Commit baf86717 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '21-node-audit-node-outdated-don-t-generate-artifacts' into 'master' 

fix(audit): Generate NPM audit and outdated reports

Closes #21

See merge request to-be-continuous/node!37
parents 09da9e49 944f8cec

README.md

+6 −2
Original line number Diff line number Diff line
@@ -269,13 +269,17 @@ The Node template features a job `node-audit` that performs an audit ([npm audit 


It is bound to the `test` stage.





| Name                   | description                                                                                                                                           | default value                    |

|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------|

| `NODE_AUDIT_DISABLED`  | Set to `true` to disable npm audit                                                                                                                    | _none_ (enabled)                 |

| `NODE_AUDIT_ARGS`      | npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments <br/> yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments   | `--audit-level=low`              |



The job generates an audit report that you will find here: `NODE_PROJECT_DIR/reports/npm-audit-report.json`.

In addition to a textual report in the console, this job produces the following report, kept for one day:



| Report         | Format                                                                       | Usage             |

| -------------- | ---------------------------------------------------------------------------- | ----------------- |

| `$NODE_PROJECT_DIR/reports/npm-audit.native.json` | [JSON](https://docs.npmjs.com/cli/v9/commands/npm-audit#json) | [DefectDojo integration](https://documentation.defectdojo.com/integrations/parsers/#npm-audit)<br/>_This report is generated only if DefectDojo template is detected, if needed, you can force it with `$DEFECTDOJO_NPMAUDIT_REPORTS`_ |





### `node-npm-outdated` job

templates/gitlab-ci-node.yml

+26 −0
Original line number Diff line number Diff line
@@ -373,7 +373,21 @@ node-audit: 
  extends: .node-base

  stage: test

  script:

    # JSON (for DefectDojo)

    - |

      if [[ "$DEFECTDOJO_NPMAUDIT_REPORTS" ]]

      then

        mkdir -p -m 777 reports

        $NODE_MANAGER audit --json $NODE_AUDIT_ARGS > reports/npm-audit.native.json || true

      fi

    # last run with console output

    - $NODE_MANAGER audit $NODE_AUDIT_ARGS

  artifacts:

    when: always

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    paths:

      - $NODE_PROJECT_DIR/reports/npm-audit.*

    expire_in: 1 day

  rules:

    # exclude if $NODE_AUDIT_DISABLED set

    - if: '$NODE_AUDIT_DISABLED == "true"'
@@ -385,7 +399,19 @@ node-outdated: 
  extends: .node-base

  stage: test

  script:

    - |

      if [[ "$DEFECTDOJO_NPMAUDIT_REPORTS" ]]

      then

        mkdir -p -m 777 reports

        $NODE_MANAGER outdated --json $NODE_OUTDATED_ARGS > reports/npm-outdated.native.json || true

      fi

    - $NODE_MANAGER outdated $NODE_OUTDATED_ARGS

  artifacts:

    when: always

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    paths:

      - $NODE_PROJECT_DIR/reports/npm-outdated.*

    expire_in: 1 day

  rules:

    # exclude if $NODE_OUTDATED_DISABLED set

    - if: $NODE_OUTDATED_DISABLED == "true"