Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@apto-payments/asana-cli
Advanced tools
Enables interacting with an Apto project in Asana via the CLI
Enables managing Apto Asana projects through the CLI.
asana-cli [command]
Commands:
move-task Assign a task a given status, possible values: "todo", "in_review",
"in_progress", "merged", "deployed_staging","deployed_prod", "blocked".
Options:
--version Show version number [boolean]
--help Show help [boolean]
move-task
Pass the ID of the task you want to update in Asana and its status choosing from:
todo | in_progress | in_review | merged | deployed_staging | deployed_prod | blocked
for example:
$ asana-cli move-task --ids=178523314 --to=in_review
you can also pass a comma-separated list of IDs:
$ asana-cli move-task --ids=178523314,178523314,178523314 --to=in_review
to update tasks in batch. The ID of a task is located in its URL when navigating to it in Asana:
https://app.asana.com/0/{PROJECT_ID}/{TASK_ID}
The task ID is the last number (composed of 16 digits), in the example below 1201493219299339
:
https://app.asana.com/0/1201437871138749/1201493219299339
To make a task move to in_progress
whenever a new branch (containing the task ID) is pushed to the repository, you can do:
name: ASANA/IN_PROGRESS
on:
create:
branches:
- '**'
jobs:
build:
name: Update Asana
runs-on: ubuntu-latest
env:
ASANA_API_TOKEN: ${{ secrets.ASANA_TOKEN }}
steps:
- name: Get Asana Task ID from Github
id: id-match
run: echo "::set-output name=match::$( echo "${{ github.event.ref }}" | grep -oE '[0-9]{16}' )"
- name: Update status in Asana if Task ID found
if: ${{ steps.id-match.outputs.match != '' }}
run: npx @apto-payments/asana-cli move-task --ids=${{ steps.id-match.outputs.match }} --to=in_progress --yes
In case you want to move a task to in_review
whenever a PR is open, you can do:
name: ASANA/IN_REVIEW
on:
pull_request:
branches:
- dev
jobs:
build:
name: Update Asana
runs-on: ubuntu-latest
env:
ASANA_API_TOKEN: ${{ secrets.ASANA_TOKEN }}
steps:
- name: Get Asana Task ID from Github
id: id-match
run: echo "::set-output name=match::$( echo "${{ github.event.pull_request.head.ref }}" | grep -oE '[0-9]{16}' )"
- name: Update status in Asana if Task ID found
if: ${{ steps.id-match.outputs.match != '' }}
run: npx @apto-payments/asana-cli move-task --ids=${{ steps.id-match.outputs.match }} --to=in_review --yes
Your branch name should contain the Asana task ID. For instance, with a branch name chore/1201415348104520
it'll match as task ID: 1201415348104520
. The regex will match the first 16 digit number instance within it.
To wire a workflow to move a task to Deployed Staging
or Merged
whenever a PR is merged, you can do:
name: ASANA/DEPLOYED_STAGING
on:
push:
branches:
- dev # assuming `dev` is your main branch and is locked...
jobs:
build:
name: Update Asana
runs-on: ubuntu-latest
env:
ASANA_API_TOKEN: ${{ secrets.ASANA_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@master
- name: Deploy
run: deploy-command
- name: Get Asana Task ID from Git
id: id-match
run: echo "::set-output name=match::$( git log --oneline -1 | grep -oE '[0-9]{16}' )"
- name: Update status in Asana if Task ID found
if: ${{ steps.id-match.outputs.match != '' }}
run: npx @apto-payments/asana-cli move-task --ids=${{ steps.id-match.outputs.match }} --to=deployed_staging --yes
It'll work assuming the latest commit on your main branch (the merge commit) contains the 16 digit Asana task ID.
For instance, for the following merge commit:
chore(ci): Asana automation (1201435625710784) (#769)
the CLI will match as ID 1201435625710784
(the 16 digit number instance within it).
To mark a group of tasks as "Deployed production" once a release in your project is made, you can use the following workflow:
jobs:
build:
name: Deploy and update Asana
runs-on: ubuntu-latest
env:
ASANA_API_TOKEN: ${{ secrets.ASANA_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@master
with:
fetch-depth: 0 # This is important so that Git tags are also downloaded
- name: Deploy
run: deploy-command
- name: Get latest tag
id: latest-tag
run: echo "::set-output name=tag::$( git describe --tags --abbrev=0 )"
- name: Get Asana tasks IDs list from Git
id: asana-ids
run: echo "::set-output name=ids::$( git log ${{ steps.latest-tag.outputs.tag }}..HEAD --oneline | grep -oE '[0-9]{16}' | tr '\n' ',' | awk '{ print substr( $0, 1, length($0)-1 ) }' )"
- name: Update status in Asana if we have IDs in the Git history
if: ${{ steps.asana-ids.outputs.ids != '' }}
run: npx @apto-payments/asana-cli move-task --ids=${{ steps.asana-ids.outputs.ids }} --to=deployed_prod --yes
Assuming from the most recent commit to the latest Git there's a list of commits with Asana task IDs on their messages:
e0e003aa feat: cleanup stuff (1201493219299339)
fc7d14b7 chore(ci): Asana things (6201493219299336)
fc7d14b7 feat(cards): refactor (8201493219299339)
gb8d15bq fix(transactions): fix redirect (8201493219299339)
j234das8 chore(release): 0.0.110 # The most recent tagp point here
The step Get Asana tasks IDs list from Git
would get all the IDs and format them correctly so they can be supplied to the move-task
command:
npx @apto-payments/asana-cli move-task --ids=1201493219299339,6201493219299336,8201493219299339,8201493219299339 --to=deployed_prod --ye
FAQs
Enables interacting with an Apto project in Asana via the CLI
We found that @apto-payments/asana-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.