Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
app-sync
Advanced tools
Readme
Continuous deployment from Github. This module downloads and runs node apps from Github, keeping them in sync with the remote repository based on Semantic Versioning.
npm install --save app-sync
If you are not using the module within it's Docker container, then ensure that pm2
is installed within it's runtime environment:
npm install pm2 -g
The app-sync
module is designed to be run within its docker image which takes a few environment variables for connecting to Github, and then a pointer to a manifest.yml
on Github that defines the apps to run within it.
docker pull philcockfield/app-sync
Pass the following environment variables into the docker container to configure the host gateway application:
Required:
GITHUB_TOKEN # Auth token: https://github.com/settings/tokens
GITHUB_USER_AGENT # https://developer.github.com/v3/#user-agent-required
MANIFEST # <user/repo>/path/manifest.yml:<branch>
Optional:
RABBIT_MQ # URL to the RabbitMQ/AMQP server.
The MANIFEST
points to a YAML file that declares global configuration settings along with the node applications to run. The YAML files takes for form of:
targetFolder: "/opt/downloads" # Optional
api: # Optional
route: <domain>/<path>
tokens: [<token>, <token>, ...] # Optional
apps:
<id>:
repo: "<user>/<repo>/path-1"
route: "*"
branch: "devel"
bar:
repo: "philcockfield/app-sync/example/app-1"
route:
- "*/bar"
- "domain.com"
- "jungle.com/foo"
- "jazz.com/*"
redirect:
- "*/from => */to"
targetFolder
specifies where apps are downloaded to.
rabbitMQ
is the URL to a RabbitMQ server used to communicate between multiple instances of the module running within different containers.api
contains details about the REST-API.
route
: The base route that the API is exposed upon, for example: */api
tokens
: An optional array of passwords to lock the API with. Pass the token
in the query string.branch
of an app is omitted the default of master
is used.redirect
array allows you to catch certain routes within the gateway and force a redirect (302
) to a different route.Note - when you make and push changes to the manifest.yml
file the running containers will not automatically update. Use the /api/restart
REST method to force a restart when you are ready.
The repo:
field must be a fully qualified Github repository including the user-name. Optionally you can include a path to a location within the repository where the node-app exists. The repository or folder that is pointed to must have a package.json
file within it:
philcockfield/my-repo
philcockfield/my-repo/sub-folder/site
The route:
field describes a URL pattern to match for the app. The pattern takes the form of <domain>/<path>
. Use a wildcard (*
) to match any incoming domain. For example:
www.domain.com
api.domain.com
domain.com/path
*/path
*
*/* # Default if only '*' is specified
domain.com/* # Explicitly stating the wild-card path
Each application that runs within app-sync
is assigned an automatically generated port that is passed in via the --port
startup parameter. Listen on this port for requests. You may wish to use minimist to extract the port value, for example:
var argv = require("minimist")(process.argv.slice(2));
app.listen(argv.port);
If you have set the api/route
field set within the MANIFEST
the following API is available:
GET: /api/ # Status of the complete system and all running apps
GET: /api/apps # Lists all running apps.
GET: /api/apps/:appId # Status of the specified app.
GET: /api/apps/:appId/restart # Restarts the specified app.
GET: /api/apps/:appId/update # Updates the specified app.
GET: /api/restart # Restarts the gateway and all apps.
POST: /api/github # "Push" web-hook from Github repositories.
If you have api/tokens
within your manifest.yml
ensure your API url's have an ?token=<value>
query-string.
Commits to application repositories are monitored via Github webhooks. If the commit is on the registered branch, and the package version number has increased the app is downloaded and restarted.
api/route:
field has been set in the manifest YAML so that the API is exposed.Webhooks & Services
and click Add Webhook
<api-route>/github
for example: https://foo.com/api/github
application/json
To create an app-sync
service on Tutum:
philcockfield/app-sync
NODE_ENV: production
GITHUB_TOKEN
GITHUB_USER_AGENT
MANIFEST
/opt/downloads
(leave host path blank). This value should be declared within the manifest.npm install
npm run example
To simulate a multi-container deployment ensure the rabbitMQ
server URL is declared. You can do this by setting the RABBIT_MQ
environment variable, or point to a manifest.yml
where the rabbitMQ
field is set.
In one console run:
npm run example1
then in a second console, run:
npm run example2
To simulate a change, update and checkin the package.json
version of either of the example apps (app-1
or app-2
).
npm test
FAQs
Continuous deployment from Github.
The npm package app-sync receives a total of 4 weekly downloads. As such, app-sync popularity was classified as not popular.
We found that app-sync demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.