feat: release binaries #105
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marco-ippolito
force-pushed
the
pack-some-bins
branch
from
a5f13f9 to
082da69
Compare
marco-ippolito
force-pushed
the
pack-some-bins
branch
11 times, most recently
from
9878c46 to
52a82e6
Compare
|
I think the command The documentation isn't super clear on how the |
marco-ippolito
force-pushed
the
pack-some-bins
branch
12 times, most recently
from
326bb64 to
70b220c
Compare
marco-ippolito
force-pushed
the
pack-some-bins
branch
from
70b220c to
344ba07
Compare
edezekiel
reviewed
Mar 18, 2025
| @@ -17,7 +16,7 @@ $ npm install -g @herodevs/cli | |||
| $ hd COMMAND | |||
| running command... | |||
| $ hd (--version) | |||
| @herodevs/cli/2.0.0 darwin-arm64 node-v22.14.0 | |||
| @herodevs/cli/2.0.0 darwin-arm64 node-v22.13.0 | |||
There was a problem hiding this comment.
Nit: should this be @herodevs/cli/1.0.0-beta This comment also applies to all other instances of @herodevs/cli/2.0.0 (and "version": "2.0.0") in this PR
edezekiel
reviewed
Mar 18, 2025
edezekiel
reviewed
Mar 18, 2025
edezekiel
reviewed
Mar 18, 2025
edezekiel
reviewed
Mar 18, 2025
edezekiel
reviewed
Mar 18, 2025
edezekiel
approved these changes
Mar 19, 2025
* chore: set draft to true while still wip * chore: fix package versions * chore: add github token to publish step * chore: debug publish ci step * chore: add more debugging * chore: revert to hd-* for upload artifact * chore: try different token for npm publish * chore: add missing registry-url * chore: moar debug * chore: add missing --no-xz to win build * chore: fix files glob in final step
edezekiel
added a commit
that referenced
this pull request
Mar 21, 2025
* feat: release binaries * chore: fix package versions and add token (#107) * chore: set draft to true while still wip * chore: fix package versions * chore: add github token to publish step * chore: debug publish ci step * chore: add more debugging * chore: revert to hd-* for upload artifact * chore: try different token for npm publish * chore: add missing registry-url * chore: moar debug * chore: add missing --no-xz to win build * chore: fix files glob in final step --------- Co-authored-by: Edward Ezekiel <[email protected]>
edezekiel
added a commit
that referenced
this pull request
Mar 21, 2025
* feat: release binaries * chore: fix package versions and add token (#107) * chore: set draft to true while still wip * chore: fix package versions * chore: add github token to publish step * chore: debug publish ci step * chore: add more debugging * chore: revert to hd-* for upload artifact * chore: try different token for npm publish * chore: add missing registry-url * chore: moar debug * chore: add missing --no-xz to win build * chore: fix files glob in final step --------- Co-authored-by: Edward Ezekiel <[email protected]>
edezekiel
added a commit
that referenced
this pull request
Mar 21, 2025
* feat: release binaries * chore: fix package versions and add token (#107) * chore: set draft to true while still wip * chore: fix package versions * chore: add github token to publish step * chore: debug publish ci step * chore: add more debugging * chore: revert to hd-* for upload artifact * chore: try different token for npm publish * chore: add missing registry-url * chore: moar debug * chore: add missing --no-xz to win build * chore: fix files glob in final step --------- Co-authored-by: Edward Ezekiel <[email protected]>
marco-ippolito
added a commit
that referenced
this pull request
Mar 21, 2025
* chore: delete everything * feat(sbom): generate sbom with cdxgen feat(scan): submit scan + parse response * chore: clean up types and fix linting errors (#85) - Fix `NesClient.scan.sbom` type - Remove `any` where feasible. - Add explicit return types where feasible - Connect `Line` type with `ScanResultComponent` type * feat: oclif cleanup * feat: generate report command * fix(): update tsconfig to build command works Previously, running `npm run build` failed to yield a `dist` folder. Why Does Removing "composite": true" Fix The Issue? This Oclif CLI project is not a multi-project TypeScript setup, and it doesn’t use project references (references in tsconfig.json). Because of this: • TypeScript was waiting for project references that didn’t exist. • tsc -b behaves differently when "composite": true is enabled, sometimes skipping compilation if it thinks nothing changed. • Removing "composite": true allowed tsc to compile as a normal single-project setup. * chore: update readme Update repository setting in package.json, allowing for programmatic update of README.md. Ran `npm exec oclif readme` * chore: delete unused dev.ts file * chore: update readme * chore: add dev npm command * chore: delete references from test tsconfig Since composite was deleted from the root tsconfig, references is unused in the test tsconfig. Interestingly, a freshly generated oclif CLI project does not have composite in the root tsconfig, but it does have references in the test/tsconfig. * chore: drop unused dependencies (#87) * chore: improve linting and project posture (#89) * chore: use erasableSyntaxOnly * chore: use erasableSyntaxOnly and node.js test runner * chore: improve linting and project posture * chore: commitlint on ci * feat: extract line logic into new service (#90) This commit ensures that if a line is marked as isEol true but the status is somehow not EOL, an error is thrown in the ui. Additionally, this commit lays the groundwork for more robust parsing. The eol scanner command (eol.ts), returns ScanResultComponent[] from an sbom. Then, the eol.svc service transforms ScanResultComponents into Lines. Something like zod would be useful to actually ensure that we are parsing ScanResultComponents into lines in a type-safe manner. This commit starts us down that road by extracting Line-related logic into a new service. * chore: add debug for unknown purls (#91) * chore: add warning for unknown purls This commit adds a debug in cases where a generated sbom has a purl, but the NES/XEOL database does not have any information. This commit also improves typing in several ways that makes it easier to trace why scan details might be missing in the first place: - Use an actual Map when building scan results - set ScanResultComponent.status to optional to match current api - create ComponentStatus type union - replace optional Line properties with defined properties where feasible * feat: filter from `prepareRows` where not details (#92) * feat: filter from `prepareRows` where not details If details don't exist for a given Component (i.e., we don't have XEOL data), then we'll throw a debug warning and filter out those results from Lines. Additionally: - create getStatusFromComponent method to standardize how a status is derived from component info - add specs for the same * chore: refactor getStatusFromComponent Simplify the return statement to avoid an unnecessary status variable. * perf: refactor prepare-rows method to use for loop (#93) * chore: add specs for eol.svc.ts This commit is in preparation for refactoring the service to use a more performant for loop instead of multiple filters and maps. * perf: refactor prepare-rows method to use for loop * feat: update src/service/eol/eol.svc.ts Co-authored-by: Marco Ippolito <[email protected]> * feat: update src/service/eol/eol.svc.ts Co-authored-by: Marco Ippolito <[email protected]> * feat: update src/service/eol/eol.svc.ts Co-authored-by: Marco Ippolito <[email protected]> --------- Co-authored-by: Marco Ippolito <[email protected]> * feat: add --save and --file flags (#94) * feat: refactor extract-components to just purls In some cases, cyclonedx attaches metadata in the sbom about where a purl occurred in the codebase: sbom.components.evidence.occurrences. Not every component has occurrences. The CLI currently does not do anything with occurrence data, and it is not part of the v0 or v1 requirements to display it to the user. If we can delete occurrences from the final report ui, we can greatly simplify the data flow into a pipeable set of operations: => generate sbom (or load pre-existing sbom) => get purls from sbom => post purls to monorepo api => transform api response (scan) to user report => download report and/or send report to herodevs * chore: alphabetize scripts, add readme script * chore: add cspell words * fix: update method that checks for eol status Only throw error if component status is set to a truthy value. * feat: add --save and --file flags The save flag allows a user to save a generated sbom to the project. The file flag allows a user to load a pre-existing cyclonedx sbom and use that for the eol scan. Skipping the cli step of generating a sbom. * chore: update readme with new flags * feat: create purls report command This command generates a report of purls for the user. * feat: simplify extract-purls method Input is always valid since its validated by validateIsCycloneDxSbom * chore: refactor error handling in save method Duck typing > instance checking * feat: allow users to save purls in csv format (#102) * feat: allow purls to be outputted in csv format * fix: ensure only sbom flags are passed to command Previously, all flags from the 'parent' commands were getting passed to the sbom commands. This threw an error if the parent command, e.g. 'report purls', has a command that doesn't exist in the sbom command. * feat: improve csv output formatting * chore: add purls.svc tests * fix: fix some more stuff * chore: add license * chore: set commitlint config * chore: fix readme markdown * feat: setup release please * chore: simplify tsconfig * feat: release binaries (#105) * feat: release binaries * chore: fix package versions and add token (#107) * chore: set draft to true while still wip * chore: fix package versions * chore: add github token to publish step * chore: debug publish ci step * chore: add more debugging * chore: revert to hd-* for upload artifact * chore: try different token for npm publish * chore: add missing registry-url * chore: moar debug * chore: add missing --no-xz to win build * chore: fix files glob in final step --------- Co-authored-by: Edward Ezekiel <[email protected]> * feat: implement report committers command (#106) * feat: implement report committers command The new `report committers` command can be used to generate a report of recent committers to a project. By default, it will look for contributions over the past 12 months. The time period can be customized using the `--months` flag. The command optionally saves the output to file. The output can be set to text, csv, or json format. Please note, this command leverages `git log` built-in methods for handling commits since a certain date. To the extent `git log` fails to handle edge cases such as Daylight Savings time and/or timezone issues, this command will also fail to handle those scenarios. If a more accurate date-parsing feature is necessary it can be revisited when needed. * feat: ensure all committers to repo are counted Including committers on other branches. * chore: limit release step to workflow_dispatch * feat: use modern node syntax for object handling * feat: implement loose module boundaries (#108) * feat: create and apply cursorrules * feat: extract api types and queries * feat: add api-layer rules * chore: move log.util into services * feat: add auto-update feature (#109) * feat: install plugin-update and create updater * feat: fix typing on update config * build: update workflows in preparation for release * feat: prevent eol scan on beta release * chore: disable spec until eol scan is ready * chore: fix beta version * chore: add update hooks to platform packages * refactor: remove hooks from root package.json The root package.json's oclif config should not execute hooks directly since it's used when running via npx, which would use the user's Node.js runtime. Instead, hooks should only run in the context of the standalone platform binaries. - Remove prerun hook (CommandContextHook) - Remove init hook (update) This ensures hooks run in the correct context: - Development: hooks run via platform-specific package.json - Production: hooks run in standalone binaries - npx: no hooks run (preventing use of user's Node.js runtime) * fix: install inquirer package --------- Co-authored-by: David Welch <[email protected]> Co-authored-by: Marco Ippolito <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.