@equinor/fusion-framework-cli 15.1.3 → 15.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +30 -0
- package/bin/build/bin.mjs +1 -1
- package/dist/esm/version.js +1 -1
- package/dist/types/version.d.ts +1 -1
- package/docs/application.md +7 -8
- package/docs/auth.md +40 -68
- package/package.json +6 -6
package/dist/esm/version.js
CHANGED
package/dist/types/version.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare const version = "15.1.
|
|
1
|
+
export declare const version = "15.1.4";
|
package/docs/application.md
CHANGED
|
@@ -90,18 +90,17 @@ pnpm fusion-framework-cli dev
|
|
|
90
90
|
ffc app dev
|
|
91
91
|
```
|
|
92
92
|
|
|
93
|
-
###
|
|
93
|
+
### Authentication
|
|
94
94
|
|
|
95
95
|
> [!NOTE]
|
|
96
|
-
>
|
|
97
|
-
>
|
|
98
|
-
|
|
99
|
-
> [!WARNING]
|
|
100
|
-
> The `fusion-framework-cli auth login` command is only available in interactive environments (such as your local terminal). For CI/CD pipelines or automated deployments, you must provide a valid authentication token using the `FUSION_TOKEN` environment variable.
|
|
96
|
+
> **All HTTP requests to Fusion services require an authorized user.**
|
|
97
|
+
> - **Local development:** use `fusion-framework-cli auth login` to authenticate interactively. This launches a browser-based login and caches your credentials locally — run it once before issuing other CLI commands.
|
|
98
|
+
> - **CI/CD:** use `azure/login` to establish ambient credentials. The CLI picks them up automatically via `DefaultAzureCredential`. The `auth login` command requires an interactive browser session and is **not applicable** in CI.
|
|
101
99
|
>
|
|
102
|
-
> See [Authentication](auth.md
|
|
100
|
+
> See [Authentication](auth.md) for full setup details.
|
|
103
101
|
|
|
104
102
|
```sh
|
|
103
|
+
# Local development — launches interactive browser login
|
|
105
104
|
pnpm fusion-framework-cli auth login
|
|
106
105
|
```
|
|
107
106
|
|
|
@@ -118,7 +117,7 @@ pnpm fusion-framework-cli publish --env <environment>
|
|
|
118
117
|
pnpm fusion-framework-cli app config --publish --env <environment>
|
|
119
118
|
```
|
|
120
119
|
|
|
121
|
-
> **Tip:** For CI/CD and automation,
|
|
120
|
+
> **Tip:** For CI/CD and automation, prefer Azure OIDC with `azure/login`; `FUSION_TOKEN` remains an optional explicit override. See [Authentication](auth.md) for details.
|
|
122
121
|
|
|
123
122
|
---
|
|
124
123
|
|
package/docs/auth.md
CHANGED
|
@@ -8,7 +8,7 @@ For detailed information about the underlying authentication module, see the [Az
|
|
|
8
8
|
## Key features
|
|
9
9
|
- **Multiple authentication modes:**
|
|
10
10
|
- `interactive`: Browser-based Azure AD login with OS-level token caching (CLI tools, development).
|
|
11
|
-
-
|
|
11
|
+
- **DefaultAzureCredential (default credential chain)**: Ambient credential chain — environment variables, managed identity, Azure CLI (CI/CD, infrastructure).
|
|
12
12
|
- `token_only`: Use a pre-provided token (e.g., for CI/CD and automation).
|
|
13
13
|
- **Secure token storage:** Tokens and authentication records are encrypted at rest using platform-specific mechanisms (Keychain on macOS, DPAPI on Windows, libsecret on Linux) via `@azure/msal-node-extensions`.
|
|
14
14
|
- **Consistent experience:** The same authentication logic and token handling is used across CLI and app environments.
|
|
@@ -99,78 +99,50 @@ ffc auth token
|
|
|
99
99
|
|
|
100
100
|
## CI/CD
|
|
101
101
|
|
|
102
|
-
###
|
|
102
|
+
### Authentication in GitHub Actions
|
|
103
103
|
|
|
104
|
-
|
|
104
|
+
For CI/CD, authenticate with Azure using `azure/login@v2` and run your desired CLI command (e.g. `app publish`) directly. The `fusion-framework-cli auth login` command requires an interactive browser session and is intended for **local development only** — it is not applicable in CI environments.
|
|
105
105
|
|
|
106
|
-
|
|
106
|
+
When running in CI and no `--token`/`FUSION_TOKEN` is provided, the CLI automatically uses Azure Identity's `DefaultAzureCredential`. This works with OIDC federation, managed identities, and other ambient credentials.
|
|
107
107
|
|
|
108
|
-
|
|
108
|
+
```yml
|
|
109
|
+
name: Publish app
|
|
110
|
+
on:
|
|
111
|
+
workflow_dispatch:
|
|
112
|
+
|
|
113
|
+
permissions:
|
|
114
|
+
id-token: write
|
|
115
|
+
contents: read
|
|
116
|
+
|
|
117
|
+
jobs:
|
|
118
|
+
publish:
|
|
119
|
+
runs-on: ubuntu-latest
|
|
120
|
+
steps:
|
|
121
|
+
- uses: actions/checkout@v4
|
|
122
|
+
|
|
123
|
+
- name: Azure Login
|
|
124
|
+
uses: azure/login@v2
|
|
125
|
+
with:
|
|
126
|
+
client-id: ${{ secrets.AZURE_CLIENT_ID }} # The app registration (Service Principal) client ID
|
|
127
|
+
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
128
|
+
allow-no-subscriptions: true
|
|
129
|
+
|
|
130
|
+
- name: Publish to Fusion
|
|
131
|
+
run: fusion-framework-cli app publish --env ci ./dist/app.zip
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
### Optional Explicit Token Mode
|
|
135
|
+
|
|
136
|
+
You can still provide an explicit token with `--token` or `FUSION_TOKEN` if needed.
|
|
109
137
|
|
|
110
138
|
```yml
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
# Example usage in a workflow:
|
|
119
|
-
#
|
|
120
|
-
# steps:
|
|
121
|
-
# - name: Acquire Fusion Token
|
|
122
|
-
# uses: ./.github/actions/fusion-token
|
|
123
|
-
# - name: Fusion CLI command
|
|
124
|
-
# run: fusion-framework-cli app check
|
|
125
|
-
#
|
|
126
|
-
# ---
|
|
127
|
-
# How to set up a Service Principal in Azure for CI/CD:
|
|
128
|
-
#
|
|
129
|
-
# 1. Sign in to Azure CLI:
|
|
130
|
-
# az login
|
|
131
|
-
# 2. Create a new service principal (replace <NAME> and <SCOPE> as needed):
|
|
132
|
-
# az ad sp create-for-rbac --name <NAME> --role contributor --scopes <SCOPE>
|
|
133
|
-
# - This will output appId (client-id), password (client-secret), and tenant.
|
|
134
|
-
# 3. Grant the service principal API permissions if needed (e.g., to call Fusion APIs):
|
|
135
|
-
# - In Azure Portal, go to Azure Active Directory > App registrations > [Your App] > API permissions.
|
|
136
|
-
# - Add the required API permissions and grant admin consent.
|
|
137
|
-
# 4. Store the client-id, client-secret, and tenant-id as GitHub Action secrets.
|
|
138
|
-
# 5. Use these secrets in your workflow as shown below.
|
|
139
|
-
# 6. (Optional) For more on setting up environment variables in GitHub Actions workflows, see:
|
|
140
|
-
# https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
|
|
141
|
-
#
|
|
142
|
-
# For more details, see:
|
|
143
|
-
# https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
|
|
144
|
-
# https://learn.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli
|
|
145
|
-
#
|
|
146
|
-
name: Azure Login and Get Access Token
|
|
147
|
-
description: Authenticates with Azure and retrieves an access token
|
|
148
|
-
inputs:
|
|
149
|
-
client-id:
|
|
150
|
-
description: >
|
|
151
|
-
The Azure AD Application (client) ID to use for authentication. This should correspond to an app registration with permissions to request the required scopes.
|
|
152
|
-
required: true
|
|
153
|
-
tenant-id:
|
|
154
|
-
description: >
|
|
155
|
-
The Azure AD Tenant ID (directory) to authenticate against. This identifies the Azure AD instance where the app is registered.
|
|
156
|
-
required: true
|
|
157
|
-
scope:
|
|
158
|
-
description: >
|
|
159
|
-
The scope(s) for the access token, typically the Application ID URI of the API you want to access, followed by /.default (e.g., https://my-api/.default). Multiple scopes can be space-separated.
|
|
160
|
-
required: true
|
|
161
|
-
runs:
|
|
162
|
-
using: composite
|
|
163
|
-
steps:
|
|
164
|
-
- name: Azure Login
|
|
165
|
-
uses: azure/login@v2
|
|
166
|
-
with:
|
|
167
|
-
client-id: ${{ inputs.client-id }}
|
|
168
|
-
tenant-id: ${{ inputs.tenant-id }}
|
|
169
|
-
allow-no-subscriptions: true
|
|
170
|
-
- name: Get Access Token
|
|
171
|
-
shell: bash
|
|
172
|
-
run: |
|
|
173
|
-
echo "FUSION_TOKEN=$(az account get-access-token --scope ${{ inputs.scope }} --query accessToken --output tsv)" >> $GITHUB_ENV
|
|
139
|
+
- name: Acquire token (optional)
|
|
140
|
+
run: |
|
|
141
|
+
echo "FUSION_TOKEN=$(az account get-access-token --scope ${{ vars.FUSION_SCOPE }} --query accessToken --output tsv)" >> $GITHUB_ENV
|
|
142
|
+
|
|
143
|
+
- name: Publish with explicit token
|
|
144
|
+
run: fusion-framework-cli app publish --env ci ./dist/app.zip
|
|
145
|
+
```
|
|
174
146
|
|
|
175
147
|
## Additional Resources
|
|
176
148
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@equinor/fusion-framework-cli",
|
|
3
|
-
"version": "15.1.
|
|
3
|
+
"version": "15.1.4",
|
|
4
4
|
"keywords": [
|
|
5
5
|
"Fusion",
|
|
6
6
|
"Fusion Framework",
|
|
@@ -112,10 +112,10 @@
|
|
|
112
112
|
"vite-tsconfig-paths": "^6.0.4",
|
|
113
113
|
"zod": "^4.4.3",
|
|
114
114
|
"@equinor/fusion-framework-dev-server": "2.0.12",
|
|
115
|
-
"@equinor/fusion-
|
|
115
|
+
"@equinor/fusion-framework-dev-portal": "7.0.0",
|
|
116
116
|
"@equinor/fusion-framework-module-azure-identity": "0.2.1",
|
|
117
|
-
"@equinor/fusion-
|
|
118
|
-
"@equinor/fusion-framework-
|
|
117
|
+
"@equinor/fusion-imports": "2.0.0",
|
|
118
|
+
"@equinor/fusion-framework-vite-plugin-raw-imports": "2.0.0"
|
|
119
119
|
},
|
|
120
120
|
"devDependencies": {
|
|
121
121
|
"@rollup/plugin-commonjs": "^29.0.0",
|
|
@@ -141,8 +141,8 @@
|
|
|
141
141
|
"@equinor/fusion-framework-module": "6.1.0",
|
|
142
142
|
"@equinor/fusion-framework-module-app": "8.0.2",
|
|
143
143
|
"@equinor/fusion-framework-module-http": "8.0.3",
|
|
144
|
-
"@equinor/fusion-framework-
|
|
145
|
-
"@equinor/fusion-framework-
|
|
144
|
+
"@equinor/fusion-framework-react-router": "2.2.0",
|
|
145
|
+
"@equinor/fusion-framework-module-service-discovery": "10.0.1"
|
|
146
146
|
},
|
|
147
147
|
"peerDependenciesMeta": {
|
|
148
148
|
"typescript": {
|