@dforge-core/dforge-cli 0.1.0-rc.1 → 0.1.0-rc.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +118 -7
- package/dist/cli.js +1387 -0
- package/package.json +42 -25
- package/index.js +0 -61
package/README.md
CHANGED
|
@@ -17,12 +17,10 @@ macOS arm64/x64, Linux x64/arm64, Windows x64/arm64.
|
|
|
17
17
|
## Commands
|
|
18
18
|
|
|
19
19
|
```bash
|
|
20
|
-
#
|
|
21
|
-
#
|
|
22
|
-
#
|
|
23
|
-
|
|
24
|
-
dforge-cli module validate ./my-module
|
|
25
|
-
dforge-cli module validate ./my-module-1.0.0.dforge
|
|
20
|
+
# Scaffold a new module interactively (asks for code/displayName/dependencies/
|
|
21
|
+
# preset/initial entity). Generates manifest with a real UUID, writes the
|
|
22
|
+
# minimum file set so the module installs cleanly.
|
|
23
|
+
dforge-cli init module ./my-module
|
|
26
24
|
|
|
27
25
|
# Package a module directory into a .dforge archive
|
|
28
26
|
dforge-cli module pack ./my-module # writes my-module-1.0.0.dforge in cwd
|
|
@@ -32,7 +30,10 @@ dforge-cli module pack ./my-module -o pkg.dforge # writes ./pkg.dforge
|
|
|
32
30
|
# Publish a .dforge to the marketplace (org-scoped)
|
|
33
31
|
dforge-cli marketplace publish ./my-module-1.0.0.dforge --org acme
|
|
34
32
|
|
|
35
|
-
# Install a .dforge (or source directory) to a running tenant over HTTP
|
|
33
|
+
# Install a .dforge (or source directory) to a running tenant over HTTP.
|
|
34
|
+
# Manifest, FK targets, package-filter SQL, and migration safety are all
|
|
35
|
+
# validated server-side during install — first install of a fresh scaffold
|
|
36
|
+
# is the smoke test that catches anything wrong.
|
|
36
37
|
DFORGE_URL=https://app.example.com DFORGE_TOKEN=<jwt> \
|
|
37
38
|
dforge-cli module install --path ./my-module-1.0.0.dforge
|
|
38
39
|
|
|
@@ -77,3 +78,113 @@ The validate/pack/install pipeline is the same code that runs on the dForge
|
|
|
77
78
|
server, packaged as a single-file binary per platform via `dotnet publish
|
|
78
79
|
--self-contained`. Avoids drift between author-time validation and server-side
|
|
79
80
|
install validation: same parser, same validators, same error messages.
|
|
81
|
+
|
|
82
|
+
## For maintainers
|
|
83
|
+
|
|
84
|
+
C# source lives in [`iash44/dForge-core`](https://github.com/iash44/dForge-core)
|
|
85
|
+
under `server/src/dForge.Cli/`. This repo only ships the npm wrapper + 6
|
|
86
|
+
platform sidecars. Release flow:
|
|
87
|
+
|
|
88
|
+
1. **Tag the source repo.** From a clean `main` in `iash44/dForge-core`:
|
|
89
|
+
```bash
|
|
90
|
+
git checkout main && git pull
|
|
91
|
+
git tag cli-v0.1.0 # NOTE: prefix is cli-v, no `release/` etc.
|
|
92
|
+
git push origin cli-v0.1.0
|
|
93
|
+
```
|
|
94
|
+
The `cli-v*` tag triggers `.github/workflows/release-cli.yml`, which
|
|
95
|
+
cross-compiles 6 binaries (3–4 min) and attaches them as assets to a
|
|
96
|
+
GitHub Release at that tag. Watch:
|
|
97
|
+
```bash
|
|
98
|
+
gh run watch --repo iash44/dForge-core
|
|
99
|
+
gh release view cli-v0.1.0 --repo iash44/dForge-core # should list 6 assets
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
2. **Publish to npm under `next`.** From anywhere (workflow runs in CI):
|
|
103
|
+
```bash
|
|
104
|
+
gh workflow run publish.yml --repo dforge-core/dforge-cli \
|
|
105
|
+
-f source_tag=cli-v0.1.0 \
|
|
106
|
+
-f npm_version=0.1.0 \
|
|
107
|
+
-f npm_tag=next
|
|
108
|
+
```
|
|
109
|
+
`source_tag` is the source-repo git tag (with `cli-v` prefix);
|
|
110
|
+
`npm_version` is the npm semver (no prefix). They don't have to match
|
|
111
|
+
— pre-release suffixes are fine (`cli-v0.1.0-rc.1` → `0.1.0-rc.1`).
|
|
112
|
+
|
|
113
|
+
3. **Smoke test, then promote.**
|
|
114
|
+
```bash
|
|
115
|
+
npx -y @dforge-core/dforge-cli@next --version # exits 0, prints sha + build time
|
|
116
|
+
```
|
|
117
|
+
If happy, promote the SAME version to `latest`:
|
|
118
|
+
```bash
|
|
119
|
+
gh workflow run publish.yml --repo dforge-core/dforge-cli \
|
|
120
|
+
-f source_tag=cli-v0.1.0 \
|
|
121
|
+
-f npm_version=0.1.0 \
|
|
122
|
+
-f npm_tag=latest
|
|
123
|
+
```
|
|
124
|
+
This re-publishes (idempotent for the same `npm_version`) and moves
|
|
125
|
+
the `latest` dist-tag. End users running `npm i -g @dforge-core/dforge-cli`
|
|
126
|
+
now get this version.
|
|
127
|
+
|
|
128
|
+
**Choosing the version number.** `npm_version` is permanent once published
|
|
129
|
+
— npm only allows unpublish within 72h and burns the version slot forever
|
|
130
|
+
after. Use the `0.X.Y-rc.N` / `0.X.Y-test.N` pattern for shake-out runs
|
|
131
|
+
(`npm_tag=next`), and reserve plain `0.X.Y` for what you actually want
|
|
132
|
+
people to install (`npm_tag=latest`).
|
|
133
|
+
|
|
134
|
+
To test a freshly-built binary without going through the publish pipeline,
|
|
135
|
+
set `DFORGE_CLI_BINARY=/path/to/dforge-cli` and `node index.js` will exec
|
|
136
|
+
that path directly, skipping require.resolve and the sibling-packages
|
|
137
|
+
fallback.
|
|
138
|
+
|
|
139
|
+
### CI auth setup (non-obvious, easy to miss)
|
|
140
|
+
|
|
141
|
+
The `publish.yml` workflow uses two auth mechanisms that both have to be
|
|
142
|
+
configured outside the repo:
|
|
143
|
+
|
|
144
|
+
**1. npm Trusted Publisher — must be set up for ALL 7 package names**
|
|
145
|
+
|
|
146
|
+
OIDC publishing is configured per-package in the npm UI, not at the org
|
|
147
|
+
level. Each of these needs its own Trusted Publisher entry pointing at
|
|
148
|
+
`dforge-core/dforge-cli` / `publish.yml`:
|
|
149
|
+
|
|
150
|
+
- `@dforge-core/dforge-cli` (wrapper)
|
|
151
|
+
- `@dforge-core/dforge-cli-darwin-arm64`
|
|
152
|
+
- `@dforge-core/dforge-cli-darwin-x64`
|
|
153
|
+
- `@dforge-core/dforge-cli-linux-arm64`
|
|
154
|
+
- `@dforge-core/dforge-cli-linux-x64`
|
|
155
|
+
- `@dforge-core/dforge-cli-win32-arm64`
|
|
156
|
+
- `@dforge-core/dforge-cli-win32-x64`
|
|
157
|
+
|
|
158
|
+
Visit `npmjs.com/package/<name>/access` for each, scroll to **Trusted
|
|
159
|
+
Publisher**, click Add. Missing config produces a confusing **404** on
|
|
160
|
+
publish (npm returns 404 instead of 401 to avoid leaking package existence).
|
|
161
|
+
|
|
162
|
+
**2. `SOURCE_REPO_PAT` secret — private cross-owner read**
|
|
163
|
+
|
|
164
|
+
The source repo (`iash44/dForge-core`) is private and lives under a
|
|
165
|
+
different owner than this dist repo. The workflow-issued `GITHUB_TOKEN`
|
|
166
|
+
can't reach it. Create a fine-grained PAT with **Contents: Read** on
|
|
167
|
+
`iash44/dForge-core` and store it as a repo secret named exactly
|
|
168
|
+
`SOURCE_REPO_PAT`:
|
|
169
|
+
|
|
170
|
+
```bash
|
|
171
|
+
gh secret set SOURCE_REPO_PAT --repo dforge-core/dforge-cli
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
Fine-grained PATs can't be renewed — when it expires, regenerate and
|
|
175
|
+
re-run the `gh secret set` command.
|
|
176
|
+
|
|
177
|
+
### Workflow gotchas worth knowing
|
|
178
|
+
|
|
179
|
+
- **Node 24, not 22.** Node 22 ships npm 10.9.7, which doesn't support
|
|
180
|
+
Trusted Publisher OIDC. `npm install -g npm@latest` on top of npm 10
|
|
181
|
+
fails on Ubuntu runners with `Cannot find module 'promise-retry'`
|
|
182
|
+
(arborist self-upgrade bug). Node 24 ships npm 11.x natively.
|
|
183
|
+
- **No `registry-url` in setup-node.** When set, it writes a `.npmrc`
|
|
184
|
+
with `_authToken=${NODE_AUTH_TOKEN}`. With no `NODE_AUTH_TOKEN` env,
|
|
185
|
+
the literal placeholder `XXXXX-XXXXX-XXXXX-XXXXX` ends up as the
|
|
186
|
+
token, and npm uses it instead of falling back to OIDC. Default
|
|
187
|
+
registry is npmjs.org anyway.
|
|
188
|
+
- **`npm publish`, not `pnpm publish`.** pnpm's OIDC Trusted Publisher
|
|
189
|
+
support lags npm's. The script uses pnpm for everything else and only
|
|
190
|
+
shells to `npm publish` for the actual upload.
|