reactioncommerce / generator-reaction Goto Github PK

Piggy-backing off of this checklist doc: reactioncommerce/reaction-docs#605

A Reaction dev should be able to use the generator to create a blank npm module, shipped with .github, .circleci with semantic release workflow, .gitignore, .npmignore, LICENSE.md, CODE_OF_CONDUCT.md, README.md, package.json, package-lock.json (with Reaction Commerce ESLint configs)

Just an idea :)

Include this .github directory with the pull_request_template.md and issue_template.md for all new generated projects: https://github.com/reactioncommerce/reaction/tree/master/.github

When I first ran the generator to create a basic front-end app, I got several errors when I tried to run docker-compose run web yarn run lint.

The package.json file did not have any of the devDependencies I needed to get eslint running. I got errors indicated required modules were missing, like: [Error - 13:54:51] Cannot find module 'babel-eslint' Referenced from: /Users/machikoyasuda/Desktop/reaction-static/package.json

Here is how I got linting working for me locally:

# rename .yarnrc
yarn add @reactioncommerce/eslint-config --dev
npx install-peerdeps --dev @reactioncommerce/eslint-config
# restart VSCode
yarn add babel-eslint --dev
# restart VSCode
# magically started working
# unrename .yarnrc
docker-compose run web yarn run lint
# test runs

In my generated app, I ran all of these things so that the package.json file has all the devDependencies listed and CircleCI was able to build it and run yarn run lint itself: https://github.com/reactioncommerce/reaction-static/pull/16

To improve dev experience, I think we should:

• Add these docs to the generator README, or,
• Make sure the generator generated app has these necessary linting tools built in it

In reaction-static, I manually tagged hadolint to hadolint/hadolint:v1.6.6-6-g254b4ff because the latest as of June 6, 2018 is failing:

Build-agent version 0.0.6102-5598269 (2018-06-05T17:36:34+0000)
Starting container hadolint/hadolint
  image cache not found on this host, downloading hadolint/hadolint
latest: Pulling from hadolint/hadolint
2065556beb50: Pulling fs layer
2065556beb50: Download complete
2065556beb50: Pull complete
Digest: sha256:65dbc90228c3a06b7e8a581da12be04cec2ff79a549d0e4e57ab3d3a986e4d20
Status: Downloaded newer image for hadolint/hadolint:latest
  using image hadolint/hadolint@sha256:65dbc90228c3a06b7e8a581da12be04cec2ff79a549d0e4e57ab3d3a986e4d20
CircleCI was unable to start the container because container entrypoint or command failed to start.

This typically means that the passed entrypoint or command is not found is not valid.  Try clearing entrypoint/command values.
Original error: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory"

Example: https://circleci.com/gh/reactioncommerce/reaction-static/536

For now, I've tagged it to the previous version. We should investigate the issue or follow up with Hadolint and file a bug.

Vulnerable module: braces
Introduced through: [email protected]
Detailed Path:

[email protected] › 
     [email protected] › 
          [email protected] › 
               [email protected] › 
                    [email protected] › 
                         [email protected]

Remediation: No remediation path available.

Overview:
braces is a Bash-like brace expansion, implemented in JavaScript.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.

More about this issue
Snyk Report

We have a frontend app generator, but it is just a create-react-app template. Think about ways we can generate different types of apps that are closer to a functioning starter kit.

This project was generated from a generator generator. It came with Travis by default but we use CircleCI. Add Circle to the project tooling.

As a developer, I'd like to be able to run a script that creates markdown for each JSDoc method and publish that in the README.

• Fix sort command with --version-sort
  See https://github.com/reactioncommerce/reaction/blob/release-1.13.0/.circleci/bin/docker-tags

Are we still using this repo? @aldeed @focusaurus

If so we need to update the snyk vulnerabilities, since this module is included in the synonyms project: https://app.snyk.io/org/reactioncommerce/project/316e8d92-8329-4962-a863-b45c3d946d86