Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
bump-everywhere
Advanced tools
Changelog
1.4.0 (2022-03-06)
::
for sourced utilities | 4a6e343Readme
🚀 Automate versioning, changelog creation, README updates and GitHub releases using GitHub Actions,npm, docker or bash.
🤖 Allows you to automatically:
npm
project then bump package.json
version and commit.README.md
file, if it has references to older version, update with never version.✅ Other features include:
- uses: undergroundwires/bump-everywhere@master
with:
# Repository name with owner to bump & release. For example, undergroundwires/bump-everywhere
# (Optional) Default: ${{ github.repository }}
repository: ''
# Name of the user who will do the bump commit
# (Optional) Default: ${{ github.actor }}
user: ''
# Commit message that will be used in the bump commit
# (Optional) Default: ⬆️ bump everywhere to {{version}}
commit-message: ''
# Personal access token (PAT) used to clone & push to the repository.
# If you use default, it'll not trigger other actions, but your own PAT then it triggers new actions
# (Optional) Default: ${{ github.token }}
git-token: ''
# The type of the GitHub release
# Options: 'release' | 'prerelease' | 'draft' | 'none' (does not release)
# (Optional) Default: 'release'
release-type: ''
# Personal access token (PAT) used to release to GitHub.
# Used only if release-type is not "none"
# If you use default, it'll not trigger other actions, but your own PAT then it triggers new actions
# (Optional) Default: ${{ github.token }}
release-token: ''
# Git branch to push the changes such as version tags, CHANGELOG file, version changes...
# Configuring this should not be needed for most use-cases.
# Use this only if you DO NOT use a single main default branch (e.g. `master` or `main`).
# (Optional) Default: Default "git clone" behavior. Checks out to default branch of remote.
branch: ''
To get the image you can either:
docker pull undergroundwires/bump-everywhere:latest
docker build . --tag undergroundwires/bump-everywhere:latest
Run with arguments:
args=(
# Required:
--repository "undergroundwires/privacy.sexy"
--user "bot-user"
--git-token "GitHub PAT for pushes"
--release-type "prerelease"
--release-token "GitHub PAT for releases"
--commit-message "⬆️ bump to {{version}}"
# Optional:
--branch 'custom branch name'
)
docker run undergroundwires/bump-everywhere "${args[@]}"
npm
npm install -g bump-everywhere
npm install bump-every-where --save-dev
npx bump-everywhere <parameters...>
bash
(4 or newer), git
, curl
, jq
exists in your environment
apk add bash git curl jq
choco install git curl jq
and use Git Bashgit clone https://github.com/undergroundwires/bump-everywhere
git submodule add https://github.com/undergroundwires/bump-everywhere
bash "scripts/bump-everywhere.sh" <parameters>
bump-everywhere only increases your patch versions. You manually tag your last commit to update major & minor versions.
E.g. :
git commit -m "bumped version to 1.4.0" --allow-empty
git tag 1.4.0
git push && git push origin 1.4.0
You can also use following scripts individually (check script files for usage, prerequisites & dependencies):
CHANGELOG.md
.packages.json
to match the latest version.README.md
to the latest version.Sponsor 💕. Consider one time or recurring donation on GitHub Sponsors or any other way (undrgroundwires.dev/donate), every penny you leave will help development and maintenance of the project .
Star 🤩. If you do cannot do that you can just give it a star ⭐ . It helps me to see that the project is appreciated.
Badge 📛. If you use the project, feel free to use the badge in the README.md
of repository where you use bump-everywhere so we can have larger community that can help improving the project. It would look like ). You can add following in your markdown file:
[![Auto-versioned by bump-everywhere](https://github.com/undergroundwires/bump-everywhere/blob/master/badge.svg?raw=true)](https://github.com/undergroundwires/bump-everywhere)
CI/CD is fully automated for this repo using different GIT events and GitHub actions.
FAQs
Automate versioning, changelog creations and GitHub releases using bash, GitHub action, npm or docker.
The npm package bump-everywhere receives a total of 49 weekly downloads. As such, bump-everywhere popularity was classified as not popular.
We found that bump-everywhere demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.