Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Upload to Nexus, Upload files to hooks, Modify version number, Sync to GitLab type repository, Extract command from Git commit message, Create SonarQube project, Generate template files and Create archives
Upload to Nexus, Upload files to hooks, Modify version number, Syncing of GitLab/GitHub type repository, Generate template files, Create Git tags, Extract commands from Git commit messages, Create SonarQube projects, Archive file(s), Create changelog.md file
You can download and install the latest version of this software from the Python package index (PyPI) as follows::
pip install --upgrade artify
python -m artify --help=
python -m artify --command <command> [Options]
or
python -m artify -c <command> [Options]
Params
command nexus, syncrepo, deploy, deltav, create, extract, initialize, archive
python -m artify -c changelog
Optional params
--projectname Used to specify project when solution has more than 1 project. For .NET/NET core projects
.Net/.Netcore example below:
python -m artify -c changelog --projectname Client
python -m artify -c nexus -f <format> -n <artifact_name> -h <nexus_repository_base_url>
Important
Artifact name should include artifact id and version number. E.g example-ws-1.0.0.war
Params
-f, --format Nexus upload format. Types supported: raw, npm, maven, nuget, pypi, helm
-w, --workdirectory Working directory of artifact to be uploaded to Nexus repository
-n, --artifactname Artifact name
-r, --repository Nexus repository to upload to: e.g -snapshots
-g, --groupid Group ID for Maven2 type repository, Environment variable: NEXUS_GROUP_ID
-d, --directory Directory for RAW type repository
-u, --username Username of nexus user, Environment variable: NEXUS_USERNAME
-p, --password Password of nexus user, Environment variable: NEXUS_PASSWORD
--proxy Sets Http proxy
--proxysec Sets Https proxy
Optional Parameter(s)
--file2 Allow second file to be upload, will be uploaded as a classifier
CI_COMMIT_BRANCH The pipeline CI branch that the Nexus upload is being initiated from
NEXUS_GROUP_ID Group ID of the project e.g com.testing.testapplication
NEXUS_USERNAME Username of nexus user that will upload artifact
NEXUS_PASSWORD Password of nexus user that will upload artifact
python -m artify -c deploy -f <manifest_file.yml> -h <awx_host>
DEPLOY_TOKEN Token used to deploy application
Artify uses semantic version 2.0.
python -m artify -c deltav -t patch -a npm
python -m artify -c version -t patch -a flutter
python -m artify -c deltav -t auto -a other --file=setup.py
python -m artify -c version -t minor -a gradle --file=version.properties
Params
-a, --archtype npm, gradle, flutter, maven, dotnet, other
-t, --type major, minor, patch, prerelease, auto
Optional Params
--preValue Prerelease version value e.g SNAPHOT, RELEASE, BUILD, beta, alpa
--getversion Get the current application version
--nocommit Does not create feature branch with version change
--file File name that you want to update version number. It should be relative to artify execution directory
--file2 An additional file that you want to update version number. It should be relative to artify execution directory
python -m artify -c syncrepo -m <message> -b
Params
-c, --message Commit message
-b, --branch Optional, by default, it will push to 'develop' branch
PRIVATE_TOKEN, popularly known as personal access token is needed to perform the push. This can be created by following this guide:
Creating a personal access token: GitLab
Creating a personal access token: GitHub
N.B A commit is performed automatically followed by a push
python -m artify -c syncrepo -m tag
Optional Params
--projectname Used to specify project when solution has more than 1 project. For .NET/NET core projects
python -m artify -c syncrepo -m tag
Creates a git tag of repository branch that task is executed on e.g v-1.0.0-a56def9
python -m artify -c syncrepo -m tag --projectname Client
Creates a git tag of repository branch for the Client project that task is executed on (For .NET/.NET core projects) e.g v-1.0.0.0-b56dcf9
N.B Please set environment variable CI_COMMIT_SHORT_SHA (This variable is already set in GitLab type repository)
python -m artify -c create -f gitlabci
python -m artify -c create -f manifest
Params -f, --file File template to generate
Supported files
python -m artify -c extract
N.B If manifest.yml file is present, it will update version number in that file also.
Parameters
version/deltav - specifies type of version change e.g "version": "patch", "deltav": "patch", "version": "minor", "version": "auto"
archtype - specifies project architecture e.g "archtype": "npm", "archtype": "gradle", "archtype": "flutter", "archtype": "other"
Environment variable(s) needed
CI_COMMIT_MESSAGE This the variables that is used to extract dictionary formatted command
N.B For GitHub, you can set value using commands below pipeline line (*.yml):
env:
CI_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
Optional Parameters
branch - speficies branch you want to push changes. If branch is not specified, it push changes to 'develop' branch by default
nocommit - Does not create feature branch with version change
file - File name that you want to update version number. It should be relative to artify execution directory
file2 - An additional file that you want to update version number. It should be relative to artify execution directory
Sample commit messages
Added login functionality {"version": "patch", "archtype": "npm", "branch": "release-1.0.0" } - Updates the patch version of npm type project, and push to branch called 'release-1.0.0' branch
Added search functionality {"deltav": "major", "archtype": "gradle" } - Updates the major version of a java project with Gradle build tool
Added edit functionality {"version": "minor", "a": "flutter" } - Updates the minor version of a flutter project
Add filter functionality {"version": "prerelease", "archtype": "npm", "preValue": "beta"} - Updates the prerelease value i.e Version 1.0.0 would change to 1.0.0-beta
Upgrade from Angular 11 to Angular 12 {"version": "auto", "archtype": "gradle", "branch": "feature/angular-12"} - Updates the pre-release integer value by 1 e.g 1.0.0-beta1 will change to 1.0.0-beta2
python -m artify -c initialize -h <SonarQube_base_url> -k <project-key> -n <project-name> -u <username> -p <password> -a <arch_type/os> -l <language>
Sample command
python -m artify -c initialize -h <SonarQube_base_url> -k <project-key> -n <project-name> -u <username> -p <password> -l java -a gradle
python -m artify -c initialize -h <SonarQube_base_url> -k <project-key> -n <project-name> -u <username> -p <password> -l java -a maven
For Windows Runner, Other (JS, TS, Go, Python, PHP, ...)
python -m artify -c initialize -h <SonarQube_base_url> -k -n -u -p -l other -a windows
For Linux/macOS runner, Other (JS, TS, Go, Python, PHP, ...)
python -m artify -c initialize -h <SonarQube_base_url> -k -n -u -p -l other -a linux
Parameters
-l, --language => Possible values: JS, TS, Go, Python, PHP, other)
-a, --archtype => Architecture, OS (depends on usage)
-n, --projectname => Project name.
-k, --projectkey => Project key. This should be a unique identifier for project.
-u, --username => Username for SonarQube.
-p, --password => Password for SonarQube. The user should be able to create projects.
N.B. The user should have the permission to create/modify projects.
python -m artify -c initialize -h <SonarQube_base_url> -k -n -u -p -a php
Uses Shutil Python library to create archive file
python -m artify -c archive -n <archive_name> -f <archive_format> -w <root_dir> -d base_dir>
Parameters
-n, --archivename Name for the archive file that will be created.
-f, --format Format for the archive e.g zip, tar, gztar, bztar, xztar.
-w, --rootdir Root directory is a directory that will be the root directory of the archive.
-d, --basedir Base directory is the directory where we start archiving from.
FAQs
Upload to Nexus, Upload files to hooks, Modify version number, Sync to GitLab type repository, Extract command from Git commit message, Create SonarQube project, Generate template files and Create archives
We found that artify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.