Merge pull request #1711 from forcedotcom/release-4.8.0

RELEASE @W-17291574@ Conducting v4.8.0 release

Author: jag-j

.github/workflows/create-github-release.yml

@@ -2,26 +2,26 @@ name: create-github-release
 on:
   pull_request:
     branches:
-      - main
+      - main-4
     types:
       # There's no event type for "merged", so we just run any time a PR is closed, and exit early
       # if the PR wasn't actually merged.
       - closed
 
 jobs:
   create-github-release:
-    # Since the workflow runs any time a PR against main is closed, we need this
+    # Since the workflow runs any time a PR against main-4 is closed, we need this
     # `if` to make sure that the workflow only does anything meaningful if the PR
     # was actually merged.
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
-      - name: Checkout main
+      - name: Checkout main-4
         uses: actions/checkout@v4
         with:
-          ref: main
+          ref: main-4
       - name: Get version property
         id: get-version-property
         run: |
@@ -33,6 +33,6 @@ jobs:
           tag_name: v${{ steps.get-version-property.outputs.package_version }}
           name: v${{ steps.get-version-property.outputs.package_version }}
           body: See [release notes](https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/release-notes.html)
-          target_commitish: main
+          target_commitish: main-4
           token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
           make_latest: true

.github/workflows/create-release-branch.yml

@@ -23,10 +23,10 @@ jobs:
     outputs:
       branch-name: ${{ steps.create-branch.outputs.branch_name }}
     steps:
-      # Checkout `dev`
+      # Checkout `dev-4`
       - uses: actions/checkout@v4
         with:
-          ref: 'dev'
+          ref: 'dev-4'
       # We need to set up Node and install our Node dependencies.
       - uses: actions/setup-node@v4
         with:

.github/workflows/heartbeat-v4.yml

@@ -0,0 +1,138 @@
+name: heartbeat-v4
+on:
+  workflow_call: # As per documentation, the colon is necessary even though no config is required.
+  workflow_dispatch: # As per documentation, the colon is necessary even though no config is required.
+
+jobs:
+  production-heartbeat:
+    strategy:
+      # By default, if any job in a matrix fails, all other jobs are immediately cancelled. This makes the jobs run to completion instead.
+      fail-fast: false
+      matrix:
+        os: [{vm: ubuntu-latest, exe: .sh}, {vm: windows-2019, exe: .cmd}]
+        node: ['lts/*']
+    runs-on: ${{ matrix.os.vm }}
+    timeout-minutes: 60
+    steps:
+      # === Setup. We need to get the code, set up nodejs, and create the results directory. ===
+      - uses: actions/checkout@v4
+        with:
+          ref: 'main-4'
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+      - run: mkdir smoke-test-results
+
+      # === Set our environment variables, either using default values or the repo's secrets ===
+      - name: Set environment variables
+        id: env_var_setup
+        # We'll want to use bash for this, to avoid any cross-platform shenanigans
+        shell: bash
+        run: |
+          # In the following script, the use of the `echo "name=value" >> $GITHUB_ENV` structure is used to set/update
+          # environment variables. Such updates are visible to all subsequent steps.
+          #
+          # If the CLI_VERSION repo secret is set, we want to install that version ofsf-cli, so we set an environment
+          # variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`.
+          # Note: This can be used to intentionally fail the GHA by providing an invalid version number.
+          if [[ -n "${{ secrets.CLI_VERSION }}" ]]; then
+            echo "CLI_VERSION=@${{ secrets.CLI_VERSION}}" >> $GITHUB_ENV
+          fi
+          # If the SCANNER_VERSION repo secret is set, we want to install that version of sfdx-scanner, so we set an
+          # environment variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`.
+          # Note: This can be used to intentionally fail the GHA by providing an invalid version number.
+          if [[ -n "${{ secrets.SCANNER_VERSION }}" ]]; then
+            echo "SCANNER_VERSION=@${{ secrets.SCANNER_VERSION }}" >> $GITHUB_ENV
+          fi
+          # If the FAIL_SMOKE_TESTS repo secret is set to ANY value, we should respond by deleting the `test/test-jars`
+          # folder. The smoke tests expect this folder's contents to exist, so an invocation of `scanner:rule:add` should
+          # fail, thereby failing the smoke tests as a whole.
+          # Note: This serves no purpose aside from providing a way to simulate a smoke test failure.
+          if [[ -n "${{ secrets.FAIL_SMOKE_TESTS }}" ]]; then
+            rm -rf ./test/test-jars
+          fi
+
+
+      # === Make three attempts to install SF through npm ===
+      - name: Install SF
+        id: sf_install
+        # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up.
+        # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made.
+        run: |
+          (echo "::set-output name=retry_count::0" && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) ||
+          (echo "::set-output name=retry_count::1" && sleep 60 && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) ||
+          (echo "::set-output name=retry_count::2" && sleep 300 && npm install -g @salesforce/cli${{ env.CLI_VERSION }})
+
+      # === Make three attempts to install the scanner plugin through sf ===
+      - name: Install Scanner Plugin
+        id: scanner_install
+        # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up.
+        # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made.
+        run: |
+          (echo "::set-output name=retry_count::0" && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
+          (echo "::set-output name=retry_count::1" && sleep 60 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
+          (echo "::set-output name=retry_count::2" && sleep 300 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }})
+
+      # === Log the installed plugins for easier debugging ===
+      - name: Log plugins
+        run: sf plugins
+
+      # === Attempt to execute the smoke tests ===
+      - name: Run smoke tests
+        id: smoke_tests
+        run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
+
+      # === Upload the smoke-test-results folder as an artifact ===
+      - name: Upload smoke-test-results folder as artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: smoke-test-results-${{ runner.os }}
+          path: smoke-test-results
+
+      # === Report any problems ===
+      - name: Report problems
+        # There are problems if any step failed or was skipped.
+        # Note that the `join()` call omits null values, so if any steps were skipped, they won't have a corresponding
+        # value in the string.
+        if: ${{ failure() || cancelled() }}
+        shell: bash
+        env:
+          # Build the status strings for each step as environment variables to save space later. Null retry_count values
+          # will be replaced with `n/a` to maintain readability in the alert.
+          CLI_INSTALL_STATUS: ${{ steps.sf_install.outcome }} after ${{ steps.sf_install.outputs.retry_count || 'n/a' }} retries
+          SCANNER_INSTALL_STATUS: ${{ steps.scanner_install.outcome }} after ${{ steps.scanner_install.outputs.retry_count || 'n/a' }} retries
+          SMOKE_TESTS_STATUS: ${{ steps.smoke_tests.outcome }}
+          # A link to this run, so the PagerDuty assignee can quickly get here.
+          RUN_LINK: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        run: |
+          # GHA env-vars don't have robust conditional logic, so we'll use this if-else branch to define some bash env-vars.
+          ALERT_SEV="critical"
+          ALERT_SUMMARY="Production heartbeat script failed on ${{ runner.os }}"
+          # Define a helper function to create our POST request's data, to sidestep issues with nested quotations.
+          generate_post_data() {
+          # This is known as a HereDoc, and it lets us declare multi-line input ending when the specified limit string,
+          # in this case EOF, is encountered.
+          cat <<EOF
+          {"payload": {
+            "summary": "${ALERT_SUMMARY}",
+            "source": "Github Actions",
+            "severity": "${ALERT_SEV}",
+            "custom_details": "SF install: ${{ env.CLI_INSTALL_STATUS }}. Scanner install: ${{ env.SCANNER_INSTALL_STATUS }}. Smoke tests: ${{ env.SMOKE_TESTS_STATUS }}."
+          },
+          "links": [{
+            "href": "${{ env.RUN_LINK }}",
+            "text": "Link to action execution"
+          }],
+          "event_action": "trigger",
+          "dedup_key": "GH-HB-${{ matrix.os.vm }}-${{ matrix.node }}",
+          "routing_key": "${{ secrets.PAGERDUTY_HEARTBEAT_KEY }}"
+          }
+          EOF
+          }
+          # Make our POST request
+          curl --request POST --data "$(generate_post_data)" https://events.pagerduty.com/v2/enqueue

.github/workflows/production-heartbeat.yml

@@ -8,145 +8,7 @@ on:
     # the jobs run only close to business hours of Central Time.
     # Days were chosen to run only from Monday through Friday.
     - cron: '45 13,17,21 * * 1,2,3,4,5'
-jobs:
-  production-heartbeat:
-    strategy:
-      # By default, if any job in a matrix fails, all other jobs are immediately cancelled. This makes the jobs run to completion instead.
-      fail-fast: false
-      matrix:
-        os: [{vm: ubuntu-latest, exe: .sh}, {vm: windows-2019, exe: .cmd}]
-        node: ['lts/*']
-    runs-on: ${{ matrix.os.vm }}
-    timeout-minutes: 60
-    steps:
-      # === Setup. We need to get the code, set up nodejs, and create the results directory. ===
-      - uses: actions/checkout@v4
-        with:
-          ref: 'release'
-      - uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node }}
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '11'
-      - run: mkdir smoke-test-results
-
-      # === Set our environment variables, either using default values or the repo's secrets ===
-      - name: Set environment variables
-        id: env_var_setup
-        # We'll want to use bash for this, to avoid any cross-platform shenanigans
-        shell: bash
-        run: |
-          # In the following script, the use of the `echo "name=value" >> $GITHUB_ENV` structure is used to set/update
-          # environment variables. Such updates are visible to all subsequent steps.
-          #
-          # If the CLI_VERSION repo secret is set, we want to install that version ofsf-cli, so we set an environment
-          # variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`.
-          # Note: This can be used to intentionally fail the GHA by providing an invalid version number.
-          if [[ -n "${{ secrets.CLI_VERSION }}" ]]; then
-            echo "CLI_VERSION=@${{ secrets.CLI_VERSION}}" >> $GITHUB_ENV
-          fi
-          # If the SCANNER_VERSION repo secret is set, we want to install that version of sfdx-scanner, so we set an
-          # environment variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`.
-          # Note: This can be used to intentionally fail the GHA by providing an invalid version number.
-          if [[ -n "${{ secrets.SCANNER_VERSION }}" ]]; then
-            echo "SCANNER_VERSION=@${{ secrets.SCANNER_VERSION }}" >> $GITHUB_ENV
-          fi
-          # If the FAIL_SMOKE_TESTS repo secret is set to ANY value, we should respond by deleting the `test/test-jars`
-          # folder. The smoke tests expect this folder's contents to exist, so an invocation of `scanner:rule:add` should
-          # fail, thereby failing the smoke tests as a whole.
-          # Note: This serves no purpose aside from providing a way to simulate a smoke test failure.
-          if [[ -n "${{ secrets.FAIL_SMOKE_TESTS }}" ]]; then
-            rm -rf ./test/test-jars
-          fi
-
-
-      # === Make three attempts to install SF through npm ===
-      - name: Install SF
-        id: sf_install
-        # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up.
-        # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made.
-        run: |
-          (echo "::set-output name=retry_count::0" && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) ||
-          (echo "::set-output name=retry_count::1" && sleep 60 && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) ||
-          (echo "::set-output name=retry_count::2" && sleep 300 && npm install -g @salesforce/cli${{ env.CLI_VERSION }})
-
-      # === Make three attempts to install the scanner plugin through sf ===
-      - name: Install Scanner Plugin
-        id: scanner_install
-        # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up.
-        # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made.
-        run: |
-          (echo "::set-output name=retry_count::0" && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
-          (echo "::set-output name=retry_count::1" && sleep 60 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
-          (echo "::set-output name=retry_count::2" && sleep 300 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }})
 
-      # === Log the installed plugins for easier debugging ===
-      - name: Log plugins
-        run: sf plugins
-
-      # === Attempt to execute the smoke tests ===
-      - name: Run smoke tests
-        id: smoke_tests
-        run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
-
-      # === Upload the smoke-test-results folder as an artifact ===
-      - name: Upload smoke-test-results folder as artifact
-        if: ${{ always() }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: smoke-test-results-${{ runner.os }}
-          path: smoke-test-results
-
-      # === Report any problems ===
-      - name: Report problems
-        # There are problems if any step failed or was skipped.
-        # Note that the `join()` call omits null values, so if any steps were skipped, they won't have a corresponding
-        # value in the string.
-        if: ${{ failure() || cancelled() }}
-        shell: bash
-        env:
-          # If we're here because steps failed or were skipped, then that's a critical problem. Otherwise it's a normal one.
-          # We can't use the `failure()` or `cancelled()` convenience methods outside of the `if` condition, hence the
-          # `contains()` calls.
-          IS_CRITICAL: ${{ contains(join(steps.*.outcome), 'failure') || contains(join(steps.*.outcome), 'skipped') }}
-          # Build the status strings for each step as environment variables to save space later. Null retry_count values
-          # will be replaced with `n/a` to maintain readability in the alert.
-          CLI_INSTALL_STATUS: ${{ steps.sf_install.outcome }} after ${{ steps.sf_install.outputs.retry_count || 'n/a' }} retries
-          SCANNER_INSTALL_STATUS: ${{ steps.scanner_install.outcome }} after ${{ steps.scanner_install.outputs.retry_count || 'n/a' }} retries
-          SMOKE_TESTS_STATUS: ${{ steps.smoke_tests.outcome }}
-          # A link to this run, so the PagerDuty assignee can quickly get here.
-          RUN_LINK: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
-        run: |
-          # GHA env-vars don't have robust conditional logic, so we'll use this if-else branch to define some bash env-vars.
-          if [[ ${{ env.IS_CRITICAL }} == true ]]; then
-            ALERT_SEV="critical"
-            ALERT_SUMMARY="Production heartbeat script failed on ${{ runner.os }}"
-          else
-            ALERT_SEV="info"
-            ALERT_SUMMARY="Production heartbeat script succeeded with retries on ${{ runner.os }}"
-          fi
-          # Define a helper function to create our POST request's data, to sidestep issues with nested quotations.
-          generate_post_data() {
-          # This is known as a HereDoc, and it lets us declare multi-line input ending when the specified limit string,
-          # in this case EOF, is encountered.
-          cat <<EOF
-          {"payload": {
-            "summary": "${ALERT_SUMMARY}",
-            "source": "Github Actions",
-            "severity": "${ALERT_SEV}",
-            "custom_details": "SF install: ${{ env.CLI_INSTALL_STATUS }}. Scanner install: ${{ env.SCANNER_INSTALL_STATUS }}. Smoke tests: ${{ env.SMOKE_TESTS_STATUS }}."
-          },
-          "links": [{
-            "href": "${{ env.RUN_LINK }}",
-            "text": "Link to action execution"
-          }],
-          "event_action": "trigger",
-          "dedup_key": "GH-HB-${{ matrix.os.vm }}-${{ matrix.node }}",
-          "routing_key": "${{ secrets.PAGERDUTY_HEARTBEAT_KEY }}"
-          }
-          EOF
-          }
-          # Make our POST request
-          curl --request POST --data "$(generate_post_data)" https://events.pagerduty.com/v2/enqueue
+jobs:
+  invoke-heartbeat-v4:
+    uses: ./.github/workflows/heartbeat-v4.yml