Start our conversation now. Connect. Or follow.
A free shot of short lived dopamine is yours to keep.
Modernizing an older Node.js project
Github introduced Security Alerts by the end of 2017 and it’s CI/CD workflows in 2019.
Today I took some time to review alerts that landed in my inbox. Out of interest and to refresh my Node.js skils. Meanwhile I also the took the jump to set up a Github Workflow for a personal project: Walnoot.
Walnoot
Walnoot gives an overview of cryptocurrency portfolio. To do that it consumes the Coinigy API and offers support for a very simple offline wallet too.
Docker
With me diving deeper into the Docker ecosystem recently, setting up a Dockerfile was super easy. Using a containerized development environment means I don’t have to worry about specific OS versions, local Node.js versions, and other dependencies.
Future Me can thank me later.
Github Node.js Workflow
I knew I wanted to start simple and chose the Node.js workflow. Github added files to the repo in a .github
folder, at the push of a button and I was off to the races.
# nodejs.yml
name: Node CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.x]
steps:
- uses: actions/[email protected]
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/[email protected]
with:
node-version: ${{ matrix.node-version }}
- name: npm install, build, and test
run: |
npm ci
npm run build --if-present
npm test
env:
CI: true
Portability
A big difference between my local Docker environment and the one Github provides is the Linux distro. When possible I stick to Alpine. It’s super light weight and just makes me feel good. It’s also convenient that I now have quick access to three environments: MacOS, Ubuntu and Alpine. Yay for portability.
Security
Next I noticed security issues. npm audit
marked several issues which I was able to fix with a simple npm audit fix
. One of the better experiences was the ability to use npx babel-upgrade
.
# npx lets you run babel-upgrade and installs locally
npx babel-upgrade --write --install
The end result is an automated Github workflow and zero security alerts ( at the time of writing ).