Modernizing an older Node.js project

Github introduced Security Alerts by the end of 2017 and it's CI/CD workflows in 2019.

Today I took some time to review alerts that landed in my inbox. Out of interest and to refresh my Node.js skils. Meanwhile I also the took the jump to set up a Github Workflow for a personal project: Walnoot.

Screenshot of Walnoot in action

Walnoot

Walnoot gives an overview of cryptocurrency portfolio. To do that it consumes the Coinigy API and offers support for a very simple offline wallet too.

Docker

With me diving deeper into the Docker ecosystem recently, setting up a Dockerfile was super easy. Using a containerized development environment means I don't have to worry about specific OS versions, local Node.js versions, and other dependencies.

Future Me can thank me later.

Github Node.js Workflow

I knew I wanted to start simple and chose the Node.js workflow. Github added files to the repo in a .github folder, at the push of a button and I was off to the races.

# nodejs.yml
name: Node CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [12.x]

    steps:
    - uses: actions/checkout@v1
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
    - name: npm install, build, and test
      run: |
        npm ci
        npm run build --if-present
        npm test
      env:
        CI: true

Github Actions

Portability

A big difference between my local Docker environment and the one Github provides is the Linux distro. When possible I stick to Alpine. It's super light weight and just makes me feel good. It's also convenient that I now have quick access to three environments: MacOS, Ubuntu and Alpine. Yay for portability.

Security

Next I noticed security issues. npm audit marked several issues which I was able to fix with a simple npm audit fix. One of the better experiences was the ability to use npx babel-upgrade.

# npx lets you run babel-upgrade and installs locally
npx babel-upgrade --write --install

The end result is an automated Github workflow and zero security alerts ( at the time of writing ).

Github Security Alerts