@mojaloop/ml-testing-toolkit-shared-lib
v14.0.2
Published
Shared library for ml-testing-toolkit re-usable functions
Downloads
117
Keywords
Readme
ml-testing-toolkit-shared-lib
Library for shared code between Mojaloop testing-toolkit backend and frontend
Auditing Dependencies
We use npm-audit-resolver
along with npm audit
to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an audit-resolve.json
file.
To start a new resolution process, run:
npm run audit:resolve
You can then check to see if the CI will pass based on the current dependencies with:
npm run audit:check
And commit the changed audit-resolve.json
to ensure that CircleCI will build correctly.
Container Scans
As part of our CI/CD process, we use anchore-cli to scan our built docker container for vulnerabilities upon release.
If you find your release builds are failing, refer to the container scanning in our shared Mojaloop CI config repo. There is a good chance you simply need to update the mojaloop-policy-generator.js
file and re-run the circleci workflow.
For more information on anchore and anchore-cli, refer to:
Automated Releases
As part of our CI/CD process, we use a combination of CircleCI, standard-version npm package and github-release CircleCI orb to automatically trigger our releases and image builds. This process essentially mimics a manual tag and release.
On a merge to main, CircleCI is configured to use the mojaloopci github account to push the latest generated CHANGELOG and package version number.
Once those changes are pushed, CircleCI will pull the updated main, tag and push a release triggering another subsequent build that also publishes a docker image.