
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@cmflow/cli
Advanced tools
npm i -g @cmflow/cli
CmFlow is compatible with semantic-release 📦🚀. You can use CmFlow release to deploy your projects based on CmFlow convention.
Add the cmflow to your project:
npm i --save-dev @cmflow/cli
Edit your package.json
and add the following configuration:
{
"flow": {
"branch": {
"develop": "master",
"production": "master"
}
}
}
Then create release.config.js
with this configuration:
import { defineConfig } from '@cmflow/cli'
export default defineConfig({
verifyConditions: ['@cmflow/cli/semantic/core/verify-conditions'],
analyzeCommits: ['@cmflow/cli/semantic/core/analyze-commits'],
verifyRelease: ['@cmflow/cli/semantic/core/verify-release'],
generateNotes: [
[
"@cmflow/cli/semantic/conditional", // add this task to trigger build npm task
{
// when: (context) => context.branch.type === "release" // default condition to run the task
run: ["@semantic-release/core/release-notes-generator"]
}
]
],
prepare: [
'@cmflow/cli/semantic/core/prepare/bump-version',
[
'@cmflow/cli/semantic/core/prepare/run', // add this task to trigger build npm task
{
command: 'build'
}
],
[
'@cmflow/cli/semantic/core/prepare/run', // add this task to trigger build npm task
{
command: 'test_e2e'
}
],
[
'@cmflow/cli/semantic/core/conditional', // add this task to trigger build npm task
{
// when: (context) => context.branch.type === "release" // default condition to run the task
run: [
'@cmflow/cli/semantic/core/prepare/commit'
]
}
]
],
publish: [
[
'@cmflow/cli/semantic/core/conditional',
{
// when: (context) => context.branch.type === "release" // default condition to run the task
run: [
'@cmflow/cli/semantic/core/sync-repository',
'@semantic-release/github'
] // only run if the conditional rule is true
}
],
[
'@cmflow/cli/semantic/core/exit', // run process.exit(0) if the branch is not a release branch - legacy: maybe not necessary now all task are conditional
{
when: (context) => context.nextRelease.channel === 'prerelease'
}
]
],
success: [
[
'@cmflow/cli/semantic/core/conditional',
{
// when: (context) => context.branch.type === "release" // default condition to run the task
run: '@semantic-release/github' // only run if the conditional rule is true
}
]
],
fail: [
[
"@cmflow/cli/semantic/core/conditional",
{
// when: (context) => context.branch.type === "release" // default condition to run the task
run: '@semantic-release/github' // only run if the conditional rule is true
}
]
],
npmPublish: false
})
Then edit your package.json
add the following tasks on script property:
{
"script": {
"release": "cmrelease",
"release_dry_run": "cmrelease --dry-run"
}
}
Now, CmFlow and semantic release are correctly installed on your project.
CMFlow provide a @cmflow/cli/semantic/core/conditional
task to run one task or many task only if a condition is true. The condition is a
function that takes the semantic context as parameter and return a boolean.
You can customize the condition to run the task by adding a when
property to the configuration object.
export default defineConfig({
publish: [
'@cmflow/cli/semantic/core/conditional',
{
when: (context) => context.branch.type === 'release', // default condition to run the task
run: ['@semantic-release/github', '@semantic-release/github'] // only run if the conditional rule is true
}
]
})
CmFlow release are able to run build
and test_e2e
task during the prepare step. It's useful when you want to
deploy a docker image on docker hub with the right revision number in the package.json
. The only requirement, is to
have a build
and test_e2e
tasks in you npm scripts.
Example:
{
"scripts": {
"build": "docker-compose build",
"test_e2e": "docker-compose up -d && sleep 10 && npm run test_cucumber && docker-compose stop"
}
}
Then:
export default defineConfig({
prepare: [
[
'@cmflow/cli/semantic/core/run',
{
command: 'build'
}
],
[
'@cmflow/cli/semantic/core/run',
{
command: 'test_e2e'
}
]
]
})
CmFlow release generate a release.info
file in the root of your project. This file contains the branch name.
import { defineConfig } from '@cmflow/cli'
export default defineConfig({
prepare: [
'@cmflow/cli/semantic/prepare/bump-version',
[
'@cmflow/cli/semantic/prepare/release-info',
{
path: './resources/release.info'
}
]
]
})
Add the following configuration to your release.config.js
:
import { defineConfig } from '@cmflow/cli'
export default defineConfig({
publish: [
'@cmflow/cli/semantic/docker/publish'
]
});
import { defineConfig } from '@cmflow/cli'
export default defineConfig({
success: [
'@cmflow/cli/semantic/docker/success'
]
})
CmFlow release can be used with Travis CI, Circle CI and GitLab. You have to create these environments variables to allow git release note deployment, commit push and docker image deployment.
Variable | Description |
---|---|
PROJECT_NAME | The project to publish artifact on docker |
SCM_TOKEN | A SCM Token (GH_TOKEN or GITLAB_TOKEN) |
GH_TOKEN (deprecated) | A GitHub token personal access token. |
GIT_USER_EMAIL | User mail to sign the commit produced by CmFlow release |
GIT_USER_NAME | User name to sign the commit produced by CmFlow release |
DOCKER_HUB_ID | The docker hub id |
DOCKER_HUB_PWD | The docker password account |
FAQs
An awesome Git Flow
We found that @cmflow/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.