Security News
PEP 810 Proposes Explicit Lazy Imports for Python 3.15
An opt-in lazy import keyword aims to speed up Python startups, especially CLIs, without the ecosystem-wide risks that sank PEP 690.
By Sarah Gooding - Oct 04, 2025
Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More →
@arcteryx/arcteryx-navigation
Advanced tools
Arc'teryx Navigation
Deployment Pipeline
This project uses Bitbucket Pipelines for continuous integration and deployment. Below is a detailed description of our deployment setup, including the tools and libraries we use.
Pipeline Overview
Our Bitbucket pipeline is designed to automate various tasks such as building, testing, and deploying our application. The pipeline is configured to run different steps based on the branch being pushed to.
Branches
- main: The main branch is used for stable releases. Changes merged into this branch trigger the build and publish process.
- beta: The beta branch is used for pre-release versions. This allows us to test new features in a production-like environment before merging them into the main branch.
Tools and Libraries
- Semantic Release: Automates the versioning and package publishing process.
- SonarCloud: Provides code quality and security analysis.
- Storybook: A tool for developing UI components in isolation.
- AWS CLI: Command Line Interface for managing AWS services.
- Prettier: An opinionated code formatter.
- ESLint: A tool for identifying and fixing linting errors in JavaScript.
Testing and Deployment
- Dry Run: Use the
--dry-runflag with Semantic Release to test the release process without publishing.npx semantic-release --dry-run --debug - Feature Branches: Develop new features in feature branches and merge them into the beta branch for pre-release testing.
- Pull Requests: Use pull requests to merge changes from feature branches to the beta branch and then to the main branch after successful testing.
By following this setup, we ensure a smooth and reliable deployment process, maintaining high code quality and stability.
Commit Message Conventions and Automated Releases
This project follows the Conventional Commits specification to maintain a consistent commit history and automate the release process using Semantic Release.
Tools and Setup
To enforce commit message conventions and automate releases, we use the following tools:
- Husky: Manages Git hooks to run scripts before commits.
- Commitlint: Lints commit messages to ensure they follow the Conventional Commits specification.
- Semantic Release: Automates the versioning and release process.
FAQs
Package last updated on 27 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PodRocket Podcast: Inside the Recent npm Supply Chain Attacks
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
By Sarah Gooding - Oct 02, 2025
Security News
Package Maintainers Call for Improvements to GitHub’s New npm Security Plan
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
By Sarah Gooding - Sep 30, 2025