reactioncommerce
diff --git a/‎.circleci/bin/calibre-deploy.sh‎
Lines changed: 2 additions & 2 deletions b/‎.circleci/bin/calibre-deploy.sh‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.circleci/bin/should-run-snyk.sh‎
Lines changed: 63 additions & 0 deletions b/‎.circleci/bin/should-run-snyk.sh‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎.circleci/config.yml‎
Lines changed: 22 additions & 21 deletions b/‎.circleci/config.yml‎
Lines changed: 22 additions & 21 deletions
diff --git a/‎.env.example‎
Lines changed: 3 additions & 3 deletions b/‎.env.example‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.graphqlrc‎
Lines changed: 1 addition & 1 deletion b/‎.graphqlrc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.snyk‎
Lines changed: 1 addition & 2 deletions b/‎.snyk‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 43 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 4 additions & 5 deletions b/‎Dockerfile‎
Lines changed: 4 additions & 5 deletions
@@ -6,13 +6,13 @@ URL=$1
 LOCATION=$2
 
 # Run One Off Test
-./../node_modules/calibre/bin/linux/calibre test create $URL --location=$LOCATION
+npx [email protected] test create $URL --location=$LOCATION
 
 # Run Snapshot
 # California Snapshot Only (Be more generic as we add more site locations to track)
 if [ $LOCATION = "California" ]
 then
-    ./../node_modules/calibre/bin/linux/calibre site create-snapshot --site reaction-core-"$(echo $LOCATION | tr '[A-Z]' '[a-z]')"
+    npx [email protected] site create-snapshot --site reaction-core-"$(echo $LOCATION | tr '[A-Z]' '[a-z]')"
 else
     echo "No Snapshot Configured for Location"
 fi
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+# Please Use Google Shell Style: https://google.github.io/styleguide/shell.xml
+
+# ---- Start unofficial bash strict mode boilerplate
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/
+set -o errexit  # always exit on error
+set -o errtrace # trap errors in functions as well
+set -o pipefail # don't ignore exit codes when piping output
+set -o posix    # more strict failures in subshells
+# set -x          # enable debugging
+
+IFS=$'\n\t'
+# ---- End unofficial bash strict mode boilerplate
+
+validate_env() {
+  declare -a missing
+  for var in "$@"; do
+    if [[ -z "${!var}" ]]; then
+      echo "⚠️ ERROR: Missing required environment variable: ${var}" 1>&2
+      missing+=("${var}")
+    fi
+  done
+  if [[ -n "${missing[*]}" ]]; then
+    exit 1
+  fi
+}
+
+main() {
+  validate_env CIRCLE_COMPARE_URL DOCKER_REPOSITORY
+  if [[ -z "${CIRCLE_PULL_REQUEST}" ]]; then
+    echo "NO: Not a PR. Skipping Snyk."
+    exit
+  fi
+  # Determine PR number from pull request link
+  CIRCLE_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"
+  PATH="${PATH}:${CIRCLE_WORKING_DIRECTORY}/node_modules/.bin"
+  if [[ -v CIRCLE_PR_NUMBER ]] && [ -n ${CIRCLE_PR_NUMBER} ]; then
+    # Get PR from github API
+    url="https://api.github.com/repos/${DOCKER_REPOSITORY}/pulls/${CIRCLE_PR_NUMBER}"
+    # Determine target/base branch from API response
+    TARGET_BRANCH=$(curl --silent --location --fail --show-error "${url}" |
+      jq -r '.base.ref')
+  fi
+  if [[ -z "${TARGET_BRANCH}" || ${TARGET_BRANCH} == "null" ]]; then
+    echo "NO: Not a PR. Skipping Snyk."
+    exit
+  fi
+  # If target branch does not exist or is master, run snyk tests
+  if [[ ${TARGET_BRANCH} == "master" ]] || [[ -z "${TARGET_BRANCH/[ ]*\n/}" ]]; then
+    echo "YES: always run when targeting master"
+    exit
+  fi
+  # If package.json is different from the base branch, run snyk
+  if git diff "$(basename "${CIRCLE_COMPARE_URL}")" package.json | grep -q diff; then
+    echo "YES: package.json different. Running Snyk."
+    exit
+  fi
+  echo "NO: package.json identical to target branch. Skipping Snyk."
+  exit
+}
+
+main "$@"
@@ -14,6 +14,7 @@ defaults: &defaults
 #    - DOCKER_REPOSITORY: "202687395681.dkr.ecr.us-west-2.amazonaws.com/reactioncommerce/reaction-next-starterkit"
     - DOCKER_NAMESPACE: "reactioncommerce"
     - DOCKER_NAME: "reaction-next-starterkit"
+    - GLOBAL_CACHE_VERSION: “v3”
 
   docker:
     - image: circleci/node:8-stretch
@@ -235,11 +236,6 @@ jobs:
     <<: *defaults
     steps:
       - checkout
-      - run:
-          name: Install Calibre CLI
-          command: |
-            cd ~
-            sudo npm install calibre
       - run:
           name: California
           command: |
@@ -260,6 +256,7 @@ jobs:
   snyk-security:
     <<: *defaults
     steps:
+      - checkout
       - setup_remote_docker
       - attach_workspace:
           at: docker-cache
@@ -268,25 +265,30 @@ jobs:
           command: |
             docker load < docker-cache/docker-image.tar
       - run:
-          name: Snyk
+          name: Snyk Security
+          # Snyk doesn't look up the directory tree for node_modules as
+          # NodeJS does so we have to take some extra measures to test in the
+          # Docker image. Copy package.json up a directory so that it is a
+          # sibling to node_modules, then run snyk test.
           command: |
-            # Snyk doesn't look up the directory tree for node_modules as
-            # NodeJS does so we have to take some extra measures to test in the
-            # Docker image. Copy package.json up a directory so that it is a
-            # sibling to node_modules, then run snyk test.
-            docker run \
-              --env-file docker-cache/.env \
-              -e "SNYK_TOKEN=$SNYK_TOKEN" \
-              --name reactionapp_next_starterkit \
-              -w /usr/local/src \
-              "$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
-              sh -c "cp reaction-app/package.json ./ && cp reaction-app/.snyk ./ && snyk test"
+            answer=$(./.circleci/bin/should-run-snyk.sh)
+            if [[ "${answer}" =~ "^YES" ]] ; then
+              docker run \
+                --env-file docker-cache/.env \
+                --env "SNYK_TOKEN" \
+                --name reactionapp_next_starterkit \
+                --workdir /usr/local/src \
+                "$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
+                sh -c "cp reaction-app/package.json ./ && cp reaction-app/.snyk ./ && snyk test"
+            else
+              echo "Skipping snyk: ${answer}"
+            fi
 workflows:
   version: 2
   build_and_test:
     jobs:
       - docker-build-nonprod-and-lint:
-          context: reaction-build-read      
+          context: reaction-build-read
       - docker-build:
           context: reaction-build-read
       - docker-push:
@@ -303,7 +305,7 @@ workflows:
           requires:
             - docker-build
       - test-metrics:
-          requires: 
+          requires:
             - deploy-to-ecs
       - snyk-security:
           context: reaction-validation
@@ -316,6 +318,5 @@ workflows:
             branches:
               only: /^develop$/
       - e2e-test:
-          requires: 
+          requires:
             - deploy-to-ecs
-            
 
@@ -1,11 +1,11 @@
 CANONICAL_URL=http://localhost:4000
 ENABLE_SPA_ROUTING=true
-EXTERNAL_GRAPHQL_URL=http://localhost:3000/graphql-alpha
-INTERNAL_GRAPHQL_URL=http://reaction.api.reaction.localhost:3000/graphql-alpha
+EXTERNAL_GRAPHQL_URL=http://localhost:3000/graphql-beta
+INTERNAL_GRAPHQL_URL=http://reaction.api.reaction.localhost:3000/graphql-beta
 NODE_ENV=development
 OAUTH2_ADMIN_PORT=4445
 OAUTH2_AUTH_URL=http://localhost:4444/oauth2/auth
-OAUTH2_CLIENT_ID=reaction-next-starterkit
+OAUTH2_CLIENT_ID=example-storefront
 OAUTH2_CLIENT_SECRET=CHANGEME
 OAUTH2_HOST=hydra.auth.reaction.localhost
 OAUTH2_IDP_HOST_URL=http://reaction.api.reaction.localhost:3000/
 
@@ -1,5 +1,5 @@
 {
   "request": {
-    "url": "http://localhost:3000/graphql-alpha"
+    "url": "http://localhost:3000/graphql-beta"
   }
 }
@@ -1,4 +1,3 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.13.3
+version: v1.13.4
 patch: {}
-ignore: {}
@@ -1,3 +1,46 @@
+# v2.0.0-rc.12
+This is our fourth release candidate for this project. While this project is technically still `pre-release` until we've released the final 2.0.0 version, it's the most stable version of Reaction Commerce, and we recommend starting new projects with it at this point. See https://github.com/reactioncommerce/example-storefront/issues/487#issuecomment-507468894 for more detail on this.
+
+This version should be used with `v2.0.0-rc.12` of https://github.com/reactioncommerce/reaction
+
+## Highlights
+We have [renamed](https://github.com/reactioncommerce/example-storefront/pull/544) this project from `reaction-next-starterkit` to `example-storefront` to better convey the intent behind our creating it.  We’re also [updating our docs](https://github.com/reactioncommerce/reaction-docs/pull/829) to clarify this change.
+
+The GraphQL API in [reaction v2.0.0-rc.12](https://github.com/reactioncommerce/reaction/pull/5259) has been changed from `/graphql-alpha` to `graphql-beta` to indicate the increased stability of the API. We think there are still some breaking changes to come in the next 3-6 months to the GraphQL API which is why we're keeping the `-beta` suffix for now. As you find bugs with that API, please file issues in the [reaction](https://github.com/reactioncommerce/reaction/issues) repo.
+
+# Improvements
+
+## Feature
+
+- feat: always send a response to logout requests (#520)
+- feat: add Orders to Account Profile (#507)
+
+## Fix
+
+- fix: de-duplicate styled-components package (#542)
+- fix: only run snyk when package.json changes (#541)
+- fix: change calibre ci step to use npx (#535)
+- fix: prettier config was in the wrong place (#532)
+- feat: remove unused fields from GQL query (#527)
+- fix: Update component theming example remove blocking code to allow starterkit to start (#514)
+
+## Chore
+
+- chore: removes fossa status from readme (#545)
+- chore: rename project to example-storefront (#544)
+- chore: fix debugger command in README (#539)
+- chore: change pinned deps to ~ ranges (#538)
+- chore: match license from LICENSE.md and README (#536)
+- chore: Switch to semver ~1.2.3 style ranges (#534)
+- chore: update yarn.lock to resolve snyk js-yaml vuln (#531)
+- chore: ignore snyk js-yaml vuln for 30 days (#523)
+
+## Docs
+
+- docs: remove production warning (#543)
+- docs: add instructions on how to run starterkit w/ prod API (#537)
+- docs: Fix minor typo on [README.md](http://readme.md) (#525)
+
 # v2.0.0-rc.11
 
 This is our third release candidate for this project. This project should be considered `pre-release` until we've released the final 2.0.0 version.
 
@@ -1,10 +1,10 @@
 FROM node:10-alpine
 
-ARG NAME=reaction-next-starterkit
+ARG NAME=example-storefront
 ARG DESCRIPTION=""
-ARG URL=https://github.com/reactioncommerce/reaction-next-starterkit
-ARG DOC_URL=https://github.com/reactioncommerce/reaction-next-starterkit
-ARG VCS_URL=https://github.com/reactioncommerce/reaction-next-starterkit
+ARG URL=https://github.com/reactioncommerce/example-storefront
+ARG DOC_URL=https://github.com/reactioncommerce/example-storefront
+ARG VCS_URL=https://github.com/reactioncommerce/example-storefront
 ARG VCS_REF
 ARG VENDOR
 ARG BUILD_DATE
@@ -54,7 +54,6 @@ LABEL maintainer="Reaction Commerce <[email protected]>" \
       com.reactioncommerce.docker.git.sha1=$GIT_SHA1 \
       com.reactioncommerce.docker.license=$LICENSE
 
-# apk list bash curl less vim | cut -d " " -f 1 | sed 's/-/=/' | xargs
 RUN apk --no-cache add bash curl less vim
 SHELL ["/bin/bash", "-o", "pipefail", "-o", "errexit", "-u", "-c"]
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"request": {`
`3`		`- "url": "http://localhost:3000/graphql-alpha"`
	`3`	`+ "url": "http://localhost:3000/graphql-beta"`
`4`	`4`	`}`
`5`	`5`	`}`