@semantic-release/github - npm Package Compare versions

Comparing version 2.1.0 to 2.2.0

lib/publish.js

@@ -1,8 +0,11 @@
-const {basename} = require('path');
+const {basename, extname} = require('path');
 const {parse} = require('url');
-const {stat} = require('fs-extra');
+const {stat, readFile} = require('fs-extra');
+const {isPlainObject} = require('lodash');
 const parseGithubUrl = require('parse-github-url');
 const GitHubApi = require('github');
-const pEachSeries = require('p-each-series');
-const debug = require('debug')('semantic-release:publish-github');
+const pReduce = require('p-reduce');
+const mime = require('mime');
+const debug = require('debug')('semantic-release:github');
+const globAssets = require('./glob-assets.js');
 const resolveConfig = require('./resolve-config');
@@ -29,2 +32,3 @@
     await github.gitdata.getReference({owner, repo, ref: `tags/${gitTag}`});
+    debug('The git tag %o already exists', gitTag);
   } catch (err) {
@@ -35,14 +39,17 @@ // If the error is 404, the tag doesn't exist, otherwise it's an error
     }
-    debug('Create git tag %o with commit %o', ref, gitHead);
+    debug('Create git tag %o with commit %o', gitTag, gitHead);
     await github.gitdata.createReference({owner, repo, ref, sha: gitHead});
   }
 
-  const {data: {id, html_url}} = await github.repos.createRelease(release); // eslint-disable-line camelcase
-  logger.log('Published Github release: %s', html_url);
+  const {data: {html_url: htmlUrl, upload_url: uploadUrl}} = await github.repos.createRelease(release);
+  logger.log('Published Github release: %s', htmlUrl);
 
   if (assets && assets.length > 0) {
+    const globbedAssets = await globAssets(assets);
+    debug('globed assets: %o', globbedAssets);
     // Make requests serially to avoid hitting the rate limit (https://developer.github.com/v3/guides/best-practices-for-integrators/#dealing-with-abuse-rate-limits)
-    await pEachSeries(assets, async asset => {
-      const filePath = typeof asset === 'object' ? asset.path : asset;
+    await pReduce(globbedAssets, async (_, asset) => {
+      const filePath = isPlainObject(asset) ? asset.path : asset;
       let file;
+
       try {
@@ -58,14 +65,25 @@ file = await stat(filePath);
       }
+
       const fileName = asset.name || basename(filePath);
-      const upload = {owner, repo, id, filePath, name: fileName};
+      const upload = {
+        owner,
+        repo,
+        url: uploadUrl,
+        file: await readFile(filePath),
+        contentType: mime.getType(extname(fileName)) || 'text/plain',
+        contentLength: file.size,
+        name: fileName,
+      };
+
       debug('file path: %o', filePath);
       debug('file name: %o', fileName);
-      if (asset.label) {
+
+      if (isPlainObject(asset) && asset.label) {
         upload.label = asset.label;
       }
 
-      const {data: {browser_download_url}} = await github.repos.uploadAsset(upload); // eslint-disable-line camelcase
-      logger.log('Published file %s', browser_download_url);
+      const {data: {browser_download_url: downloadUrl}} = await github.repos.uploadAsset(upload);
+      logger.log('Published file %s', downloadUrl);
     });
   }
 };

lib/resolve-config.js

@@ -0,1 +1,3 @@
+const {castArray} = require('lodash');
+
 module.exports = ({githubToken, githubUrl, githubApiPathPrefix, assets}) => ({
@@ -5,3 +7,3 @@ githubToken: githubToken || process.env.GH_TOKEN || process.env.GITHUB_TOKEN,
   githubApiPathPrefix: githubApiPathPrefix || process.env.GH_PREFIX || process.env.GITHUB_PREFIX,
-  assets: assets ? (Array.isArray(assets) ? assets : [assets]) : assets,
+  assets: assets ? castArray(assets) : assets,
 });

lib/verify.js

 const {parse} = require('url');
+const {isString, isPlainObject, isUndefined, isArray} = require('lodash');
 const parseGithubUrl = require('parse-github-url');
@@ -14,10 +15,14 @@ const GitHubApi = require('github');
 
-  if (assets && assets.length > 0) {
-    // Verify that every asset is either a string or an object with path attribute defined
-    if (!assets.every(asset => typeof asset === 'string' || (typeof asset === 'object' && Boolean(asset.path)))) {
-      throw new SemanticReleaseError(
-        'The "assets" options must be an Array of strings or objects with a path property.',
-        'EINVALIDASSETS'
-      );
-    }
+  if (
+    !isUndefined(assets) &&
+    assets !== false &&
+    !(
+      isArray(assets) &&
+      assets.every(asset => isStringOrStringArray(asset) || (isPlainObject(asset) && isStringOrStringArray(asset.path)))
+    )
+  ) {
+    throw new SemanticReleaseError(
+      'The "assets" options must be an Array of Strings or Objects with a path property.',
+      'EINVALIDASSETS'
+    );
   }
@@ -57,1 +62,5 @@
 };
+
+function isStringOrStringArray(value) {
+  return isString(value) || (isArray(value) && value.every(isString));
+}

package.json

@@ -1,1 +0,1 @@
-{"name":"@semantic-release/github","description":"Set of semantic-release plugins for publishing a Github release","version":"2.1.0","author":"Pierre Vanduynslager (https://twitter.com/@pvdlg_)","bugs":{"url":"https://github.com/semantic-release/github/issues"},"config":{"commitizen":{"path":"cz-conventional-changelog"}},"contributors":["Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)","Gregor Martynus (https://twitter.com/gr2m)"],"dependencies":{"@semantic-release/error":"^2.1.0","debug":"^3.1.0","fs-extra":"^4.0.2","github":"^12.0.5","p-each-series":"^1.0.0","parse-github-url":"^1.0.1"},"devDependencies":{"ava":"^0.24.0","clear-module":"^2.1.0","codecov":"^3.0.0","commitizen":"^2.9.6","cz-conventional-changelog":"^2.0.0","eslint-config-prettier":"^2.8.0","eslint-plugin-prettier":"^2.3.0","nock":"^9.1.0","nyc":"^11.2.1","prettier":"~1.8.2","semantic-release":"^10.0.0","sinon":"^4.0.0","xo":"^0.18.2"},"engines":{"node":">=4"},"files":["lib","index.js"],"homepage":"https://github.com/semantic-release/github#readme","keywords":["git","github","publish","release","semantic-release","version"],"license":"MIT","main":"index.js","nyc":{"include":["lib/**/*.js","index.js"],"reporter":["json","text","html"],"all":true},"prettier":{"printWidth":120,"singleQuote":true,"bracketSpacing":false,"trailingComma":"es5"},"publishConfig":{"access":"public"},"repository":{"type":"git","url":"https://github.com/semantic-release/github.git"},"scripts":{"cm":"git-cz","codecov":"codecov -f coverage/coverage-final.json","lint":"xo","pretest":"npm run lint","semantic-release":"semantic-release","test":"nyc ava -v"},"xo":{"extends":["prettier"],"plugins":["prettier"],"rules":{"prettier/prettier":2}}}
+{"name":"@semantic-release/github","description":"Set of semantic-release plugins for publishing a Github release","version":"2.2.0","author":"Pierre Vanduynslager (https://twitter.com/@pvdlg_)","bugs":{"url":"https://github.com/semantic-release/github/issues"},"config":{"commitizen":{"path":"cz-conventional-changelog"}},"contributors":["Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)","Gregor Martynus (https://twitter.com/gr2m)"],"dependencies":{"@semantic-release/error":"^2.1.0","debug":"^3.1.0","fs-extra":"^4.0.2","github":"^13.0.0","globby":"^7.1.1","lodash":"^4.17.4","mime":"^2.0.3","p-reduce":"^1.0.0","parse-github-url":"^1.0.1"},"devDependencies":{"ava":"^0.24.0","clear-module":"^2.1.0","codecov":"^3.0.0","commitizen":"^2.9.6","cz-conventional-changelog":"^2.0.0","eslint-config-prettier":"^2.8.0","eslint-plugin-prettier":"^2.3.0","nock":"^9.1.0","nyc":"^11.2.1","prettier":"~1.8.2","semantic-release":"^10.0.0","sinon":"^4.0.0","xo":"^0.18.2"},"engines":{"node":">=4"},"files":["lib","index.js"],"homepage":"https://github.com/semantic-release/github#readme","keywords":["git","github","publish","release","semantic-release","version"],"license":"MIT","main":"index.js","nyc":{"include":["lib/**/*.js","index.js"],"reporter":["json","text","html"],"all":true},"prettier":{"printWidth":120,"singleQuote":true,"bracketSpacing":false,"trailingComma":"es5"},"publishConfig":{"access":"public"},"repository":{"type":"git","url":"https://github.com/semantic-release/github.git"},"scripts":{"cm":"git-cz","codecov":"codecov -f coverage/coverage-final.json","lint":"xo","pretest":"npm run lint","semantic-release":"semantic-release","test":"nyc ava -v"},"xo":{"extends":["prettier"],"plugins":["prettier"],"rules":{"prettier/prettier":2}}}

README.md

@@ -11,55 +11,71 @@ # @semantic-release/github
 
-Verify the presence and the validity of the `githubToken` (set via option or environment variable).
+Verify the presence and the validity of the `githubToken` (set via option or environment variable) and the `assets` option configuration.
 
-### Options
+## publish
 
-| Option                | Description                                               | Default                                                |
-| --------------------- | --------------------------------------------------------- | ------------------------------------------------------ |
-| `githubToken`         | **Required.** The token used to authenticate with GitHub. | `process.env.GH_TOKEN` or `process.env.GITHUB_TOKEN`   |
-| `githubUrl`           | The GitHub Enterprise endpoint.                           | `process.env.GH_URL` or `process.env.GITHUB_URL`       |
-| `githubApiPathPrefix` | The GitHub Enterprise API prefix.                         | `process.env.GH_PREFIX` or `process.env.GITHUB_PREFIX` |
+Publish a [Github release](https://help.github.com/articles/about-releases), optionnaly uploading files.
 
-## publish
+## Configuration
 
-Publish a [Github release](https://help.github.com/articles/about-releases).
+### Github Repository authentication
 
+The `Github` authentication configuration is **required** and can be set via [environment variables](#environment-variables).
+
+Only the [personal token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line) authentication is supported.
+
+### Environment variables
+
+| Variable                       | Description                                               |
+| ------------------------------ | ----------------------------------------------------------|
+| `GH_TOKEN` or `GITHUB_TOKEN`   | **Required.** The token used to authenticate with GitHub. |
+| `GH_URL` or `GITHUB_URL`       | The GitHub Enterprise endpoint.                           |
+| `GH_PREFIX` or `GITHUB_PREFIX` | The GitHub Enterprise API prefix.                         |
+
 ### Options
 
-| Option                | Description                                               | Default                                                |
-| --------------------- | --------------------------------------------------------- | ------------------------------------------------------ |
-| `githubToken`         | **Required.** The token used to authenticate with GitHub. | `process.env.GH_TOKEN` or `process.env.GITHUB_TOKEN`   |
-| `githubUrl`           | The GitHub Enterprise endpoint.                           | `process.env.GH_URL` or `process.env.GITHUB_URL`       |
-| `githubApiPathPrefix` | The GitHub Enterprise API prefix.                         | `process.env.GH_PREFIX` or `process.env.GITHUB_PREFIX` |
-| `assets`              | An array of files to upload to the release.               | - 
+| Option                | Description                                                        | Default                                              |
+| --------------------- | ------------------------------------------------------------------ | ---------------------------------------------------- |
+| `githubToken`         | **Required.** The token used to authenticate with GitHub.          | `GH_TOKEN` or `GITHUB_TOKEN` environment variable.   |
+| `githubUrl`           | The GitHub Enterprise endpoint.                                    | `GH_URL` or `GITHUB_URL` environment variable.       |
+| `githubApiPathPrefix` | The GitHub Enterprise API prefix.                                  | `GH_PREFIX` or `GITHUB_PREFIX` environment variable. |
+| `assets`              | An array of files to upload to the release. See [assets](#assets). | -                                                    |
 
-#### assets option
+#### `assets`
 
-Each element of the array can be a path to the file or an `object` with the properties:
+Can be a [glob](https://github.com/isaacs/node-glob#glob-primer) or and `Array` of [globs](https://github.com/isaacs/node-glob#glob-primer) and `Object`s with the following properties
 
-| Property | Description                                                              | Default                              |
-| -------- | ------------------------------------------------------------------------ | ------------------------------------ |
-| `path`   | **Required.** The file path to upload relative to the project directory. | -                                    |
-| `name`   | The name of the downloadable file on the Github release.                 | File name extracted from the `path`. |
-| `label`  | Short description of the file displayed on the Github release.           | -                                    |
+| Property | Description                                                                                              | Default                              |
+| -------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------ |
+| `path`   | **Required.** A [glob](https://github.com/isaacs/node-glob#glob-primer) to identify the files to upload. | -                                    |
+| `name`   | The name of the downloadable file on the Github release.                                                 | File name extracted from the `path`. |
+| `label`  | Short description of the file displayed on the Github release.                                           | -                                    |
 
-## Configuration
+Each entry in the `assets` `Array` is globbed individually. A [glob](https://github.com/isaacs/node-glob#glob-primer) can be a `String` (`"dist/**/*.js"` or `"dist/mylib.js"`) or an `Array` of `String`s that will be globbed together (`["dist/**", "!**/*.css"]`).
 
+If a directory is configured, all the files under this directory and its children will be included.
+
+Files can be included enven if they have a match in `.gitignore`.
+
+##### `assets` examples
+
+`'dist/*.js'`: include all the `js` files in the `dist` directory, but not in its sub-directories.
+
+`[['dist', '!**/*.css']]`: include all the files in the `dist` directory and its sub-directories excluding the `css` files.
+
+`[{path: 'dist/MyLibrary.js', label: 'MyLibrary JS distribution'}, {path: 'dist/MyLibrary.css', label: 'MyLibrary CSS distribution'}]`: include the `dist/MyLibrary.js` and `dist/MyLibrary.css` files, and label them `MyLibrary JS distribution` and `MyLibrary CSS distribution` in the Github release.
+
+`[['dist/**/*.{js,css}', '!**/*.min.*'], {path: 'build/MyLibrary.zip', label: 'MyLibrary'}]`: include all the `js` and `css` files in the `dist` directory and its sub-directories excluding the minified version, plus the `build/MyLibrary.zip` file and label it `MyLibrary` in the Github release.
+
+### Usage
+
 The plugins are used by default by [semantic-release](https://github.com/semantic-release/semantic-release) so no specific configuration is requiered if `githubToken`, `githubUrl` and `githubApiPathPrefix` are set via environment variable.
 
 Each individual plugin can be disabled, replaced or used with other plugins in the `package.json`:
+
 ```json
 {
   "release": {
-    "verifyConditions": ["@semantic-release/github", "verify-other-condition"],
-    "getLastRelease": "custom-get-last-release",
-    "publish": [
-      "custom-publish",
-      {
-        "path": "@semantic-release/github",
-        "assets": [
-          {"path": "dist/asset.min.css", "label": "CSS distribution"},
-          {"path": "dist/asset.min.js", "label": "JS distribution"}
-        ]
-      }
-    ]
+    "verifyConditions": ["@semantic-release/github", "@semantic-release/npm", "verify-other-condition"],
+    "getLastRelease": "@semantic-release/npm",
+    "publish": ["@semantic-release/npm", "@semantic-release/github", "other-publish"]
   }
@@ -69,3 +85,4 @@ }
 
-The same configuration for Github Enterprise:
+Options can be set within the plugin definition in the `semantic-release` configuration file:
+
 ```json
@@ -75,2 +92,3 @@ {
     "verifyConditions": [
+      "@semantic-release/npm",
       {
@@ -83,5 +101,4 @@ "path": "@semantic-release/github",
     ],
-    "getLastRelease": "custom-get-last-release",
     "publish": [
-      "custom-publish",
+      "@semantic-release/npm",
       {
@@ -88,0 +105,0 @@ "path": "@semantic-release/github",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 6 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

18543

increased by35.67%

Number of package files

8

increased by14.29%

Lines of code

210

increased by51.08%

Number of lines in readme file

113

increased by17.71%

Worsened metrics

Dependency count

9

increased by50%

Number of low supply chain risk alerts

7

increased by600%

Dependency changes

• + Addedglobby@^7.1.1

• + Addedlodash@^4.17.4

• + Addedmime@^2.0.3

• + Addedp-reduce@^1.0.0

• + Addedarray-union@1.0.2(transitive)

• + Addedarray-uniq@1.0.3(transitive)

• + Addedbalanced-match@1.0.2(transitive)

• + Addedbrace-expansion@1.1.11(transitive)

• + Addedconcat-map@0.0.1(transitive)

• + Addeddir-glob@2.2.2(transitive)

• + Addedfs.realpath@1.0.0(transitive)

• + Addedgithub@13.1.1(transitive)

• + Addedglob@7.2.3(transitive)

• + Addedglobby@7.1.1(transitive)

• + Addedignore@3.3.10(transitive)

• + Addedinflight@1.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedis-stream@1.1.0(transitive)

• + Addedminimatch@3.1.2(transitive)

• + Addedonce@1.4.0(transitive)

• + Addedpath-is-absolute@1.0.1(transitive)

• + Addedpath-type@3.0.0(transitive)

• + Addedpify@3.0.0(transitive)

• + Addedproxy-from-env@1.1.0(transitive)

• + Addedslash@1.0.0(transitive)

• + Addedurl-template@2.0.8(transitive)

• + Addedwrappy@1.0.2(transitive)

• - Removedp-each-series@^1.0.0

• - Removedfollow-redirects@1.2.6(transitive)

• - Removedgithub@12.1.0(transitive)

• - Removednetrc@0.1.4(transitive)

• - Removedp-each-series@1.0.0(transitive)

• Updatedgithub@^13.0.0