npm - @adobe/helix-config - Versions diffs - 5.9.3 → 5.10.0 - Mend

@adobe/helix-config 5.9.3 → 5.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,17 @@
+# [5.10.0](https://github.com/adobe/helix-config/compare/v5.9.4...v5.10.0) (2026-03-10)
+### Features
+* access.site secretIds with access.preview and access.live ([#364](https://github.com/adobe/helix-config/issues/364)) ([953f595](https://github.com/adobe/helix-config/commit/953f5958d9d05e5e69a06afd299ef87fe6d8ad4b)), closes [#363](https://github.com/adobe/helix-config/issues/363)
+## [5.9.4](https://github.com/adobe/helix-config/compare/v5.9.3...v5.9.4) (2026-03-05)
+### Bug Fixes
+* read head from branch code ([#361](https://github.com/adobe/helix-config/issues/361)) ([64a357d](https://github.com/adobe/helix-config/commit/64a357d41226a646c75af0d75aff464f58f4737b))
 ## [5.9.3](https://github.com/adobe/helix-config/compare/v5.9.2...v5.9.3) (2026-03-04)

package/README.md CHANGED Viewed

@@ -19,6 +19,12 @@ $ npm install @adobe/helix-config
 See the [API documentation](docs/API.md).
+## Configuration
+### Access and secretIds
+`secretId` (and legacy `apiKeyId`) can be set on `access.preview`, `access.live`, and `access.site`. The normalized config only has `access.preview` and `access.live`; `access.site` is used only during resolution. For each partition, the effective secretIds (and `allow`) are the **merge** of the partition’s list and `access.site`’s list—site values are merged in, not used as fallback only when the partition is empty.
 ## Development
 ### Build

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "5.9.3",
+  "version": "5.10.0",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -40,7 +40,7 @@
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "@semantic-release/npm": "13.1.4",
-    "c8": "10.1.3",
+    "c8": "11.0.0",
     "eslint": "9.4.0",
     "husky": "9.1.7",
     "junit-report-builder": "5.1.1",

package/src/config-legacy.js CHANGED Viewed

@@ -18,6 +18,24 @@ import { prune, toArray } from './utils.js';
 const HELIX_CODE_BUS = 'helix-code-bus';
+/**
+ * Retrieves the head.html from the code bus
+ * @param ctx
+ * @param rso
+ * @returns {Promise<ConfigObject|{}>}
+ */
+async function fetchHeadHtml(ctx, rso) {
+  const key = `${rso.org}/${rso.site}/${rso.ref}/head.html`;
+  const res = await ctx.loader.getObject(HELIX_CODE_BUS, key);
+  if (res.body) {
+    const head = new ConfigObject();
+    head.html = res.body;
+    head.updateLastModified(res.headers);
+    return head;
+  }
+  return {};
+}
 /**
  * Retrieves the helix-config.json which is an aggregate from fstab.yaml and head.html.
  *
@@ -128,6 +146,8 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
   } else {
     delete source.contentBusId;
   }
+  const head = await fetchHeadHtml(ctx, rso);
   const config = {
     version: 1,
     legacy: true,
@@ -144,8 +164,7 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
       source,
     },
     folders: fstab.folders ?? {},
-    /* c8 ignore next */
-    head: helixConfig.head?.data ?? helixConfig.head ?? {},
+    head,
   };
   cfg.data = config;
   ctx.timer?.update('legacy-config-all');

package/src/config-view.js CHANGED Viewed

@@ -144,22 +144,33 @@ function resolveSecret(object, idProp, dstProp, siteConfig, orgConfig) {
 }
 /**
- * Returns the normalized access configuration for the give partition.
+ * Returns the normalized access configuration for the given partition.
+ *
+ * SecretIds (and legacy apiKeyIds) can be set on access.preview, access.live, and access.site.
+ * The normalized config only has access.preview and access.live; access.site is not present in
+ * the final object and is only used during resolution. For each partition (preview or live),
+ * the effective secretId and allow lists are the merge of the partition's values and
+ * access.site's values (union, deduplicated).
+ *
+ * @param {object} ctx - The context
+ * @param {object} config - The config (with access.preview, access.live, access.site)
+ * @param {object} orgConfig - The org config
+ * @param {'preview'|'live'} partition - The partition name
+ * @param {object} rso - RSO (ref, site, org)
+ * @returns {Promise<{secretId: string[], allow: string[], tokenHash: string[]}>}
+ *   Normalized access config for the partition
  */
 export async function getAccessConfig(ctx, config, orgConfig, partition, rso) {
   const { access = {} } = config;
-  // get the (legacy) apiKeyIds or secretIds from the partition specific config
   const pAccess = access[partition] ?? {};
-  let secretId = uniqueArray(pAccess.apiKeyId, pAccess.secretId);
-  if (secretId.length === 0) {
-    // if empty, also check the access.site configs
-    secretId = uniqueArray(access.site?.apiKeyId, access.site?.secretId);
-  }
-  // same for 'allow'
-  let allow = uniqueArray(pAccess.allow);
-  if (allow.length === 0) {
-    allow = uniqueArray(access.site?.allow);
-  }
+  // merge partition and site secretIds (and legacy apiKeyIds), then allow
+  const secretId = uniqueArray(
+    pAccess.apiKeyId,
+    pAccess.secretId,
+    access.site?.apiKeyId,
+    access.site?.secretId,
+  );
+  const allow = uniqueArray(pAccess.allow, access.site?.allow);
   const cfg = {
     secretId,
     allow,