npm - @plasius/schema - Versions diffs - 1.0.13 → 1.0.18 - Mend

@plasius/schema 1.0.13 → 1.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/.github/workflows/cd.yml +39 -10
package/CHANGELOG.md +14 -8
package/README.md +1 -0
package/docs/adrs/adr-0001: schema.md +4 -0
package/docs/adrs/adr-template.md +2 -0
package/package.json +2 -1
package/sbom.cdx.json +66 -0
package/vitest.config.js +8 -1

package/.github/workflows/cd.yml CHANGED Viewed

@@ -6,6 +6,7 @@ on:
 permissions:
   contents: write
   id-token: write # for npm provenance (requires Node 18+ and npm >=9)
+  attestations: write
 jobs:
   publish:
@@ -21,12 +22,6 @@ jobs:
           node-version-file: '.nvmrc'
           cache: 'npm'
-      - name: Install deps (CI)
-        run: npm ci
-      - name: Build
-        run: npm run build --if-present
       - name: Bump version & decide publish flags
         id: pkg
         env:
@@ -51,14 +46,42 @@ jobs:
           else
             echo "flags=--access public" >> "$GITHUB_OUTPUT"
           fi
+      - name: Install deps (CI)
+        run: npm ci
+      - name: Test (coverage)
+        run: npm run test -- --coverage
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+         token: ${{ secrets.CODECOV_TOKEN }}
+         files: ./coverage/lcov.info
+         flags: unittests
+         fail_ci_if_error: true
+      - name: Build
+        run: npm run build --if-present
+      - name: Generate SBOM (CycloneDX)
+        run: npm sbom --sbom-format=cyclonedx --sbom-type=library --omit dev > sbom.cdx.json
+      - name: Attest SBOM (GitHub Artifact Attestations)
+        uses: actions/attest-build-provenance@v3
+        with:
+          subject-path: sbom.cdx.json
       - name: Update CHANGELOG.md (move Unreleased to new version)
         env:
           VERSION: ${{ steps.pkg.outputs.version }}
           TAG: ${{ steps.pkg.outputs.tag }}
           GITHUB_REPOSITORY: ${{ github.repository }}
+          verbose: true
         run: |
           set -euo pipefail
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
           FILE="CHANGELOG.md"
           if [ ! -f "$FILE" ]; then
@@ -88,7 +111,7 @@ jobs:
           # Prepare new Unreleased template (Keep a Changelog style) without tabs/indent issues
           NEW_UNRELEASED=$(printf '%s\n' \
-            '## [Unreleased]' \
+            '' \
             '- **Added**' \
             '  - (placeholder)' \
             '' \
@@ -123,8 +146,8 @@ jobs:
           # Update bottom compare links
           # Update [Unreleased] compare to start at v${VERSION}
           COMPARE_URL="https://github.com/${GITHUB_REPOSITORY}/compare/v${VERSION}...HEAD"
-          sed -E -i.bak "s|^\[Unreleased\]: .*|[Unreleased]: ${COMPARE_URL}|" "$FILE" || true
-          rm -f "$FILE.bak"
+          awk -v repl="[Unreleased]: ${COMPARE_URL}" 'BEGIN{OFS=FS} { if ($0 ~ /^\[Unreleased\]: /) { print repl } else { print } }' "$FILE" > "$FILE.tmp"
+          mv "$FILE.tmp" "$FILE"
           # Append a link for the new version if not present
           if ! grep -q "^\[${VERSION}\]:" "$FILE"; then
@@ -142,13 +165,19 @@ jobs:
           set -euo pipefail
           TAG="${{ steps.pkg.outputs.tag }}"
           if gh release view "$TAG" >/dev/null 2>&1; then
-            echo "Release $TAG already exists; skipping creation."
+            echo "Release $TAG already exists; uploading SBOM asset."
           else
             gh release create "$TAG" \
               --title "Release $TAG" \
               --generate-notes \
               --latest
           fi
+          # Upload/overwrite the SBOM asset on the release
+          if [ -f sbom.cdx.json ]; then
+            gh release upload "$TAG" sbom.cdx.json --clobber
+          else
+            echo "No SBOM generated; skipping upload."
+          fi
       - name: Publish
         env:

package/CHANGELOG.md CHANGED Viewed

@@ -8,7 +8,7 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 ---
 ## [Unreleased]
-## [Unreleased]
 - **Added**
   - (placeholder)
@@ -21,10 +21,17 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 - **Security**
   - (placeholder)
-## [1.0.13] - 2025-09-16
+## [1.0.18] - 2025-09-17
+- **Fixed**
+  - CD pipeline reorder fix to restore CHANGELOG.md versions
+## [1.0.17] - 2025-09-17
 - **Added**
-  - (placeholder) Add new validators, field helpers, or PII utilities here.
+  - chore: Code coverage added
+## [1.0.13] - 2025-09-16
 - **Changed**
   - ./src/schema.ts Added comments defining functionality on all externally facing functions.
@@ -32,9 +39,6 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 - **Fixed**
   - ./src/schema.ts Validation no longer mutates the input, internal system fields are set only on result if not previously present.
-- **Security**
-  - (placeholder)
 ---
 ## [1.0.0] - 2025-09-16
@@ -75,6 +79,8 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 ---
-[Unreleased]: https://github.com/Plasius-LTD/schema/compare/v1.0.13...HEAD
-[1.0.0]: https://github.com/Plasius-LTD/plasius-schema/releases/tag/v1.0.0
+[Unreleased]: https://github.com/Plasius-LTD/schema/compare/v1.0.18...HEAD
+[1.0.0]: https://github.com/Plasius-LTD/schema/releases/tag/v1.0.0
 [1.0.13]: https://github.com/Plasius-LTD/schema/releases/tag/v1.0.13
+[1.0.17]: https://github.com/Plasius-LTD/schema/releases/tag/v1.0.17
+[1.0.18]: https://github.com/Plasius-LTD/schema/releases/tag/v1.0.18

package/README.md CHANGED Viewed

@@ -2,6 +2,7 @@
 [![npm version](https://img.shields.io/npm/v/@plasius/schema.svg)](https://www.npmjs.com/package/@plasius/schema)
 [![Build Status](https://img.shields.io/github/actions/workflow/status/Plasius-LTD/schema/ci.yml?branch=main&label=build&style=flat)](https://github.com/plasius/schema/actions/workflows/ci.yml)
+[![coverage](https://img.shields.io/codecov/c/github/Plasius-LTD/schema)](https://codecov.io/gh/Plasius-LTD/schema)
 [![License](https://img.shields.io/github/license/Plasius-LTD/schema)](./LICENSE)
 [![Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-yes-blue.svg)](./CODE_OF_CONDUCT.md)
 [![Security Policy](https://img.shields.io/badge/security%20policy-yes-orange.svg)](./SECURITY.md)

package/docs/adrs/adr-0001: schema.md CHANGED Viewed

@@ -39,3 +39,7 @@ We will build a **schema library** (`@plasius/schema`) that:
 - **Do nothing:** Continue defining ad-hoc validation in each package. (Rejected: inconsistent and unsafe.)
 - **Use an existing library (e.g. Zod, Yup, Joi):** These provide schema validation but lack PII auditing integration and may not align with our field-builder pattern. (Rejected for core use, though we may draw inspiration.)
+## References
+- [Architectural Decision Records (ADR) standard](https://adr.github.io/)

package/docs/adrs/adr-template.md CHANGED Viewed

@@ -62,4 +62,6 @@
 ## References
+- [Architectural Decision Records (ADR) standard](https://adr.github.io/)
 > _Links to docs, benchmarks, discussions, or external resources that influenced this decision_

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@plasius/schema",
-  "version": "1.0.13",
+  "version": "1.0.18",
   "description": "Entity schema definition & validation helpers for Plasius ecosystem",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -58,6 +58,7 @@
     "@types/node": "^24.3.1",
     "@typescript-eslint/eslint-plugin": "^8.43.0",
     "@typescript-eslint/parser": "^8.43.0",
+    "@vitest/coverage-v8": "^3.2.4",
     "eslint": "^9.35.0",
     "tsup": "^8.5.0",
     "tsx": "^4.20.5",

package/sbom.cdx.json ADDED Viewed

@@ -0,0 +1,66 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid:5e59b78b-f6f8-47c0-8329-d6447041544f",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2025-09-17T16:14:58.925Z",
+    "lifecycles": [
+      {
+        "phase": "build"
+      }
+    ],
+    "tools": [
+      {
+        "vendor": "npm",
+        "name": "cli",
+        "version": "10.9.3"
+      }
+    ],
+    "component": {
+      "bom-ref": "@plasius/schema@1.0.18",
+      "type": "library",
+      "name": "schema",
+      "version": "1.0.18",
+      "scope": "required",
+      "author": "Plasius LTD",
+      "description": "Entity schema definition & validation helpers for Plasius ecosystem",
+      "purl": "pkg:npm/%40plasius/schema@1.0.18",
+      "properties": [
+        {
+          "name": "cdx:npm:package:path",
+          "value": ""
+        }
+      ],
+      "externalReferences": [
+        {
+          "type": "vcs",
+          "url": "git+https://github.com/Plasius-LTD/schema.git"
+        },
+        {
+          "type": "website",
+          "url": "https://github.com/Plasius-LTD/schema#readme"
+        },
+        {
+          "type": "issue-tracker",
+          "url": "https://github.com/Plasius-LTD/schema/issues"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        }
+      ]
+    }
+  },
+  "components": [],
+  "dependencies": [
+    {
+      "ref": "@plasius/schema@1.0.18",
+      "dependsOn": []
+    }
+  ]
+}

package/vitest.config.js CHANGED Viewed

@@ -6,8 +6,15 @@ export default defineConfig({
     globals: true,
     include: ["tests/**/*.test.{ts,tsx}"],
     coverage: {
+      provider: "v8",
       reporter: ["text", "lcov"],
-      exclude: ["tests/**", "dist/**"],
+      reportsDirectory: "./coverage",
+      exclude: [
+        "tests/**",
+        "dist/**",
+        "**/*.config.{js,ts}",
+        "**/.eslintrc.{js,cjs}",
+      ],
     },
   },
 });