Upgrading STF for security reasons (#813)

* Upgrading STF for security reasons Signed-off-by: Denis barbaron <[email protected]> * update semaphore files Signed-off-by: Denis barbaron <[email protected]> * upgrading STF for security reasons v2 Signed-off-by: Denis barbaron <[email protected]> * update yarn.lock file Signed-off-by: Denis barbaron <[email protected]> --------- Signed-off-by: Denis barbaron <[email protected]>
DeviceFarmer · Nov 22, 2024 · 2f54e40 · 2f54e40
1 parent e204b03
commit 2f54e40
Show file tree

Hide file tree

Showing 48 changed files with 2,437 additions and 1,161 deletions.
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-17.9.0
+v22.11.0
diff --git a/.semaphore/deploy_npmjs.yml b/.semaphore/deploy_npmjs.yml
@@ -7,7 +7,7 @@ blocks:
         - name: Deploy
           commands:
             - install-package libzmq3-dev libprotobuf-dev graphicsmagick yasm gulp python3
-            - sem-version node 17.9.0
+            - sem-version node 20
             - checkout
             - npm install
             - npm publish --access=public

diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
@@ -20,7 +20,7 @@ blocks:
         - name: npm test
           commands:
             - install-package libzmq3-dev libprotobuf-dev graphicsmagick yasm gulp python3
-            - sem-version node 17.9.0
+            - sem-version node 20
             - checkout
             - npm install
             - npm test

diff --git a/.tool-versions b/.tool-versions
@@ -1 +1 @@
-nodejs 17.9.0
+nodejs 22.11.0
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,11 @@
 #
-# Copyright © 2022 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+# Copyright © 2022-2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 #
 
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 # Sneak the stf executable into $PATH.
-ENV PATH /app/bin:$PATH
+ENV PATH=/app/bin:$PATH
 
 # Work in app dir by default.
 WORKDIR /app
@@ -28,15 +28,18 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
       --shell /usr/sbin/nologin \
       stf && \
     sed -i'' 's@http://archive.ubuntu.com/ubuntu/@mirror://mirrors.ubuntu.com/mirrors.txt@' /etc/apt/sources.list && \
+    echo '--- Updating repositories' && \
     apt-get update && \
+    echo '--- Upgrading repositories' && \
+    apt-get -y dist-upgrade && \
     apt-get -y install wget python3 build-essential && \
     cd /tmp && \
     wget --progress=dot:mega \
-      https://nodejs.org/dist/v17.9.0/node-v17.9.0-linux-x64.tar.xz && \
+      https://nodejs.org/dist/v22.11.0/node-v22.11.0-linux-x64.tar.xz && \
     tar -xJf node-v*.tar.xz --strip-components 1 -C /usr/local && \
     rm node-v*.tar.xz && \
     su stf-build -s /bin/bash -c '/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js install' && \
-    apt-get -y install libzmq3-dev libprotobuf-dev git graphicsmagick openjdk-8-jdk yasm cmake && \
+    apt-get -y install --no-install-recommends libzmq3-dev libprotobuf-dev git graphicsmagick openjdk-8-jdk yasm cmake && \
     apt-get clean && \
     rm -rf /var/cache/apt/* /var/lib/apt/lists/* && \
     mkdir /tmp/bundletool && \
@@ -57,22 +60,29 @@ USER stf-build
 
 # Run the build.
 RUN set -x && \
+    echo '--- Building app' && \
     cd /tmp/build && \
     export PATH=$PWD/node_modules/.bin:$PATH && \
-    npm install --python="/usr/bin/python3"  --loglevel http && \
+    npm install --python="/usr/bin/python3" --omit=optional --loglevel http && \
+    echo '--- Assembling app' && \
     npm pack && \
     tar xzf devicefarmer-stf-*.tgz --strip-components 1 -C /app && \
     bower cache clean && \
-    npm prune --production && \
+    npm prune --omit=dev && \
     mv node_modules /app && \
     rm -rf ~/.node-gyp && \
     mkdir /app/bundletool && \
     mv /tmp/bundletool/* /app/bundletool && \
     cd /app && \
-    find /tmp -mindepth 1 ! -regex '^/tmp/hsperfdata_root\(/.*\)?' -delete
+    find /tmp -mindepth 1 ! -regex '^/tmp/hsperfdata_root\(/.*\)?' -delete && \
+    rm -rf doc .github .tx .semaphore *.md *.yaml LICENSE Dockerfile* \
+      .eslintrc .nvmrc .tool-versions res/.eslintrc && \
+    cd && \
+    rm -rf .npm .cache .config .local && \
+    cd /app
 
 # Switch to the app user.
 USER stf
 
 # Show help by default.
-CMD stf --help
+CMD ["stf", "--help"]
diff --git a/Dockerfile-debian-arm64 b/Dockerfile-debian-arm64
@@ -1,32 +1,34 @@
 #
-# Copyright © 2020,2022 code initially contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+# Copyright © 2020-2024 code initially contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 #
 
-FROM arm64v8/debian:buster-slim
+FROM arm64v8/debian:bookworm-slim
 
 LABEL Maintainer="Denis Barbaron <[email protected]>"
 LABEL Name="STF"
 LABEL Url="https://github.com/devicefarmer/stf/"
 LABEL Description="STF docker image for arm64 architecture"
 
 # Sneak the stf executable into $PATH.
-ENV PATH /app/bin:$PATH
+ENV PATH=/app/bin:$PATH
 
 # Work in app dir by default.
 WORKDIR /app
 
 # Copy app source.
 COPY . /tmp/build/
 
-# Install app requirement
+# Install app requirements
 RUN export DEBIAN_FRONTEND=noninteractive && \
     echo '--- Updating repositories' && \
     apt-get update && \
+    echo '--- Upgrading repositories' && \
+    apt-get -y dist-upgrade && \
     echo '--- Building node' && \
-    apt-get -y install wget python3 build-essential cmake && \
+    apt-get -y install pkg-config curl zip unzip wget python3 build-essential cmake ninja-build && \
     cd /tmp && \
     wget --progress=dot:mega \
-      https://nodejs.org/dist/v17.9.0/node-v17.9.0-linux-arm64.tar.xz && \
+      https://nodejs.org/dist/v22.11.0/node-v22.11.0-linux-arm64.tar.xz && \
     tar -xJf node-v*.tar.xz --strip-components 1 -C /usr/local && \
     rm node-v*.tar.xz && \
     useradd --system \
@@ -42,26 +44,32 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     cd /tmp/build && \
     export PATH=$PWD/node_modules/.bin:$PATH && \
     sed -i'' -e '/phantomjs/d' package.json && \
-    echo 'npm install --python="/usr/bin/python3" --no-optional --loglevel http' | su stf -s /bin/bash && \
+    export VCPKG_FORCE_SYSTEM_BINARIES="arm" && \
+    echo 'npm install --save-dev pnpm' | su stf -s /bin/bash && \
+    echo 'npm install --python="/usr/bin/python3" --omit=optional --loglevel http' | su stf -s /bin/bash && \
     echo '--- Assembling app' && \
     echo 'npm pack' | su stf -s /bin/bash && \
     tar xzf devicefarmer-stf-*.tgz --strip-components 1 -C /app && \
     echo '/tmp/build/node_modules/.bin/bower cache clean' | su stf -s /bin/bash && \
-    echo 'npm prune --production' | su stf -s /bin/bash && \
+    echo 'npm prune --omit=dev' | su stf -s /bin/bash && \
     mv node_modules /app && \
     chown -R root:root /app && \
     echo '--- Cleaning up' && \
     echo 'npm cache clean --force' | su stf -s /bin/bash && \
     rm -rf ~/.node-gyp && \
-    apt-get -y purge wget python3 build-essential && \
+    apt-get -y purge pkg-config curl zip unzip wget python3 build-essential cmake ninja-build && \
     apt-get -y clean && \
     apt-get -y autoremove && \
+    cd /home/stf && \
+    rm -rf vcpkg .npm .cache .cmake-ts .config .local && \
     rm -rf /var/cache/apt/* /var/lib/apt/lists/* && \
     cd /app && \
+    rm -rf doc .github .tx .semaphore *.md *.yaml LICENSE Dockerfile* \
+      .eslintrc .nvmrc .tool-versions res/.eslintrc && \
     rm -rf /tmp/*
 
 # Switch to the app user.
 USER stf
 
 # Show help by default.
-CMD stf --help
+CMD ["stf", "--help"]
diff --git a/Dockerfile-debian-armhf b/Dockerfile-debian-armhf
@@ -1,67 +1,75 @@
 #
-# Copyright © 2020,2022 code initially contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+# Copyright © 2020-2024 code initially contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 #
 
-FROM arm32v7/debian:buster-slim
+FROM arm32v7/debian:bookworm-slim
 
 LABEL Maintainer="Denis Barbaron <[email protected]>"
 LABEL Name="STF"
 LABEL Url="https://github.com/devicefarmer/stf/"
 LABEL Description="STF docker image for armhf architecture"
 
 # Sneak the stf executable into $PATH.
-ENV PATH /app/bin:$PATH
+ENV PATH=/app/bin:$PATH
 
 # Work in app dir by default.
 WORKDIR /app
 
 # Copy app source.
 COPY . /tmp/build/
 
-# Install app requirement
+# Install app requirements
 RUN export DEBIAN_FRONTEND=noninteractive && \
     echo '--- Updating repositories' && \
     apt-get update && \
+    echo '--- Upgrading repositories' && \
+    apt-get -y dist-upgrade && \
     echo '--- Building node' && \
-    apt-get -y install wget python3 build-essential cmake && \
+    apt-get -y install pkg-config curl zip unzip wget python3 build-essential cmake ninja-build && \
     cd /tmp && \
     wget --progress=dot:mega \
-      https://nodejs.org/dist/v17.9.0/node-v17.9.0-linux-armv7l.tar.xz && \
+      https://nodejs.org/dist/v22.11.0/node-v22.11.0-linux-armv7l.tar.xz && \
     tar -xJf node-v*.tar.xz --strip-components 1 -C /usr/local && \
     rm node-v*.tar.xz && \
     useradd --system \
       --create-home \
       --shell /usr/sbin/nologin \
       stf && \
     su stf -s /bin/bash -c '/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js install' && \
-    apt-get -y install --no-install-recommends libzmq3-dev libprotobuf-dev git graphicsmagick yasm && \
+    apt-get -y install --no-install-recommends libatomic1 libzmq3-dev libprotobuf-dev git graphicsmagick yasm && \
     echo '--- Building app' && \
     mkdir -p /app && \
     chown -R stf:stf /tmp/build && \
     set -x && \
     cd /tmp/build && \
     export PATH=$PWD/node_modules/.bin:$PATH && \
     sed -i'' -e '/phantomjs/d' package.json && \
-    echo 'npm install --python="/usr/bin/python3" --no-optional --loglevel http' | su stf -s /bin/bash && \
+    export VCPKG_FORCE_SYSTEM_BINARIES="arm" && \
+    echo 'npm install --save-dev pnpm' | su stf -s /bin/bash && \
+    echo 'npm install --python="/usr/bin/python3" --omit=optional --loglevel http' | su stf -s /bin/bash && \
     echo '--- Assembling app' && \
     echo 'npm pack' | su stf -s /bin/bash && \
     tar xzf devicefarmer-stf-*.tgz --strip-components 1 -C /app && \
     echo '/tmp/build/node_modules/.bin/bower cache clean' | su stf -s /bin/bash && \
-    echo 'npm prune --production' | su stf -s /bin/bash && \
+    echo 'npm prune --omit=dev' | su stf -s /bin/bash && \
     mv node_modules /app && \
     chown -R root:root /app && \
     echo '--- Cleaning up' && \
     echo 'npm cache clean --force' | su stf -s /bin/bash && \
     rm -rf ~/.node-gyp && \
-    apt-get -y purge wget python3 build-essential && \
+    apt-get -y purge pkg-config curl zip unzip wget python3 build-essential cmake ninja-build && \
     apt-get -y clean && \
     apt-get -y autoremove && \
+    cd /home/stf && \
+    rm -rf vcpkg .npm .cache .cmake-ts .config .local && \
     rm -rf /var/cache/apt/* /var/lib/apt/lists/* && \
     cd /app && \
+    rm -rf doc .github .tx .semaphore *.md *.yaml LICENSE Dockerfile* \
+      .eslintrc .nvmrc .tool-versions res/.eslintrc && \
     rm -rf /tmp/*
 
 # Switch to the app user.
 USER stf
 
 # Show help by default.
-CMD stf --help
+CMD ["stf", "--help"]
diff --git a/Dockerfile-debian-x86_64 b/Dockerfile-debian-x86_64
@@ -1,16 +1,16 @@
 #
-# Copyright © 2020,2022 code initially contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+# Copyright © 2020-2024 code initially contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
 #
 
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
 LABEL Maintainer="Denis Barbaron <[email protected]>"
 LABEL Name="STF"
 LABEL Url="https://github.com/devicefarmer/stf/"
 LABEL Description="STF docker image for x86_64 architecture"
 
 # Sneak the stf executable into $PATH.
-ENV PATH /app/bin:$PATH
+ENV PATH=/app/bin:$PATH
 
 # Work in app dir by default.
 WORKDIR /app
@@ -22,11 +22,13 @@ COPY . /tmp/build/
 RUN export DEBIAN_FRONTEND=noninteractive && \
     echo '--- Updating repositories' && \
     apt-get update && \
+    echo '--- Upgrading repositories' && \
+    apt-get -y dist-upgrade && \
     echo '--- Building node' && \
     apt-get -y install wget python3 build-essential && \
     cd /tmp && \
     wget --progress=dot:mega \
-      https://nodejs.org/dist/v17.9.0/node-v17.9.0-linux-x64.tar.xz && \
+      https://nodejs.org/dist/v22.11.0/node-v22.11.0-linux-x64.tar.xz && \
     tar -xJf node-v*.tar.xz --strip-components 1 -C /usr/local && \
     rm node-v*.tar.xz && \
     useradd --system \
@@ -42,12 +44,12 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     cd /tmp/build && \
     export PATH=$PWD/node_modules/.bin:$PATH && \
     sed -i'' -e '/phantomjs/d' package.json && \
-    echo 'npm install --python="/usr/bin/python3" --no-optional --loglevel http' | su stf -s /bin/bash && \
+    echo 'npm install --python="/usr/bin/python3" --omit=optional --loglevel http' | su stf -s /bin/bash && \
     echo '--- Assembling app' && \
     echo 'npm pack' | su stf -s /bin/bash && \
     tar xzf devicefarmer-stf-*.tgz --strip-components 1 -C /app && \
     echo '/tmp/build/node_modules/.bin/bower cache clean' | su stf -s /bin/bash && \
-    echo 'npm prune --production' | su stf -s /bin/bash && \
+    echo 'npm prune --omit=dev' | su stf -s /bin/bash && \
     mv node_modules /app && \
     chown -R root:root /app && \
     echo '--- Cleaning up' && \
@@ -56,12 +58,16 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get -y purge wget python3 build-essential && \
     apt-get -y clean && \
     apt-get -y autoremove && \
+    cd /home/stf && \
+    rm -rf .npm .cache .config .local && \
     rm -rf /var/cache/apt/* /var/lib/apt/lists/* && \
     cd /app && \
+    rm -rf doc .github .tx .semaphore *.md *.yaml LICENSE Dockerfile* \
+      .eslintrc .nvmrc .tool-versions res/.eslintrc && \
     rm -rf /tmp/*
 
 # Switch to the app user.
 USER stf
 
 # Show help by default.
-CMD stf --help
+CMD ["stf", "--help"]
diff --git a/bin/stf b/bin/stf
@@ -1,2 +1,2 @@
-#!/usr/bin/env node
+#!/usr/bin/env -S node --no-deprecation
 require('../lib/cli/please')
diff --git a/bower.json b/bower.json
@@ -2,46 +2,46 @@
   "name": "stf",
   "version": "0.1.0",
   "dependencies": {
-    "angular": "~1.5.0-rc.2",
-    "angular-cookies": "~1.5.0-rc.2",
-    "angular-route": "~1.5.0-rc.2",
-    "angular-sanitize": "~1.5.0-rc.2",
-    "angular-animate": "~1.5.0-rc.2",
-    "angular-touch": "~1.5.0-rc.2",
+    "angular": "~1.8.3",
+    "angular-cookies": "~1.8.3",
+    "angular-route": "~1.8.3",
+    "angular-sanitize": "~1.8.3",
+    "angular-animate": "~1.8.3",
+    "angular-touch": "~1.8.3",
     "lodash": "~3.10.1",
-    "oboe": "~2.1.2",
-    "ng-table": "~1.0.0-beta.9",
-    "angular-gettext": "~2.2.0",
+    "oboe": "~2.1.5",
+    "ng-table": "~1.0.0",
+    "angular-gettext": "~2.4.2",
     "angular-ui-ace": "~0.2.3",
     "angular-dialog-service": "~5.2.11",
     "ng-file-upload": "~2.0.5",
     "angular-growl-v2": "JanStevens/angular-growl-2#~0.7.9",
     "underscore.string": "~3.2.3",
-    "bootstrap": "~3.3.6",
+    "bootstrap": "~3.4.1",
     "font-lato-2-subset": "~0.4.0",
     "packery": "~1.4.3",
     "draggabilly": "~1.2.4",
     "angular-elastic": "~2.5.1",
     "angular-hotkeys": "chieffancypants/angular-hotkeys#~1.6.0",
     "angular-borderlayout": "git://github.com/filearts/angular-borderlayout.git#7c9716aebd9260763f798561ca49d6fbfd4a5c67",
-    "angular-ui-bootstrap": "~1.1.1",
+    "angular-ui-bootstrap": "~1.1.2",
     "ng-context-menu": "swimlane/ng-context-menu#~1.0.1",
     "components-font-awesome": "~4.5.0",
     "epoch": "~0.8.4",
     "ng-epoch": "~1.0.7",
     "eventEmitter": "~4.3.0",
     "angular-ladda": "~0.3.1",
-    "d3": "~3.5.14",
+    "d3": "~3.5.17",
     "spin.js": "~2.3.2",
     "angular-xeditable": "~0.1.9"
   },
   "private": true,
   "devDependencies": {
-    "angular-mocks": "~1.5.0-rc.2"
+    "angular-mocks": "~1.8.3"
   },
   "resolutions": {
-    "angular": "~1.5.0-rc.2",
-    "d3": "~3.5.5",
+    "angular": "~1.8.3",
+    "d3": "~3.5.17",
     "spin.js": "~2.3.2",
     "eventEmitter": "~4.3.0",
     "epoch": "~0.8.4"