npm
Sign UpSign In

@financial-times/rel-engage

9.1.0 • Public • Published

@financial-times/rel-engage

Standardised tools for JavaScript projects owned by the Reliability Engineering team. It includes common configuration for linting and formatting of source files, tools to fetch secrets from Vault and solve other commonly tasks.

Getting started

This package is compatible with Node 18+ and is distributed on npm.

The fastest way to get developing with rel-engage is to run the package via npx:

npx @financial-times/rel-engage

Alternatively you can run the both install steps manually:

# 1. Download and save the package
npm install --save-dev @financial-times/rel-engage

# 2. Run the install command
./node_modules/.bin/rel-engage

As part of the install step several configuration files will be created as well as a new Makefile. See the commands documentation to find out more.

Commands

After installing rel-engage a new Makefile will be added to your project. This provides a number of commands for common tasks, including:

  • install to install Node modules and create configuration files.
  • verify to run linting and formatting tools.
  • clean to undo all changes and remove files that are not tracked by version control.
  • env to fetch and save project secrets

To view a list of all commands and their descriptions, run:

make help

Configuration

Each time you run the make install command provided by this package a number of configuration files will be added to your project if not already present:

  • EditorConfig (.editorconfig) - provides whitespace settings for your editor when creating new files.
  • ESLint (.eslintrc.js, .eslintignore) - configuration for linting JavaScript.
  • Husky (.huskyrc.js) - installs and configures Git hooks to run commands before committing and pushing code.
  • lint-staged (.lintstagedrc.js) - configures commands to run only on changed files that will be committed.
  • Prettier (.prettierrc.js, .prettierignore) - automatic formatting for JavaScript, JSON, YAML, and more.

The created "dotfiles" link to shared configuration provided by this package and do not contain any rules themselves.

These rules should rarely need to be overridden but if you do need to then it's possible to directly modify them, either by using the built in support for the tool (e.g ESLint supports an extends pattern), or by manually extending the provided JavaScript objects themselves.

Secrets

Project secrets (such as API keys) are stored in Doppler and can be used by executing commands via use of the doppler run --command="...".

Secrets in Doppler are stored in projects; one for each system and one for each team's shared secrets.

Secrets for local development

To get started, ensure that you have the doppler-cli installed and configured correctly and that you are in the reliability-engineering GitHub team.

Once this is done you should be able to run the doppler login command. If you run into any problems then you can ask for help on the #reliability-eng Slack channel.

Note the doppler login only authenticates you with Doppler; it does not allow you to access any secrets. To access the secrets in your current project you must define a PROJECT_NAME in your makefile. For example:

    PROJECT_NAME=biz-ops-route53-importer

Once a PROJECT_NAME as been defined then you can inject the test secrets into your local session by running:

    make env

If you need to access prod secrets then use the following:

    make env ENV=prod

Secrets on CircleCI

When Doppler credentials are required as part of your CI pipeline these can be retrieved by appending the load_secrets command from the ft-circleci-orbs/doppler-circleci orb to your workflow jobs:

  test:
    <<: *default_container_config
    steps:
      - *attach_workspace
      - load_secrets:
          config: TEST
      - run:
          name: Run unit tests
          command: make unit-test

Keeping secrets safe

To help ensure that your project's secrets stay private this package depends on Secret Squirrel which is a tool used to scans your source code and warn you if it finds anything that looks like it might be better kept secret. This project configures Secret Squirrel to scan your code before each Git commit is made.

Snyk

Snyk can be used to scan dependencies for security vulnerabilities after installing your project. The Snyk tool will be installed by rel-engage but to ensure it is protecting your project you'll need to ensure Snyk is able to test and monitor it. To do so run the following command (this may require you to login to Snyk via SSO):

snyk monitor

This will add the snyk package as a direct dependency of your project. To integrate Snyk as part of your project's CI workflow you can use the Snyk Orb.

Contributing

Requirements

To get started with this project you'll need to make sure you have the following software tools installed.

  1. Git
  2. Node.js (version 18 or higher is required)
  3. npm

Please note that Page Kit has only been tested in Mac and Linux environments. If you are on a Mac you may find it easiest to install the Command Line Tools package which includes Git.

Project installation

  1. Clone the project's Git repository and change to the new directory that has been created:

    git clone git@github.com:Financial-Times/rel-engage
cd rel-engage

  2. Install all of the project dependencies (this may take a few minutes if you are running this for the first time):

    make install

Dependents (0)

Package Sidebar

Install

npm i @financial-times/rel-engage

Repository

github.com/Financial-Times/rel-engage

Homepage

github.com/Financial-Times/rel-engage#readme

Weekly Downloads

77

Version

9.1.0

License

ISC

Unpacked Size

38.5 kB

Total Files

45

Last publish

Collaborators

  • robertboulton
  • seraph2000
  • hamza.samih
  • notlee
  • emmalewis
  • aendra
  • the-ft
  • rowanmanning
  • chee
  • alexwilson
Try on RunKit
Report malware