Do all node modules not resolve? Need a test for that

See PerilTest/sandbox#15 + https://github.com/organizations/PerilTest/settings/apps/peril-staging/advanced#details ( 8bab36b0-7f7e-11e7-93df-27098bae932e)

This is blocking #104 and https://github.com/PerilTest/sandbox/pulls/18

There is one GitHub integration per setup of the app. This is stored in the ENV.

There are multiple installations of that integrations. Each installation could have different settings. This is what gets put in the db.

Your DELETE execution:

... is invalid, and will always fail. See this: vitaly-t/pg-promise#313

When following the instructions in the readme file for performing initial setup and installation, I came across the following errors:

• PERIL_BOT_USER_ID marked as not required, but presented a hard-error when running yarn start without it defined.
• WEB_URL marked as not used, but presented a hard-error when running yarn start without it defined.
• PAPERTRAIL_URL/PAPERTRAIL_PORT marked as optional, but presented a hard-error when running yarn start without them defined.
• Upon running yarn start, got two warning messages printed to the console:

  WARNING: No configurations found in configuration directory:/Users/Samantha/Projects/peril/config
  WARNING: To disable this warning set SUPPRESS_NO_CONFIG_WARNING in the environment.
  

• Once the server was running and forwarded by ngrok, resending the initial creation message from the integration was picked up correctly and forwarded by ngrok, however didn't cause peril to progress in state to setup the new installation.

So that most PRs from externals would work, but anything which could potentially cause issues would not run.

It shouldn't be too difficult to support multiple integrations, maybe have three :

• PRs/Issues
• The most obviously useful events
• All event

The integration ID can be stored in the org's db, then Danger can sign with different keys depending on what data was sent.

Version 1.17.2 of body-parser just got published.

This version is covered by your current version range and after updating it in your project the build failed.

body-parser is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Peril could persist some JSON metadata between builds.

I think if the file is missing you get:

2017-05-05T20:16:45.287369+00:00 app[web.1]: info: [router] -  - passing to Dangerfile rule router
2017-05-05T20:16:45.288709+00:00 app[web.1]: info: [runner] - Event Settings: {
2017-05-05T20:16:45.288711+00:00 app[web.1]:  "commentableID": 1,
2017-05-05T20:16:45.288711+00:00 app[web.1]:  "isRepoEvent": true,
2017-05-05T20:16:45.288712+00:00 app[web.1]:  "isTriggeredByUser": true,
2017-05-05T20:16:45.288713+00:00 app[web.1]:  "repo": null,
2017-05-05T20:16:45.288714+00:00 app[web.1]:  "repoName": "artsy/artsy-danger",
2017-05-05T20:16:45.288714+00:00 app[web.1]:  "triggeredByUsername": "orta",
2017-05-05T20:16:45.288714+00:00 app[web.1]:  "hasRelatedCommentable": true
2017-05-05T20:16:45.288715+00:00 app[web.1]: }
2017-05-05T20:16:45.332220+00:00 app[web.1]: info: [runner] - Running: {
2017-05-05T20:16:45.332223+00:00 app[web.1]:  "event": "pull_request",
2017-05-05T20:16:45.332224+00:00 app[web.1]:  "action": "opened",
2017-05-05T20:16:45.332224+00:00 app[web.1]:  "dslType": 0,
2017-05-05T20:16:45.332225+00:00 app[web.1]:  "dangerfilePath": "blank.ts",
2017-05-05T20:16:45.332226+00:00 app[web.1]:  "repoSlug": "artsy/artsy-danger",
2017-05-05T20:16:45.332226+00:00 app[web.1]:  "feedback": 0
2017-05-05T20:16:45.332227+00:00 app[web.1]: }
2017-05-05T20:16:45.332313+00:00 app[web.1]: info: [runner] - Use fullDSL: true
2017-05-05T20:16:45.332395+00:00 app[web.1]: info: [runner] - supportGithubCommentAPIs: true
2017-05-05T20:16:45.391443+00:00 app[web.1]: info: [runner] - Running Danger: got API? null
2017-05-05T20:16:46.034269+00:00 app[web.1]: Error:  { Error: Cannot find module 'ts-jest' from 'blank.ts'
2017-05-05T20:16:46.034285+00:00 app[web.1]:     at Resolver.resolveModule (/app/node_modules/jest-resolve/build/index.js:169:17)
2017-05-05T20:16:46.034286+00:00 app[web.1]:     at Resolver._getVirtualMockPath (/app/node_modules/jest-resolve/build/index.js:289:23)
2017-05-05T20:16:46.034287+00:00 app[web.1]:     at Resolver._getAbsolutPath (/app/node_modules/jest-resolve/build/index.js:272:10)
2017-05-05T20:16:46.034287+00:00 app[web.1]:     at Resolver.getModuleID (/app/node_modules/jest-resolve/build/index.js:248:31)
2017-05-05T20:16:46.034288+00:00 app[web.1]:     at Runtime._shouldMock (/app/node_modules/jest-runtime/build/index.js:508:20)
2017-05-05T20:16:46.034289+00:00 app[web.1]:     at Runtime.requireModuleOrMock (/app/node_modules/jest-runtime/build/index.js:362:14)
2017-05-05T20:16:46.034290+00:00 app[web.1]:     at Object.<anonymous> (/tmp/0.ops22k27rl5lw71fefxn7b9/blank.ts:1:90)
2017-05-05T20:16:46.034290+00:00 app[web.1]:     at Runtime._execModule (/app/node_modules/jest-runtime/build/index.js:447:13)
2017-05-05T20:16:46.034291+00:00 app[web.1]:     at Runtime.requireModule (/app/node_modules/jest-runtime/build/index.js:295:14)
2017-05-05T20:16:46.034292+00:00 app[web.1]:     at /app/node_modules/danger/distribution/runner/DangerfileRunner.js:136:33 code: 'MODULE_NOT_FOUND' }
2017-05-05T20:16:46.034482+00:00 app[web.1]: /app/out/peril.js:11
2017-05-05T20:16:46.034483+00:00 app[web.1]:     throw reason;
2017-05-05T20:16:46.034484+00:00 app[web.1]:     ^
2017-05-05T20:16:46.034485+00:00 app[web.1]:
2017-05-05T20:16:46.034486+00:00 app[web.1]: Error: Cannot find module 'ts-jest' from 'blank.ts'
2017-05-05T20:16:46.034487+00:00 app[web.1]:     at Resolver.resolveModule (/app/node_modules/jest-resolve/build/index.js:169:17)
2017-05-05T20:16:46.034487+00:00 app[web.1]:     at Resolver._getVirtualMockPath (/app/node_modules/jest-resolve/build/index.js:289:23)
2017-05-05T20:16:46.034488+00:00 app[web.1]:     at Resolver._getAbsolutPath (/app/node_modules/jest-resolve/build/index.js:272:10)
2017-05-05T20:16:46.034488+00:00 app[web.1]:     at Resolver.getModuleID (/app/node_modules/jest-resolve/build/index.js:248:31)
2017-05-05T20:16:46.034489+00:00 app[web.1]:     at Runtime._shouldMock (/app/node_modules/jest-runtime/build/index.js:508:20)
2017-05-05T20:16:46.034490+00:00 app[web.1]:     at Runtime.requireModuleOrMock (/app/node_modules/jest-runtime/build/index.js:362:14)
2017-05-05T20:16:46.034490+00:00 app[web.1]:     at Object.<anonymous> (/tmp/0.ops22k27rl5lw71fefxn7b9/blank.ts:1:90)
2017-05-05T20:16:46.034491+00:00 app[web.1]:     at Runtime._execModule (/app/node_modules/jest-runtime/build/index.js:447:13)
2017-05-05T20:16:46.034492+00:00 app[web.1]:     at Runtime.requireModule (/app/node_modules/jest-runtime/build/index.js:295:14)
2017-05-05T20:16:46.034492+00:00 app[web.1]:     at /app/node_modules/danger/distribution/runner/DangerfileRunner.js:136:33
2017-05-05T20:16:46.049499+00:00 app[web.1]:

Version 7.4.0 of jsonwebtoken just got published.

This version is covered by your current version range and after updating it in your project the build failed.

jsonwebtoken is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

This should be default, it can deprecate the org check completely.

• For a PR on an OSS repo
• For dangerfile that are on the same repo as the PR's base
• Get the head dangerfile, get the base dangerfile
• If they differ, don't eval - instead do a "Sorry, not running Dangerfile due to changes in this run"

Version 19.0.3 of ts-jest just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As ts-jest is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 19.2.3 of @types/jest just got published.

This version is covered by your current version range and after updating it in your project the build failed.

@types/jest is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

I thought this:

  "settings": {
    "onlyForOrgMembers": true
  },

was broken, but the app didn't have access to check members on an org.

• https://developer.github.com/v3/guides/discovering-resources-for-a-user/

Version 2.3.1 of @types/winston just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As @types/winston is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 3.0.3 of ts-node just got published.

This version is covered by your current version range and after updating it in your project the build failed.

ts-node is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

I've followed the README steps to configure peril on my laptop
Everything seems to work fine however, whenever I add the integration to a repo, ngrox logs

POST /webhook                  404 Not Found

I guess that's what you're mentioning in

You need to make sure that the install message is sent to your dev setup, so it will grab the access tokens and set up an installation account for it in mongo (X-GitHub-Event: integration_installation).

right?
After that whenever I open a PR I get the correct payload sent to the server (with a 200 code), but nothing will show up on the pull request page despite having set up the permissions correctly (same as the Danger integration)
I guess this is due to this issue but maybe I'm wrong

Version 2.3.1 of typescript just got published.

This version is covered by your current version range and after updating it in your project the build failed.

typescript is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

See danger/danger-js#233

See artsy/positron#1133

Let's say you wanted to run dangerfile.ts if it existed in any repo, you could do `"pull_request" :"dangerfile.ts?".

I'm getting 401 whenever I open/close a Pull Request with Peril/DangerJS and I wondered if my integration is set correctly, I keep comparing with the Danger one, but I can't see what I've missed

An example would be a wrapper for danger-plugin-spellcheck.

• It would be able to declare itself into the rules (in this case, on any PR)
• It would be able to eval a dangerfile (in this case, basically just the default settings)
• It would be declared inside the JSON?

That means coverage for as much as possible.

e.g.

{
  "pull_request.created, pull_request.updated" :"dangerfile.ts"
}

Following disussions in #99 , we determined that the repos keys should not be required to have peril run successfully if org-wide settings are set by rules.

in case of conflict, repos settings should override the defined rules.

Can't access the user id of a bot via the API right now.

On a separate project I work on, I have set up a small script that allows you to specify a webhook mock, and a function, and it calls that particular function with the mocked hook.

For instance, I have a few JSON files containing push webhook request JSON details.

On the CLI, I can call ./tools/testhook <fn-name> <webhook-type> and it will call the correct function and pass in the webhook data.

I'll be honest, I haven't read through the code yet, but that should make debugging a lot easier.

If people are keen for this, I'll open a PR.

Sometime the access_token of the integration installation is null in the DB (sometime it's not, so my guess would be a race condition)

I tried to print the credentials variable in integration_installation.ts and I got:

peril_1    | { message: '\'Expiration time\' claim (\'exp\') must be a numeric value representing the future time at which the assertion expires',
peril_1    |   documentation_url: 'https://developer.github.com/v3' }

Not sure exactly why it's Github is returning that. Retrying to install/uninstall the integration makes it eventually output the token as expected.

Version 1.7.0 of node-fetch just got published.

This version is covered by your current version range and after updating it in your project the build failed.

node-fetch is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Currently anyone can send any JSON to trigger Peril ATM, support the password for GitHub and ensure that any request is signed from them.

So that you could build an web editor with real data

Then you could see history of how often things are missed

• An installation can be on 1 to many repos
• An installation should be able to declare a global setting
• Any repo should have the ability to define what events they trigger danger runs one. e.g. danger.json or as a "danger" subsection in your package.json.

{
  "run_global_events" : false,
  "events" : {
   "pull_request.*" : "dangerfile.ts",
   "issue.created, issue.updated" : "danger/dangerfile-issues.ts"
  }
}

This would be based on the X-GitHub-Event header, and after the dot would be the action from the JSON. I couldn't find a list of the events, so we may need to keep a list somewhere.

The key should be able to handle:

• "dangerfile.ts"
• "artsy/[email protected]"

Which means that you can somewhere define a global installation dangerfile events system:

{
  "members_of_org_only": "artsy",
  "events" : {
   "pull_request.*" : "dangerfile.ts",
   "issue.created, issue.updated" : "danger/dangerfile-issues.ts"
  }
}

This probably needs to go either in Peril's db itself. Or potentially you can specify a danger setup repo, and it's danger.json/package.json is used to define all repo in integration's setup.g

Version 4.0.36 of @types/express just got published.

This version is covered by your current version range and after updating it in your project the build failed.

@types/express is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 1.3.0 of node-pg-migrate just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As node-pg-migrate is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 1.0.5 of winston-papertrail just got published.

This version is covered by your current version range and after updating it in your project the build failed.

winston-papertrail is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 7.2.1 of @types/jsonwebtoken just got published.

This version is covered by your current version range and after updating it in your project the build failed.

@types/jsonwebtoken is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Background

I followed the steps to deploy on heroku for the full organization (parse-community) and got peril running with danger 1.0

Configuration

The following env vars are set:

DATABASE_JSON_FILE = parse-community/[email protected]
PERIL_BOT_USER_ID = 26932219 // may be inaccurate
PERIL_INTEGRATION_ID = xxxx // working
PERIL_ORG_INSTALLATION_ID = xxxx
PERIL_WEBHOOK_SECRET = xxxx
PRIVATE_GITHUB_SIGNING_KEY = xxx

Reporting any message work as expected so peril is correctly configured from that standpoint.

Logs

Now, when a PR event is received this is the log:

2017-07-01T16:06:15.262501+00:00 app[web.1]: info: [runner] - Event Settings: {
2017-07-01T16:06:15.262502+00:00 app[web.1]:  "commentableID": 10,
2017-07-01T16:06:15.262503+00:00 app[web.1]:  "hasRelatedCommentable": true,
2017-07-01T16:06:15.262503+00:00 app[web.1]:  "isRepoEvent": true,
2017-07-01T16:06:15.262503+00:00 app[web.1]:  "isTriggeredByUser": true,
2017-07-01T16:06:15.262504+00:00 app[web.1]:  "repo": null,
2017-07-01T16:06:15.262504+00:00 app[web.1]:  "repoName": "parse-community/peril",
2017-07-01T16:06:15.262505+00:00 app[web.1]:  "triggeredByUsername": "flovilmart"
2017-07-01T16:06:15.262505+00:00 app[web.1]: }
2017-07-01T16:06:15.310297+00:00 app[web.1]: info: [runner] - Running: {
2017-07-01T16:06:15.310300+00:00 app[web.1]:  "event": "pull_request",
2017-07-01T16:06:15.310300+00:00 app[web.1]:  "action": "synchronize",
2017-07-01T16:06:15.310301+00:00 app[web.1]:  "dslType": 0,
2017-07-01T16:06:15.310302+00:00 app[web.1]:  "dangerfilePath": "dangerfiles/pr.js",
2017-07-01T16:06:15.310302+00:00 app[web.1]:  "repoSlug": "parse-community/peril",
2017-07-01T16:06:15.310303+00:00 app[web.1]:  "feedback": 0
2017-07-01T16:06:15.310303+00:00 app[web.1]: }
2017-07-01T16:06:15.310410+00:00 app[web.1]: info: [runner] - Use fullDSL: true
2017-07-01T16:06:15.310539+00:00 app[web.1]: info: [runner] - supportGithubCommentAPIs: true
2017-07-01T16:06:15.362852+00:00 app[web.1]: info: [runner] - Running Danger: got API? null
2017-07-01T16:06:15.859265+00:00 heroku[router]: at=info method=POST path="/webhook" host=peril-parse-community.herokuapp.com request_id=11b79eec-7981-41ac-a851-9a212a47e2ce fwd="192.30.252.41" dyno=web.1 connect=1ms service=626ms status=200 bytes=216 protocol=https
2017-07-01T16:06:15.860777+00:00 heroku[router]: at=info method=POST path="/webhook" host=peril-parse-community.herokuapp.com request_id=46079c98-404f-4bca-954b-de3907f2fac8 fwd="192.30.252.42" dyno=web.1 connect=1ms service=165ms status=204 bytes=147 protocol=https
2017-07-01T16:06:15.852741+00:00 app[web.1]: info: [runner] - Commenting, with results:
2017-07-01T16:06:15.852763+00:00 app[web.1]: mds: 0
2017-07-01T16:06:15.852764+00:00 app[web.1]: mds: 0
2017-07-01T16:06:15.852765+00:00 app[web.1]: warns: 0
2017-07-01T16:06:15.852765+00:00 app[web.1]: fails: 1
2017-07-01T16:06:15.864118+00:00 app[web.1]: info: [router] -  - passing to Dangerfile rule router
2017-07-01T16:06:15.852766+00:00 app[web.1]:
2017-07-01T16:06:16.032212+00:00 app[web.1]: Request failed [403]: https://api.github.com/repos/parse-community/peril/statuses/f5a1c18e0a1f5e2afc66dad8d6c44ef02dcdcfc8
2017-07-01T16:06:16.032263+00:00 app[web.1]: Response: {
2017-07-01T16:06:16.032266+00:00 app[web.1]: }
2017-07-01T16:06:16.032264+00:00 app[web.1]:   "message": "Resource not accessible by integration",
2017-07-01T16:06:16.032265+00:00 app[web.1]:   "documentation_url": "https://developer.github.com/v3"
2017-07-01T16:06:16.032912+00:00 app[web.1]: Failing the build, there is 1 fail.

2 things that bug me:

1. github api is null ? Running Danger: got API? null
2. Resource not accessible, but all are configured as suggested with read access to commits etc...

Version 19.0.9 of ts-jest just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As ts-jest is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

e.g.

{
  "settings": {
  },
  "rules": {
    "pull_request": [
       "PerilTest/dangerfiles@org/spellcheck.ts",
       "PerilTest/dangerfiles@org/hello-world.ts"
    ]
  },
  "repos": {
    "PerilTest/PerilPRTester": {
      "issues.opened": "artsy/[email protected]"
    },
    "PerilTest/org": {
      "pull_request": "danger/pr.js"
    }
  }
}

I've Peril all set up, followed each new steps of the read me (cf #10) but I got the following issues:

When installing the plugin on one of my repo I'm getting:

Error:  [Error: error:0906D066:PEM routines:PEM_read_bio:bad end line]

I guess that's because I don't have a bio maybe?

Second issue is perhaps mongo related, whenever I open a PR I'm getting from peril:

Error:  [TypeError: Cannot read property 'findOne' of undefined]

From the mongo.ts file I've deducted that maybe I had an issue getting my db and collection in mongo. However everything seems in order:

> show dbs
github_installations  0.078GB
local                 0.078GB
> use github_installations
switched to db github_installations
> show collections
github_integrations
system.indexes

Version 0.14.2 of danger just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As danger is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

See discussion in parse-community/parse-community-peril#1 (comment)

Version 5.6.5 of pg-promise just got published.

This version is covered by your current version range and after updating it in your project the build failed.

pg-promise is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 6.1.39 of @types/pg just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As @types/pg is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴