diff --git a/.github/release-please/release-please-config.main.json b/.github/release-please/release-please-config.main.json new file mode 100644 index 000000000..53209ebd5 --- /dev/null +++ b/.github/release-please/release-please-config.main.json @@ -0,0 +1,51 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "bump-minor-pre-major": true, + "versioning": "always-bump-minor", + "group-pull-request-title-pattern": "chore(${branch}): release ${version}", + "packages": { + ".": { + "release-type": "simple", + "extra-files": [ + { + "type": "generic", + "path": "Makefile" + }, + { + "type": "json", + "path": "cli/package.json", + "jsonpath": "$.dependencies['@opentdf/sdk']" + }, + { + "type": "json", + "path": "cli/package.json", + "jsonpath": "$.version" + }, + { + "type": "json", + "path": "web-app/package.json", + "jsonpath": "$.dependencies['@opentdf/sdk']" + }, + { + "type": "json", + "path": "web-app/package.json", + "jsonpath": "$.version" + }, + { + "type": "json", + "path": "web-app/package.json", + "jsonpath": "$.scripts.rebuild" + }, + { + "type": "generic", + "path": "lib/src/version.ts" + }, + { + "type": "json", + "path": "lib/package.json", + "jsonpath": "$.version" + } + ] + } + } +} \ No newline at end of file diff --git a/.github/release-please/release-please-config.release_branches.json b/.github/release-please/release-please-config.release_branches.json new file mode 100644 index 000000000..0668dde4b --- /dev/null +++ b/.github/release-please/release-please-config.release_branches.json @@ -0,0 +1,51 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "bump-minor-pre-major": true, + "versioning": "always-bump-patch", + "group-pull-request-title-pattern": "chore(${branch}): release ${version}", + "packages": { + ".": { + "release-type": "simple", + "extra-files": [ + { + "type": "generic", + "path": "Makefile" + }, + { + "type": "json", + "path": "cli/package.json", + "jsonpath": "$.dependencies['@opentdf/sdk']" + }, + { + "type": "json", + "path": "cli/package.json", + "jsonpath": "$.version" + }, + { + "type": "json", + "path": "web-app/package.json", + "jsonpath": "$.dependencies['@opentdf/sdk']" + }, + { + "type": "json", + "path": "web-app/package.json", + "jsonpath": "$.version" + }, + { + "type": "json", + "path": "web-app/package.json", + "jsonpath": "$.scripts.rebuild" + }, + { + "type": "generic", + "path": "lib/src/version.ts" + }, + { + "type": "json", + "path": "lib/package.json", + "jsonpath": "$.version" + } + ] + } + } +} \ No newline at end of file diff --git a/.github/release-please/release-please-manifest.json b/.github/release-please/release-please-manifest.json new file mode 100644 index 000000000..dbe5ddf4a --- /dev/null +++ b/.github/release-please/release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "0.3.2" +} \ No newline at end of file diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml new file mode 100644 index 000000000..cd000f2a2 --- /dev/null +++ b/.github/workflows/backport.yaml @@ -0,0 +1,29 @@ +name: "Backport merged pull request" +on: + pull_request: + types: [closed] + issue_comment: + types: [created] + +# Default empty permissions for all jobs +permissions: {} + +jobs: + backport: + permissions: + contents: write + pull-requests: write + id-token: write + if: | + ( + github.event_name == 'pull_request' && + github.event.pull_request.merged + ) || ( + github.event_name == 'issue_comment' && + github.event.issue.pull_request && + startsWith(github.event.comment.body, '/backport') + ) + uses: opentdf/platform/.github/workflows/reusable_backport.yaml@main + secrets: + APP_ID: ${{ secrets.APP_ID }} + AUTOMATION_KEY: ${{ secrets.AUTOMATION_KEY }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build-and-test.yaml similarity index 64% rename from .github/workflows/build.yaml rename to .github/workflows/build-and-test.yaml index b994c4881..50d02900b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build-and-test.yaml @@ -1,4 +1,4 @@ -name: Build, Test, and Deliver Client +name: "Build and Test Client" env: do_sonarscan: >- @@ -11,10 +11,7 @@ on: push: branches: - main - - release/[0-9]+.[0-9]+.[0-9]+ - release: - types: - - created + - "release/**" jobs: ccc: runs-on: ubuntu-latest @@ -231,94 +228,6 @@ jobs: js-ref: ${{ github.ref }} latest lts platform-ref: main lts - deliver-ghp: - needs: - - lib - - cli - - web-app - - scripts - - platform-xtest - runs-on: ubuntu-latest - timeout-minutes: 5 - # To publish from a release or feature branch, remove the ref == condition below - if: >- - (github.event_name == 'push' && github.ref == 'refs/heads/main') || - (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) || - (github.event_name == 'release' && startsWith(github.ref, 'refs/tags/')) - outputs: - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - TARGET_VERSION: ${{ steps.check-version.outputs.TARGET_VERSION }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - registry-url: https://npm.pkg.github.com - - name: Check version number is same between tag, library, and/or release - id: check-version - run: |- - if [[ ${{ github.ref }} = refs/heads/release/* ]]; then - scripts/check-version-is.sh "${GITHUB_REF##*release/}" - elif [[ ${{ github.ref }} = refs/tags/sdk/v* ]]; then - scripts/check-version-is.sh "${GITHUB_REF_NAME#sdk/v}" - else - scripts/check-version-is.sh - fi - - name: Check version number is same between tag, library, and/or release - id: guess-build-metadata - run: |- - echo "FULL_VERSION=$(.github/workflows/gh-semver.sh)" >> $GITHUB_OUTPUT - echo "DIST_TAG=$(.github/workflows/guess-dist-tag.sh)" >> $GITHUB_OUTPUT - - run: make doc - - run: >- - echo "::notice file=lib/package.json::Will be published to - [GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client) - as ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - with version=[${{ steps.guess-build-metadata.outputs.FULL_VERSION }}]" - - run: >- - .github/workflows/publish-to.sh - "${{ steps.guess-build-metadata.outputs.FULL_VERSION }}" - "${{ steps.guess-build-metadata.outputs.DIST_TAG }}" - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - run: echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY - - run: echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)">>$GITHUB_STEP_SUMMARY - - name: Publish documentation to gh-pages - uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 #v4.7.3 - with: - branch: gh-pages - folder: lib/dist/docs - - deliver-npmjs: - runs-on: ubuntu-latest - timeout-minutes: 5 - environment: npmjs - needs: deliver-ghp - if: >- - (github.event_name == 'push' && github.ref == 'refs/heads/main') || - (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) || - (github.event_name == 'release' && startsWith(github.ref, 'refs/tags/sdk/v')) - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - registry-url: 'https://registry.npmjs.org' - - run: make all - - run: >- - .github/workflows/publish-to.sh - "${{ needs.deliver-ghp.outputs.FULL_VERSION }}" - "${{ needs.deliver-ghp.outputs.DIST_TAG }}" - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - run: >- - echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY - - run: >- - echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY - - run: >- - echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY - ci: needs: - lib @@ -329,5 +238,14 @@ jobs: runs-on: ubuntu-22.04 if: ${{ !cancelled() }} steps: - - if: contains(needs.*.result, 'failure') - run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1 + + - name: "All jobs succeeded" + id: success + if: ${{ contains(needs.*.result, 'success') }} + run: | + : + + - name: "One or more jobs failed" + if: ${{ contains(needs.*.result, 'failure') }} + run: | + exit 1 diff --git a/.github/workflows/create-release-branch.yaml b/.github/workflows/create-release-branch.yaml new file mode 100644 index 000000000..a31ed2321 --- /dev/null +++ b/.github/workflows/create-release-branch.yaml @@ -0,0 +1,18 @@ +name: "Create Release Branch" + +on: + release: + types: [released] + +# Default empty permissions for all jobs +permissions: {} + +jobs: + create-release-branch: + if: ${{ endsWith(github.event.release.tag_name, '.0') }} + permissions: + id-token: write + uses: opentdf/platform/.github/workflows/reusable_create-release-branch.yaml@main + secrets: + APP_ID: ${{ secrets.APP_ID }} + AUTOMATION_KEY: ${{ secrets.AUTOMATION_KEY }} diff --git a/.github/workflows/deliver.yaml b/.github/workflows/deliver.yaml new file mode 100644 index 000000000..6e351e2f2 --- /dev/null +++ b/.github/workflows/deliver.yaml @@ -0,0 +1,137 @@ +name: "Deliver Client to npm registry" + +on: + push: + branches: + - main + - "release/**" + release: + types: + - created + +# Default empty permissions for all jobs +permissions: {} + +jobs: + deliver-ghp: + permissions: + contents: read + packages: write + pages: write + runs-on: ubuntu-latest + + steps: + - name: "Checkout repo" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Setup node" + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 + with: + node-version: "22" + registry-url: https://npm.pkg.github.com + + - name: "Check version number is same between tag, library, and/or release" + id: check-version + env: + REF: ${{ github.ref }} + run: | + if [[ "$REF" = refs/heads/release/* ]]; then + scripts/check-version-is.sh "${GITHUB_REF##*release/}" + elif [[ "$REF" = refs/tags/sdk/v* ]]; then + scripts/check-version-is.sh "${GITHUB_REF_NAME#sdk/v}" + else + scripts/check-version-is.sh + fi + + - name: "Output build metadata" + id: guess-build-metadata + run: | + FULL_VERSION=$(.github/workflows/gh-semver.sh) + DIST_TAG=$(.github/workflows/guess-dist-tag.sh) + + echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" + echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" + + - name: "Run: make doc" + run: | + make doc + + - name: "Echo info" + env: + DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + run: | + echo "::notice file=lib/package.json::Will be published to \ + [GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client) \ + as $DIST_TAG \ + with version=[$FULL_VERSION]" + + - name: "Deliver to GitHub Packages" + env: + DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" + + - name: "Echo info to Run Summary" + run: | + { + echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)" + echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)" + } >>"$GITHUB_STEP_SUMMARY" + + - name: "Publish documentation to gh-pages" + uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 + with: + branch: gh-pages + folder: lib/dist/docs + + deliver-npmjs: + permissions: + contents: read + runs-on: ubuntu-latest + steps: + - name: "Checkout repo" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Setup node" + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 + with: + node-version: "22" + registry-url: "https://registry.npmjs.org" + + - name: "Run: make all" + run: | + make all + + - name: "Output build metadata" + id: guess-build-metadata + run: | + FULL_VERSION=$(.github/workflows/gh-semver.sh) + DIST_TAG=$(.github/workflows/guess-dist-tag.sh) + + echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" + echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" + + - name: "Deliver to npmjs" + env: + DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: | + bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" + + - name: "Echo info to Run Summary" + env: + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + run: | + { + echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/$FULL_VERSION)" + echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/$FULL_VERSION)" + echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@$FULL_VERSION)" + } >>"$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index f7adac3e1..bae32be68 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -87,6 +87,8 @@ jobs: LGPL-3.0-or-later, LGPLLR, NGPL + allow-dependencies-licenses: > + pkg:githubactions/SonarSource/sonarqube-scan-action comment-summary-in-pr: on-failure base-ref: ${{ inputs.base-ref || github.event.pull_request.base.sha || github.event.repository.default_branch }} head-ref: ${{ inputs.head-ref || github.event.pull_request.head.sha || github.ref }} diff --git a/.github/workflows/publish-to.sh b/.github/workflows/publish-to.sh deleted file mode 100755 index 3ca748292..000000000 --- a/.github/workflows/publish-to.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash -# Validate that version number is same across all expected files - -set -exuo pipefail - -v="${1%%+*}" -t="${2}" - -cd lib -f=src/version.ts -if ! sed "s/export const version = \'[^']\{1,\}\';\$/export const version = \'${v}\';/" "${f}" >"${f}.tmp"; then - echo "Failed to insert version [${v}] into file [$f]" - exit 1 -fi -mv "${f}.tmp" "${f}" - -npm version --no-git-tag-version --allow-same-version "$v" -npm publish --access public --tag "$t" - -# Wait for npm publish to go through... -sleep 5 - -cd "../cli" -npm version --no-git-tag-version --allow-same-version "$v" -npm uninstall "@opentdf/sdk" -npm install "@opentdf/sdk@$v" -npm publish --access public --tag "$t" - -if [[ "$GITHUB_STEP_SUMMARY" ]]; then - echo "### Published ${v} (${t})" >>"$GITHUB_STEP_SUMMARY" -fi diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 000000000..58c26afe2 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,49 @@ +name: Release + +on: + push: + branches: + - main + - "release/**" + +permissions: {} + +jobs: + release-please: + permissions: + contents: write + pull-requests: write + uses: opentdf/platform/.github/workflows/reusable_release-please.yaml@main + secrets: + APP_ID: ${{ secrets.APP_ID }} + AUTOMATION_KEY: ${{ secrets.AUTOMATION_KEY }} + + update-dependencies: + if: ${{ needs.release-please.outputs.prs_created == 'true' }} + needs: release-please + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: "Generate a token" + id: generate-token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.AUTOMATION_KEY }} + + - name: "Checkout repo" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: true + ref: ${{ fromJSON(needs.release-please.outputs.prs)[0].headBranchName }} + + - name: "Update dependencies" + run: | + git config --global user.name "opentdf-automation[bot]" + git config --global user.email "149537512+opentdf-automation[bot]@users.noreply.github.com" + make all + git add . + git commit -m "Update dependencies" + git push diff --git a/Makefile b/Makefile index e3bab3a21..e45a7a35b 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ +# x-release-please-start-version version=0.3.2 +# x-release-please-end extras=cli web-app pkgs=lib $(extras) diff --git a/lib/src/version.ts b/lib/src/version.ts index c9a13124e..af7d38d2c 100644 --- a/lib/src/version.ts +++ b/lib/src/version.ts @@ -1,7 +1,7 @@ /** * Exposes the released version number of the `@opentdf/sdk` package */ -export const version = '0.3.2'; +export const version = '0.3.2'; // x-release-please-version /** * A string name used to label requests as coming from this library client. diff --git a/scripts/bump-version.sh b/scripts/bump-version.sh deleted file mode 100755 index 0ef6956f8..000000000 --- a/scripts/bump-version.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash -# Run `npm version` on all projects in the repo, keeping them synced -# -# Usage: bump-version [patch|minor|major] (optional message) -# -# Must be in a clean git checkout and creates a new git branch. -# Sample Usage: -# ./scripts/bump-version minor "Update minor version to allow new feature" - -set -euo pipefail - -increment_type="${1:-patch}" -detail="${2:-autobump}" - -: "${BUMP_EXPECTED_BRANCH:=main}" - -if [[ $BUMP_EXPECTED_BRANCH != $(git rev-parse --abbrev-ref HEAD) ]]; then - echo "Please run this command on the main branch" - exit 1 -elif [[ $(git status --porcelain) ]]; then - echo "Please run this command on an unmodified checkout" - exit 1 -fi - -packages=(lib cli web-app) -old_version=$(cd "${packages[0]}" && node -p "require('./package.json').version") -echo npm --no-git-tag-version version "${increment_type}" -(cd "${packages[0]}" && npm --no-git-tag-version version "${increment_type}") -new_version=$(cd "${packages[0]}" && node -p "require('./package.json').version") - -for x in "${packages[@]:1}"; do - ( - cd "${x}" - npm --no-git-tag-version version "${new_version}" - ) -done - -# multiplatform `sed -i`: https://unix.stackexchange.com/a/92907 -case $(sed --help 2>&1) in - *GNU*) sed_i() { sed -i "$@"; } ;; - *) sed_i() { sed -i '' "$@"; } ;; -esac - -if ! sed_i "s/version=${old_version}/version=${new_version}/" "Makefile"; then - echo "Unable to change version in makefile" - exit 1 -fi - -if ! sed_i "s/export const version = '[^']\{1,\}';\$/export const version = \'${new_version}\';/" lib/src/version.ts; then - echo "Unable to change version in version files" - exit 1 -fi - -if ! scripts/check-version-is.sh "${new_version}"; then - echo "bump version script fail" - exit 1 -fi - -if ! make all; then - echo "Unable to bump package locks" - exit 2 -fi - -commit_message="🆙 ${new_version} ${increment_type} ${detail}" -git checkout -b "feature/bump-${increment_type}-from-${old_version}-to-${new_version}" -git add . -git commit -m "${commit_message}" diff --git a/scripts/deliver-to-npm-registry.sh b/scripts/deliver-to-npm-registry.sh new file mode 100755 index 000000000..3fa523b9f --- /dev/null +++ b/scripts/deliver-to-npm-registry.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +# Validate that version number is same across all expected files + +set -exuo pipefail + +version="${1%%+*}" +tag="${2}" + +cd lib +file=src/version.ts +if ! sed "s/export const version = \'[^']\{1,\}\';\$/export const version = \'${version}\';/" "${file}" >"${file}.tmp"; then + echo "Failed to insert version [${version}] into file [$file]" + exit 1 +fi +mv "${file}.tmp" "${file}" + +npm version --no-git-tag-version --allow-same-version "$version" +npm publish --access public --tag "$tag" + +# Wait for npm publish to go through... +sleep 5 + +cd "../cli" +npm version --no-git-tag-version --allow-same-version "$version" +npm uninstall "@opentdf/sdk" +npm install "@opentdf/sdk@$version" +npm publish --access public --tag "$tag" + +if [[ "$GITHUB_STEP_SUMMARY" ]]; then + echo "### Published ${version} (${tag})" >>"$GITHUB_STEP_SUMMARY" +fi diff --git a/version.txt b/version.txt new file mode 100644 index 000000000..9fc80f937 --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +0.3.2 \ No newline at end of file