Merge branch 'master' into cli-docker-config-refactor

Former-commit-id: 5c4e36e
Former-commit-id: a5954c9c8423183458b56f58d18cc48d935c1c06

.github/workflows/integration.yaml

@@ -42,6 +42,11 @@ jobs:
     strategy:
       matrix:
         merge: ["merged", "not-merged"]
+        lockfile: ["lockfile","no-lockfile"]
+        exclude:
+          - merge: "merged"
+            lockfile: "no-lockfile"
+
     steps:
 
     - uses: actions/checkout@v2
@@ -51,7 +56,7 @@ jobs:
     #TODO: there may be a more idiomatic way to do this
     - name: Check if we should skip this build
       id: job-canceller
-      run: echo "::set-output name=cancelled::${{ matrix.merge == 'true' && github.event_name != 'pull_request'}}"
+      run: echo "::set-output name=cancelled::${{ matrix.merge == 'merged' && github.event_name != 'pull_request'}}"
 
     # Cancel the merge copy of this build(see the matrix above) if we are not in a PR
     - name: cancelling
@@ -87,6 +92,10 @@ jobs:
       if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled != 'false' }}
       timeout-minutes: 15
 
+    - name: Delete Lockfile
+      if: ${{ matrix.lockfile == 'no-lockfile' }}
+      run: rm yarn.lock
+
 #    - uses: actions/setup-go@v2
 #      with:
 #        go-version: '^1.17.1'
@@ -107,14 +116,22 @@ jobs:
 #        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 #      run: npm run license:check
 
+    # TODO: move this into docker, using the same container that the dedicated tokenizer uses
     - name: Go Tests
       run: yarn run test:unit:go
 
     - name: Build CLI Container
       run: docker build --progress plain -f ./js/docker/demo.dockerfile -t repo_lunasec-cli --target lunasec-cli .
 
+    # Hijack the cli image to quickly run linting and unit testing
+    - name: Lint
+      run: docker run --entrypoint yarn repo_lunasec-cli lint
+
+    - name: Unit Test
+      run: docker run --entrypoint yarn repo_lunasec-cli test:unit:js
+
     - name: Use CLI Container with docker.sock mounted to launch all other containers
-      run: docker run -v /var/run/docker.sock:/var/run/docker.sock -e HOST_MACHINE_PWD=$(pwd) repo_lunasec-cli start --no-sudo=true --local-build=true --env=tests
+      run: docker run -v /var/run/docker.sock:/var/run/docker.sock -e HOST_MACHINE_PWD=$(pwd) repo_lunasec-cli start --no-sudo --local-build --env=tests
 
     - name: docker logs
       if: ${{ always() && steps.job-canceller.outputs.cancelled == 'false' }}
@@ -123,7 +140,11 @@ jobs:
 
     - name: docker compose logs
       if: ${{ always() && steps.job-canceller.outputs.cancelled == 'false' }}
-      run: docker run -v /var/run/docker.sock:/var/run/docker.sock -e HOST_MACHINE_PWD=$(pwd) repo_lunasec-cli start --no-sudo=true --local-build=true --env=tests --show-logs=true
+      run: docker run -v /var/run/docker.sock:/var/run/docker.sock -e HOST_MACHINE_PWD=$(pwd) repo_lunasec-cli start --no-sudo --local-build --show-logs --env=tests
+
+    - name: Warn on lockfile failure
+      if: ${{ job.status == 'failure' && matrix.lockfile == 'no-lockfile' }}
+      run: echo "::warning  title=lockfile-check::Building without a lockfile failed"
 
     - uses: actions/upload-artifact@v2
       if: ${{ always() && steps.job-canceller.outputs.cancelled == 'false' }}

.github/workflows/release.yml

@@ -117,6 +117,12 @@ jobs:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      # Pull any changes that might have been landed on master
+      - name: pull git master
+        run: git pull
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       # Push the release version
       - name: push git new version
         run: git push

go/scripts/start-tokenizerbackend-dependencies.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 sudo rm -f ./outputs/aws_resources.json
 
-npx lunasec start --local-build=true --env=local-dependencies
+npx lunasec start --local-build --env=local-dependencies
 r=$?
 if [ $r -ne 0 ]; then
     echo "Unable to bring up local dependencies for the tokenizer"

js/docker/demo.dockerfile

@@ -7,8 +7,10 @@ WORKDIR /repo
 
 # Uncomment to make replicable builds
 RUN lerna bootstrap --ci
-# I think this is to save space, not sure if this will work with yarn though
-RUN npm cache clean --force
+# Do this because this package isnt part of the lerna-bootstrap but we still need to lint it
+RUN cd js/internal-infrastructure/metrics-server-backend && yarn install
+# Do this to save space
+RUN yarn cache clean --all
 
 RUN npm rebuild sqlite3
 
@@ -62,7 +64,7 @@ COPY --from=lerna-bootstrap /repo /repo
 WORKDIR /repo/
 
 # We would use test:all but couldn't easily get golang into this container, so those run on bare box
-ENTRYPOINT /repo/tools/service-scripts/wait-for-services.sh "$DEPENDENCIES__INTEGRATION_TEST" yarn run test:unit:tokenizer && yarn run test:unit:auth && yarn run test:e2e:docker
+ENTRYPOINT /repo/tools/service-scripts/wait-for-services.sh "$DEPENDENCIES__INTEGRATION_TEST" yarn run test:e2e:docker
 
 FROM lerna-bootstrap as secure-frame-iframe
 
@@ -73,4 +75,4 @@ RUN yarn run compile
 RUN npm i -g http-server
 
 CMD ["-a", "0.0.0.0", "-p", "8000"]
-ENTRYPOINT ["http-server"]
+ENTRYPOINT ["http-server"]

js/sdks/packages/cli/package.json

@@ -22,7 +22,6 @@
     "@types/adm-zip": "^0.4.34",
     "@types/find-config": "^1.0.1",
     "@types/js-yaml": "^4.0.3",
-    "@types/yargs": "^17.0.3",
     "@typescript-eslint/eslint-plugin": "^5.0.0",
     "@typescript-eslint/parser": "^5.0.0",
     "eslint": "^7.32.0",
@@ -49,15 +48,14 @@
     "@aws-sdk/client-sts": "3.39.0",
     "@lunasec/secure-frame-front-end": "^1.0.7",
     "adm-zip": "^0.5.9",
-    "cmd-ts": "^0.7.0",
+    "aws-cdk": "1.129.0",
+    "aws-cdk-local": "1.65.4",
+    "cmd-ts": "^0.8.0",
     "decompress": "^4.2.1",
     "find-config": "^1.0.0",
     "import-local": "^3.0.3",
     "js-yaml": "^4.1.0",
     "progress": "^2.0.3",
-    "source-map-support": "^0.5.20",
-    "yargs": "^17.2.1",
-    "aws-cdk": "1.129.0",
-    "aws-cdk-local": "1.65.4"
+    "source-map-support": "^0.5.20"
   }
 }