Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Upload to Nexus, Upload files to hooks, Modify version number, Sync to GitLab type repository, Extract command from Git commit message, Create SonarQube project, Generate template files and Create archives
Upload to Nexus, Upload files to hooks, Modify version number, Syncing of GitLab/GitHub type repository, Generate template files, Create Git tags, Extract commands from Git commit messages, Create SonarQube projects, Archive file(s), Create changelog.md file
You can download and install the latest version of this software from the Python package index (PyPI) as follows::
pip install --upgrade artify
python -m artify --help=
python -m artify --command <command> [Options]
or
python -m artify -c <command> [Options]
Params
command nexus, syncrepo, deploy, deltav, create, extract, initialize, archive
python -m artify -c changelog
Optional params
--projectname Used to specify project when solution has more than 1 project. For .NET/NET core projects
.Net/.Netcore example below:
python -m artify -c changelog --projectname Client
python -m artify -c nexus -f <format> -n <artifact_name> -h <nexus_repository_base_url>
Important
Artifact name should include artifact id and version number. E.g example-ws-1.0.0.war
Params
-f, --format Nexus upload format. Types supported: raw, npm, maven, nuget, pypi, helm
-w, --workdirectory Working directory of artifact to be uploaded to Nexus repository
-n, --artifactname Artifact name
-r, --repository Nexus repository to upload to: e.g -snapshots
-g, --groupid Group ID for Maven2 type repository, Environment variable: NEXUS_GROUP_ID
-d, --directory Directory for RAW type repository
-u, --username Username of nexus user, Environment variable: NEXUS_USERNAME
-p, --password Password of nexus user, Environment variable: NEXUS_PASSWORD
--proxy Sets Http proxy
--proxysec Sets Https proxy
Optional Parameter(s)
--file2 Allow second file to be upload, will be uploaded as a classifier
CI_COMMIT_BRANCH The pipeline CI branch that the Nexus upload is being initiated from
NEXUS_GROUP_ID Group ID of the project e.g com.testing.testapplication
NEXUS_USERNAME Username of nexus user that will upload artifact
NEXUS_PASSWORD Password of nexus user that will upload artifact
python -m artify -c deploy -f <manifest_file.yml> -h <awx_host>
DEPLOY_TOKEN Token used to deploy application
Artify uses semantic version 2.0.
python -m artify -c deltav -t patch -a npm
python -m artify -c version -t patch -a flutter
python -m artify -c deltav -t auto -a other --file=setup.py
python -m artify -c version -t minor -a gradle --file=version.properties
Params
-a, --archtype npm, gradle, flutter, maven, dotnet, other
-t, --type major, minor, patch, prerelease, auto
Optional Params
--preValue Prerelease version value e.g SNAPHOT, RELEASE, BUILD, beta, alpa
--getversion Get the current application version
--nocommit Does not create feature branch with version change
--file File name that you want to update version number. It should be relative to artify execution directory
--file2 An additional file that you want to update version number. It should be relative to artify execution directory
python -m artify -c syncrepo -m <message> -b
Params
-c, --message Commit message
-b, --branch Optional, by default, it will push to 'develop' branch
PRIVATE_TOKEN, popularly known as personal access token is needed to perform the push. This can be created by following this guide:
Creating a personal access token: GitLab
Creating a personal access token: GitHub
N.B A commit is performed automatically followed by a push
python -m artify -c syncrepo -m tag
Optional Params
--projectname Used to specify project when solution has more than 1 project. For .NET/NET core projects
python -m artify -c syncrepo -m tag
Creates a git tag of repository branch that task is executed on e.g v-1.0.0-a56def9
python -m artify -c syncrepo -m tag --projectname Client
Creates a git tag of repository branch for the Client project that task is executed on (For .NET/.NET core projects) e.g v-1.0.0.0-b56dcf9
N.B Please set environment variable CI_COMMIT_SHORT_SHA (This variable is already set in GitLab type repository)
python -m artify -c create -f gitlabci
python -m artify -c create -f manifest
Params -f, --file File template to generate
Supported files
python -m artify -c extract
N.B If manifest.yml file is present, it will update version number in that file also.
Parameters
version/deltav - specifies type of version change e.g "version": "patch", "deltav": "patch", "version": "minor", "version": "auto"
archtype - specifies project architecture e.g "archtype": "npm", "archtype": "gradle", "archtype": "flutter", "archtype": "other"
Environment variable(s) needed
CI_COMMIT_MESSAGE This the variables that is used to extract dictionary formatted command
N.B For GitHub, you can set value using commands below pipeline line (*.yml):
env:
CI_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
Optional Parameters
branch - speficies branch you want to push changes. If branch is not specified, it push changes to 'develop' branch by default
nocommit - Does not create feature branch with version change
file - File name that you want to update version number. It should be relative to artify execution directory
file2 - An additional file that you want to update version number. It should be relative to artify execution directory
Sample commit messages
Added login functionality {"version": "patch", "archtype": "npm", "branch": "release-1.0.0" } - Updates the patch version of npm type project, and push to branch called 'release-1.0.0' branch
Added search functionality {"deltav": "major", "archtype": "gradle" } - Updates the major version of a java project with Gradle build tool
Added edit functionality {"version": "minor", "a": "flutter" } - Updates the minor version of a flutter project
Add filter functionality {"version": "prerelease", "archtype": "npm", "preValue": "beta"} - Updates the prerelease value i.e Version 1.0.0 would change to 1.0.0-beta
Upgrade from Angular 11 to Angular 12 {"version": "auto", "archtype": "gradle", "branch": "feature/angular-12"} - Updates the pre-release integer value by 1 e.g 1.0.0-beta1 will change to 1.0.0-beta2
python -m artify -c initialize -h <SonarQube_base_url> -k <project-key> -n <project-name> -u <username> -p <password> -a <arch_type/os> -l <language>
Sample command
python -m artify -c initialize -h <SonarQube_base_url> -k <project-key> -n <project-name> -u <username> -p <password> -l java -a gradle
python -m artify -c initialize -h <SonarQube_base_url> -k <project-key> -n <project-name> -u <username> -p <password> -l java -a maven
For Windows Runner, Other (JS, TS, Go, Python, PHP, ...)
python -m artify -c initialize -h <SonarQube_base_url> -k -n -u -p -l other -a windows
For Linux/macOS runner, Other (JS, TS, Go, Python, PHP, ...)
python -m artify -c initialize -h <SonarQube_base_url> -k -n -u -p -l other -a linux
Parameters
-l, --language => Possible values: JS, TS, Go, Python, PHP, other)
-a, --archtype => Architecture, OS (depends on usage)
-n, --projectname => Project name.
-k, --projectkey => Project key. This should be a unique identifier for project.
-u, --username => Username for SonarQube.
-p, --password => Password for SonarQube. The user should be able to create projects.
N.B. The user should have the permission to create/modify projects.
python -m artify -c initialize -h <SonarQube_base_url> -k -n -u -p -a php
Uses Shutil Python library to create archive file
python -m artify -c archive -n <archive_name> -f <archive_format> -w <root_dir> -d base_dir>
Parameters
-n, --archivename Name for the archive file that will be created.
-f, --format Format for the archive e.g zip, tar, gztar, bztar, xztar.
-w, --rootdir Root directory is a directory that will be the root directory of the archive.
-d, --basedir Base directory is the directory where we start archiving from.
FAQs
Upload to Nexus, Upload files to hooks, Modify version number, Sync to GitLab type repository, Extract command from Git commit message, Create SonarQube project, Generate template files and Create archives
We found that artify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.