-logger": "11.5.5", + "@mojaloop/central-services-shared": "18.21.0", + "ilp-packet": "2.2.0", + "map-transform-cjs": "0.2.0" + }, + "engines": { + "node": ">=18.x" + }, + "optionalDependencies": { + "@rollup/rollup-linux-x64-musl": "4.34.9" + } + }, + "node_modules/@mojaloop/sdk-standard-components": { + "version": "19.9.0", + "resolved": "https://registry.npmjs.org/@mojaloop/sdk-standard-components/-/sdk-standard-components-19.9.0.tgz", + "integrity": "sha512-WhX64oUzIopzq4rdrVTcj2WPfaaTmPb7SZku2qI9Ii3gulcZOXT7wu83MS3C4pmdPgA5NjYPtg06YbKO1/zJpQ==", + "license": "Apache-2.0", + "dependencies": { + "@mojaloop/ml-schema-transformer-lib": "2.5.6", + "axios": "1.8.1", + "axios-retry": "4.5.0", + "base64url": "3.0.1", + "fast-safe-stringify": "2.1.1", + "ilp-packet": "3.1.3", + "ilp-packet-v1": "2.2.0", + "jsonwebtoken": "9.0.2", + "jws": "4.0.0" + } + }, "node_modules/@mojaloop/sdk-standard-components/node_modules/ilp-packet": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/ilp-packet/-/ilp-packet-3.1.3.tgz", "integrity": "sha512-FBsiPQbHPdLPI6jdA+sQO+4fFBuMc212yCdNXMqoGJdic2GFHF/E8P9bTorIVRZRVExhWDE5givqCMguupW8VA==", + "license": "Apache-2.0", "dependencies": { "extensible-error": "^1.0.2", "oer-utils": "^5.1.2" @@ -1697,7 +1833,8 @@ "node_modules/@mojaloop/sdk-standard-components/node_modules/long": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", - "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==" + "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==", + "license": "Apache-2.0" }, "node_modules/@mojaloop/sdk-standard-components/node_modules/oer-utils": { "version": "5.1.2", @@ -1969,7 +2106,8 @@ "node_modules/@types/long": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/@types/long/-/long-4.0.1.tgz", - "integrity": "sha512-5tXH6Bx/kNGd3MgffdmP4dy2Z+G4eaXw0SE81Tq3BNadtnMR5/ySMzX4SLEzHJzSmPNn4HIdpQsBvXMUykr58w==" + "integrity": "sha512-5tXH6Bx/kNGd3MgffdmP4dy2Z+G4eaXw0SE81Tq3BNadtnMR5/ySMzX4SLEzHJzSmPNn4HIdpQsBvXMUykr58w==", + "license": "MIT" }, "node_modules/@types/markdown-it": { "version": "14.1.2", @@ -2501,6 +2639,7 @@ "version": "4.5.0", "resolved": "https://registry.npmjs.org/axios-retry/-/axios-retry-4.5.0.tgz", "integrity": "sha512-aR99oXhpEDGo0UuAlYcn2iGRds30k366Zfa05XWScR9QaQD4JYiP3/1Qt1u7YlefUOK+cn0CcwoL1oefavQUlQ==", + "license": "Apache-2.0", "dependencies": { "is-retry-allowed": "^2.2.0" }, @@ -2517,6 +2656,7 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", + "license": "MIT", "engines": { "node": ">=6.0.0" } @@ -6896,6 +7036,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/ilp-packet-v1/-/ilp-packet-v1-2.2.0.tgz", "integrity": "sha512-bNsvjJ2/5Pl/qoVoSo4e/ZPoKv3xSm0VCO3fOPS+Yl5L4SZ6QRI972vclZKBwWDT19he2TgFZAmwe4RUzQ31jg==", + "license": "Apache-2.0", "dependencies": { "bignumber.js": "^5.0.0", "extensible-error": "^1.0.2", @@ -6907,6 +7048,7 @@ "version": "3.2.0", "resolved": "https://registry.npmjs.org/long/-/long-3.2.0.tgz", "integrity": "sha512-ZYvPPOMqUwPoDsbJaR10iQJYnMuZhRTvHYl62ErLIEX7RgFlziSBUUvrt3OVfc47QlHHpzPZYP17g3Fv7oeJkg==", + "license": "Apache-2.0", "engines": { "node": ">=0.6" } @@ -7397,6 +7539,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-2.2.0.tgz", "integrity": "sha512-XVm7LOeLpTW4jV19QSH38vkswxoLud8sQ57YwJVTPWdiaI9I8keEhGFpBlslyVsgdQy4Opg8QOLb8YRgsyZiQg==", + "license": "MIT", "engines": { "node": ">=10" }, @@ -8035,6 +8178,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.0.tgz", "integrity": "sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA==", + "license": "MIT", "dependencies": { "buffer-equal-constant-time": "1.0.1", "ecdsa-sig-formatter": "1.0.11", @@ -8045,6 +8189,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.0.tgz", "integrity": "sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==", + "license": "MIT", "dependencies": { "jwa": "^2.0.0", "safe-buffer": "^5.0.1" diff --git a/package.json b/package.json index 6f864089..327b4a09 100644 --- a/package.json +++ b/package.json @@ -73,7 +73,7 @@ "@hapi/basic": "7.0.2", "@hapi/boom": "10.0.1", "@hapi/good": "9.0.1", - "@hapi/hapi": "21.3.12", + "@hapi/hapi": "21.4.0", "@hapi/inert": "7.1.0", "@hapi/vision": "7.0.3", "@mojaloop/central-services-error-handling": "13.0.7", @@ -84,7 +84,7 @@ "@mojaloop/central-services-stream": "11.5.1", "@mojaloop/event-sdk": "14.1.5", "@mojaloop/ml-schema-transformer-lib": "2.5.6", - "@mojaloop/sdk-standard-components": "19.7.1", + "@mojaloop/sdk-standard-components": "19.9.0", "@now-ims/hapi-now-auth": "2.1.0", "axios": "1.8.1", "blipp": "4.0.2", @@ -119,7 +119,7 @@ }, "devDependencies": { "@mojaloop/database-lib": "11.1.3", - "@mojaloop/inter-scheme-proxy-cache-lib": "2.3.3", + "@mojaloop/inter-scheme-proxy-cache-lib": "2.3.7", "audit-ci": "7.1.0", "get-port": "5.1.1", "jsdoc": "4.0.4", From 3901f2e0da02e832ac47be4ae982af7fe1eabcfc Mon Sep 17 00:00:00 2001 From: Juan Correa Date: Wed, 5 Mar 2025 13:31:22 -0500 Subject: [PATCH 3/4] chore: update README to reflect grype image scan --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7933ecce..f5494cf3 100644 --- a/README.md +++ b/README.md @@ -160,11 +160,10 @@ The [audit-ci.jsonc](./audit-ci.jsonc) contains any audit-exceptions that cannot ## Container Scans -As part of our CI/CD process, we use anchore-cli to scan our built docker container for vulnerabilities upon release. +As part of our CI/CD process, we use grype a vulnerability scanner for container images and filesystems upon release. -If you find your release builds are failing, refer to the [container scanning](https://github.com/mojaloop/ci-config#container-scanning) in our shared Mojaloop CI config repo. There is a good chance you simply need to update the `mojaloop-policy-generator.js` file and re-run the circleci workflow. +If you find your release builds are failing, please review Mojaloop orb with grype image scan at [container scanning](https://github.com/mojaloop/ci-config-orb-build?tab=readme-ov-file#vulnerability-image-scan-configuration) and review [grype_image_scan.yml](https://github.com/mojaloop/ci-config-orb-build/blob/main/src/jobs/grype_image_scan.yml) job. -For more information on anchore and anchore-cli, refer to: +For more information on grype, refer to: -- [Anchore CLI](https://github.com/anchore/anchore-cli) -- [Circle Orb Registry](https://circleci.com/orbs/registry/orb/anchore/anchore-engine) +- [Grype](https://github.com/anchore/grype) From 2a69cc79e62a0cbd17cfe9be82962b5ebfbb2220 Mon Sep 17 00:00:00 2001 From: Juan Correa Date: Wed, 5 Mar 2025 14:41:58 -0500 Subject: [PATCH 4/4] chore: bump orb version --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e6831667..6bd267c6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,7 @@ version: 2.1 setup: true orbs: - build: mojaloop/build@1.0.57 + build: mojaloop/build@1.0.58 workflows: setup: jobs: