brigadecore / brigadier Goto Github PK

The process for pushing to NPM:

$ yarn compile
$ yarn test
$ npm publish

Right now, all pushes to the @brigadecore org require a one time password - we need to investigate generating a token and storing it as a project secret, then doing an npm login --token <> before publishing.

Hello, thanks for the great work on brigade.

At my company, we have a test suite we're currently porting over from Jenkins to brigade. In jenkins we have a helper library that packages several tests as helper functions. We'd like to do something similar in brigade, but we're hitting a snag where we need to pass around the BrigadeEvent and BrigadeProject types, but can't, because they aren't exported by brigadier (we have a typescript library using brigadier and brigade-utils and providing some higher-level functionality).

Currently the situation I have is, I'm working on a Job wrapper that can do retries, basically doing what's discussed over in brigadecore/brigade#369 (comment). I've already copied Result, and a subset of BrigadeEvent and BrigadeProject. But now I want to run each attempt as a separate Check, and it looks like I'll need to copy the types completely in order to proceed.

Mostly looking for guidance: Am I barking up the wrong tree here? Would it be reasonable for brigadier to export these types? Is there a better approach?

Thanks again!

While this doesn't affect the regular usage of this library inside brigade.js (the library is already packaged with the Brigade worker), we still need to cut a 1.0 release for this library.

Hi!

First of all, thank you for all the work you've done with Brigade.

At this moment we are testing this library to remove a hack from our workers that gives us the ability to create a custom library with lot's of helpers that different teams use them on their/our pipelines.

I've started porting our lib to use npm, everything works until the worker runs, it doesn't do anything (our library creates Jobs). I know that the Readme says that the Job is dummy, so this was an expected behaviour. The thing is that I don't understand how I could use this library to create custom libraries for Brigade.

Could be possible the library have the real k8s implementation of the Job and only load this implementation when is on the worker? using a env var, importing other packages, dependency injection... so depending on what are you using the library for, you will create jobs from a Dummy class or real K8s implementation Job.

This way we could use it locally and also create libraries that create runnable jobs.

Does this make sense?

On top of the usual steps for building, testing and linting, I think we also need to add a job that publishes to NPM.

cc @vdice

As we're putting together the new organization for Brigade (see https://github.com/brigadecore), this repo would have to move there.

Other than updating the relevant fields in package.json, is there anything related to the publishing of the NPM package that would be affected by the migration to the new org?
(As I think we currently publish the package manually, I would think there isn't, but better to be sure.)

Currently, the brigade.js script for this repository only handles check suites, as opposed to also handling individual check runs.

As we currently only have one check run, this isn't an issue, but as we start adding more, we should also handle them individually.

related #20

Hi Guys,

regarding to a WhiteSource Report, there are still two security vulnerabilities open in the 1.5.0 version of Brigadier. Both as a dependency of @kubernetes/[email protected].

`-- @brigadecore/[email protected]
  `-- @kubernetes/[email protected]
    `-- [email protected]
      +-- [email protected]
      | `-- [email protected]
      |   `-- [email protected]
      `-- [email protected]
        `-- [email protected]

Hello
It would be great to have ssh certificate support as per
https://github.blog/2019-08-14-ssh-certificate-authentication-for-github-enterprise-cloud/
#33

yarn audit v1.16.0
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.3.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ typedoc                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ typedoc > handlebars                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1164                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 463
Severity: 1 High

We should update this ASAP, even though it is a dependency of a dev dependency (so no vulnerable package is part of the Brigade worker).