@equinor/fusion-framework-cli 15.1.1 → 15.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,3 @@
1
1
  // Generated by genversion.
2
- export const version = '15.1.1';
2
+ export const version = '15.1.4';
3
3
  //# sourceMappingURL=version.js.map
@@ -1 +1 @@
1
- export declare const version = "15.1.1";
1
+ export declare const version = "15.1.4";
@@ -90,18 +90,17 @@ pnpm fusion-framework-cli dev
90
90
  ffc app dev
91
91
  ```
92
92
 
93
- ### Log in to Fusion Framework (if needed)
93
+ ### Authentication
94
94
 
95
95
  > [!NOTE]
96
- > __All HTTP requests to Fusion services require an authorized user.__
97
- > For example, before running `fusion-framework-cli app publish`, make sure you are authenticated using `fusion-framework-cli auth login`.
98
-
99
- > [!WARNING]
100
- > The `fusion-framework-cli auth login` command is only available in interactive environments (such as your local terminal). For CI/CD pipelines or automated deployments, you must provide a valid authentication token using the `FUSION_TOKEN` environment variable.
96
+ > **All HTTP requests to Fusion services require an authorized user.**
97
+ > - **Local development:** use `fusion-framework-cli auth login` to authenticate interactively. This launches a browser-based login and caches your credentials locally — run it once before issuing other CLI commands.
98
+ > - **CI/CD:** use `azure/login` to establish ambient credentials. The CLI picks them up automatically via `DefaultAzureCredential`. The `auth login` command requires an interactive browser session and is **not applicable** in CI.
101
99
  >
102
- > See [Authentication](auth.md#setting-the-fusion-token-in-github) for details on setting up tokens for CI/CD.
100
+ > See [Authentication](auth.md) for full setup details.
103
101
 
104
102
  ```sh
103
+ # Local development — launches interactive browser login
105
104
  pnpm fusion-framework-cli auth login
106
105
  ```
107
106
 
@@ -118,7 +117,7 @@ pnpm fusion-framework-cli publish --env <environment>
118
117
  pnpm fusion-framework-cli app config --publish --env <environment>
119
118
  ```
120
119
 
121
- > **Tip:** For CI/CD and automation, set the `FUSION_TOKEN` environment variable. See [Authentication](auth.md) for details.
120
+ > **Tip:** For CI/CD and automation, prefer Azure OIDC with `azure/login`; `FUSION_TOKEN` remains an optional explicit override. See [Authentication](auth.md) for details.
122
121
 
123
122
  ---
124
123
 
package/docs/auth.md CHANGED
@@ -8,7 +8,7 @@ For detailed information about the underlying authentication module, see the [Az
8
8
  ## Key features
9
9
  - **Multiple authentication modes:**
10
10
  - `interactive`: Browser-based Azure AD login with OS-level token caching (CLI tools, development).
11
- - `default_credential`: Ambient credential chain — environment variables, managed identity, Azure CLI (CI/CD, infrastructure).
11
+ - **DefaultAzureCredential (default credential chain)**: Ambient credential chain — environment variables, managed identity, Azure CLI (CI/CD, infrastructure).
12
12
  - `token_only`: Use a pre-provided token (e.g., for CI/CD and automation).
13
13
  - **Secure token storage:** Tokens and authentication records are encrypted at rest using platform-specific mechanisms (Keychain on macOS, DPAPI on Windows, libsecret on Linux) via `@azure/msal-node-extensions`.
14
14
  - **Consistent experience:** The same authentication logic and token handling is used across CLI and app environments.
@@ -99,78 +99,50 @@ ffc auth token
99
99
 
100
100
  ## CI/CD
101
101
 
102
- ### Setting the Fusion Token in GitHub
102
+ ### Authentication in GitHub Actions
103
103
 
104
- To publish or deploy your Fusion Framework app, you need to authenticate and set the `FUSION_TOKEN` environment variable. This token is required for secure access to Fusion APIs during CI/CD workflows.
104
+ For CI/CD, authenticate with Azure using `azure/login@v2` and run your desired CLI command (e.g. `app publish`) directly. The `fusion-framework-cli auth login` command requires an interactive browser session and is intended for **local development only** it is not applicable in CI environments.
105
105
 
106
- You can obtain and set the `FUSION_TOKEN` using the Azure CLI as part of your pipeline steps. For example:
106
+ When running in CI and no `--token`/`FUSION_TOKEN` is provided, the CLI automatically uses Azure Identity's `DefaultAzureCredential`. This works with OIDC federation, managed identities, and other ambient credentials.
107
107
 
108
- This ensures the `FUSION_TOKEN` is available as an environment variable for subsequent steps, such as publishing source code or config.
108
+ ```yml
109
+ name: Publish app
110
+ on:
111
+ workflow_dispatch:
112
+
113
+ permissions:
114
+ id-token: write
115
+ contents: read
116
+
117
+ jobs:
118
+ publish:
119
+ runs-on: ubuntu-latest
120
+ steps:
121
+ - uses: actions/checkout@v4
122
+
123
+ - name: Azure Login
124
+ uses: azure/login@v2
125
+ with:
126
+ client-id: ${{ secrets.AZURE_CLIENT_ID }} # The app registration (Service Principal) client ID
127
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
128
+ allow-no-subscriptions: true
129
+
130
+ - name: Publish to Fusion
131
+ run: fusion-framework-cli app publish --env ci ./dist/app.zip
132
+ ```
133
+
134
+ ### Optional Explicit Token Mode
135
+
136
+ You can still provide an explicit token with `--token` or `FUSION_TOKEN` if needed.
109
137
 
110
138
  ```yml
111
- # This GitHub Action authenticates with Azure and retrieves an access token for use as FUSION_TOKEN.
112
- #
113
- # - The Azure Login step uses the azure/login action to authenticate with Azure using the provided client and tenant IDs.
114
- # - The Get Access Token step runs the Azure CLI to acquire an access token for the specified scope, then sets it as the FUSION_TOKEN environment variable for subsequent steps.
115
- #
116
- # This makes the token available for publishing, deploying, or running Fusion CLI commands that require authentication.
117
- #
118
- # Example usage in a workflow:
119
- #
120
- # steps:
121
- # - name: Acquire Fusion Token
122
- # uses: ./.github/actions/fusion-token
123
- # - name: Fusion CLI command
124
- # run: fusion-framework-cli app check
125
- #
126
- # ---
127
- # How to set up a Service Principal in Azure for CI/CD:
128
- #
129
- # 1. Sign in to Azure CLI:
130
- # az login
131
- # 2. Create a new service principal (replace <NAME> and <SCOPE> as needed):
132
- # az ad sp create-for-rbac --name <NAME> --role contributor --scopes <SCOPE>
133
- # - This will output appId (client-id), password (client-secret), and tenant.
134
- # 3. Grant the service principal API permissions if needed (e.g., to call Fusion APIs):
135
- # - In Azure Portal, go to Azure Active Directory > App registrations > [Your App] > API permissions.
136
- # - Add the required API permissions and grant admin consent.
137
- # 4. Store the client-id, client-secret, and tenant-id as GitHub Action secrets.
138
- # 5. Use these secrets in your workflow as shown below.
139
- # 6. (Optional) For more on setting up environment variables in GitHub Actions workflows, see:
140
- # https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
141
- #
142
- # For more details, see:
143
- # https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
144
- # https://learn.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli
145
- #
146
- name: Azure Login and Get Access Token
147
- description: Authenticates with Azure and retrieves an access token
148
- inputs:
149
- client-id:
150
- description: >
151
- The Azure AD Application (client) ID to use for authentication. This should correspond to an app registration with permissions to request the required scopes.
152
- required: true
153
- tenant-id:
154
- description: >
155
- The Azure AD Tenant ID (directory) to authenticate against. This identifies the Azure AD instance where the app is registered.
156
- required: true
157
- scope:
158
- description: >
159
- The scope(s) for the access token, typically the Application ID URI of the API you want to access, followed by /.default (e.g., https://my-api/.default). Multiple scopes can be space-separated.
160
- required: true
161
- runs:
162
- using: composite
163
- steps:
164
- - name: Azure Login
165
- uses: azure/login@v2
166
- with:
167
- client-id: ${{ inputs.client-id }}
168
- tenant-id: ${{ inputs.tenant-id }}
169
- allow-no-subscriptions: true
170
- - name: Get Access Token
171
- shell: bash
172
- run: |
173
- echo "FUSION_TOKEN=$(az account get-access-token --scope ${{ inputs.scope }} --query accessToken --output tsv)" >> $GITHUB_ENV
139
+ - name: Acquire token (optional)
140
+ run: |
141
+ echo "FUSION_TOKEN=$(az account get-access-token --scope ${{ vars.FUSION_SCOPE }} --query accessToken --output tsv)" >> $GITHUB_ENV
142
+
143
+ - name: Publish with explicit token
144
+ run: fusion-framework-cli app publish --env ci ./dist/app.zip
145
+ ```
174
146
 
175
147
  ## Additional Resources
176
148
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@equinor/fusion-framework-cli",
3
- "version": "15.1.1",
3
+ "version": "15.1.4",
4
4
  "keywords": [
5
5
  "Fusion",
6
6
  "Fusion Framework",
@@ -111,11 +111,11 @@
111
111
  "vite": "^8.0.0",
112
112
  "vite-tsconfig-paths": "^6.0.4",
113
113
  "zod": "^4.4.3",
114
- "@equinor/fusion-framework-dev-server": "2.0.10",
115
- "@equinor/fusion-framework-dev-portal": "6.0.0",
116
- "@equinor/fusion-framework-vite-plugin-raw-imports": "2.0.0",
114
+ "@equinor/fusion-framework-dev-server": "2.0.12",
115
+ "@equinor/fusion-framework-dev-portal": "7.0.0",
116
+ "@equinor/fusion-framework-module-azure-identity": "0.2.1",
117
117
  "@equinor/fusion-imports": "2.0.0",
118
- "@equinor/fusion-framework-module-azure-identity": "0.2.0"
118
+ "@equinor/fusion-framework-vite-plugin-raw-imports": "2.0.0"
119
119
  },
120
120
  "devDependencies": {
121
121
  "@rollup/plugin-commonjs": "^29.0.0",
@@ -139,10 +139,10 @@
139
139
  "typescript": "^6.0.3",
140
140
  "vitest": "^4.1.0",
141
141
  "@equinor/fusion-framework-module": "6.1.0",
142
- "@equinor/fusion-framework-module-service-discovery": "10.0.1",
143
142
  "@equinor/fusion-framework-module-app": "8.0.2",
143
+ "@equinor/fusion-framework-module-http": "8.0.3",
144
144
  "@equinor/fusion-framework-react-router": "2.2.0",
145
- "@equinor/fusion-framework-module-http": "8.0.2"
145
+ "@equinor/fusion-framework-module-service-discovery": "10.0.1"
146
146
  },
147
147
  "peerDependenciesMeta": {
148
148
  "typescript": {