@metasession.co/devaudit-cli 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@metasession.co/devaudit-cli",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.7",
|
|
4
4
|
"description": "DevAudit CLI — installs, syncs, and operates the Metasession SDLC across consumer projects.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -33,7 +33,7 @@
|
|
|
33
33
|
},
|
|
34
34
|
"dependencies": {
|
|
35
35
|
"@clack/prompts": "^0.8.2",
|
|
36
|
-
"@metasession.co/devaudit-plugin-sdk": "^0.1.
|
|
36
|
+
"@metasession.co/devaudit-plugin-sdk": "^0.1.7",
|
|
37
37
|
"commander": "^12.1.0",
|
|
38
38
|
"consola": "^3.2.3",
|
|
39
39
|
"env-paths": "^3.0.0",
|
|
@@ -33,6 +33,8 @@ jobs:
|
|
|
33
33
|
|
|
34
34
|
steps:
|
|
35
35
|
- uses: actions/checkout@v4
|
|
36
|
+
with:
|
|
37
|
+
fetch-depth: 0 # full history so the merged commits' REQ tags are readable
|
|
36
38
|
|
|
37
39
|
- name: Resolve DevAudit base URL and post-deploy terminal status
|
|
38
40
|
run: |
|
|
@@ -76,12 +78,29 @@ jobs:
|
|
|
76
78
|
- name: Resolve current release
|
|
77
79
|
id: release
|
|
78
80
|
run: |
|
|
79
|
-
|
|
81
|
+
# Resolve the release being PROMOTED — the same REQ the dev/UAT
|
|
82
|
+
# pipeline versioned (ci.yml / compliance-evidence.yml use
|
|
83
|
+
# derive-release-version.sh → REQ-XXX). The merge commit itself
|
|
84
|
+
# carries no REQ tag, so derive it from the commits merged into
|
|
85
|
+
# this push ([REQ-XXX] subject tags / Ref: lines), and only fall
|
|
86
|
+
# back to a bare date when the consumer uses date-versioned
|
|
87
|
+
# releases. Without this, a REQ-versioned release never converges:
|
|
88
|
+
# production evidence + the prod-review advance land on a phantom
|
|
89
|
+
# date release while the real REQ release stays uat_approved.
|
|
90
|
+
REQ=$(git log "${{ github.event.before }}..${{ github.sha }}" --format='%s%n%b' 2>/dev/null \
|
|
91
|
+
| grep -oiE '\[REQ-[0-9]+\]|Ref:[[:space:]]*REQ-[0-9]+' \
|
|
92
|
+
| grep -oiE 'REQ-[0-9]+' | head -1 | tr '[:lower:]' '[:upper:]' || true)
|
|
93
|
+
if [ -n "$REQ" ]; then
|
|
94
|
+
PREFIX="$REQ"
|
|
95
|
+
else
|
|
96
|
+
PREFIX="v$(date +%Y.%m.%d)"
|
|
97
|
+
fi
|
|
98
|
+
echo "Resolving release for version prefix: ${PREFIX}"
|
|
80
99
|
RESP=$(curl -s -H "Authorization: Bearer ${DEVAUDIT_API_KEY}" \
|
|
81
|
-
"${BASE}/api/ci/releases/resolve?projectSlug=${PROJECT_SLUG}&versionPrefix=${
|
|
100
|
+
"${BASE}/api/ci/releases/resolve?projectSlug=${PROJECT_SLUG}&versionPrefix=${PREFIX}")
|
|
82
101
|
VERSION=$(echo "$RESP" | jq -r '.latest.version // empty')
|
|
83
102
|
if [ -z "$VERSION" ]; then
|
|
84
|
-
VERSION="${
|
|
103
|
+
VERSION="${PREFIX}"
|
|
85
104
|
fi
|
|
86
105
|
RELEASE_ID=$(echo "$RESP" | jq -r '.latest.id // empty')
|
|
87
106
|
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
@@ -135,6 +154,32 @@ jobs:
|
|
|
135
154
|
${FLAGS} || echo "Warning: Failed to upload smoke results"
|
|
136
155
|
fi
|
|
137
156
|
|
|
157
|
+
- name: Upload release ticket to production
|
|
158
|
+
run: |
|
|
159
|
+
# Submit-for-production-review requires a release ticket (release_artifact)
|
|
160
|
+
# in the PRODUCTION environment — the dev/UAT pipeline only uploads it to
|
|
161
|
+
# uat. Carry the promoted release's ticket forward to production so the
|
|
162
|
+
# production release is self-contained and the prod-review gate passes.
|
|
163
|
+
chmod +x scripts/upload-evidence.sh 2>/dev/null || true
|
|
164
|
+
VERSION="${{ steps.release.outputs.version }}"
|
|
165
|
+
FLAGS="--release ${VERSION} --create-release-if-missing --environment production --category release_artifact"
|
|
166
|
+
FLAGS="${FLAGS} --git-sha ${GIT_SHA} --ci-run-id ${CI_RUN} --branch main"
|
|
167
|
+
TICKET=""
|
|
168
|
+
for DIR in compliance/pending-releases compliance/approved-releases; do
|
|
169
|
+
if [ -f "${DIR}/RELEASE-TICKET-${VERSION}.md" ]; then
|
|
170
|
+
TICKET="${DIR}/RELEASE-TICKET-${VERSION}.md"
|
|
171
|
+
break
|
|
172
|
+
fi
|
|
173
|
+
done
|
|
174
|
+
if [ -n "$TICKET" ]; then
|
|
175
|
+
echo "Uploading release ticket to production: $TICKET"
|
|
176
|
+
bash scripts/upload-evidence.sh \
|
|
177
|
+
"${PROJECT_SLUG}" "_compliance-docs" compliance_document "$TICKET" \
|
|
178
|
+
${FLAGS} || echo "Warning: Failed to upload release ticket to production"
|
|
179
|
+
else
|
|
180
|
+
echo "No RELEASE-TICKET-${VERSION}.md in pending-/approved-releases — skipping (date-versioned release or ticket archived)."
|
|
181
|
+
fi
|
|
182
|
+
|
|
138
183
|
- name: Advance release status (post-deploy)
|
|
139
184
|
run: |
|
|
140
185
|
RELEASE_ID="${{ steps.release.outputs.release_id }}"
|