greenkeeper-lockfile - npm Package Compare versions

Comparing version 1.14.0 to 1.15.0

ci-services/jenkins.js

@@ -5,11 +5,19 @@ 'use strict'
 
-const _ = require('lodash')
 const gitHelpers = require('../lib/git-helpers')
 
+// Jenkins reports the branch name and Git URL in a couple of different places depending on use of the new
+// pipeline vs. older job types.
+const gitUrl = env.CHANGE_URL || env.GIT_URL
+const origBranch = env.CHANGE_BRANCH || env.GIT_BRANCH
+
+// Different Jenkins plugins format the branch name differently
+const matchesGreenkeeper = origBranch.match(/greenkeeper.*/)
+const branchName = matchesGreenkeeper ? matchesGreenkeeper[0] : origBranch
+
 module.exports = {
-  gitUrl: env.GIT_URL,
-  branchName: _.drop(_.split(env.GIT_BRANCH, '/')).join('/'),
+  gitUrl,
+  branchName,
   firstPush: env.BUILD_NUMBER === '1' || gitHelpers.getNumberOfCommitsOnBranch(env.GIT_BRANCH) === 1,
-  correctBuild: true, // assuming pull requests are not build
-  uploadBuild: true // assuming 1 build per branch
+  correctBuild: true, // assuming this is always the correct build to update the lockfile
+  uploadBuild: true // assuming 1 build per branch/PR
 }

ci-services/tests.js

@@ -8,2 +8,3 @@ 'use strict'
   circleci: () => env.CIRCLECI === 'true',
+  drone: () => env.DRONE === 'true',
   jenkins: () => env.JENKINS_URL !== undefined,
@@ -13,4 +14,5 @@ travis: () => env.TRAVIS === 'true',
   codeship: () => env.CI_NAME === 'codeship',
-  bitrise: () => env.CI === 'true' && env.BITRISE_BUILD_NUMBER !== undefined,
-  semaphoreci: () => env.SEMAPHORE === 'true'
+  bitrise: () => env.BITRISE_IO === 'true',
+  semaphoreci: () => env.SEMAPHORE === 'true',
+  teamcity: () => env.TEAMCITY_VERSION !== undefined
 }

lib/git-helpers.js

@@ -17,2 +17,5 @@ 'use strict'
   },
+  getLastCommitMessage: function getLastCommitMessage () {
+    return exec('git log --format=%B -1').toString()
+  },
   getRepoSlug: function getRepoSlug (githubUrl) {
@@ -19,0 +22,0 @@ var ghRegex = /\S+[:|/](\w+(?:[-]\w+)*)\/(\w+(?:[-]\w+)*)/g

lib/update-lockfile.js

 'use strict'
 
 const exec = require('child_process').execSync
-
+const _ = require('lodash')
 const semver = require('semver')
@@ -48,12 +48,22 @@
 
+  const commitEmail = process.env.GK_LOCK_COMMIT_EMAIL ? process.env.GK_LOCK_COMMIT_EMAIL.trim() : 'support@greenkeeper.io'
+  const commitName = process.env.GK_LOCK_COMMIT_NAME ? process.env.GK_LOCK_COMMIT_NAME.trim() : 'greenkeeperio-bot'
+  const shouldAmend = !_.includes([undefined, `0`, 'false', 'null', 'undefined'], process.env.GK_LOCK_COMMIT_AMEND)
+
   if (exec('git status --porcelain').toString() === '') return
 
-  // commit the updated lockfile
+  // stage the updated lockfile
   exec('git add npm-shrinkwrap.json 2>/dev/null || true')
   exec('git add package-lock.json 2>/dev/null || true')
   exec('git add yarn.lock 2>/dev/null || true')
-  exec('git config user.email "support@greenkeeper.io"')
-  exec('git config user.name "greenkeeperio-bot"')
-  const updateMessage = 'chore(package): update lockfile\n\nhttps://npm.im/greenkeeper-lockfile'
-  exec(`git commit -m "${updateMessage}"`)
+
+  exec(`git config user.email "${commitEmail}"`)
+  exec(`git config user.name "${commitName}"`)
+
+  if (shouldAmend) {
+    exec(`git commit --amend --author="${commitName} <${commitEmail}>" --no-edit`)
+  } else {
+    const updateMessage = 'chore(package): update lockfile\n\nhttps://npm.im/greenkeeper-lockfile'
+    exec(`git commit -m "${updateMessage}"`)
+  }
 }

package.json

 {
   "name": "greenkeeper-lockfile",
   "description": "Your lockfile, up to date, all the time",
-  "version": "1.14.0",
+  "version": "1.15.0",
   "author": "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)",
@@ -21,7 +21,6 @@ "bin": {
   "devDependencies": {
-    "nyc": "^11.2.1",
-    "semantic-release": "^8.0.0",
-    "sinon": "^4.0.1",
-    "standard": "^11.0.0",
-    "tap": "^11.0.0"
+    "jest": "^22.4.2",
+    "semantic-release": "^15.0.3",
+    "sinon": "^5.0.0",
+    "standard": "^11.0.0"
   },
@@ -38,6 +37,28 @@ "engines": {
   },
+  "jest": {
+    "testRegex": "/test/.*\\.js$",
+    "testPathIgnorePatterns": [
+      "/node_modules/"
+    ],
+    "collectCoverage": true,
+    "testEnvironment": "node"
+  },
+  "standard": {
+    "env": {
+      "jest": true
+    },
+    "globals": [
+      "jest",
+      "expect",
+      "describe",
+      "test",
+      "beforeAll",
+      "beforeEach",
+      "afterAll",
+      "afterEach"
+    ]
+  },
   "scripts": {
-    "semantic-release": "semantic-release pre && npm publish && semantic-release post",
-    "test": "NODE_ENV=testing standard && nyc tap test"
+    "test": "NODE_ENV=testing standard && jest"
   }
-}
+}

README.md

@@ -28,2 +28,6 @@ # greenkeeper-lockfile
 * ✅ Codeship _Thank you [@selbyk](https://github.com/greenkeeperio/greenkeeper-lockfile/pull/72) 👏_
+* ✅ Semaphore _Thank you [@cbothner](https://github.com/greenkeeperio/greenkeeper-lockfile/pull/121) 👏_
+* ✅ TeamCity _Thank you [@tagoro9](https://github.com/greenkeeperio/greenkeeper-lockfile/pull/131) & [@dbrockman](https://github.com/greenkeeperio/greenkeeper-lockfile/pull/106) 👏_
+* ✅ Drone.io _Thank you [@donny-dont](https://github.com/greenkeeperio/greenkeeper-lockfile/pull/141) 👏_
+
 * 🙏 [Contribute your own](#contributing-a-ci-service)
@@ -104,2 +108,11 @@
 
+### TeamCity Setup
+
+In order for this to work with TeamCity, the build configuration needs to set
+the following environment variables:
+
+- VCS_ROOT_URL from the vcsroot.<vcsrootid>.url parameter
+- VCS_ROOT_BRANCH from the teamcity.build.branch parameter
+
+
 ## Contributing a CI Service
@@ -106,0 +119,0 @@

test/lib/update-lockfile.js

@@ -1,2 +0,1 @@
-const test = require('tap').test
 const stub = require('sinon').stub
@@ -20,21 +19,23 @@ const exec = stub(require('child_process'), 'execSync')
 
-test('do shrinkwrap for old npm versions', t => {
+const updateMessage = 'chore(package): update lockfile\n\nhttps://npm.im/greenkeeper-lockfile'
+
+test('do shrinkwrap for old npm versions', () => {
   prepare()
-  t.plan(1)
+  expect.assertions(1)
   exec.withArgs('npm --version').returns('2.0.0')
   updateLockfile({}, {})
-  t.ok(exec.secondCall.calledWith('npm shrinkwrap'))
+  expect(exec.secondCall.calledWith('npm shrinkwrap')).toBeTruthy()
 })
 
-test('use yarn', t => {
+test('use yarn', () => {
   prepare()
-  t.plan(1)
+  expect.assertions(1)
   exec.withArgs('npm --version').returns('3.0.0')
   updateLockfile(dependency, { yarn: true })
-  t.ok(exec.thirdCall.calledWith("yarn add 'my-dependency@1.0.0'"))
+  expect(exec.thirdCall.calledWith("yarn add 'my-dependency@1.0.0'")).toBeTruthy()
 })
 
-test('yarn no prefix', t => {
+test('yarn no prefix', () => {
   prepare()
-  t.plan(1)
+  expect.assertions(1)
   const tildeDep = Object.assign({}, dependency, {
@@ -46,36 +47,58 @@ prefix: null
   updateLockfile(tildeDep, { yarn: true })
-  t.ok(exec.thirdCall.calledWith("yarn add 'my-dependency@1.0.0'"))
+  expect(exec.thirdCall.calledWith("yarn add 'my-dependency@1.0.0'")).toBeTruthy()
 })
 
-test('use yarn with extra arguments from ENV', t => {
+test('use yarn with extra arguments from ENV', () => {
   prepare()
-  t.plan(1)
+  expect.assertions(1)
   process.env.GK_LOCK_YARN_OPTS = '--ignore-engines'
   exec.withArgs('npm --version').returns('3.0.0')
   updateLockfile(dependency, { yarn: true })
-  t.ok(exec.thirdCall.calledWith("yarn add --ignore-engines 'my-dependency@1.0.0'"))
+  expect(exec.thirdCall.calledWith("yarn add --ignore-engines 'my-dependency@1.0.0'")).toBeTruthy()
   delete process.env.GK_LOCK_YARN_OPTS
 })
 
-test('use npm', t => {
+test('use npm', () => {
   prepare()
-  t.plan(1)
+  expect.assertions(1)
   exec.withArgs('npm --version').returns('3.0.0')
   exec.withArgs('npm5 -v').throws()
   updateLockfile(dependency, { npm: true })
-  t.ok(exec.getCall(4).calledWith('npm install -S my-dependency@1.0.0'))
+  expect(exec.getCall(4).calledWith('npm install -S my-dependency@1.0.0')).toBeTruthy()
 })
 
-test('use npm v5', t => {
+test('use npm v5', () => {
   prepare()
-  t.plan(1)
+  expect.assertions(1)
   exec.withArgs('npm --version').returns('3.0.0')
   exec.withArgs('npm5 -v').returns('5.0.0')
   updateLockfile(dependency, { npm: true })
-  t.ok(exec.getCall(4).calledWith('npm5 install -S my-dependency@1.0.0'))
+  expect(exec.getCall(4).calledWith('npm5 install -S my-dependency@1.0.0')).toBeTruthy()
 })
 
-test('tilde prefix', t => {
+test('default author', () => {
   prepare()
-  t.plan(2)
+  exec.withArgs('npm --version').returns('3.0.0')
+  expect.assertions(2)
+  updateLockfile(dependency, { npm: true })
+  expect(exec.getCall(9).calledWith('git config user.email "support@greenkeeper.io"')).toBeTruthy()
+  expect(exec.getCall(10).calledWith('git config user.name "greenkeeperio-bot"')).toBeTruthy()
+})
+
+test('customise author', () => {
+  prepare()
+  process.env.GK_LOCK_COMMIT_EMAIL = 'testbot@test.de'
+  process.env.GK_LOCK_COMMIT_NAME = 'testbot'
+  exec.withArgs('npm --version').returns('3.0.0')
+  expect.assertions(2)
+  updateLockfile(dependency, { npm: true })
+  expect(exec.getCall(9).calledWith('git config user.email "testbot@test.de"')).toBeTruthy()
+  expect(exec.getCall(10).calledWith('git config user.name "testbot"')).toBeTruthy()
+  delete process.env.GK_LOCK_COMMIT_EMAIL
+  delete process.env.GK_LOCK_COMMIT_NAME
+})
+
+test('tilde prefix', () => {
+  prepare()
+  expect.assertions(2)
   const tildeDep = Object.assign({}, dependency, {
@@ -88,7 +111,7 @@ prefix: '~',
   updateLockfile(tildeDep, { yarn: true, npm: true })
-  t.ok(exec.thirdCall.calledWith("yarn add 'my-dependency@~1.0.0'"))
-  t.ok(exec.getCall(4).calledWith('npm install -S --save-prefix="~" my-dependency@1.0.0'))
+  expect(exec.thirdCall.calledWith("yarn add 'my-dependency@~1.0.0'")).toBeTruthy()
+  expect(exec.getCall(4).calledWith('npm install -S --save-prefix="~" my-dependency@1.0.0')).toBeTruthy()
 })
 
-test('no status', t => {
+test('no status', () => {
   exec.reset()
@@ -98,4 +121,55 @@ exec.withArgs('npm --version').returns('3.0.0')
   updateLockfile(dependency, { npm: true })
-  t.plan(1)
-  t.equal(exec.callCount, 6)
+  expect.assertions(1)
+  expect(exec.callCount).toBe(6)
 })
+
+test('no GK_LOCK_COMMIT_AMEND', () => {
+  prepare()
+  expect.assertions(1)
+  exec.withArgs('npm --version').returns('3.0.0')
+  updateLockfile(dependency, {})
+  expect(exec.getCall(9).calledWith(`git commit -m "${updateMessage}"`)).toBeTruthy()
+})
+
+test('with truthy GK_LOCK_COMMIT_AMEND', () => {
+  const fixtures = ['1', 'true', 'foo']
+  expect.assertions(fixtures.length)
+  fixtures.forEach((fixture) => {
+    prepare()
+    process.env.GK_LOCK_COMMIT_AMEND = fixture
+    exec.withArgs('npm --version').returns('3.0.0')
+    updateLockfile(dependency, {})
+    expect(exec.getCall(9).calledWith(`git commit --amend --author="greenkeeperio-bot <support@greenkeeper.io>" --no-edit`)).toBeTruthy()
+  })
+  delete process.env.GK_LOCK_COMMIT_AMEND
+})
+
+test('with truthy GK_LOCK_COMMIT_AMEND and GK_LOCK_COMMIT_NAME/EMAIL', () => {
+  const fixtures = ['1', 'true', 'foo']
+  expect.assertions(fixtures.length)
+  process.env.GK_LOCK_COMMIT_NAME = 'Example Person'
+  process.env.GK_LOCK_COMMIT_EMAIL = 'example@website.com'
+  fixtures.forEach((fixture) => {
+    prepare()
+    process.env.GK_LOCK_COMMIT_AMEND = fixture
+    exec.withArgs('npm --version').returns('3.0.0')
+    updateLockfile(dependency, {})
+    expect(exec.getCall(9).calledWith(`git commit --amend --author="Example Person <example@website.com>" --no-edit`)).toBeTruthy()
+  })
+  delete process.env.GK_LOCK_COMMIT_AMEND
+  delete process.env.GK_LOCK_COMMIT_NAME
+  delete process.env.GK_LOCK_COMMIT_EMAIL
+})
+
+test('with falsy GK_LOCK_COMMIT_AMEND', () => {
+  const fixtures = [undefined, '0', 'false', 'null', 'undefined']
+  expect.assertions(fixtures.length)
+  fixtures.forEach((fixture) => {
+    prepare()
+    process.env.GK_LOCK_COMMIT_AMEND = fixture
+    exec.withArgs('npm --version').returns('3.0.0')
+    updateLockfile(dependency, {})
+    expect(exec.getCall(9).calledWith(`git commit -m "${updateMessage}"`)).toBeTruthy()
+  })
+  delete process.env.GK_LOCK_COMMIT_AMEND
+})

upload.js

@@ -7,2 +7,3 @@ #!/usr/bin/env node
 const url = require('url')
+const fs = require('fs')
 
@@ -53,6 +54,14 @@ const config = require('./lib/config')
 
-  exec(`git remote add gk-origin ${remote}`)
-  exec(`git push gk-origin HEAD:${info.branchName}`)
+  const err = fs.openSync('gk-lockfile-git-push.err', 'w')
+
+  exec(`git remote add gk-origin ${remote} || git remote set-url gk-origin ${remote}`)
+  exec(`git push gk-origin HEAD:${info.branchName}`, {
+    stdio: [
+      'pipe',
+      'pipe',
+      err
+    ]
+  })
 }
 
 if (require.main === module) module.exports()

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

31018

increased by29.68%

Dev dependency count

4

decreased by-20%

Number of package files

23

increased by9.52%

Lines of code

615

increased by31.69%

Number of lines in readme file

144

increased by9.92%

Worsened metrics

Number of low supply chain risk alerts

35

increased by150%

No dependency changes