Skip to content

Commit

Permalink
Merge branch 'refs/heads/main' into improve-try-morphir
Browse files Browse the repository at this point in the history
  • Loading branch information
AttilaMihaly committed Dec 17, 2024
2 parents 53371fc + 884efc9 commit 0ae6042
Show file tree
Hide file tree
Showing 65 changed files with 16,923 additions and 19,831 deletions.
119 changes: 119 additions & 0 deletions .github/workflows/nodejs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Node.js CI
on:
push:
branches: [main]
pull_request_target:
branches: [main]

env:
SonatypeUrl: "https://finos.sonatype.app/platform/"
SonatypeAppId: "morphir-elm"
SonatypeScanTarget: "."
ExcludeDirectory: "**/docs/ **/.*'"

jobs:
# building project
build:
name: Build
runs-on: ${{ matrix.os }}
strategy:
matrix:
node-version: [20.x]
os: [ubuntu-latest]
steps:
- uses: actions/checkout@v4

- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}

- name: Cache NPM
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Cache Elm
uses: actions/cache@v4
with:
path: ~/.elm
key: ${{ runner.os }}-elm-${{ hashFiles('**/elm.json') }}
restore-keys: |
${{ runner.os }}-elm-
- name: Download dependencies
run: npm ci

- name: Build
run: npm run build --if-present

- name: Running Test
run: npm test

###########################
## Sonatype SCA Scanning ##
###########################
- name: Sonatype Lifecycle SCA Scan
if: github.repository_owner == 'finos'
id: evaluate
uses: sonatype/actions/evaluate@v1
with:
iq-server-url: ${{ env.SonatypeUrl }}
username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
application-id: ${{ env.SonatypeAppId }}
stage: "build"
scan-targets: ${{ env.SonatypeScanTarget }}
module-exclude: ${{ env.ExcludeDirectory }}

- name: Save Sonatype SBOM
uses: sonatype/actions/fetch-sbom@v1
if: always() && steps.evaluate.outputs.scan-id
with:
iq-server-url: ${{ env.SonatypeUrl }}
username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
application-id: ${{ env.SonatypeAppId }}
scan-id: ${{ steps.evaluate.outputs.scan-id }}
sbom-standard: spdx
sbom-version: 2.3
artifact-name: ${{ env.SonatypeAppId }}-bom

# CVE scanning
# cvescan:
# name: CVE Scanning
# runs-on: ubuntu-latest
# needs: [build]
# strategy:
# matrix:
# node-version: [18.x]
# steps:
# - uses: actions/checkout@v4
# - name: Use Node.js ${{ matrix.node-version }}
# uses: actions/setup-node@v4
# with:
# node-version: ${{ matrix.node-version }}
# - run: npm ci
# - run: npx --yes auditjs ossi --whitelist allow-list.json

# Semgrep static code analysis
semgrep:
name: Semgrep
runs-on: ubuntu-latest
# needs: [cvescan]
needs: [build]
container:
# A Docker image with Semgrep installed. Don't change this.
image: returntocorp/semgrep
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@v4
- run: semgrep scan --config auto --severity ERROR
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ dist
.idea
.metals/
morphir-ir.json
!tests-integration/cli2-qa-test/test-data/business-terms/morphir-ir.json

morphir-hashes.json
morphir-test-coverage.json
generated/
Expand All @@ -23,3 +25,7 @@ docs.json
tests-integration/reference-model/Dockerfile

.scala-build/
*Debug.log*
tests-integration/cli2-qa-test/test-data/.DS_Store
tests-integration/cli2-qa-test/test-data/business-terms/.DS_Store
*.DS_Store*
2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
lts/hydrogen
lts/iron
81 changes: 44 additions & 37 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# morphir-elm

![morphir-elm](docs/assets/2020_Morphir_Logo_Horizontal.svg)

[Morphir](https://github.com/finos/morphir) is a multi-language system built on a data format that captures an
[Morphir](https://github.com/finos/morphir) is a multi-language system built on a data format that captures an
application's domain model and business logic in a technology agnostic manner. This repo contains tools that
allow you to write your business logic in [Elm](https://elm-lang.org/), parse it into Morphir IR and transpile
allow you to write your business logic in [Elm](https://elm-lang.org/), parse it into Morphir IR and transpile
it to other languages like [Scala](https://www.scala-lang.org/) or visualize it to your business users using Elm.

We publish it both as an NPM and an Elm package:
Expand All @@ -13,16 +14,16 @@ We publish it both as an NPM and an Elm package:
- The [NPM package](#npm-package) contains the CLI for running the tools as part of your build.
- The [Elm package](#elm-package) supports multiple use-cases:
- It includes SDK functions that you can use while writing your business logic beyond the default `elm/core` support.
- It provides a type-safe API to work with the Morphir IR directly. You can use this to add your own logic builder,
visualization or language transpiler.
- It also provides access to the frontend that parses the Elm source code and returns Morphir IR. You could use this
to embed a business logic editor in your web UI.
- It provides a type-safe API to work with the Morphir IR directly. You can use this to add your own logic builder,
visualization or language transpiler.
- It also provides access to the frontend that parses the Elm source code and returns Morphir IR. You could use this
to embed a business logic editor in your web UI.

# NPM package

[![npm version](https://badge.fury.io/js/morphir-elm.svg)](https://badge.fury.io/js/morphir-elm)
The **morphir-elm** NPM package provides a CLI to run the tooling.

The **morphir-elm** NPM package provides a CLI to run the tooling.

## Installation

Expand Down Expand Up @@ -52,7 +53,7 @@ Each command has different options which are detailed below:

### `morphir-elm make`

This command reads Elm sources, translates to Morphir IR and outputs the IR into JSON.
This command reads Elm sources, translates to Morphir IR and outputs the IR into JSON.

```
Usage: morphir-elm make [options]
Expand All @@ -65,27 +66,34 @@ Options:
-h, --help output usage information
```

**Important**: The command requires a configuration file called `morphir.json` located in the project
**Important**: The command requires a configuration file called `morphir.json` located in the project
root directory with the following structure:

```
{
"name": "My.Package",
"sourceDirectory": "src",
"dependencies" : ["a", "b"]
"localDependencies" : ["a", "b"]
"exposedModules": [
"Foo",
"Bar"
]
}
```

* **name** - The name of the package. The package name should be a valid Elm module name and it should be used as a
module prefix in your Elm models. If your package name is `My.Package` all your module files should either be directly
under that or in submodules.
* **sourceDirectory** - The directory where your Elm sources are located.
* **exposedModules** - The list of modules in the public interface of the package. Module names should exclude the
common package prefix. In the above example `Foo` refers to the Elm module `My.Package.Foo`.

- **name** - The name of the package. The package name should be a valid Elm module name and it should be used as a
module prefix in your Elm models. If your package name is `My.Package` all your module files should either be directly
under that or in submodules.
- **sourceDirectory** - The directory where your Elm sources are located.
- **dependencies** - List of URI references to other IR files. Supports
`file://`|`http://`|`https://`|`data://` protocols.

* **localDependencies** - List of relative paths to depending IRs. (for backwards compatibility), ex: `"../sibling-folder/morphir-ir.json"`

- **exposedModules** - The list of modules in the public interface of the package. Module names should exclude the
common package prefix. In the above example `Foo` refers to the Elm module `My.Package.Foo`.

#### Examples

If you want to try the `make` command you can use the reference model we have under `tests-integration/reference-model`. Simply `cd` into the directory and run the command.
Expand Down Expand Up @@ -130,17 +138,16 @@ Options:

If you want to try the `develop` server you can use the reference model we have under `tests-integration/reference-model`. Simply `cd` into the directory and run the command.


# Elm package

[![Latest version of the Elm package](https://reiner-dolp.github.io/elm-badges/finos/morphir-elm/version.svg)](https://package.elm-lang.org/packages/finos/morphir-elm/latest)

The [finos/morphir-elm](https://package.elm-lang.org/packages/finos/morphir-elm/latest) package
The [finos/morphir-elm](https://package.elm-lang.org/packages/finos/morphir-elm/latest) package
provides various tools to work with Morphir. It contains the following main components:

- The [Morphir SDK](#morphir-sdk) which provides the base set of types and functions that Morphir tools support
out-of-the-box. (the SDK is a superset [elm/core](https://package.elm-lang.org/packages/elm/core/latest) with a few
exceptions documented below)
- The [Morphir SDK](#morphir-sdk) which provides the base set of types and functions that Morphir tools support
out-of-the-box. (the SDK is a superset [elm/core](https://package.elm-lang.org/packages/elm/core/latest) with a few
exceptions documented below)
- A type-safe API for the [Morphir IR](#morphir-ir) that allows you to create or inspect it.

## Installation
Expand All @@ -151,43 +158,43 @@ elm install finos/morphir-elm

## Morphir SDK

The goal of the `Morphir.SDK` module is to provide you the basic building blocks to build your domain model and
business logic. It also serves as a specification for backend developers that describes the minimum set of functionality
The goal of the `Morphir.SDK` module is to provide you the basic building blocks to build your domain model and
business logic. It also serves as a specification for backend developers that describes the minimum set of functionality
each backend implementation should support.

It is generally based on [elm/core/1.0.5](https://package.elm-lang.org/packages/elm/core/1.0.5/) and provides most of
It is generally based on [elm/core/1.0.5](https://package.elm-lang.org/packages/elm/core/1.0.5/) and provides most of
the functionality provided there except for some modules that fall outside the scope of business knowledge modeling:
`Debug`, `Platform`, `Process` and `Task`.

Apart from the modules mentioned above you can use everything that's available in `elm/core/1.0.5` without importing
Apart from the modules mentioned above you can use everything that's available in `elm/core/1.0.5` without importing
the `Morphir SDK`. The Elm frontend will simply map those to the corresponding type/function names in the Morphir SDK.

The `Morphir SDK` also provides some features beyond `elm/core/1.0.5`. To use those features you have to import the
specific `Morphir SDK` module.
The `Morphir SDK` also provides some features beyond `elm/core/1.0.5`. To use those features you have to import the
specific `Morphir SDK` module.

## Morphir IR

The `Morphir.IR` module defines a type-safe API to work with Morphir's intermediate representation. The module
The `Morphir.IR` module defines a type-safe API to work with Morphir's intermediate representation. The module
structure follows the structure of the IR. Here's a list of concepts in a top-down approach:

- [Distribution](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Distribution) is the output
of `morphir-elm make`. It represents a whole package with all of its dependencies.
- [Package](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Package) represents a set of
- [Package](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Package) represents a set of
modules that are versioned together.
- [Module](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Module) is a container
to group types and values.
- [Types](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Type) allow you to describe
your domain model.
- [Values](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Value) allows you to
- [Values](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Value) allows you to
describe your business logic.
- [Names](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Name) provide a naming
convention agnostic representation for all nodes that can be named: types, values, modules and packages. Names can be
- [Names](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Name) provide a naming
convention agnostic representation for all nodes that can be named: types, values, modules and packages. Names can be
composed into hierarchies:
- [path](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Path) is a list of names
- [path](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-Path) is a list of names
- [qualifield name](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-QName) is a module path with a local name
- [fully-qualifield name](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-FQName) is a package path with a qualified name
- [AccessControlled](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-AccessControlled)
is a utility to define visibility constraints for modules, types and values
- [AccessControlled](https://package.elm-lang.org/packages/finos/morphir-elm/latest/Morphir-IR-AccessControlled)
is a utility to define visibility constraints for modules, types and values

## Contributing

Expand All @@ -202,7 +209,7 @@ structure follows the structure of the IR. Here's a list of concepts in a top-do

_NOTE:_ Commits and pull requests to FINOS repositories will only be accepted from those contributors with an active, executed Individual Contributor License Agreement (ICLA) with FINOS OR who are covered under an existing and active Corporate Contribution License Agreement (CCLA) executed with FINOS. Commits from individuals not covered under an ICLA or CCLA will be flagged and blocked by the FINOS Clabot tool. Please note that some CCLAs require individuals/employees to be explicitly named on the CCLA.

*Need an ICLA? Unsure if you are covered under an existing CCLA? Email [[email protected]](mailto:[email protected])*
_Need an ICLA? Unsure if you are covered under an existing CCLA? Email [[email protected]](mailto:[email protected])_

### Publishing new releases

Expand Down
3 changes: 2 additions & 1 deletion allow-list.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
{ "id": "sonatype-2012-0022", "reason": "ExpressJs has no intentions of fixing this `HTTP Splitting Attack`" },
{ "id": "CVE-2022-2596", "reason": "Typespec Compiler using node-fetch < 3.2.10" },
{ "id": "sonatype-2022-3677", "reason": "Node-fetch - Exposure of Sensitive Information to an Unauthorized Actor" },
{ "id": "sonatype-2021-0078", "reason": "After scanning the code we found that we are not using the impacted Express.js functions" }
{ "id": "sonatype-2021-0078", "reason": "After scanning the code we found that we are not using the impacted Express.js functions" },
{ "id": "CVE-2024-10491", "reason": "This CVE only impacts Express.js up to version 3.12.1 but the Sonatype database incorrectly stamps every version." }
]
}
Loading

0 comments on commit 0ae6042

Please sign in to comment.