Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gitex-flow
Advanced tools
A git flow extension that provides some additional automation and feature improvements. The aim of the project is to offer a complete process chain in order to organize the releases of your projects as easily as possible.
gitex-flow is a git flow extension, extending git flow by some additional features. It also represents a tool chain for a continuous release strategy that automates as many work steps as possible.
This project provides a node.js implementation of gitex-flow that is tailored for use in a npm project.
In my experience as a software developer, one of the most important parts of a software project is a precisely defined and largely automated release and deployment process. Modern software projects often consist of several autonomous projects (ex. micro services), each with their own release cycles. Git flow offers a standardized release strategy that helps you get this problem under control.
In addition, using Git Flow covers some common requirements and allows other project management issues to be automated:
Easy creation of frequent releases: Continous and frequent releases are mostly an essential part of the project requirement, especially for agile projects. A deployment can be very error prune and time intense. For this reason, it is worth investing in making the deployment process as simple as possible.
Simplifies the automation of build tasks: The standardization of releases simplifies the automation of versioning (ex. semantic versioning) and build tasks (ex. building npm packages or executables).
Scales well for different team sizes: When a project gets bigger and more complicated or several developers work on it, a defined release process becomes more and more important.
Keep the user informed about changes and features: Frequent releases carry the risk that the user loses track of the versions and their changes. Transparency is important in increasing the acceptance of the software and allows to participate the user into the software project.
If you like to use gitex-flow in your node.js project you can use gitex-flow as a npm script.
#> npm install -g gitex-flow
You can also install gitex-flow as a npm development dependency in your project:
#> npm install --save-dev gitex-flow
To integrate the gitex workflow into your project, add the following lines to the scripts
section of your package.json
:
"scripts": {
...
"init": "gitex-flow init",
"feature:start": "gitex-flow feature start",
"feature:finish": "gitex-flow feature finish",
"release:start": "gitex-flow release start",
"release:finish": "gitex-flow release finish",
"hotfix:start": "gitex-flow hotfix start",
"hotfix:finish": "gitex-flow hotfix finish",
"bugfix:start": "gitex-flow bugfix start",
"bugfix:finish": "gitex-flow bugfix finish",
"support:start": "gitex-flow support start",
"support:finish": "gitex-flow support finish"
...
}
Once after the installation or after cloning a new local repository you have to initialize it by executing the following command:
#> gitex-flow init
or if it was installed as a project dependency
#> npm run init
To configure gitex-flow you can create a configuration file .gitex
.
The following JSON shows the schema and the default values of the configuration:
{
"gitFlowConfig": {
"masterBranch": "master",
"developBranch": "develop",
"featureBranchPrefix": "feature",
"bugfixBranchPrefix": "bugfix",
"releaseBranchPrefix": "release",
"hotfixBranchPrefix": "hotfix",
"supportBranchPrefix": "support",
"versionTagPrefix": null
},
"projectConfig": {
"projectPath": "./",
"changelogFileName": "CHANGELOG.md",
"storeLatestChangelog": false,
"conventionalChangelogPresent": "angular",
"versionFile": "package.json",
"bumpVersionFiles": [
"package.json",
"package-lock.json"
]
},
"log4jsConfig": {
"appenders": { "console": { "type": "console" } },
"categories": { "default": { "appenders": ["console"], "level": "info" } }
},
}
Further information on the available configurations can be found in the API documentation.
gitex-flow is fully compatible with git flow. This means that gitex-flow uses the same commands that you know from git flow, but with additional functionality.
In order to be able to take full advantage of gitex-flow, it is worth following some conventions.
To generate the changelogs, gitex-flow uses parts of the conventional-changelog framework.
You can select your desired present by setting the option conventionalChangelogPresent
of the project settings.
The default present is angular
.
An example for a matching conventional angular commit message:
feat(gflow): Implemented automatic naming when creating branches
The name of the release and hotfix branch is set automatically when it is created.
closes #5
or
feat(config): Made gitex-flow configurable
Added configuration data structure and introduced optional config file '.gitex'.
BREAKING CHANGE: Adapted API by adding an options to the affected modules (classes).
closes #10
Features are branches that are based on the develop branch, which add new functionality to the program. Feature branches can exist across many releases and can be updated regularly with the latest changes the develop branch.
#> npm run feature:start -- <name>
...
#> npm run feature:finish -- <name>
Bugfix branches are similar to feature branches, but are used for fixing bugs. This is useful for bugs which are not fixable as a hotfix (breaking change, low prio bug).
#> npm run bugfix:start -- <name>
...
#> npm run bugfix:finish -- <name>
Releases are branches that are based on the develop branch, which freezes the current code and mark a feature stop. The code from the release branch can be published to the consolidation (test) system. Only bugfixes are allowed to be commited on the release branch. If the release is stable, the release branch can be finished and merged into the master branch.
#> npm run release:start -- [name]
...
#> npm run release:finish -- [name]
package.json
is updatedCHANGELOG.md
is updated with the changes since the last releaseHotfixes are bug fixes based on a released version.
#> npm run hotfix:start -- [name]
...
#> npm run hotfix:finish -- [name]
package.json
is updatedCHANGELOG.md
is updated with the bugfixs are mode on the hotfix branchSupport branches are based on a released version to provide long term support of a program version.
#> npm run support:start -- <name> <base>
...
#> npm run support:finish -- <name> <base>
If you like to use gitex-flow in your code, you can use the typescript gitex-flow API.
gitex-flow is implemented as a wrapper of an arbitary git flow implementation.
import { AvhGitFlow, GFlow, GFlowConfig } from 'gitex-flow';
// Options with default values
const gFlowConfig: GFlowConfig = {
gitFlowConfig: {
masterBranch: 'master',
developBranch: 'develop',
featureBranchPrefix: 'feature',
bugfixBranchPrefix: 'bugfix',
releaseBranchPrefix: 'release',
hotfixBranchPrefix: 'hotfix',
supportBranchPrefix: 'support',
versionTagPrefix: undefined,
},
projectConfig: {
projectPath: './',
changelogFileName: 'CHANGELOG.md',
storeLatestChangelog: false,
conventionalChangelogPresent: 'angular',
versionFile: 'package.json',
bumpVersionFiles: ['package.json', 'package-lock.json'],
},
log4jsConfig: {
appenders: { console: { type: 'console' } },
categories: { default: { appenders: ['console'], level: 'info' } },
},
};
const gitFlow = new AvhGitFlow();
const gFlow = new GFlow(gitFlow, gFlowConfig);
// ...
The full API documentation can be found here.
FAQs
A git flow extension that provides some additional automation and feature improvements. The aim of the project is to offer a complete process chain in order to organize the releases of your projects as easily as possible.
The npm package gitex-flow receives a total of 0 weekly downloads. As such, gitex-flow popularity was classified as not popular.
We found that gitex-flow demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.