Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SRE-474 - Add risk for each unsigned commit #11

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

SRE-474 - Add risk for each unsigned commit #11

wants to merge 2 commits into from

Conversation

erichs
Copy link
Contributor

@erichs erichs commented Mar 1, 2023

For now, this will add 1 point of risk for every unsigned commit found in PR scope. This value can be adjusted as needed over the course of the SLSA3: Verified History initiative to reflect updated risk valuations.

@erichs erichs requested review from a team as code owners March 1, 2023 22:26
Pin to specific node version: 14.20.1
7bdcbcc 
Certain versions of typescript, when used with the ttypescript wrapper, appear to be sensitive to node version changes.

The failing behavior is an error of the form:

```
$ yarn ttsc -p tsconfig-dist.json
$ /opt/jupiterone/node_modules/.bin/ttsc -p tsconfig-dist.json
/opt/jupiterone/node_modules/ttypescript/lib/loadTypescript.js:29
    var _e = ts.versionMajorMinor.split('.'), major = _e[0], minor = _e[1];
                                  ^

TypeError: Cannot read properties of undefined (reading 'split')
    at Object.loadTypeScript (/opt/jupiterone/node_modules/ttypescript/lib/loadTypescript.js:29:35)
```

This occurs with Typescript 4.3.1 and the latest point releases of node 12, 14, and 18. Node 14.20.1 works as expected. CI started failing when GitHub changed the point release of the `12.x` version spec under the hood. This change pins to a known-working version in GHA and docker.

Upgrading @jupiterone/typescript-tools was considered but will require changing basically all of the dev dependencies and it is unclear whether the `.d.ts` files provided by several of the prod dependencies (oclif, etc) are compatible with the newer `ttsc`.
@erichs erichs force-pushed the SRE-474-verify-commits branch from 83e62aa to 7bdcbcc Compare March 2, 2023 15:43
behobu
behobu approved these changes Mar 2, 2023
View reviewed changes
Dockerfile
WORKDIR /opt/jupiterone
COPY . .
RUN yarn install && yarn build

FROM node:14-alpine
FROM node:14.20.1-alpine
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought we were moving away from alpine?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behobu behobu behobu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erichs @behobu