parse_a_changelog 1.3.0 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00e6ad2d290f5f06bae47ddee2972e9621f1210083644ee3918a775f5a55ae6b
-  data.tar.gz: bbb0a503e5c628806c07217f1e5924b660b35855397a7e425ecd6418e42c6108
+  metadata.gz: 594f7864c6c0796a0b7ca594e7a3ae300c40d95de69503965e344d59262ecc53
+  data.tar.gz: 9ca6b5ccb862ee81fbb5eaec6b1b86b020ff7db0ec8bf7f527024936bc32d03b
 SHA512:
-  metadata.gz: d6c18d140b5e252a3556fe4310006258866b9518f87cc185fe38f87ca81447cbfa75517c5d980d137c1a518dda50e3cf0671f7e9b454d0cebfe38782296f4730
-  data.tar.gz: 11f832db1f87b4f09b71b9aa564ada6004a2e745ffbb6e8c7a88432f2c4d1841aa60a95d33dc8c46999152a0f362738b9775aa43c1d5a3b44f2560f4e9426a11
+  metadata.gz: 5a184949c38c71e5519d66477c32b2235f2a0dc98eef5785658c419c07de1a8f17b026d7edab61d5b987a0aa31493330432d7f5bd449c09802f0ab37a3fc6b85
+  data.tar.gz: effa83d57427feeab570a95166c7d7eb09274736b9d25021539ea0530081736a81bca0345b365fbba1ff6cfea13d18c14281a7e91930d77757b2309673c9ee13

data/.codeclimate.yml

@@ -0,0 +1,162 @@
+# This is our default .CodeClimate.yml, broken out by language. Uncomment the
+# sections at the bottom that apply to your project. ACTION comments indicate
+# places where config might need to be tweaked.
+
+version: "2"
+
+plugins:
+
+# ---------------
+# Cross-language plugins. Should always be on.
+
+  duplication: # Looks for similar and identical code blocks
+    enabled: true
+    config:
+      languages:
+        go:
+        java:
+        javascript:
+        php:
+        python:
+          python_version: 3  # ACTION Comment this out if using Python 2
+        ruby:
+        swift:
+        typescript:
+
+  fixme: # Flags any FIXME, TODO, BUG, XXX, HACK comments so they can be fixed
+    enabled: true
+    config:
+      strings:
+      - FIXME
+      - TODO
+      - HACK
+      - XXX
+      - BUG
+
+# ---------------
+# Commonly-used languages - run time is minimal and all of these will work
+# whether files of that language are found or not. In general, leave uncommented
+
+  # Markdown
+  markdownlint:
+    enabled: true
+
+  # Go
+  gofmt:
+    enabled: true
+  golint:
+    enabled: true
+  govet:
+    enabled: true
+
+  # Ruby
+  flog:
+    enabled: true
+  reek:
+    enabled: true
+  rubocop:
+    enabled: true
+    channel: rubocop-0-79 # As of March 10, 2020, rubocop 0.80.1 is the latest
+                          # However, it does not work with CodeClimate - throws
+                          # an Invalid JSON error.
+  # ACTION uncomment bundler-audit below if using Gemfile/Gemfile.lock
+  # ACTION uncomment brakeman below if using Rails
+
+  # Shell scripts
+  shellcheck:
+   enabled: true
+
+# ---------------
+# Other languages - will work with or without language files present. Again,
+# runtime is minimal, so OK to leave uncommented.
+
+  # CoffeeScript
+  coffeelint:
+    enabled: true
+
+  # CSS
+  csslint:
+    enabled: true
+
+  # Groovy
+  codenarc:
+    enabled: true
+
+  # Java
+  pmd:
+    enabled: true
+  sonar-java:
+    enabled: true
+    config:
+      sonar.java.source: "7" # ACTION set this to the major version of Java used
+  # ACTION uncomment checkstyle below if Java code exists in repo
+
+  # Node.js
+  nodesecurity:
+    enabled: true
+  # ACTION uncomment eslint below if JavaScript already exists and .eslintrc
+  # file exists in repo
+
+  # PHP
+  phan:
+    enabled: true
+    config:
+      file_extensions: "php"
+  phpcodesniffer:
+    enabled: true
+    config:
+      file_extensions: "php,inc,lib"
+      # Using Wordpress standards as our one PHP repo is a Wordpress theme
+      standards: "PSR1,PSR2,WordPress,WordPress-Core,WordPress-Extra"
+  phpmd:
+    enabled: true
+    config:
+      file_extensions: "php,inc,lib"
+      rulesets: "cleancode,codesize,controversial,naming,unusedcode"
+  sonar-php:
+    enabled: true
+
+  # Python
+  bandit:
+    enabled: true
+  pep8:
+    enabled: true
+  radon:
+    enabled: true
+    # config:
+    #   python_version: 2 # ACTION Uncomment these 2 lines if using Python 2
+  sonar-python:
+    enabled: true
+
+# ---------------
+# Configuration Required Language specific - these will error and abort the
+# codeclimate run if they are turned on and certain files or configuration are
+# missing. Should be commented out unless the project already includes the
+# necessary files that the linter looks at
+
+  # Ruby - requires presence of Gemfile and Gemfile.lock
+  bundler-audit:
+    enabled: true
+
+  # Rails - requires detecting a Rails application
+  # brakeman:
+  #   enabled: true
+
+  # Chef - requires detecting a cookbook
+  # foodcritic:
+  #   enabled: true
+
+  # Java - might require Java code? Errored when run without
+  # checkstyle:
+  #   enabled: true
+
+  # JavaScript - requires an eslintrc to be created and added to project
+  # eslint:
+  #   enabled: true
+  #   channel: "eslint-6"
+
+# ---------------
+# List any files/folders to exclude from checking. Wildcards accepted. Leave
+# commented if no files to exclude as an empty array will error
+exclude_patterns:
+  - ".gitignore"

data/.github/CODEOWNERS

@@ -0,0 +1,9 @@
+* @cyberark/community-and-integrations-team @conjurinc/community-and-integrations-team @conjurdemos/community-and-integrations-team @conjur-enterprise/community-and-integrations @cyberark/conjur-core-team @conjurinc/conjur-core-team @conjurdemos/conjur-core-team @conjur-enterprise/conjur-core
+
+# Changes to .trivyignore[.yml] require Security Architect approval
+.trivyignore* @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects @conjur-enterprise/conjur-security
+
+# Changes to .codeclimate.yml require Quality Architect approval
+.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects @conjur-enterprise/conjur-quality
+# Changes to SECURITY.md require Security Architect approval
+SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects @conjur-enterprise/conjur-security

data/.gitignore

@@ -0,0 +1,2 @@
+.bundle/
+rspec_junit.xml

data/.rspec

@@ -0,0 +1,3 @@
+--format RspecJunitFormatter
+--out rspec_junit.xml
+--format progress

data/CHANGELOG.md

@@ -6,11 +6,19 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
-## [1.3.0] - 2023-07-12
+## [1.3.2] - 2024-11-05
+### Changed
+- Use internal auto release process (CNJR-5578)
+
+## [1.3.0] - 2023-12-28
 ### Changed
 - Allow versions to have 4 digits (eg., x.x.x.x)
   [cyberark/parse-a-changelog#41](https://github.com/cyberark/parse-a-changelog/pulls/41)
 
+### Security
+- Updated Dockerfile base image to use latest Ruby v3 version
+  [cyberark/parse-a-changelog#46](https://github.com/cyberark/parse-a-changelog/pulls/46)
+
 ## [1.2.0] - 2021-06-20
 ### Changed
 - Allow CHANGELOG without SemVer declaration.
@@ -82,8 +90,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Open source license and contributing information
 - Change log and versioning information
 
-[Unreleased]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.0...HEAD
-[1.2.0]: https://github.com/cyberark/parse-a-changelog/compare/v1.2.0...v1.3.0
+[Unreleased]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.1...HEAD
+[1.3.2]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.0...v1.3.2
+[1.3.0]: https://github.com/cyberark/parse-a-changelog/compare/v1.2.0...v1.3.0
 [1.2.0]: https://github.com/cyberark/parse-a-changelog/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/cyberark/parse-a-changelog/compare/v1.0.2...v1.1.0
 [1.0.2]: https://github.com/cyberark/parse-a-changelog/compare/v1.0.1...v1.0.2

data/CONTRIBUTING.md

@@ -0,0 +1,20 @@
+# Contributing to parse-a-changelog
+
+Thanks for your interest in `parse-a-changelog`!
+
+For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
+In particular, before contributing please review our [contributor licensing guide](https://github.com/cyberark/community/blob/master/CONTRIBUTING.md#when-the-repo-does-not-include-the-cla)
+to ensure your contribution is compliant with our contributor license agreements.
+
+## Pull Request Workflow
+
+1. Search the [open issues][issues] in GitHub to find out what has been planned
+2. Open an issue in this repository to propose changes or fixes
+3. Tag issue "in progress" as you work on it
+4. Run RSpec tests as described [here][tests], ensuring they pass
+5. Submit a pull request
+6. Tag the issue "review", ask another contributor to review and merge your code
+7. Close the issue
+
+[tests]: README.md#Testing
+[issues]: https://github.com/cyberark/parse-a-changelog/issues

data/Dockerfile

@@ -0,0 +1,14 @@
+FROM ruby:3
+
+RUN gem install bundler --no-document
+
+RUN bundle config set without 'test development'
+
+WORKDIR /usr/src/app
+
+COPY . .
+
+RUN bundle install
+
+ENTRYPOINT ["bundle", "exec", "bin/parse"]
+CMD ["/CHANGELOG.md"]

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,51 @@
+PATH
+  remote: .
+  specs:
+    parse_a_changelog (1.3.0)
+      treetop (~> 1.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    byebug (11.1.3)
+    coderay (1.1.3)
+    diff-lcs (1.5.0)
+    method_source (1.0.0)
+    polyglot (0.3.5)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.6)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.1)
+    rspec_junit_formatter (0.4.1)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    treetop (1.6.12)
+      polyglot (~> 0.3)
+
+PLATFORMS
+  ruby
+  x86_64-darwin-16
+  x86_64-darwin-18
+
+DEPENDENCIES
+  parse_a_changelog!
+  pry-byebug (~> 3.9.0)
+  rspec (~> 3.8)
+  rspec_junit_formatter (~> 0.4.1)
+
+BUNDLED WITH
+   2.4.14

data/Jenkinsfile

@@ -0,0 +1,160 @@
+#!/usr/bin/env groovy
+@Library("product-pipelines-shared-library") _
+
+// Automated release, promotion and dependencies
+properties([
+  // Include the automated release parameters for the build
+  release.addParams(),
+  // Dependencies of the project that should trigger builds
+  dependencies([])
+])
+
+// Performs release promotion.  No other stages will be run
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
+    // Any assets from sourceVersion Github release are available in assetDirectory
+    // Any version number updates from sourceVersion to targetVersion occur here
+    // Any publishing of targetVersion artifacts occur here
+    // Anything added to assetDirectory will be attached to the Github Release
+
+    infrapool.agentSh "./publish.sh v${targetVersion}"
+
+    // Ensure the working directory is a safe git directory for the subsequent
+    // promotion operations after this block.
+    infrapool.agentSh 'git config --global --add safe.directory "$(pwd)"'
+  }
+
+  // Copy Github Enterprise release to Github
+  release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
+  return
+}
+
+pipeline {
+  agent { label 'conjur-enterprise-common-agent' }
+
+  options {
+    timestamps()
+    buildDiscarder(logRotator(numToKeepStr: '30'))
+    timeout(time: 30, unit: 'MINUTES')
+  }
+
+  environment {
+    // Sets the MODE to the specified or autocalculated value as appropriate
+    MODE = release.canonicalizeMode()
+  }
+
+  triggers {
+    cron(getDailyCronString())
+  }
+
+  stages {
+    // Aborts any builds triggered by another project that wouldn't include any changes
+    stage ("Skip build if triggering job didn't create a release") {
+      when {
+        expression {
+          MODE == "SKIP"
+        }
+      }
+      steps {
+        script {
+          currentBuild.result = 'ABORTED'
+          error("Aborting build because this build was triggered from upstream, but no release was built")
+        }
+      }
+    }
+
+    stage('Scan for internal URLs') {
+      steps {
+        script {
+          detectInternalUrls()
+        }
+      }
+    }
+
+    stage('Get InfraPool ExecutorV2 Agent') {
+      steps {
+        script {
+          // Request ExecutorV2 agents for 1 hour(s)
+          infrapool = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
+        }
+      }
+    }
+
+    // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
+    stage('Validate Changelog and set version') {
+      steps {
+        script {
+          updateVersion(infrapool, "CHANGELOG.md", "${BUILD_NUMBER}")
+        }
+      }
+    }
+
+    // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
+    stage('Validate changelog and set version') {
+      steps {
+        updateVersion(infrapool, "CHANGELOG.md", "${BUILD_NUMBER}")
+      }
+    }
+
+    stage("Build Docker Image"){
+      steps { 
+        script {
+          infrapool.agentSh './build.sh'
+        }
+      }
+    }
+
+    stage('Test') {
+      steps {
+        script {
+          infrapool.agentSh './test.sh'
+        }
+      }
+      post {
+        always{
+          script {
+            infrapool.agentStash name: 'rspec_junit', includes: 'rspec_junit.xml'
+            unstash 'rspec_junit'
+            junit 'rspec_junit.xml'
+          }
+        }
+      }
+    }
+
+    stage('Release') {
+      when {
+        expression {
+          MODE == "RELEASE"
+        }
+      }
+
+      steps {
+        script {
+          release(infrapool) { billOfMaterialsDirectory, assetDirectory ->
+            /* Publish release artifacts to all the appropriate locations
+                Copy any artifacts to assetDirectory on the infrapool node
+                to attach them to the Github release.
+
+                If your assets are on the infrapool node in the target
+                directory, use a copy like this:
+                  infrapool.agentSh "cp target/* ${assetDirectory}"
+                Note That this will fail if there are no assets, add :||
+                if you want the release to succeed with no assets.
+
+                If your assets are in target on the main Jenkins agent, use:
+                  infrapool.agentPut(from: 'target/', to: assetDirectory)
+            */
+          }
+        }
+      }
+    }
+  }
+
+  post {
+    always {
+      script {
+        releaseInfraPoolAgent(".infrapool/release_agents")
+      }
+    }
+  }
+}

data/NOTICES.txt

@@ -0,0 +1,25 @@
+------------------
+
+The following libraries licensed under the MIT license are used 
+within this repository:
+
+* rspec - https://rubygems.org/gems/rspec 
+* treetop - https://rubygems.org/gems/treetop/versions/1.6.12
+
+MIT License - https://opensource.org/licenses/MIT
+
+Copyright 2017 CyberArk Software, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software 
+and associated documentation files (the "Software"), to deal in the Software without restriction, 
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 
+subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial 
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE 
+OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -4,10 +4,10 @@ This gem can be used to validate that a file conforms to the [Keep a Changelog](
 
 ## Usage
 
-Add `parse-a-changelog` to your `Gemfile` and `bundle install` or install it directly with:
+Add `parse_a_changelog` to your `Gemfile` and `bundle install` or install it directly with:
 
 ```
-gem install parse-a-changelog
+gem install parse_a_changelog
 ```
 
 The gem includes a binary that can be run with the changelog file as its single argument:

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(:spec)
+rescue LoadError
+  task :spec
+end
+
+task default: :spec

data/SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the CyberArk Conjur
+suite of tools and products.
+
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Bug
+
+The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
+Thank you for improving the security of the Conjur suite. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the lead maintainers at security@conjur.org.
+
+The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
+send a more detailed response within 2 business days of our acknowledgement indicating
+the next steps in handling your report. After the initial reply to your report, the security
+team will endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

data/build.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -eux
+
+docker build . --tag parse-a-changelog

data/parse_a_changelog.gemspec

@@ -0,0 +1,26 @@
+Gem::Specification.new do |spec|
+  spec.name = "parse_a_changelog"
+  # If a "VERSION" file exists (created by Jenkins), use it. Otherwise, use "unreleased".
+  spec.version = `if [ -f VERSION ]; then cat < VERSION; else echo "0.0.1-unreleased"; fi`
+  spec.authors = ["John Tuttle"]
+  spec.email = "jtuttle.develops@gmail.com"
+  
+  spec.summary = %q{A validator for the keep-a-changelog format}
+  spec.description = %q{Uses a grammar describing the keep-a-changelog format to attempt to parse a given file.}
+  spec.homepage = "http://github.com/cyberark/parse-a-changelog"
+  spec.license = "Apache-2.0"
+  
+  #spec.files = Dir.glob("{bin,lib}/**/*") + %w(LICENSE README.md CHANGELOG.md VERSION)
+  spec.files         = `git ls-files`.split($\)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  #spec.files = `git ls-files`.split($\) + %w(LICENSE README.md CHANGELOG.md VERSION)
+  spec.bindir = 'bin'
+  #spec.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'treetop', '~> 1.6'
+  spec.add_development_dependency 'rspec', '~> 3.12'
+  spec.add_development_dependency 'rspec_junit_formatter', '~> 0.6'
+  spec.add_development_dependency 'pry-byebug', '~> 3.10'
+end

data/publish.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -e
+
+# This script will publish to rubygems and dockerhub
+
+# Clone the release-tools repository if it doesn't exist
+if [ ! -d release-tools ]; then
+  git clone git@github.com:conjurinc/release-tools.git
+fi
+
+export PATH=$PWD/release-tools/bin/:$PATH
+
+# Build and publish rubygem
+summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
+  publish-rubygem parse_a_changelog
+
+# Publish to Docker Hub
+TAG_NAME=$1
+DOCKERHUB_IMAGE="cyberark/parse-a-changelog"
+docker tag parse-a-changelog "${DOCKERHUB_IMAGE}:latest"
+docker tag parse-a-changelog "${DOCKERHUB_IMAGE}:${TAG_NAME}"
+
+docker push "${DOCKERHUB_IMAGE}:latest"
+docker push "${DOCKERHUB_IMAGE}:${TAG_NAME}"

data/spec/fixtures/correct.md

@@ -0,0 +1,31 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+### Added
+- Added a thing.
+
+### Changed
+- Changed a thing.
+
+## [1.0.0] - 2019-01-03
+### Deprecated
+- Some things were deprecated.
+
+## 0.1.0 - 2018-11-28
+### Removed
+- Removed all
+  the things.
+
+### Fixed
+- Fixed all the bugs from the non-existent previous release.
+
+### Security
+- We are so secure now.
+- The securest.
+
+[Unreleased]: https://github.com/conjurinc/evoke/compare/v1.0.0...HEAD
+[1.0.0]: https://github.com/conjurinc/evoke/compare/v0.1.0...v1.0.0