Because:
* Latest update to Next.js requires latest version of storybook packages
to resolve `Error: Cannot find module
'next/dist/shared/lib/router-context'`
This commit:
* Updates storybook packages to latest
Closes #
Because:
* Versions of protobufjs <6.11.4 and <7.2.4 are causing security alerts
This commit:
* Resolve protobufjs version 6 to use v6.11.4 or newer
* Resolve protobufjs version 7 to use v7.2.4 or newer
* Ran yarn set resolution manually to force yarn.lock update
Co-authored-by: Ben Bangert <ben@groovie.org>
Because:
* We want to use the newer Next.js.
* We want to use proper Next.js JSON return handling.
This commit:
* Updates to Next.js 13.5.1.
* Updates the heartbeat routes to use the new JSON return handling.
Because:
* We want to be able to call server-side logic with our business classes
directly from the nextJS app before rendering on the server.
This pull request:
* Adds a NestJS application context to the NextJS app that can be used
to load services and call methods on them.
Because:
* Create the initial work for the Checkout page as a starting point and
example for the rest of the SP3 components and pages.
This commit:
* Adds the payments/next/ui Next.js library.
* Move Header JSX into layout.tsx and remove ExampleHeader component.
* Add RSC PurchaseDetails, using JSX from SP2.5 PlanDetails component.
* Add RSC TermsAndPrivacy component
* Add various stubs functions for illustration purposes. These will be
replaced with actual implementations in future tickets.
* Cart fetch
* Contentful fetch
* Translation using @fluent/bundle
Closes FXA-8133
Because:
* We want to include Storybook in 3.0.
This commit:
* Ensures Storybook component loads as expected.
* Ensures shared Tailwind styles can be used in payments-next and works with hot-reloading.
* Ensures the build script executes without any errors.
Closes FXA-7503
Because:
* We want to keep with the latest versions of our dependencies.
This commit:
* Bumps mapped-type to the latest version, and consolidates several
dependencies in the root package.json.
Because:
- Not all CI operations where taking advantage of NX caches
This Commit:
- Adjusts nx.json config to ensure correct caching behavior
- Adjusts nx.json config to ensure proper target chains. ie build is dependent on pre-build
- Uses nx to directly run integration tests
- Uses nx to directly run unit tests
- Phases out dependency on generated .list files
- Ensures 'start up' for services for functional tests is done with nx and uses nx caches.
- Creates nx tags to facilitate test commands
- Fixes linter errors encountered
- Updates docker images to nx for builds
- Updates nx ignore files
Because:
* The paypal client config is a basic interface, and we'd like to be
able to use Nest-Typed-Config with a structured config file.
This commit:
* Adds a typed config class for the paypal client.
Because:
* We want to use the latest typescript features.
This commit:
* Updates to TypeScript 5.2.2.
* Updates to Node 18.17.1 as OOM would occur frequently with 18.14.
* Updates CI to use a large instance with increased memory for Node.
Because:
* We want to easily be able to consume library classes within NestJS.
Adding the injectable decorator to all library classes means we can do
so with ease, but also doesn't prevent us from using the class outside
of the NestJS DI system.
* We want all dependencies (such as nest) centralized to the main
package.json
This commit:
* Adds the injectable decorator to every library class.
* Centralizes the NestJS dependency to the root package.json.
Closes: no relevant issue - polish PR.
Because:
* We want to have a single place to manage account related operations in
the database layer.
This commit:
* Adds a new AccountManager class and account package.
Closes #FXA-6623
Because
- We need a reusable client for accessing contentful
This Commit
- Adds a contentful client with automated codegen
- Creates a reusable query system
Closes FXA-7501
Because:
- Refactor the Cart Manager to serve as higher level logic for the
cart db model.
This commit:
- Removes service level logic.
- Adds common methods to be used by Cart Manager consumers.
- Adds checks for valid state by action and valid state transitions.
- Reverts playwright tests back to xlarge instance size
Closes FXA-8128
Because:
* Some items were identified not to meet code organization standards
the team is implementing with Nx.
* Nx identified some circular dependencies that need resolving.
This commit:
* Resolves circular dependencies.
* More to do
Because:
* Fluent warning messages are slowing down tests.
This commit:
* Updates to the latest @fluent/react version
* Adds a non-console.warn reportError to testing ReactLocalization
instantiations.
Closes #FXA-7958
Because:
* We want to use clean and well tested code for our new integrated
account database layer.
* We don't want to use stored procedures for new code.
This commit:
* Adds a new library that contains core mysql connection functionality.
* Duplicates core objection classes and setup from fxa-shared without
stored procedure functionality.
Closes FXA-6622
Because:
* We need to upgrade to react 18
This commit:
* Upgrades all frontend packages to react 18
Closes: FXA-7932
Closes: FXA-3587
Closes: FXA-4353
Closes: FXA-5081
Closes: FXA-5136
Closes: FXA-5140
Closes: FXA-5142
Closes: FXA-5143
Because:
- We want to lock down our gql queries as part of good security practices.
This Commit:
- Creates task that extracts existing gql queries from our code
- Applies middleware that checks a allowlist of extracted queries.
- Creates a 403 if the query is not in the allowlist
- Makes all gql parsable by extraction utility. The extraction utility doesn't support string placeholders. e.g. gql` Account { ${ACCOUNT_FIELDS} }`
- Moves all the gql in the admin server into .ts files. Again for consistency and extraction utility support.
- Cleans up some config references at startup
- Adds nx config for extraction & copy tasks
Because:
- we want to upgrade our React/CRA packages to react-scripts and
webpack v5
This commit:
- upgrades react-scripts and webpack to v5 for Settings, Payments, and
Admin Panel
- upgrades other dependencies in order to make the react-scripts and
webpack upgrades work
- hybridizes fxa-auth-client and fxa-shared into dual module format
packages
Because:
* Objection was outdated.
This commit:
* Updates the objection/knex dependencies and the root package.json in
order to use the latest versions of objection and knex across the
integrated configuration.
Because:
* Need to add Google Analytics to payments server.
This commit:
* Performs the necessary setup to run GA events on payments for specific
products.
Closes #FXA-7670
Because:
* Nx gives us the ability to break things up into smaller libraries with
individual responsibilities.
* Paypal logic can exist in a standalone library for reusability in SP3
This commit:
* Moves PayPalClient and associated utils/typings to a library named
`subs/paypal`. It can be imported via `@fxa/payments/paypal` in any
TypeScript code.
Closes FXA-7610
Because:
* We want to introduce nx to the repository
This commit:
* Adds nx with working builds
Closes: FXA-7341
Co-authored-by: dschom <dschomburg@mozilla.com>
Because:
- we don't want to maintain the fxa eslint plugin in another repo
This commit:
- move the plugin into the monorepo
Co-authored-by: Peter deHaan <peter@deseloper.com>
Because:
- We want to move our legal doc query to the server side so it can be made with a single call.
This Commit:
- Changes to clone script:
- Use the provided state.json provided by l10n repo
- Moves download to external folder
- Changes to settings:
- Use gql to fetch legal doc
- Changes to gql
- Adds ability to resolve a legal document.
Because:
- we don't want to maintain the fxa eslint plugin in another repo
This commit:
- move the plugin into the monorepo
Co-authored-by: Peter deHaan <peter@deseloper.com>
Because:
- we want to use the latest node LTS major version
This commit:
- upgrades FxA to use node 18, with two workarounds
- Webpack uses a hash algorithm that's no longer supported by default
in node 17+, causing build failures; --openssl-legacy-provider is
used as the workaround
- dns.lookup in node 17+ by default returns the results in the same
order as they are from the resolver, which could lead to
'localhost' resolving to ::1; --dns-result-order=ipv4first is used
as the workaround
Because:
- We are hitting race conditions using postinstall
- If two packages invoke l10n:clone at the same time in their post install git will error out
This Commit:
- Adds a git checkout hook, so the l10n folder is regularly updated
- Remove l10n:clone and l10n:prime commands from the post install
- Moves the l10n:prime command into build and tests commands
- Adds clean script so blank slates can be tested locally
- Adds respective l10n-bundle and l10n-prime scripts per workspace
- Moves the creation of the git-head.txt to the prime step and avoids creating an change on the l10n repo
Co-authored-by: Peter deHaan <peter@deseloper.com>
Because:
- We want to avoid redundant git clone operations
- We want to reduce the number of ftl bundles requested on the client side.
This Commit:
- Adds _scripts/l10n/*.sh for conducting l10n build operations
- Bundles ftl files together into ftl main
- Removes bundle prop on AppLocalizer, so that it uses the default, [main.ftl]
- Replace - with _ in locale names when resolving ftl files
- Removes clone-l10n.sh
Because:
* We need to geoip before saving the customer rather than using their IP
address with Stripe directly.
* Parallelization speeds up the conversion process significantly
This commit:
* Geocodes IP addresses prior to saving using fxa-geodb.
* Adds parallelization with rate limiting.
* Writes results to output CSV.
Closes FXA-6581
Closes FXA-6810
Because:
- We wanted to run a few preliminary checks before proceeding to more
expensive CI jobs. Checks include:
- Compiling typescript in commonly referenced workspace packages
- Linting code that has changed
- Executing Unit Tests for code that has changed
- We wanted to partition test operations into unit tests, and
integration tests. Unit tests can be run relatively quickly and
require no additional infrastructure. Integration tests require
additional infrastructure and generally have longer execution
times. Now that jobs are blocked from running until preliminary
checks pass, one of which is unit tests, it is important to draw a
distinction between these two types of tests.
- We want to avoid unnecessary yarn installs and typescript
compilations, which are time consuming.
- We want to make sure that test results are published and failing tests
can be easily viewed in the CI.
This Commit:
- Creates a build-and-validate job in the CI that builds, lints, and
unit tests code prior to running any other jobs.
- Creates unit-test job in CI config
- Creates integration-test job in CI config
- Removes redundant calls to compile workspace packages. These
are now built up front, cached, and restored as needed for future
runs.
- Extends the create-lists script functionality to generate commands
that can be executed with the parallel command.
- Removes unnecessary yarn install operations. Invoking yarn workspace
focus results in a yarn install. In the case of running tests this is largely
unnecessary, because we already do a yarn install in the base-install
step.
- Make sure test results are exported as junit xml so the CI can report
back on tests that were failing. This was done for a couple workspace
packages, but many were lacking the capability. All test:unit and
test:integration npm scripts now export this data.
- Fixes the following issues encountered along the way:
- Adds logs to monitor heap usage of jest tests. Some
jest tests are still using a lot of memory.
- Moves a few slow / long running tests from unit test to
integration tests.
- Ensures that jest.transform for ts-jest is always instructed
to have the config option isolateModules is set to true. This
definitely decreases memory overhead and resolves some
of the OOM errors we were hitting. It was configured in
some places but not everywhere.
- Exports test results files for all tests
- Exports all test artifacts
- Uses gnu parallel to run tests in parallel. Turns out yarn
workspaces foreach would give a false positive when an OOM
was encountered. Fortunately, the parallel command offered an
acceptable work around, and even offers some nice features
like the load argument, which allows to control test execution a
bit more efficiently.
Because:
- We want to speed up pipeline startup.
This Commit:
- Optimizes docker base image builds for the smallest images possible.
- Enables hard links for yarn cache
- Enables global yarn cache
- Avoids needlessly installing playwright browsers.
- Avoids needlessly running yarn install.
- Uses mozilla/fxa-circleci:ci-base-latest image for running test pipelines
- Uses mozilla/fxa-circleci:ci-base-browsers image for running functional tests pipelines
- Creates configurable executors that can be reused across pipelines
- Upgrades to yarn 3.3.0
- Enabled direct check out of PR code to test, which is faster than circle ci’s checkout command.
- Upgrades functional test to X-Large. This was already the case for playwright tests, but is now extended to content server tests too. This decision was made due to running lots of pipelines and realizing flakiness was largely due to CPU or memory hitting 100% for long periods of time.
- Turns off tracing, since it saves a bit of runtime.
Because:
- elliptic is in the browserid-verifier's dependency tree and it's
causing security warnings
This commit:
- resolve elliptic to >= a patched version
Because:
- xmldom was a dependency of plist, which is a dependency of
i18n-abide, and xmldom was causing a security alert
This commit:
- resolve plist to a newer version that does not have the xmldom dep
Because:
- We want to be able to see trace information
- We want to be able to export trace information to google cloud
This Commit:
- Adds utility class to fxa-shared for configuring and initializing open telemetry
- Initializes open telemetry in the auth server
- Forces resolution of google-gax.
- Forces resolution of @grpc/grpc-js.
- Adds the jaeger docker container for viewing traces locally. This is accessible on localhost:16686.
Note, adding @google-cloud/opentelemetry-cloud-trace-exporter resulted
in a version conflicts for google-gax and @grpc/grpc-js, which caused
runtime failures when interacting with @google-cloud/firestore. After
many experiments, this seems to do the trick.
Because:
* We should be informed about TS errors before a patch merges into main.
This commit:
* Adds a new script to run as the first task in the test-many job that compiles any modified back-end Typescript packages and any packages that depend on them.
Closes#12823
Co-authored-by: Barry Chen <bchen@mozilla.com>
Because:
- we could easily end up running two instances of the paypal-processor
during a deploy
This commit:
- use a redis based distributed lock to ensure only one
paypal-processor can run per env
- add script options to control the lock name and duration, as well as
completely bypassing the lock
* feat(cli): add 'yarn delete services' command
sometimes you may want to leave all your DBs running but completely start over with fresh services. The pm2 restart command doesn't fully reset the environment and sometimes that's what you want. Delete lets us remove the service from pm2 so we can start it fresh.
* chore(ci): slow down pm2 startup
I've noticed ci failures where the services don't even get started up completely happening more frequently. During the brief time that circleci showed resource graphs the pm2 startup pegged both cpu and memory. If we wait for the services that have a lot of building at startup to finish before starting the next service maybe we'll have better stability.
* chore(tests): remove support-panel from functional test startup
chore(deps): updated yarn to 3.1.0
chore(deps): need to be explicit about postcss deps now, apparently
chore(deps): update yarn relock to skip adding checksums for conditional deps
This matches the default behavior of yarn 3.1
danny hates storybook
update yarn workspace plugin
Because:
* We should document the basic process for new contributors.
This commit:
* Adds a new "Connecting to a local MySQL DB" section to the root project README.
Closes #No issue
Because:
* We want to re-use NestJS modules in multiple packages.
This commit:
* Refactors common NestJS modules from event-broker into fxa-shred
for use by other packages.
Closes#6345
- We have two clients for the auth-server API, one in `content-server/app/scripts/lib/auth` and `fxa-js-client`. The content-server one was meant to replace fxa-js-client but I didn't finish the work to get it running on nodejs.
- Extracts the content-server implementation into `fxa-auth-client`
- Wraps the implementation with shims to work with nodejs in `server.ts`
- Updates references to fxa-js-client to use fxa-auth-client
- Removes fxa-js-client
fixes#5577
Using the newish "exports" property of package.json allows
us to keep the source ts separate from the compiled js
and still use require('fxa-react/components/..'). No more
clean required to run jest tests.
chore(deps): updated aws-sdk
chore(deps): remove raven and update @sentry/*
chore(deps): updated mysql deps
chore(deps): updated eslint-plugin-fxa
chore(deps): updated bluebird
chore(deps): updated request
chore(deps): use jest 24.9.0 (same as react-scripts)
chore(deps): update convict
chore(deps): update morgan
chore(deps): update eslint-plugin-jest
chore(deps): update babel-eslint
chore(deps): removed nodemon
chore(deps): update @types/convict
chore(deps): set @types/jest to match jest version
chore(deps): set @babel/core to ^7.9.0
chore(deps): set @babel/preset-env to 7.9.0
chore(deps): update hapi
with hoisted eslint dependency `npm run lint` can't find
eslint on the path. We've got linting globally as a precommit
hook, it doesn't need to run on tests.
It's easy to not notice when to run a `yarn install` either
when switching branches or doing a git pull. This adds a
hook to diff your previous yarn.lock with the one your changing
to, and if there's changes running 'yarn install' for you.
This adds a base node image and builder image so
that all our service images can share the same
common base, be smaller, and require less customization.
- updated fluent packages to the latest
- implemented localizable currency
- implemented localizable dates
fixes#4668
- fixed errors that resulted from rebase onto Mobile Updates
- fixed bug that would cause the subscriptionToResponse to provide an invoice ID instead of an invoice Number
- removed reference to plan name and replaced with product name
- changed variables to regular stringsOC
- added stricter typing to plan interval
why: several reasons...
- to have a unified approach and pattern for:
- debugging
- fs watching for local dev
- running services in dev
- configuring services in dev
- to improve the initial clone and subsequent `npm ci` experience
- to make future work on tooling easier
1. renamed _scripts/*.sh to use kebab-case
2. linted _scripts with shellcheck
3. added _dev directory and moved pm2 json files there
4. added nps and package-scripts.js
- this allows us to do nice things like: `npm start debug firefox`
- I'd like to expand this further but it's a start
5. refactored the install scripts to make `npm install` nicer
6. renamed pm2 process names for easier control
- can use `pm2 logs auth` instead of the id
start-android is no longer needed so it was removed
along with its dependencies and replaced by adb-reverse
I removed `adr-log` in favor of running `npx adr-log` to
make `npm ci` smaller.
`concurrently` is no longer used.
The remainder were updated to their latest versions.
This patch fixes two things in Customs tests:
- it updates test-local.sh so that it no longer exits with status 0 all
the time; now it exits with the status returned by `tap`
- it fixes all the failing tests that have gone unnoticed due the bug
mentioned above
It's pretty disheartening when your PR fails in ci because of an
npm advisory unrelated to your changes. We still need to be aware
of them but have the ability to more easily keep doing other work.
Running the audit on git push allows us all to see advisories
quickly, but allows us to override and push with --no-verify so
work can continue and the advisory addressed on its own.
* Add a lint:deps job to the top-level package.json, so lerna can run
lint:deps in all packages in parallel.
* Also handle recent handlebars vulnerability, so that builds don't fail.
* Note, the lint:deps job is a no-op in fxa-amplitude-send, as I can't
get it to build yet in the monorepo.
Some of the vulnerabilities are in transitive dependencies, yet the
suggested `npm update foo --depth N` command sometimes seems to do
nothing. There was a related bug in npm 6.6.0 - 6.11.2, fixed by
https://github.com/npm/cli/pull/239, but perhaps that didn't fix all the
cases? (I was using npm 6.12.0.) As a workaround, I've added audit-filter
exceptions where `npm update` wasn't able to fix vulnerabilities.
Fixes#2229.
Because:
* My JS skills were a bit more newbie when I wrote some of this the
first time leading to some copypasta.
* Optional chaining in Typescript 3.7 is slick.
* esModuleInterop has cleaner imports and is recommended.
* We are removing the use of Bluebird everywhere.
This commit:
* Removes some copypasta for more standard JS idioms.
* Updates all the dependencies as well as TypeScript -> 3.7.
* Refactors imports to use esModuleInterop.
* Drops the Bluebird dependency.
- fxa-amplitude-send has a dependency on node-parquet which has several unaccounted for native deps that currently break npm install locally
- node-parquet adds several minutes to the CI build time which is not currently required
- refactored script vars to be more explicit about their purpose
see #3231