
Security News
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
@codefresh-io/pipeline-autobot
Advanced tools
Supply Chain Security
Vulnerability
Quality
Maintenance
License
Component for analyze github repository use github statistic API and generate codefresh steps according repo info.
Examples how use repo analyzer
Run test.js with envs
PASSWORD=****2
REPO_OWNER=codefresh-io
REPO_NAME=pipeline-manager
GIT_CONTEXT=github
https://codefresh-io.github.io/cli/analyzer/
analyzer
.step(clone)
.step(build)
.step(push)
.step(packageJson)
.header(stages)
.enrich(stagesEnricher)
.transform(codefreshYaml)
.resolve()
Transformers - ability to transform from some info to whole yaml file , use cases :
Headers - ability to add some yaml parts before steps
key
use cases:
Steps - ability to add some step to generated pipeline, like git clone, build, notifications, etc
Enricher - ability to enrich each step some additional information, like stage for each step
For add new handler you should create .js in related folder (like analyzer.steps)
Each step has as input analyzer.context (you can access from it githup api, credentials, everything that you need)
module.exports = (context) => {
const { repo: { repoOwner, repoName, branch } , git } = context.getContext();
return {
step : {
type: 'git-clone',
description: 'Cloning main repository...',
repo: `${repoOwner}/${repoName}`,
revision: branch,
git
},
key: 'clone',
group: 'clone'
};
};
Where
key
- it is step name
group
- logical group, like test, linters, etc, will be helpful in future . (For now using it for stages)
FAQs
Generate yaml depend on repo context
We found that @codefresh-io/pipeline-autobot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Security News
A critical flaw in the popular npm form-data package could allow HTTP parameter pollution, affecting millions of projects until patched versions are adopted.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.