@semantic-release/git - npm Package Compare versions

Comparing version 2.0.1 to 2.0.2

package.json

@@ -1,1 +0,115 @@
-{"name":"@semantic-release/git","description":"Set of semantic-release plugins to publish to a git repository","version":"2.0.1","author":"Pierre Vanduynslager (https://github.com/pvdlg)","bugs":{"url":"https://github.com/semantic-release/git/issues"},"config":{"commitizen":{"path":"cz-conventional-changelog"}},"contributors":["Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)","Gregor Martynus (https://twitter.com/gr2m)"],"dependencies":{"@semantic-release/error":"^2.1.0","debug":"^3.1.0","dir-glob":"^2.0.0","execa":"^0.8.0","fs-extra":"^5.0.0","git-url-parse":"^7.0.1","lodash":"^4.17.4","micromatch":"^3.1.4","p-locate":"^2.0.0","p-reduce":"^1.0.0","semver":"^5.4.1"},"devDependencies":{"ava":"^0.24.0","clear-module":"^2.1.0","codecov":"^3.0.0","commitizen":"^2.9.6","cz-conventional-changelog":"^2.0.0","dockerode":"^2.5.3","eslint-config-prettier":"^2.3.0","eslint-plugin-prettier":"^2.3.0","file-url":"^2.0.2","get-stream":"^3.0.0","git-log-parser":"^1.2.0","nyc":"^11.1.0","p-retry":"^1.0.0","prettier":"~1.9.0","semantic-release":"^11.0.0","sinon":"^4.1.2","tempy":"^0.2.1","xo":"^0.18.2"},"engines":{"node":">=4"},"files":["lib","index.js"],"homepage":"https://github.com/semantic-release/git#readme","keywords":["changelog","commit","conventional-changelog","conventional-commits","git","release","semantic-release","version"],"license":"MIT","main":"index.js","nyc":{"include":["lib/**/*.js","index.js"],"reporter":["json","text","html"],"all":true},"prettier":{"printWidth":120,"singleQuote":true,"bracketSpacing":false,"trailingComma":"es5"},"publishConfig":{"access":"public"},"repository":{"type":"git","url":"https://github.com/semantic-release/git.git"},"scripts":{"cm":"git-cz","codecov":"codecov -f coverage/coverage-final.json","lint":"xo","pretest":"npm run lint","semantic-release":"semantic-release","test":"nyc ava -v"},"xo":{"extends":["prettier"],"plugins":["prettier"],"rules":{"prettier/prettier":2}}}
+{
+  "name": "@semantic-release/git",
+  "description": "Set of semantic-release plugins to publish to a git repository",
+  "version": "2.0.2",
+  "author": "Pierre Vanduynslager (https://github.com/pvdlg)",
+  "bugs": {
+    "url": "https://github.com/semantic-release/git/issues"
+  },
+  "config": {
+    "commitizen": {
+      "path": "cz-conventional-changelog"
+    }
+  },
+  "contributors": [
+    "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)",
+    "Gregor Martynus (https://twitter.com/gr2m)"
+  ],
+  "dependencies": {
+    "@semantic-release/error": "^2.1.0",
+    "debug": "^3.1.0",
+    "dir-glob": "^2.0.0",
+    "execa": "^0.9.0",
+    "fs-extra": "^5.0.0",
+    "git-url-parse": "^7.0.1",
+    "lodash": "^4.17.4",
+    "micromatch": "^3.1.4",
+    "p-locate": "^2.0.0",
+    "p-reduce": "^1.0.0",
+    "semver": "^5.4.1"
+  },
+  "devDependencies": {
+    "ava": "^0.24.0",
+    "clear-module": "^2.1.0",
+    "codecov": "^3.0.0",
+    "commitizen": "^2.9.6",
+    "cz-conventional-changelog": "^2.0.0",
+    "dockerode": "^2.5.3",
+    "eslint-config-prettier": "^2.3.0",
+    "eslint-plugin-prettier": "^2.3.0",
+    "file-url": "^2.0.2",
+    "get-stream": "^3.0.0",
+    "git-log-parser": "^1.2.0",
+    "nyc": "^11.1.0",
+    "p-retry": "^1.0.0",
+    "prettier": "~1.10.0",
+    "semantic-release": "^12.2.2",
+    "sinon": "^4.1.2",
+    "tempy": "^0.2.1",
+    "xo": "^0.18.2"
+  },
+  "engines": {
+    "node": ">=4"
+  },
+  "files": [
+    "lib",
+    "index.js"
+  ],
+  "homepage": "https://github.com/semantic-release/git#readme",
+  "keywords": [
+    "changelog",
+    "commit",
+    "conventional-changelog",
+    "conventional-commits",
+    "git",
+    "release",
+    "semantic-release",
+    "version"
+  ],
+  "license": "MIT",
+  "main": "index.js",
+  "nyc": {
+    "include": [
+      "lib/**/*.js",
+      "index.js"
+    ],
+    "reporter": [
+      "json",
+      "text",
+      "html"
+    ],
+    "all": true
+  },
+  "prettier": {
+    "printWidth": 120,
+    "singleQuote": true,
+    "bracketSpacing": false,
+    "trailingComma": "es5"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/semantic-release/git.git"
+  },
+  "scripts": {
+    "cm": "git-cz",
+    "codecov": "codecov -f coverage/coverage-final.json",
+    "lint": "xo",
+    "pretest": "npm run lint",
+    "semantic-release": "semantic-release",
+    "test": "nyc ava -v"
+  },
+  "xo": {
+    "extends": [
+      "prettier"
+    ],
+    "plugins": [
+      "prettier"
+    ],
+    "rules": {
+      "prettier/prettier": 2
+    }
+  }
+}

README.md

 # @semantic-release/git
 
-Set of [semantic-release](https://github.com/semantic-release/semantic-release) plugins for publishing to a [git](https://git-scm.com/) repository.
+Set of [Semantic-release](https://github.com/semantic-release/semantic-release) plugins for publishing to a [git](https://git-scm.com/) repository.
 
@@ -23,3 +23,3 @@ [![Travis](https://img.shields.io/travis/semantic-release/git.svg)](https://travis-ci.org/semantic-release/git)
 
-### Git Repository authentication
+### Git repository authentication
 
@@ -30,10 +30,12 @@ The `Git` authentication configuration is **required** and can be set either:
 
-If the `GIT_CREDENTIALS` environment variable is set the remote Git repository will automatically be accessed via `https`, independently of the `repositoryUrl` format configured in `semantic-release` (the format will be automatically converted as needed).
+If the `GIT_CREDENTIALS` environment variable is set, the remote Git repository will automatically be accessed via `https`, independently of the `repositoryUrl` format configured in the Semantic-release (the format will be automatically converted as needed).
 
 Using the `GIT_CREDENTIALS` environment variable is the recommended configuration.
 
-`GIT_CREDENTIALS` can be your Git username and passort in the format `<username>:<password>` or a token for certain Git providers like [Github](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/), [Bitbucket](https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html) or [Gitlab](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html).
+`GIT_CREDENTIALS` can be your Git username and password in the format `<username>:<password>` or a token for certain Git providers like [GitHub](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/), [Bitbucket](https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html) or [GitLab](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html).
 
 If the `GH_TOKEN` or `GITHUB_TOKEN` environment variables are defined their value will be used as a replacement for `GIT_CREDENTIALS`.
 
+For GitLab the`GIT_CREDENTIALS` value has to be set with `gitlab-ci-token:<personal_access_tokens>`.
+
 ### Environment variables
@@ -58,4 +60,4 @@
 
-| Parameter     | Desciption                                                                          |
-| ------------- | ----------------------------------------------------------------------------------- |
+| Parameter     | Description                                                                         |
+|---------------|-------------------------------------------------------------------------------------|
 | `branch`      | The branch from which the release is done.                                          |
@@ -100,3 +102,3 @@ | `lastRelease` | `Object` with `version`, `gitTag` and `gitHead` of the last release.                |
 
-Options can be set within the plugin definition in the `semantic-release` configuration file:
+Options can be set within the plugin definition in the Semantic-release configuration file:
 
@@ -122,5 +124,5 @@ ```json
 - The [npm](https://github.com/semantic-release/npm) plugin must be called second in order to update the `package.json` file so the [git](https://github.com/semantic-release/git) plugin can include it in the release commit.
-- The [github](https://github.com/semantic-release/github) plugin must be called last to create a [Github Release](https://help.github.com/articles/about-releases/) that reference the tag created by the [git](https://github.com/semantic-release/git) plugin.
+- The [github](https://github.com/semantic-release/github) plugin must be called last to create a [GitHub Release](https://help.github.com/articles/about-releases/) that reference the tag created by the [git](https://github.com/semantic-release/git) plugin.
 
-To use with the [changelog](https://github.com/semantic-release/changelog), [github](https://github.com/semantic-release/github), [npm](https://github.com/semantic-release/npm) and [condition-travis](https://github.com/semantic-release/condition-travis) plugins:
+To use with the [changelog](https://github.com/semantic-release/changelog), [github](https://github.com/semantic-release/github) and [npm](https://github.com/semantic-release/npm) plugins:
 
@@ -130,3 +132,3 @@ ```json
   "release": {
-    "verifyConditions": ["@semantic-release/condition-travis", "@semantic-release/changelog", "@semantic-release/npm", "@semantic-release/git", "@semantic-release/github"],
+    "verifyConditions": ["@semantic-release/changelog", "@semantic-release/npm", "@semantic-release/git", "@semantic-release/github"],
     "getLastRelease": "@semantic-release/npm",
@@ -138,3 +140,3 @@ "publish": ["@semantic-release/changelog", "@semantic-release/npm", "@semantic-release/git", "@semantic-release/github"]
 
-To use with [github](https://github.com/semantic-release/github), and [condition-travis](https://github.com/semantic-release/condition-travis):
+To use with [github](https://github.com/semantic-release/github):
 
@@ -144,3 +146,3 @@ ```json
   "release": {
-    "verifyConditions": ["@semantic-release/condition-travis", "@semantic-release/git", "@semantic-release/github"],
+    "verifyConditions": ["@semantic-release/git", "@semantic-release/github"],
     "getLastRelease": "@semantic-release/git",
@@ -154,3 +156,3 @@ "publish": ["@semantic-release/git", "@semantic-release/github"]
 
-Using GPG, you can [sign and verify tags and commits](https://git-scm.com/book/id/v2/Git-Tools-Signing-Your-Work). With GPG keys, the release tags and commits made by `semantic-release` are verified and other people can trust that they were really were made by your account.
+Using GPG, you can [sign and verify tags and commits](https://git-scm.com/book/id/v2/Git-Tools-Signing-Your-Work). With GPG keys, the release tags and commits made by Semantic-release are verified and other people can trust that they were really were made by your account.
 
@@ -195,5 +197,5 @@ #### Generate the GPG keys
 
-##### Add the GPG key to Github
+##### Add the GPG key to GitHub
 
-In Github **Settings**, click on **SSH and GPG keys** in the sidebar, then on the **New GPG Key** button.
+In GitHub **Settings**, click on **SSH and GPG keys** in the sidebar, then on the **New GPG Key** button.
 
@@ -207,3 +209,3 @@ Paste the entire GPG key export previously and click the **Add GPG Key** button.
 If you want to use this GPG to also sign the commits and tags you create on your local machine you can follow the instruction at [Git Tools - Signing Your Work](https://git-scm.com/book/id/v2/Git-Tools-Signing-Your-Work)
-This step is optionnal and unrelated to `semantic-release`.
+This step is optional and unrelated to Semantic-release.
 
@@ -231,3 +233,3 @@ #### Add the GPG keys to your CI environment
 - `GPG_KEY_ID` to Travis with the value of your GPG key ID retrieved during the [GPG keys generation](#generate-the-gpg-keys) (replace XXXXXXXXXXXXXXXX with your key ID)
-- `GIT_EMAIL` with the email adress you set during the [GPG keys generation](#generate-the-gpg-keys) step
+- `GIT_EMAIL` with the email address you set during the [GPG keys generation](#generate-the-gpg-keys) step
 - `GIT_USERNAME` with the name you set during the [GPG keys generation](#generate-the-gpg-keys) step
@@ -292,3 +294,3 @@
 
-In order to allows `semantic-release` to push commits to your repository from the CI, you need to geneate a SSH key, add it to your Git hosted account, make it available on the CI environment.
+In order to allows Semantic-release to push commits to your repository from the CI, you need to geneate a SSH key, add it to your Git hosted account, make it available on the CI environment.
 
@@ -309,7 +311,7 @@ #### Generate the SSH keys
 
-##### Add the SSH key to Github
+##### Add the SSH key to GitHub
 
 Open the `git_deploy_key.pub` file (public key) and copy the entire content.
 
-In Github **Settings**, click on **SSH and GPG keys** in the sidebar, then on the **New SSH Key** button.
+In GitHub **Settings**, click on **SSH and GPG keys** in the sidebar, then on the **New SSH Key** button.
 
@@ -330,2 +332,7 @@ Paste the entire content of `git_deploy_key.pub` file (public key) and click the **Add SSH Key** button.
 
+Step by step instructions are provided for the following environments:
+
+* [Travis CI](#add-the-ssh-private-key-to-travis-ci)
+* [Circle CI](#add-the-ssh-private-key-to-circle-ci)
+
 ##### Add the SSH private key to Travis CI
@@ -390,1 +397,62 @@
 ```
+
+##### Add the SSH private key to Circle CI
+
+First we encrypt the `git_deploy_key` (private key) using a symmetric encryption (AES-256).  Run the folllowing `openssl` command and *make sure to note the output which we'll need later*:
+
+```bash
+$ openssl aes-256-cbc -e -p -in git_deploy_key -out git_deploy_key.enc -K `openssl rand -hex 32` -iv `openssl rand -hex 16`
+salt=SSSSSSSSSSSSSSSS
+key=KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
+iv =VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
+```
+
+Add the following [environment variables](https://circleci.com/docs/2.0/env-vars/#adding-environment-variables-in-the-app) to Circle CI:
+
+* `SSL_PASSPHRASE` - the value set during the [SSH keys generation](#generate-the-ssh-keys) step.
+* `REPO_ENC_KEY` - the `key` (KKK) value from the `openssl` step above.
+* `REPO_ENC_IV` - the `iv` (VVV) value from the `openssl` step above.
+
+Adapt your `.circleci/config.yml` (API v2.0) as follows, in the `steps` section before `run: npm run semantic-release`:
+
+```yaml
+version: 2
+jobs:
+  coverage_test_publish:
+    # docker, working_dir, etc
+    steps:
+      # checkout, restore_cache, run: yarn install, save_cache, etc.
+
+      - run:
+          name: Setup SSH with decrypted deploy key
+          command: |
+            # Decrypt the git_deploy_key.enc key into /tmp/git_deploy_key
+            openssl aes-256-cbc -d -K $REPO_ENC_KEY -iv $REPO_ENC_IV -in git_deploy_key.enc -out /tmp/git_deploy_key
+            # Make sure only the current user can read the private key
+            chmod 600 /tmp/git_deploy_key
+            # Create a script to return the passphrase environment variable to ssh-add
+            echo 'echo ${SSH_PASSPHRASE}' > /tmp/askpass && chmod +x /tmp/askpass
+            # Start the authentication agent
+            eval "$(ssh-agent -s)"
+            # Add the key to the authentication agent
+            DISPLAY=":0.0" SSH_ASKPASS="/tmp/askpass" setsid ssh-add /tmp/git_deploy_key </dev/null
+
+      # Run semantic-release after all the above is set.
+      - run: npm run semantic-release
+```
+
+Note that we encrypt the key to `/tmp` to avoid commit / modify / delete the unencrypted key by mistake on the CI.
+
+Delete the local private key as it won't be used anymore:
+
+```bash
+$ rm git_deploy_key
+```
+
+Commit the encrypted private key and the `.circleci/config.yml` file to your repository:
+
+```bash
+$ git add git_deploy_key.enc .circleci/config.yml
+$ git commit -m "ci(cicle): Add the encrypted private ssh key"
+$ git push
+```

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

41745

increased by8.1%

Number of lines in readme file

443

increased by18.13%

Dependency changes

• + Addedexeca@0.9.0(transitive)

• - Removedexeca@0.8.0(transitive)

• Updatedexeca@^0.9.0