Skip to content
This repository has been archived by the owner on Sep 29, 2021. It is now read-only.

Commit

Permalink
Merge pull request #64 from maoo/whitesource-check
Browse files Browse the repository at this point in the history
feat(build): added whitesource intergration
  • Loading branch information
jonfreedman authored Oct 16, 2017
2 parents 11c3056 + 8e6ef10 commit 6e1a50a
Show file tree
Hide file tree
Showing 6 changed files with 67 additions and 172 deletions.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,7 @@ hubot-symphony.iml
certs
**/*-compiled.js
**/*-compiled.js.map
package-lock.json

ws-log*
ws-ls*
4 changes: 4 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ script:
# execute integration tests against foundation-dev pod
- "if [[ $TRAVIS_PULL_REQUEST -eq 'false' ]]; then npm run-script it; fi;"
- npm run build
# Cannot run on external PRs due to https://docs.travis-ci.com/user/pull-requests/#Pull-Requests-and-Security-Restrictions
- "if [[ $TRAVIS_PULL_REQUEST -eq 'false' ]]; then npm install ; npm run whitesource; fi;"
# Break the build, if any Whitesource policy violation is found
- "if [[ -e 'ws-log-policy-violations.json' ]]; then echo 'Found Whitesource Policy violation, build failed.' ; exit -1; fi;"

after_success:
# publish coverage results to coveralls
Expand Down
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,20 @@ npm run diagnostic -- --publicKey [key1.pem] --privateKey [key2.pem] --passphras

If the script runs as expected it will obtain and log both session and key manager tokens, look up and log some details of the bot account and then create a datafeed and poll. If you send a message using the Symphony client to the bot account you should see the details logged.

### Whitesource reports

To check security and legal compliance, the build integrates with Whitesource to submit and validate the list of third-party packages used by the build.

Simply run the following commands from the root project folder.
```
export WHITESOURCE_API_KEY=<WhiteSource API Key>
npm install ; npm run whitesource
```

The `<WhiteSource API Key>` can be retrieved from the [WhiteSource project dashboard](https://saas.whitesourcesoftware.com/Wss/WSS.html#!home).

If any issue is found, a file called `ws-log-policy-violations.json` will be generated in root project folder; if no issue is found, metrics will be sent to the [WhiteSource project dashboard](https://saas.whitesourcesoftware.com/Wss/WSS.html#!home) (available to project committers).

### Contribute

Contributions are accepted via GitHub pull requests. All contributors must be covered by contributor license agreements to comply with the [Code Contribution Process](https://symphonyoss.atlassian.net/wiki/display/FM/Code+Contribution+Process).
Expand Down
6 changes: 4 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
"test-cov": "nyc npm test",
"it": "mocha it/*.js",
"generate-yarn-lockfile": "npm install -g yarn && npm install --production && yarn install",
"semantic-release": "semantic-release pre && npm publish --access public && semantic-release post"
"semantic-release": "semantic-release pre && npm publish --access public && semantic-release post",
"whitesource": "node node_modules/whitesource/bin/whitesource.js run"
},
"repository": {
"type": "git",
Expand Down Expand Up @@ -69,7 +70,8 @@
"semantic-release": "8.0.3",
"uuid": "3.1.0",
"validate-commit-msg": "2.14.0",
"yargs": "9.0.1"
"yargs": "9.0.1",
"whitesource": "1.0.9"
},
"config": {
"commitizen": {
Expand Down
6 changes: 6 additions & 0 deletions whitesource.config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"checkPolicies":true,
"productName":"Hubot Symphony",
"projectName":"Hubot Symphony",
"devDep": false
}
Loading

0 comments on commit 6e1a50a

Please sign in to comment.