A tip to ease the process creating new feature branch

We use feature/ticket-number-team-abbr as feature branch name, such as feature/mt-1234-axo at work.

If you mainly work with a huge repository. Everytime, you switch to the integration/main branch and run git pull before you create a feature branch, it would take a while as it needs to update your work directory and normally there are a lot of files changed.

I use a different way which is a little bit speedy. Whatever which branch you are now in, run

git fetch && git checkout -b feature/mt-xxxx-axo origin/integration 

It helps but I still need to type the above, which is still a lot of letters! So, I create a bash script to help me more,

see the following command nbi 38546

nbi 38546
remote: Enumerating objects: 22, done.
remote: Counting objects: 100% (22/22), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 22 (delta 17), reused 22 (delta 17), pack-reused 0
Unpacking objects: 100% (22/22), 4.43 KiB | 5.00 KiB/s, done.
From github.com:Euronet-XE/DFX
   941796a8a..11f76bff7  feature/mt-38183-fugu -> origin/feature/mt-38183-fugu
 * [new branch]          feature/mt-39492-ice  -> origin/feature/mt-39492-ice
 * [new branch]          feature/mt-39744-ice-card -> origin/feature/mt-39744-ice-card
branch 'feature/mt-38546-axo' set up to track 'origin/integration'.
David.Wei @ /d/git/xemt-core/dfx - [feature/mt-38546-axo] $

what’s in this nbi script? here it is

cat ~/bin/nbi
#!/bin/bash

# Check if the current directory is a git repository
if ! git rev-parse --is-inside-work-tree &>/dev/null; then
    echo "Error: Current directory is not a git repository."
    exit 1
fi

# Run git fetch to get the latest changes from the remote repository
git fetch

# Determine the action based on the script name
case "$(basename "$0")" in
    nbi)
        # Check if an argument is provided
        if [[ $# -eq 1 ]]; then
            # Run git checkout to create and switch to a new branch based on the integration branch
            git checkout -b "feature/mt-$1-axo" "origin/integration"
            exit $?
        else
            echo "Usage: $0 <anumber>"
            exit 1
        fi
        ;;
    nbm)
        # Check if an argument is provided
        if [[ $# -eq 1 ]]; then
            # Run git checkout to create and switch to a new branch based on the main branch
            git checkout -b "feature/mt-$1-axo" "origin/main"
            exit $?
        else
            echo "Usage: $0 <anumber>"
            exit 1
        fi
        ;;
    *)
        echo "Error: Unsupported script name."
        exit 1
        ;;
esac

why do I call it nbi ? haha, it is a ABBR from new branch from integration

Wait, why did I mention nbm in the script? Yes, you can copy this nbi script with name nbm , then using the nbm command it will work the same way with the repositories that use main as the integration branch.

Did you see? How lazy I am!

Sharing pre-request script among Postman collections

I tried a few ways to write a script that can be reused among a few of postman request collections and finally I got a solution I like.

  1. Using const or let keywords to define internal used objects or utility containers. For example
    const stpCommon = {
      randomCharacters: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'.split(''),
      nonUsdCurrencies: 'GBP,AUD,NZD,CAD,JPY,EUR'.split(','),
      getCurrencyPair: (currency) => `${currency}/USD`,
      getRandomRate: () => (Math.random() * 0.9 + 0.8).toFixed(5),
      getRandomElement: (array) => {
     if (array.length === 0) {
       throw new Error('Cannot get a random element from an empty array');
     }
     const randomIndex = Math.floor(Math.random() * array.length);
     return array[randomIndex];
      },
      getNextWeekday: function (date) {
     const clonedDate = new Date(date);
     const day = clonedDate.getDay();
     if (day === 6) {
       clonedDate.setDate(clonedDate.getDate() + 2);
     } else if (day === 0) {
       clonedDate.setDate(clonedDate.getDate() + 1);
     }
      },
      getBasicRequest: () => {
     const fixedAmountCurrency = stpCommon.getFixedAmountCurrency()
     return {
       currencyPair: stpCommon.getCurrencyPair(fixedAmountCurrency),
       rate: stpCommon.getRandomRate(),
       side: "2",
       fixedAmount: stpCommon.getFixedAmount(),
       ...
     }
    ...
    
  2. Using object name itself in its member methods. don't use this keyword, see the last method in above example.
  3. At the end of your script, using a conditional block to expose the object you want in Postman environment, normally one object is enough. For instance:
    // the only way to expose an object in postman, is to define a object without any declaration keywords like var/let/const
    // the following is a hack to expose the object in postman without troubling Node.js as in Node.js, we are not allowed to
    // define a variable without any declaration keywords like var/let/const
    if (typeof(pm) !== 'undefined') {
      stpUtils = _stpUtils
    }
    
  4. At the end of your script, utilize conditional exports the objects that you want to use in Node.js environment, this step enables writing test cases for it. For example
    const utilsA = {...}
    const utilsB = {...}
    const _utilsC = {something using utilsA & utilsB}
    // provided you want to use utilsC in postman
    if (typeof(pm) !== 'undefined') {
      utilsC = _utilsC
    }
    // and you want to expose all objects in your test cases
    if (typeof (module) !== 'undefined') {
      module.exports = {
     utilsA, utilsB, _utilsC
      }
    }
    

    This way, you can paste all the script body into the postman scripts tab without trouble, while in Node.js env, you can freely use Jest or other unit test framework to write test cases for your shard library. What a great solution!

Outputing human friendly JSON string by JSON.stringify

method 1:

JSON.stringify(obj, null, '\t');

This "pretty-prints" your JSON string, using a tab for indentation.

method 2:

If you prefer to use spaces instead of tabs, you could also use a number for the number of spaces you'd like :

JSON.stringify(obj, null, 2);

Reference

Generating Android 5-Compatible HTTPS Certificates on Ubuntu and Automating Renewal

In the realm of modern web development, the HTTPS protocol stands as a cornerstone of security. While Let's Encrypt provides SSL certificates at no cost, their certificate chains don't always play well with older Android versions, such as Android 5. This guide delves into the art of generating Android 5-compatible certificates and automating their renewal.

Step 1: Install Certbot and Nginx

Before embarking on this quest, ensure that your Ubuntu host has Certbot and Nginx installed.

sudo apt-get update
sudo apt-get install certbot nginx

Step 2: Download ISRG Root X1 Certificate

From the Let's Encrypt website, procure the latest ISRG Root X1 certificate and store it in a designated directory.

sudo wget -O /etc/letsencrypt/isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem

Step 3: Craft the Automation Script

Forge a script named "update-certificates.sh" that automatically generates an Android 5-compatible certificate chain and reloads Nginx's configuration whenever Certbot renews the certificate.

#!/bin/bash

DOMAIN="yourdomain.com" 
CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
FULLCHAIN="$CERT_DIR/fullchain.pem"
PRIVKEY="$CERT_DIR/privkey.pem"
ANDROID_FULLCHAIN="$CERT_DIR/fullchain-android.pem"
ISRG_ROOT="/etc/letsencrypt/isrgrootx1.pem"

# Generate Android5-compatible certificate chain
sudo cat $FULLCHAIN $ISRG_ROOT | sudo tee $ANDROID_FULLCHAIN > /dev/null

# Reload Nginx configuration
sudo systemctl reload nginx

Remember to replace "yourdomain.com" with your actual domain name and verify the paths are correct.

Step 4: Grant Script Execution Privileges

sudo chmod +x /path/to/update-certificates.sh

Step 5: Configure Certbot Renewal Hook

Certbot allows running custom hook scripts upon certificate renewal. Configure the aforementioned script as Certbot's "--deploy-hook" hook.

Edit Certbot's renewal configuration file (usually located at /etc/letsencrypt/renewal/yourdomain.com.conf):

renew_hook = /path/to/update-certificates.sh

Alternatively, configure it using Certbot's command-line option:

sudo certbot renew --deploy-hook /path/to/update-certificates.sh

Step 6: Set Up Automatic Renewal

Certbot by default sets up a cron job or systemd timer to automatically renew certificates. Verify this using the following command:

sudo systemctl list-timers | grep certbot

If no automatic renewal task exists, add a cron job manually:

sudo crontab -e

In the crontab file, add the following line to perform a renewal check daily:

0 2 * * * /usr/bin/certbot renew --deploy-hook /path/to/update-certificates.sh

Conclusion

By following these steps, you can ensure that HTTPS certificates generated using Let's Encrypt are compatible with Android 5 and automate certificate renewal. This eliminates the need to manually renew certificates every three months, significantly streamlining website maintenance.

Ubuntu主机生成兼容Android5证书并自动续期

English version

文言文,雅文也。余心向往之,故尝试以文言述此篇,若令君不悦,尚请原谅。

叙言

现代之网站开发,使用HTTPS协定,甚关键。Let's Encrypt所赐之SSL证书虽免费,然其证书链,不尽兼容旧安卓版本,如Android5。本文叙及生成兼容Android5证书之法,及自动续期之道。

第一步:安装Certbot及Nginx

先须确保汝主机上安装有Certbot及Nginx。

sudo apt-get update
sudo apt-get install certbot nginx

第二步:下载ISRG Root X1证书

自Let's Encrypt网站下载最新之ISRG Root X1证书,贮于指定之目录。

sudo wget -O /etc/letsencrypt/isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem

第三步:编写自动化符

创一脚本名"update-certificates.sh",每当Certbot续证书后,自动生成兼容Android5证书链,并重新加载Nginx之配置。

#!/bin/bash

DOMAIN="yourdomain.com" 
CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
FULLCHAIN="$CERT_DIR/fullchain.pem"
PRIVKEY="$CERT_DIR/privkey.pem"
ANDROID_FULLCHAIN="$CERT_DIR/fullchain-android.pem"
ISRG_ROOT="/etc/letsencrypt/isrgrootx1.pem"

# 生成兼容Android5证书链
sudo cat $FULLCHAIN $ISRG_ROOT | sudo tee $ANDROID_FULLCHAIN > /dev/null

# 重新加载Nginx之配置
sudo systemctl reload nginx

切记将DOMAIN替换为汝之实际域名,确保路径正确。

第四步:赐予脚本执行权

sudo chmod +x /path/to/update-certificates.sh

第五步:配置Certbot续订钩子

Certbot支持于续订证书后运行自定义钩子脚本。将上脚本配置为Certbot之"--deploy-hook"钩子。

编辑Certbot之续订配置文件(通常在/etc/letsencrypt/renewal/yourdomain.com.conf):

renew_hook = /path/to/update-certificates.sh

或使用Certbot之命令行选项配置:

sudo certbot renew --deploy-hook /path/to/update-certificates.sh

第六步:设置自动续订

Certbot默将配置一cron作业或systemd timer以自动续订证书。可通过以下命令确认:

sudo systemctl list-timers | grep certbot

若无自动续订任务,可手动添加一cron作业:

sudo crontab -e

于crontab文件中添加以下行,每日运行续订检查:

0 2 * * * /usr/bin/certbot renew --deploy-hook /path/to/update-certificates.sh

总结

经上述步骤,可确保使用Let's Encrypt所生之HTTPS证书兼容Android5,并实现证书之自动续订。如是,则无需每三月手动更新一次证书,大大简化了网站之维护工作。