npm - @adobe/helix-config - Versions diffs - 5.9.4 → 5.10.1 - Mend

@adobe/helix-config 5.9.4 → 5.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,17 @@
+## [5.10.1](https://github.com/adobe/helix-config/compare/v5.10.0...v5.10.1) (2026-03-16)
+### Bug Fixes
+* catch JSON parsing error in sidekick/config.json ([#366](https://github.com/adobe/helix-config/issues/366)) ([e30bb4f](https://github.com/adobe/helix-config/commit/e30bb4fd781157830b1edac391392cee2c4557c2))
+# [5.10.0](https://github.com/adobe/helix-config/compare/v5.9.4...v5.10.0) (2026-03-10)
+### Features
+* access.site secretIds with access.preview and access.live ([#364](https://github.com/adobe/helix-config/issues/364)) ([953f595](https://github.com/adobe/helix-config/commit/953f5958d9d05e5e69a06afd299ef87fe6d8ad4b)), closes [#363](https://github.com/adobe/helix-config/issues/363)
 ## [5.9.4](https://github.com/adobe/helix-config/compare/v5.9.3...v5.9.4) (2026-03-05)

package/README.md CHANGED Viewed

@@ -19,6 +19,12 @@ $ npm install @adobe/helix-config
 See the [API documentation](docs/API.md).
+## Configuration
+### Access and secretIds
+`secretId` (and legacy `apiKeyId`) can be set on `access.preview`, `access.live`, and `access.site`. The normalized config only has `access.preview` and `access.live`; `access.site` is used only during resolution. For each partition, the effective secretIds (and `allow`) are the **merge** of the partition’s list and `access.site`’s list—site values are merged in, not used as fallback only when the partition is empty.
 ## Development
 ### Build

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "5.9.4",
+  "version": "5.10.1",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -40,7 +40,7 @@
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "@semantic-release/npm": "13.1.4",
-    "c8": "10.1.3",
+    "c8": "11.0.0",
     "eslint": "9.4.0",
     "husky": "9.1.7",
     "junit-report-builder": "5.1.1",

package/src/config-view.js CHANGED Viewed

@@ -144,22 +144,33 @@ function resolveSecret(object, idProp, dstProp, siteConfig, orgConfig) {
 }
 /**
- * Returns the normalized access configuration for the give partition.
+ * Returns the normalized access configuration for the given partition.
+ *
+ * SecretIds (and legacy apiKeyIds) can be set on access.preview, access.live, and access.site.
+ * The normalized config only has access.preview and access.live; access.site is not present in
+ * the final object and is only used during resolution. For each partition (preview or live),
+ * the effective secretId and allow lists are the merge of the partition's values and
+ * access.site's values (union, deduplicated).
+ *
+ * @param {object} ctx - The context
+ * @param {object} config - The config (with access.preview, access.live, access.site)
+ * @param {object} orgConfig - The org config
+ * @param {'preview'|'live'} partition - The partition name
+ * @param {object} rso - RSO (ref, site, org)
+ * @returns {Promise<{secretId: string[], allow: string[], tokenHash: string[]}>}
+ *   Normalized access config for the partition
  */
 export async function getAccessConfig(ctx, config, orgConfig, partition, rso) {
   const { access = {} } = config;
-  // get the (legacy) apiKeyIds or secretIds from the partition specific config
   const pAccess = access[partition] ?? {};
-  let secretId = uniqueArray(pAccess.apiKeyId, pAccess.secretId);
-  if (secretId.length === 0) {
-    // if empty, also check the access.site configs
-    secretId = uniqueArray(access.site?.apiKeyId, access.site?.secretId);
-  }
-  // same for 'allow'
-  let allow = uniqueArray(pAccess.allow);
-  if (allow.length === 0) {
-    allow = uniqueArray(access.site?.allow);
-  }
+  // merge partition and site secretIds (and legacy apiKeyIds), then allow
+  const secretId = uniqueArray(
+    pAccess.apiKeyId,
+    pAccess.secretId,
+    access.site?.apiKeyId,
+    access.site?.secretId,
+  );
+  const allow = uniqueArray(pAccess.allow, access.site?.allow);
   const cfg = {
     secretId,
     allow,
@@ -243,12 +254,19 @@ async function loadHeadHtml(ctx, config, ref) {
   return {};
 }
-async function loadSidekickConfig(ctx, config) {
+async function loadSidekickConfig(ctx, rso, config) {
   const key = `${config.code.owner}/${config.code.repo}/main/tools/sidekick/config.json`;
   const res = await ctx.loader.getObject(HELIX_CODE_BUS, key);
   if (res.body) {
     const sidekick = new ConfigObject();
-    sidekick.data = JSON.parse(res.body);
+    try {
+      sidekick.data = JSON.parse(res.body);
+    } catch (e) {
+      ctx.log.warn(`[${rso.org}/${rso.site}] JSON error in ${key}: ${e.message}`);
+      sidekick.data = {
+        error: e.message,
+      };
+    }
     sidekick.updateLastModified(res.headers);
     // remove deprecated properties
     delete sidekick.data.extends;
@@ -359,7 +377,7 @@ async function resolveConfig(ctx, rso, scope) {
   if (scope === SCOPE_ADMIN || scope === SCOPE_RAW) {
     // although not used in raw, in order to set correct last-modified
     ctx.timer?.update('sidekick.json');
-    site.sidekick = await loadSidekickConfig(ctx, config);
+    site.sidekick = await loadSidekickConfig(ctx, rso, config);
   }
   return site;