@mui/internal-code-infra 0.0.3-canary.6 → 0.0.3-canary.61

package/src/{cli → utils}/babel.mjs

@@ -2,11 +2,11 @@
 /// <reference types="../untyped-plugins" />
 
 import { findWorkspaceDir } from '@pnpm/find-workspace-dir';
+import { $ } from 'execa';
 import { globby } from 'globby';
 import * as fs from 'node:fs/promises';
 import * as path from 'node:path';
-import { $ } from 'execa';
-import { BASE_IGNORES } from '../utils/build.mjs';
+import { BASE_IGNORES } from './build.mjs';
 
 const TO_TRANSFORM_EXTENSIONS = ['.js', '.ts', '.tsx'];
 
@@ -70,6 +70,8 @@ export async function cjsCopy({ from, to }) {
  * @param {boolean} [options.verbose=false] - Whether to enable verbose logging.
  * @param {boolean} [options.optimizeClsx=false] - Whether to enable clsx call optimization transform.
  * @param {boolean} [options.removePropTypes=true] - Whether to enable removal of React prop types.
+ * @param {Object} [options.reactCompiler] - Whether to use the React compiler.
+ * @param {string} [options.reactCompiler.reactVersion] - The React version to use with the React compiler.
  * @param {string[]} [options.ignores] - The globs to be ignored by Babel.
  * @param {string} options.cwd - The package root directory.
  * @param {string} options.pkgVersion - The package version.
@@ -77,7 +79,7 @@ export async function cjsCopy({ from, to }) {
  * @param {string} options.outDir - The output directory for the build.
  * @param {string} options.outExtension - The output file extension for the build.
  * @param {boolean} options.hasLargeFiles - Whether the build includes large files.
- * @param {import('../utils/build.mjs').BundleType} options.bundle - The bundles to build.
+ * @param {import('./build.mjs').BundleType} options.bundle - The bundles to build.
  * @param {string} options.babelRuntimeVersion - The version of @babel/runtime to use.
  * @returns {Promise<void>}
  */
@@ -94,6 +96,7 @@ export async function babelBuild({
   removePropTypes = false,
   verbose = false,
   ignores = [],
+  reactCompiler,
 }) {
   console.log(
     `Transpiling files to "${path.relative(path.dirname(sourceDir), outDir)}" for "${bundle}" bundle.`,
@@ -111,6 +114,8 @@ export async function babelBuild({
   ) {
     configFile = path.join(workspaceDir, 'babel.config.mjs');
   }
+
+  const reactVersion = reactCompiler?.reactVersion;
   const env = {
     NODE_ENV: 'production',
     BABEL_ENV: bundle === 'esm' ? 'stable' : 'node',
@@ -120,6 +125,8 @@ export async function babelBuild({
     MUI_BABEL_RUNTIME_VERSION: babelRuntimeVersion,
     MUI_OUT_FILE_EXTENSION: outExtension ?? '.js',
     ...getVersionEnvVariables(pkgVersion),
+    MUI_REACT_COMPILER: reactVersion ? '1' : '0',
+    MUI_REACT_COMPILER_REACT_VERSION: reactVersion,
   };
   const res = await $({
     stdio: 'inherit',

package/src/utils/build.mjs

@@ -1,3 +1,5 @@
+import * as semver from 'semver';
+
 /**
  * @typedef {'esm' | 'cjs'} BundleType
  */
@@ -24,9 +26,10 @@ export function getOutExtension(bundle, isType = false) {
  * @param {Record<string, any>} packageJson
  * @param {Object} [options]
  * @param {boolean} [options.skipMainCheck=false] - Whether to skip checking for main field in package.json.
+ * @param {boolean} [options.enableReactCompiler=false] - Whether to enable React compiler checks.
  */
 export function validatePkgJson(packageJson, options = {}) {
-  const { skipMainCheck = false } = options;
+  const { skipMainCheck = false, enableReactCompiler = false } = options;
   /**
    * @type {string[]}
    */
@@ -63,6 +66,29 @@ export function validatePkgJson(packageJson, options = {}) {
     }
   }
 
+  const reactVersion = packageJson.peerDependencies?.react;
+  if (enableReactCompiler) {
+    if (!reactVersion) {
+      errors.push(
+        'When building with React compiler, "react" must be specified as a peerDependency in package.json.',
+      );
+    }
+    const minSupportedReactVersion = semver.minVersion(reactVersion);
+    if (!minSupportedReactVersion) {
+      errors.push(
+        `Unable to determine the minimum supported React version from the peerDependency range: "${reactVersion}".`,
+      );
+    } else if (
+      semver.lt(minSupportedReactVersion, '19.0.0') &&
+      !packageJson.peerDependencies?.['react-compiler-runtime'] &&
+      !packageJson.dependencies?.['react-compiler-runtime']
+    ) {
+      errors.push(
+        'When building with React compiler for React versions below 19, "react-compiler-runtime" must be specified as a dependency or peerDependency in package.json.',
+      );
+    }
+  }
+
   if (errors.length > 0) {
     const error = new Error(errors.join('\n'));
     throw error;

package/src/utils/changelog.mjs

@@ -0,0 +1,157 @@
+import { Octokit } from '@octokit/rest';
+import { $ } from 'execa';
+
+import { persistentAuthStrategy } from './github.mjs';
+
+/**
+ * @typedef {import('@octokit/rest').Octokit} OctokitType
+ */
+
+/**
+ * @typedef {'team' | 'first_timer' | 'contributor'} AuthorAssociation
+ */
+
+/**
+ * @typedef {Object} FetchedCommitDetails
+ * @property {string} sha
+ * @property {string} message
+ * @property {string[]} labels
+ * @property {number} prNumber
+ * @property {string} html_url
+ * @property {{login: string; association: AuthorAssociation} | null} author
+ */
+
+/**
+ * @typedef {Object} FetchCommitsOptions
+ * @property {string} repo
+ * @property {string} lastRelease
+ * @property {string} release
+ * @property {string} [org='mui'] - GitHub organization name, defaults to 'mui'
+ */
+
+/**
+ * @param {Object} opts
+ * @param {string} opts.cwd
+ * @param {boolean} [opts.fetchAll=true] Whether to fetch all tags from all remotes before finding the latest tag.
+ * @returns {Promise<string>}
+ */
+export async function findLatestTaggedVersion(opts) {
+  const $$ = $({ cwd: opts.cwd });
+  const fetchAll = opts.fetchAll ?? true;
+  if (fetchAll) {
+    // Fetch all tags from all remotes to ensure we have the latest tags.
+    await $$`git fetch --tags --all`;
+  }
+  const { stdout } = await $$`git describe --tags --abbrev=0 --match ${'v*'}`; // only include "version-tags"
+  return stdout.trim();
+}
+
+/**
+ * Fetches commits between two refs (lastRelease..release) including PR details.
+ * Automatically handles GitHub OAuth authentication if none provided.
+ *
+ * @param {FetchCommitsOptions & {octokit?: OctokitType}} opts
+ * @returns {Promise<FetchedCommitDetails[]>}
+ */
+export async function fetchCommitsBetweenRefs(opts) {
+  const octokit =
+    'octokit' in opts && opts.octokit
+      ? opts.octokit
+      : new Octokit({ authStrategy: persistentAuthStrategy });
+
+  return fetchCommitsRest({
+    octokit,
+    repo: opts.repo,
+    lastRelease: opts.lastRelease,
+    release: opts.release,
+    org: opts.org ?? 'mui',
+  });
+}
+
+/**
+ * Fetches commits between two refs using GitHub's REST API.
+ * It is more reliable than the GraphQL API but requires multiple network calls (1 + n).
+ * One to list all commits between the two refs and then one for each commit to get the PR details.
+ *
+ * @param {FetchCommitsOptions & { octokit: OctokitType}} param0
+ *
+ * @returns {Promise<FetchedCommitDetails[]>}
+ */
+async function fetchCommitsRest({ octokit, repo, lastRelease, release, org = 'mui' }) {
+  /**
+   * @typedef {Awaited<ReturnType<Octokit['repos']['compareCommits']>>['data']['commits']} Commits
+   */
+  /**
+   * @type {Commits}
+   */
+  const results = [];
+  /**
+   * @type {any}
+   */
+  const timeline = octokit.paginate.iterator(
+    octokit.repos.compareCommitsWithBasehead.endpoint.merge({
+      owner: org,
+      repo,
+      basehead: `${lastRelease}...${release}`,
+    }),
+  );
+  for await (const response of timeline) {
+    results.push(...response.data.commits);
+  }
+
+  const promises = results.map(async (commit) => {
+    const prMatch = commit.commit.message.match(/#(\d+)/);
+    if (prMatch === null) {
+      return null;
+    }
+
+    const prNumber = parseInt(prMatch[1], 10);
+
+    const pr = await octokit.pulls.get({
+      owner: org,
+      repo,
+      pull_number: prNumber,
+      headers: {
+        Accept: 'application/vnd.github.text+json',
+      },
+    });
+
+    const labels = pr.data.labels.map((label) => label.name);
+
+    return /** @type {FetchedCommitDetails} */ ({
+      sha: commit.sha,
+      message: commit.commit.message,
+      labels,
+      prNumber,
+      html_url: pr.data.html_url,
+      author: pr.data.user?.login
+        ? {
+            login: pr.data.user.login,
+            association: getAuthorAssociation(pr.data.author_association),
+          }
+        : null,
+    });
+  });
+
+  return (await Promise.all(promises)).filter((entry) => entry !== null);
+}
+
+/**
+ *
+ * @param {import('@octokit/rest').RestEndpointMethodTypes["pulls"]["get"]["response"]["data"]["author_association"]} input
+ * @returns {AuthorAssociation}
+ */
+function getAuthorAssociation(input) {
+  switch (input) {
+    case 'OWNER':
+    case 'MEMBER':
+      return 'team';
+    case 'MANNEQUIN':
+    case 'NONE':
+    case 'FIRST_TIMER':
+    case 'FIRST_TIME_CONTRIBUTOR':
+      return 'first_timer';
+    default:
+      return 'contributor';
+  }
+}

package/src/utils/credentials.mjs

@@ -0,0 +1,71 @@
+/**
+ * Secure credential storage for CLI tools
+ *
+ * Provides secure credential storage for the MUI code infrastructure tools.
+ * It uses OS keychain/credential manager to store credentials.
+ *
+ */
+
+import { AsyncEntry } from '@napi-rs/keyring';
+
+export const KEYRING_SERVICE = 'mui-code-infra';
+
+/**
+ * @type {Map<string, AsyncEntry>}
+ */
+const credentials = new Map();
+
+/**
+ * @type {Map<string, string>} In-memory cache for credentials that have been accessed.
+ * This is used to avoid multiple prompts for the same credential during a single run.
+ */
+const accessedCredentials = new Map();
+
+/**
+ * @param {string} key
+ * @returns {Promise<string | undefined>}
+ */
+export async function getPassword(key) {
+  if (accessedCredentials.has(key)) {
+    return accessedCredentials.get(key);
+  }
+  let credential = credentials.get(key);
+  if (!credential) {
+    credential = new AsyncEntry(KEYRING_SERVICE, key);
+    credentials.set(key, credential);
+  }
+  const res = await credential.getPassword();
+  if (res) {
+    accessedCredentials.set(key, res);
+  }
+  return res;
+}
+
+/**
+ * @param {string} key
+ * @param {string} password
+ * @returns {Promise<void>}
+ */
+export async function setPassword(key, password) {
+  accessedCredentials.set(key, password);
+  let credential = credentials.get(key);
+  if (!credential) {
+    credential = new AsyncEntry(KEYRING_SERVICE, key);
+    credentials.set(key, credential);
+  }
+  await credential.setPassword(password);
+}
+
+/**
+ * @param {string} key
+ * @returns {Promise<void>}
+ */
+export async function deleteKey(key) {
+  accessedCredentials.delete(key);
+  let credential = credentials.get(key);
+  credentials.delete(key);
+  if (!credential) {
+    credential = new AsyncEntry(KEYRING_SERVICE, key);
+  }
+  await credential.deletePassword();
+}

package/src/utils/extractErrorCodes.mjs

@@ -7,7 +7,7 @@ import { globby } from 'globby';
 import * as fs from 'node:fs/promises';
 import * as path from 'node:path';
 
-import { getWorkspacePackages } from '../cli/pnpm.mjs';
+import { getWorkspacePackages } from './pnpm.mjs';
 import { BASE_IGNORES, mapConcurrently } from './build.mjs';
 
 /**
@@ -20,7 +20,7 @@ import { BASE_IGNORES, mapConcurrently } from './build.mjs';
 /**
  * Gets all relevant files for a package to parse.
  *
- * @param {import('../cli/pnpm.mjs').PublicPackage} pkg
+ * @param {import('./pnpm.mjs').PublicPackage} pkg
  * @returns {Promise<string[]>} An array of file paths.
  */
 async function getFilesForPackage(pkg) {

package/src/utils/git.mjs

@@ -0,0 +1,67 @@
+import { $ } from 'execa';
+import gitUrlParse from 'git-url-parse';
+
+/**
+ * @typedef {Object} RepoInfo
+ * @property {string} owner - Repository owner
+ * @property {string} repo - Repository name
+ */
+
+/**
+ * Get current repository info from git remote
+ * @param {string[]} [remotes=['upstream', 'origin']] - Remote name(s) to check (default: ['upstream', 'origin'])
+ * @returns {Promise<RepoInfo>} Repository owner and name
+ */
+export async function getRepositoryInfo(remotes = ['upstream', 'origin']) {
+  /**
+   * @type {Record<string, string>}
+   */
+  const cause = {};
+  const cliResult = $`git remote -v`;
+  /**
+   * @type {Map<string, string>}
+   */
+  const repoRemotes = new Map();
+
+  for await (const line of cliResult) {
+    // Match pattern: "remoteName url (fetch|push)"
+    const [remoteName, url, type] = line.trim().split(/\s+/, 3);
+    if (type === '(fetch)') {
+      repoRemotes.set(remoteName, url);
+    } else if (type !== '(push)') {
+      throw new Error(`Unexpected line format for "git remote -v": "${line}"`);
+    }
+  }
+
+  for (const remote of remotes) {
+    if (!repoRemotes.has(remote)) {
+      cause[remote] = 'Remote not found';
+      continue;
+    }
+    const url = /** @type {string} */ (repoRemotes.get(remote));
+    try {
+      const parsed = gitUrlParse(url);
+      if (parsed.source !== 'github.com' || parsed.owner !== 'mui') {
+        cause[remote] = `Remote is not a GitHub repository under 'mui' organization: ${url}`;
+        continue;
+      }
+      return {
+        owner: parsed.owner,
+        repo: parsed.name,
+      };
+    } catch (error) {
+      cause[remote] = `Failed to parse URL for remote ${remote}: ${url}`;
+    }
+  }
+
+  throw new Error(`Failed to find remote(s): ${remotes.join(', ')}`, { cause });
+}
+
+/**
+ * Get current git SHA
+ * @returns {Promise<string>} Current git commit SHA
+ */
+export async function getCurrentGitSha() {
+  const result = await $`git rev-parse HEAD`;
+  return result.stdout.trim();
+}

package/src/utils/github.mjs

@@ -0,0 +1,263 @@
+/**
+ * Core GitHub OAuth authentication utilities
+ *
+ * This utility provides core GitHub OAuth functionality using openid-client.
+ * It handles token storage, refresh, and device flow initiation.
+ * CLI-specific user interaction is handled in cli/cmdGithubAuth.mjs.
+ *
+ */
+
+import {
+  createDeviceCode,
+  exchangeDeviceCode,
+  refreshToken as ghRefreshToken,
+} from '@octokit/oauth-methods';
+import clipboardy from 'clipboardy';
+import open from 'open';
+import chalk from 'chalk';
+
+import * as credentials from './credentials.mjs';
+
+const GITHUB_APP_CLIENT_ID = 'Iv23lilHsGU3i1tIARsT'; // MUI Code Infra Oauth App
+// Use the client id as the key so that if it changes, we don't conflict with old tokens
+const GITHUB_APP_CREDENTIAL_KEY = GITHUB_APP_CLIENT_ID;
+
+/**
+ * @typedef {Object} GitHubAppAuthenticationWithRefreshToken
+ * @property {string} token - The access token
+ * @property {string} [expiresAt] - ISO string when the access token expires
+ * @property {string} [refreshToken] - The refresh token
+ * @property {string} [refreshTokenExpiresAt] - ISO string when the refresh token expires
+ */
+
+export function persistentAuthStrategy() {
+  /**
+   * Request hook to add authentication token to requests.
+   * Automatically handles token refresh on 401 errors.
+   *
+   * @param {import('@octokit/types').RequestInterface} request
+   * @param {import('@octokit/types').Route} route
+   * @param {import('@octokit/types').RequestParameters} parameters
+   * @returns
+   */
+  async function hook(request, route, parameters) {
+    const token = await endToEndGhAuthGetToken({ log: true });
+    const endpoint = request.endpoint.merge(route, parameters);
+    endpoint.headers.authorization = `token ${token}`;
+    try {
+      // @ts-expect-error - request.endpoint.merge doesn't return correct type
+      return await request(endpoint);
+    } catch (error) {
+      const err =
+        /** @type {import('@octokit/types').RequestError & {response: {data: {message: string}}}} */ (
+          error
+        );
+      if (err.status === 401 && err.response.data.message.toLowerCase() === 'bad credentials') {
+        // refresh token and retry again
+        await clearGitHubAuth();
+        const newToken = await endToEndGhAuthGetToken();
+        endpoint.headers.authorization = `token ${newToken}`;
+        // @ts-expect-error - request.endpoint.merge doesn't return correct type
+        return await request(endpoint);
+      }
+      throw error;
+    }
+  }
+
+  return { hook };
+}
+
+/**
+ * @param {Object} data
+ * @param {string} data.url
+ * @param {string} data.code
+ * @param {Object} options
+ * @param {boolean} [options.openInBrowser=true] - Whether to open the URL in the default browser
+ * @param {boolean} [options.copyToClipboard=true] - Whether to copy the code to clipboard
+ * @returns {Promise<void>}
+ */
+async function logAuthInformation(data, { openInBrowser = true, copyToClipboard = true } = {}) {
+  if (copyToClipboard) {
+    await clipboardy.write(data.code);
+    console.warn(`Pasted authentication code ${chalk.bold(data.code)} to system clipboard...`);
+  } else {
+    console.warn(`To authenticate, paste "${chalk.bold(data.code)}" when prompted.`);
+  }
+  if (openInBrowser) {
+    console.warn(`Opening ${chalk.bold(data.url)} in default browser, or goto the link manually.`);
+    await open(data.url);
+  } else {
+    console.warn(`Open ${data.url} in your browser to authenticate.`);
+  }
+}
+
+/**
+ * Checks if the stored access token is expired
+ * @returns {Promise<boolean>}
+ */
+async function isTokenExpired() {
+  try {
+    const tokens = await getCredentialData();
+
+    if (tokens.expiresAt) {
+      return Date.now() > new Date(tokens.expiresAt).getTime();
+    }
+
+    if (tokens.refreshTokenExpiresAt) {
+      return Date.now() > new Date(tokens.refreshTokenExpiresAt).getTime();
+    }
+    return false;
+  } catch (error) {
+    return true; // If we can't get expiry, assume expired
+  }
+}
+
+/**
+ *
+ * @returns {Promise<GitHubAppAuthenticationWithRefreshToken>} Stored GitHub authentication tokens
+ */
+async function getCredentialData() {
+  const data = await credentials.getPassword(GITHUB_APP_CREDENTIAL_KEY);
+  if (!data) {
+    return {
+      token: '',
+    };
+  }
+  return /** @type {GitHubAppAuthenticationWithRefreshToken} */ (JSON.parse(data));
+}
+
+/**
+ * Stores GitHub authentication tokens securely
+ * @param {{token: string, refreshToken?: string, expiresAt?: string; refreshTokenExpiresAt?: string}} tokens - Token response from openid-client
+ * @returns {Promise<void>}
+ */
+async function storeGitHubTokens(tokens) {
+  /**
+   * @type {GitHubAppAuthenticationWithRefreshToken}
+   */
+  const newTokens = {
+    token: tokens.token,
+    expiresAt: tokens.expiresAt,
+    refreshToken: tokens.refreshToken,
+    refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
+  };
+
+  await credentials.setPassword(GITHUB_APP_CREDENTIAL_KEY, JSON.stringify(newTokens));
+}
+
+/**
+ * @returns {Promise<string>} Refreshed GitHub access token
+ */
+async function refreshAccessToken() {
+  const tokenData = await getCredentialData();
+  if (!tokenData.refreshToken) {
+    return await doGithubAuth();
+  }
+  if (
+    tokenData.refreshTokenExpiresAt &&
+    Date.now() > new Date(tokenData.refreshTokenExpiresAt).getTime()
+  ) {
+    // Refresh token has also expired. Need to re-authenticate
+    await clearGitHubAuth();
+    return await doGithubAuth();
+  }
+  const { authentication } = await ghRefreshToken({
+    clientId: GITHUB_APP_CLIENT_ID,
+    refreshToken: tokenData.refreshToken,
+    clientType: 'github-app',
+    clientSecret: '',
+  });
+  storeGitHubTokens(authentication);
+  return authentication.token;
+}
+
+/**
+ * @returns {Promise<{url: string, code: string; deviceCode: string}>} Device flow response with verification URI and user code
+ */
+async function getAuthInformation() {
+  const { data } = await createDeviceCode({
+    clientId: GITHUB_APP_CLIENT_ID,
+    clientType: 'github-app',
+  });
+  return {
+    url: data.verification_uri,
+    code: data.user_code,
+    deviceCode: data.device_code,
+  };
+}
+
+/**
+ * Retries exchanging device code for tokens until success or timeout.
+ * Defaults to 12 retries with 5s delay (1 minute total).
+ * Has initial delay to allow user to enter code in browser.
+ *
+ * @param {string} deviceCode
+ * @param {{delay?: number, retries?: number}} [options]
+ * @returns {Promise<import('@octokit/oauth-methods').GitHubAppAuthenticationWithRefreshToken>}
+ */
+async function exchangeDeviceCodeWithRetry(deviceCode, { delay = 5000, retries = 12 } = {}) {
+  if (delay) {
+    await new Promise((resolve) => {
+      setTimeout(resolve, delay);
+    });
+  }
+  try {
+    const { authentication } = await exchangeDeviceCode({
+      clientId: GITHUB_APP_CLIENT_ID,
+      clientType: 'github-app',
+      code: deviceCode,
+    });
+    return /** @type {import('@octokit/oauth-methods').GitHubAppAuthenticationWithRefreshToken} */ (
+      authentication
+    );
+  } catch (/** @type {any} */ ex) {
+    if (ex.response.data.error !== 'authorization_pending') {
+      throw ex; // Some other error
+    }
+    if (retries > 0) {
+      console.warn('Retrying device code exchange...');
+      return exchangeDeviceCodeWithRetry(deviceCode, { delay, retries: retries - 1 });
+    }
+    throw new Error(`[github-auth]: Timed out waiting for user authentication`);
+  }
+}
+
+async function doGithubAuth() {
+  const data = await getAuthInformation();
+  await logAuthInformation(data);
+  const tokens = await exchangeDeviceCodeWithRetry(data.deviceCode);
+  await storeGitHubTokens(tokens);
+  return tokens.token;
+}
+
+/**
+ * @param {Object} [options]
+ * @param {boolean} [options.log=false] - Whether to log progress to console
+ * @returns {Promise<string>} Valid GitHub access token
+ */
+export async function endToEndGhAuthGetToken({ log = false } = {}) {
+  const tokenData = await getCredentialData();
+  if (!tokenData.token) {
+    if (log) {
+      console.warn("🔍 GitHub token doesn't exist. Starting authentication flow...");
+    }
+    return await doGithubAuth();
+  }
+
+  if (await isTokenExpired()) {
+    if (log) {
+      console.warn('GitHub token expired. Attempting to refresh...');
+    }
+    return refreshAccessToken();
+  }
+
+  return tokenData.token;
+}
+
+/**
+ * Clears stored GitHub authentication tokens
+ * @returns {Promise<void>}
+ */
+export async function clearGitHubAuth() {
+  await credentials.deleteKey(GITHUB_APP_CREDENTIAL_KEY);
+}