@storm-software/git-tools 2.111.28 → 2.112.1

package/README.md

@@ -21,7 +21,7 @@ This package is part of the <b>⚡Storm-Ops</b> monorepo. The Storm-Ops packages
 
 <h3 align="center">💻 Visit <a href="https://stormsoftware.com" target="_blank">stormsoftware.com</a> to stay up to date with this developer</h3><br />
 
-[![Version](https://img.shields.io/badge/version-2.111.26-1fb2a6.svg?style=for-the-badge&color=1fb2a6)](https://prettier.io/)&nbsp;[![Nx](https://img.shields.io/badge/Nx-17.0.2-lightgrey?style=for-the-badge&logo=nx&logoWidth=20&&color=1fb2a6)](http://nx.dev/)&nbsp;[![NextJs](https://img.shields.io/badge/Next.js-14.0.2-lightgrey?style=for-the-badge&logo=nextdotjs&logoWidth=20&color=1fb2a6)](https://nextjs.org/)&nbsp;[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge&logo=commitlint&color=1fb2a6)](http://commitizen.github.io/cz-cli/)&nbsp;![Semantic-Release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge&color=1fb2a6)&nbsp;[![documented with Fumadocs](https://img.shields.io/badge/documented_with-fumadocs-success.svg?style=for-the-badge&logo=readthedocs&color=1fb2a6)](https://fumadocs.vercel.app/)&nbsp;![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/storm-software/storm-ops/cr.yml?style=for-the-badge&logo=github-actions&color=1fb2a6)
+[![Version](https://img.shields.io/badge/version-2.112.0-1fb2a6.svg?style=for-the-badge&color=1fb2a6)](https://prettier.io/)&nbsp;[![Nx](https://img.shields.io/badge/Nx-17.0.2-lightgrey?style=for-the-badge&logo=nx&logoWidth=20&&color=1fb2a6)](http://nx.dev/)&nbsp;[![NextJs](https://img.shields.io/badge/Next.js-14.0.2-lightgrey?style=for-the-badge&logo=nextdotjs&logoWidth=20&color=1fb2a6)](https://nextjs.org/)&nbsp;[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge&logo=commitlint&color=1fb2a6)](http://commitizen.github.io/cz-cli/)&nbsp;![Semantic-Release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge&color=1fb2a6)&nbsp;[![documented with Fumadocs](https://img.shields.io/badge/documented_with-fumadocs-success.svg?style=for-the-badge&logo=readthedocs&color=1fb2a6)](https://fumadocs.vercel.app/)&nbsp;![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/storm-software/storm-ops/cr.yml?style=for-the-badge&logo=github-actions&color=1fb2a6)
 
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->

package/bin/git.cjs

@@ -82017,37 +82017,33 @@ async function resolveTokenData(hostname) {
   );
 }
 async function getGithubReleaseByTag(config, tag) {
-  return await makeGithubRequest(
+  return (await makeGithubRequest(
     config,
     `/repos/${config.repo}/releases/tags/${tag}`,
     {}
-  );
+  )).data;
 }
 async function makeGithubRequest(config, url2, opts = {}) {
-  return (await axios_default(url2, {
+  return await axios_default(url2, {
     ...opts,
     baseURL: config.apiBaseUrl,
     headers: {
       ...opts.headers,
       Authorization: config.token ? `Bearer ${config.token}` : void 0
     }
-  })).data;
+  });
 }
 async function createGithubRelease(config, body) {
-  return await makeGithubRequest(config, `/repos/${config.repo}/releases`, {
+  return (await makeGithubRequest(config, `/repos/${config.repo}/releases`, {
     method: "POST",
     data: body
-  });
+  })).data;
 }
 async function updateGithubRelease(config, id, body) {
-  return await makeGithubRequest(
-    config,
-    `/repos/${config.repo}/releases/${id}`,
-    {
-      method: "PATCH",
-      data: body
-    }
-  );
+  return (await makeGithubRequest(config, `/repos/${config.repo}/releases/${id}`, {
+    method: "PATCH",
+    data: body
+  })).data;
 }
 function githubNewReleaseURL(config, release) {
   let url2 = `https://${config.hostname}/${config.repo}/releases/new?tag=${release.version}&title=${release.version}&body=${encodeURIComponent(release.body)}&target=${release.commit}`;
@@ -82073,6 +82069,38 @@ async function createGithubRemoteReleaseClient(remoteName = "origin") {
     await resolveTokenData(repoData.hostname)
   );
 }
+async function isUserAnOrganizationMember(userId, config, remoteName = "origin") {
+  try {
+    const repoData = getGitHubRepoData(remoteName, "github");
+    if (!repoData) {
+      throw new Error(
+        `Unable to validate GitHub actor because the GitHub repo slug could not be determined. Please ensure you have a valid GitHub remote configured.`
+      );
+    }
+    const tokenData = await resolveTokenData(repoData.hostname);
+    if (!tokenData.token) {
+      throw new Error(
+        `Unable to validate GitHub actor because no token was provided. Please set the GITHUB_TOKEN or GH_TOKEN environment variable, or ensure you have an active session via the official gh CLI tool (https://cli.github.com).`
+      );
+    }
+    const result2 = await makeGithubRequest(
+      {
+        repo: repoData.slug,
+        hostname: repoData.hostname,
+        apiBaseUrl: repoData.apiBaseUrl,
+        token: _optionalChain([tokenData, 'optionalAccess', _213 => _213.token]) || null
+      },
+      `/orgs/${config.organization}/members/${userId}`,
+      {}
+    );
+    if (result2.status !== 204) {
+      return false;
+    }
+    return true;
+  } catch (e18) {
+    return false;
+  }
+}
 
 // src/release/changelog.ts
 function createAPI(overrideReleaseConfig) {
@@ -82138,7 +82166,7 @@ function createAPI(overrideReleaseConfig) {
     if (args.deleteVersionPlans === void 0) {
       args.deleteVersionPlans = true;
     }
-    const changelogGenerationEnabled = !!_optionalChain([nxReleaseConfig, 'optionalAccess', _213 => _213.changelog, 'optionalAccess', _214 => _214.workspaceChangelog]) || _optionalChain([nxReleaseConfig, 'optionalAccess', _215 => _215.groups]) && Object.values(_optionalChain([nxReleaseConfig, 'optionalAccess', _216 => _216.groups])).some((g) => g.changelog);
+    const changelogGenerationEnabled = !!_optionalChain([nxReleaseConfig, 'optionalAccess', _214 => _214.changelog, 'optionalAccess', _215 => _215.workspaceChangelog]) || _optionalChain([nxReleaseConfig, 'optionalAccess', _216 => _216.groups]) && Object.values(_optionalChain([nxReleaseConfig, 'optionalAccess', _217 => _217.groups])).some((g) => g.changelog);
     if (!changelogGenerationEnabled) {
       _output.output.warn({
         title: `Changelogs are disabled. No changelog entries will be generated`,
@@ -82149,7 +82177,7 @@ function createAPI(overrideReleaseConfig) {
       return {};
     }
     const tree = new (0, _tree.FsTree)(_workspaceroot.workspaceRoot, !!args.verbose);
-    const useAutomaticFromRef = _optionalChain([nxReleaseConfig, 'optionalAccess', _217 => _217.changelog, 'optionalAccess', _218 => _218.automaticFromRef]) || args.firstRelease;
+    const useAutomaticFromRef = _optionalChain([nxReleaseConfig, 'optionalAccess', _218 => _218.changelog, 'optionalAccess', _219 => _219.automaticFromRef]) || args.firstRelease;
     const { workspaceChangelogVersion, projectsVersionData } = resolveChangelogVersions(
       args,
       releaseGroups,
@@ -82158,20 +82186,20 @@ function createAPI(overrideReleaseConfig) {
     const to = args.to || "HEAD";
     const toSHA = await _git.getCommitHash.call(void 0, to);
     const headSHA = to === "HEAD" ? toSHA : await _git.getCommitHash.call(void 0, "HEAD");
-    const autoCommitEnabled = _nullishCoalesce(args.gitCommit, () => ( _optionalChain([nxReleaseConfig, 'access', _219 => _219.changelog, 'optionalAccess', _220 => _220.git, 'access', _221 => _221.commit])));
+    const autoCommitEnabled = _nullishCoalesce(args.gitCommit, () => ( _optionalChain([nxReleaseConfig, 'access', _220 => _220.changelog, 'optionalAccess', _221 => _221.git, 'access', _222 => _222.commit])));
     if (autoCommitEnabled && headSHA !== toSHA) {
       throw new Error(
         `You are attempting to recreate the changelog for an old release (Head: "${headSHA}", To: "${toSHA}", From: "${args.from}"), but you have enabled auto-commit mode. Please disable auto-commit mode by updating your nx.json, or passing --git-commit=false`
       );
     }
-    const commitMessage = args.gitCommitMessage || _optionalChain([nxReleaseConfig, 'access', _222 => _222.changelog, 'optionalAccess', _223 => _223.git, 'optionalAccess', _224 => _224.commitMessage]);
+    const commitMessage = args.gitCommitMessage || _optionalChain([nxReleaseConfig, 'access', _223 => _223.changelog, 'optionalAccess', _224 => _224.git, 'optionalAccess', _225 => _225.commitMessage]);
     const commitMessageValues = _shared.createCommitMessageValues.call(void 0, 
       releaseGroups,
       releaseGroupToFilteredProjects,
       projectsVersionData,
       commitMessage
     );
-    const gitTagValues = _nullishCoalesce(args.gitTag, () => ( _optionalChain([nxReleaseConfig, 'access', _225 => _225.changelog, 'optionalAccess', _226 => _226.git, 'access', _227 => _227.tag]))) ? _shared.createGitTagValues.call(void 0, 
+    const gitTagValues = _nullishCoalesce(args.gitTag, () => ( _optionalChain([nxReleaseConfig, 'access', _226 => _226.changelog, 'optionalAccess', _227 => _227.git, 'access', _228 => _228.tag]))) ? _shared.createGitTagValues.call(void 0, 
       releaseGroups,
       releaseGroupToFilteredProjects,
       projectsVersionData
@@ -82232,7 +82260,7 @@ function createAPI(overrideReleaseConfig) {
         nxReleaseConfig.releaseTagPattern,
         {},
         nxReleaseConfig.releaseTagPatternCheckAllBranchesWhen
-      )), 'optionalAccess', async _228 => _228.tag]);
+      )), 'optionalAccess', async _229 => _229.tag]);
       if (!workspaceChangelogFromRef) {
         if (useAutomaticFromRef) {
           workspaceChangelogFromRef = await _git.getFirstGitCommit.call(void 0, );
@@ -82286,7 +82314,7 @@ function createAPI(overrideReleaseConfig) {
       )
     });
     if (workspaceChangelog && shouldCreateGitHubRelease(
-      _optionalChain([nxReleaseConfig, 'access', _229 => _229.changelog, 'optionalAccess', _230 => _230.workspaceChangelog]),
+      _optionalChain([nxReleaseConfig, 'access', _230 => _230.changelog, 'optionalAccess', _231 => _231.workspaceChangelog]),
       args.createRelease
     )) {
       postGitTasks.push(async (latestCommit) => {
@@ -82300,7 +82328,7 @@ function createAPI(overrideReleaseConfig) {
 
 ${contents}`);
         await createOrUpdateGithubRelease(
-          _optionalChain([nxReleaseConfig, 'access', _231 => _231.changelog, 'optionalAccess', _232 => _232.workspaceChangelog]) ? _optionalChain([nxReleaseConfig, 'access', _233 => _233.changelog, 'optionalAccess', _234 => _234.workspaceChangelog, 'access', _235 => _235.createRelease]) : _github.defaultCreateReleaseProvider,
+          _optionalChain([nxReleaseConfig, 'access', _232 => _232.changelog, 'optionalAccess', _233 => _233.workspaceChangelog]) ? _optionalChain([nxReleaseConfig, 'access', _234 => _234.changelog, 'optionalAccess', _235 => _235.workspaceChangelog, 'access', _236 => _236.createRelease]) : _github.defaultCreateReleaseProvider,
           workspaceChangelog.releaseVersion,
           contents,
           latestCommit,
@@ -82318,13 +82346,13 @@ ${contents}`);
         continue;
       }
       for (const project of releaseGroup.projects) {
-        if (!_optionalChain([projectsVersionData, 'access', _236 => _236[project], 'optionalAccess', _237 => _237.newVersion])) {
+        if (!_optionalChain([projectsVersionData, 'access', _237 => _237[project], 'optionalAccess', _238 => _238.newVersion])) {
           continue;
         }
         const dependentProjects = (projectsVersionData[project].dependentProjects || []).map((dep) => {
           return {
             dependencyName: dep.source,
-            newVersion: _optionalChain([projectsVersionData, 'access', _238 => _238[dep.source], 'optionalAccess', _239 => _239.newVersion])
+            newVersion: _optionalChain([projectsVersionData, 'access', _239 => _239[dep.source], 'optionalAccess', _240 => _240.newVersion])
           };
         }).filter((b) => b.newVersion !== null);
         for (const dependent of dependentProjects) {
@@ -82346,13 +82374,13 @@ ${contents}`);
       if (config === false) {
         continue;
       }
-      const projects = _optionalChain([args, 'access', _240 => _240.projects, 'optionalAccess', _241 => _241.length]) ? (
+      const projects = _optionalChain([args, 'access', _241 => _241.projects, 'optionalAccess', _242 => _242.length]) ? (
         // If the user has passed a list of projects, we need to use the filtered list of projects within the release group, plus any dependents
         Array.from(releaseGroupToFilteredProjects.get(releaseGroup)).flatMap(
           (project) => {
             return [
               project,
-              ..._optionalChain([projectsVersionData, 'access', _242 => _242[project], 'optionalAccess', _243 => _243.dependentProjects, 'access', _244 => _244.map, 'call', _245 => _245(
+              ..._optionalChain([projectsVersionData, 'access', _243 => _243[project], 'optionalAccess', _244 => _244.dependentProjects, 'access', _245 => _245.map, 'call', _246 => _246(
                 (dep) => dep.source
               )]) || []
             ];
@@ -82397,14 +82425,14 @@ ${contents}`);
                 releaseGroupName: releaseGroup.name
               },
               releaseGroup.releaseTagPatternCheckAllBranchesWhen
-            )), 'optionalAccess', async _246 => _246.tag]);
+            )), 'optionalAccess', async _247 => _247.tag]);
             if (!fromRef && useAutomaticFromRef) {
               const firstCommit = await _git.getFirstGitCommit.call(void 0, );
               const allCommits = await getCommits(firstCommit, toSHA);
               const commitsForProject = allCommits.filter(
                 (c) => c.affectedFiles.find((f) => f.startsWith(project.data.root))
               );
-              fromRef = _optionalChain([commitsForProject, 'access', _247 => _247[0], 'optionalAccess', _248 => _248.shortHash]);
+              fromRef = _optionalChain([commitsForProject, 'access', _248 => _248[0], 'optionalAccess', _249 => _249.shortHash]);
               if (args.verbose) {
                 console.log(
                   `Determined --from ref for ${project.name} from the first commit in which it exists: ${fromRef}`
@@ -82532,7 +82560,7 @@ ${contents}`);
             releaseGroup.releaseTagPattern,
             {},
             releaseGroup.releaseTagPatternCheckAllBranchesWhen
-          )), 'optionalAccess', async _249 => _249.tag]);
+          )), 'optionalAccess', async _250 => _250.tag]);
           if (!fromRef) {
             if (useAutomaticFromRef) {
               fromRef = await _git.getFirstGitCommit.call(void 0, );
@@ -82721,17 +82749,17 @@ async function applyChangesAndExit(args, nxReleaseConfig, tree, toSHA, postGitTa
     });
     deletedFiles = Array.from(planFiles);
   }
-  if (_nullishCoalesce(args.gitCommit, () => ( _optionalChain([nxReleaseConfig, 'access', _250 => _250.changelog, 'optionalAccess', _251 => _251.git, 'access', _252 => _252.commit])))) {
+  if (_nullishCoalesce(args.gitCommit, () => ( _optionalChain([nxReleaseConfig, 'access', _251 => _251.changelog, 'optionalAccess', _252 => _252.git, 'access', _253 => _253.commit])))) {
     await commitChanges({
       changedFiles,
       deletedFiles,
       isDryRun: !!args.dryRun,
       isVerbose: !!args.verbose,
       gitCommitMessages: commitMessageValues,
-      gitCommitArgs: _nullishCoalesce(args.gitCommitArgs, () => ( _optionalChain([nxReleaseConfig, 'access', _253 => _253.changelog, 'optionalAccess', _254 => _254.git, 'access', _255 => _255.commitArgs])))
+      gitCommitArgs: _nullishCoalesce(args.gitCommitArgs, () => ( _optionalChain([nxReleaseConfig, 'access', _254 => _254.changelog, 'optionalAccess', _255 => _255.git, 'access', _256 => _256.commitArgs])))
     });
     latestCommit = await _git.getCommitHash.call(void 0, "HEAD");
-  } else if ((_nullishCoalesce(args.stageChanges, () => ( _optionalChain([nxReleaseConfig, 'access', _256 => _256.changelog, 'optionalAccess', _257 => _257.git, 'access', _258 => _258.stageChanges])))) && changes.length) {
+  } else if ((_nullishCoalesce(args.stageChanges, () => ( _optionalChain([nxReleaseConfig, 'access', _257 => _257.changelog, 'optionalAccess', _258 => _258.git, 'access', _259 => _259.stageChanges])))) && changes.length) {
     _output.output.logSingleLine(`Staging changed files with git`);
     await _git.gitAdd.call(void 0, {
       changedFiles,
@@ -82740,19 +82768,19 @@ async function applyChangesAndExit(args, nxReleaseConfig, tree, toSHA, postGitTa
       verbose: args.verbose
     });
   }
-  if (_nullishCoalesce(args.gitTag, () => ( _optionalChain([nxReleaseConfig, 'access', _259 => _259.changelog, 'optionalAccess', _260 => _260.git, 'access', _261 => _261.tag])))) {
+  if (_nullishCoalesce(args.gitTag, () => ( _optionalChain([nxReleaseConfig, 'access', _260 => _260.changelog, 'optionalAccess', _261 => _261.git, 'access', _262 => _262.tag])))) {
     _output.output.logSingleLine(`Tagging commit with git`);
     for (const tag of gitTagValues) {
       await gitTag({
         tag,
-        message: args.gitTagMessage || _optionalChain([nxReleaseConfig, 'access', _262 => _262.changelog, 'optionalAccess', _263 => _263.git, 'access', _264 => _264.tagMessage]),
-        additionalArgs: args.gitTagArgs || _optionalChain([nxReleaseConfig, 'access', _265 => _265.changelog, 'optionalAccess', _266 => _266.git, 'access', _267 => _267.tagArgs]),
+        message: args.gitTagMessage || _optionalChain([nxReleaseConfig, 'access', _263 => _263.changelog, 'optionalAccess', _264 => _264.git, 'access', _265 => _265.tagMessage]),
+        additionalArgs: args.gitTagArgs || _optionalChain([nxReleaseConfig, 'access', _266 => _266.changelog, 'optionalAccess', _267 => _267.git, 'access', _268 => _268.tagArgs]),
         dryRun: args.dryRun,
         verbose: args.verbose
       });
     }
   }
-  if (_nullishCoalesce(args.gitPush, () => ( _optionalChain([nxReleaseConfig, 'access', _268 => _268.changelog, 'optionalAccess', _269 => _269.git, 'access', _270 => _270.push])))) {
+  if (_nullishCoalesce(args.gitPush, () => ( _optionalChain([nxReleaseConfig, 'access', _269 => _269.changelog, 'optionalAccess', _270 => _270.git, 'access', _271 => _271.push])))) {
     _output.output.logSingleLine(`Pushing to git remote "${args.gitRemote}"`);
     await _git.gitPush.call(void 0, {
       gitRemote: args.gitRemote,
@@ -82778,7 +82806,7 @@ async function generateChangelogForWorkspace({
       `Unable to determine the Storm workspace config. Please ensure that your storm-workspace.json file is present and valid.`
     );
   }
-  const config = _optionalChain([nxReleaseConfig, 'access', _271 => _271.changelog, 'optionalAccess', _272 => _272.workspaceChangelog]);
+  const config = _optionalChain([nxReleaseConfig, 'access', _272 => _272.changelog, 'optionalAccess', _273 => _273.workspaceChangelog]);
   if (config === false) {
     return;
   }
@@ -82800,7 +82828,7 @@ async function generateChangelogForWorkspace({
     });
     return;
   }
-  if (_optionalChain([Object, 'access', _273 => _273.values, 'call', _274 => _274(_nullishCoalesce(nxReleaseConfig.groups, () => ( {}))), 'access', _275 => _275[0], 'optionalAccess', _276 => _276.projectsRelationship]) === "independent") {
+  if (_optionalChain([Object, 'access', _274 => _274.values, 'call', _275 => _275(_nullishCoalesce(nxReleaseConfig.groups, () => ( {}))), 'access', _276 => _276[0], 'optionalAccess', _277 => _277.projectsRelationship]) === "independent") {
     _output.output.warn({
       title: `Workspace changelog is enabled, but you have configured an independent projects relationship. This is not supported, so workspace changelog will be disabled.`,
       bodyLines: [
@@ -82866,7 +82894,7 @@ async function generateChangelogForWorkspace({
         releaseVersion,
         interpolatedTreePath,
         contents,
-        tree.exists(interpolatedTreePath) ? _optionalChain([tree, 'access', _277 => _277.read, 'call', _278 => _278(interpolatedTreePath), 'optionalAccess', _279 => _279.toString, 'call', _280 => _280()]) : "",
+        tree.exists(interpolatedTreePath) ? _optionalChain([tree, 'access', _278 => _278.read, 'call', _279 => _279(interpolatedTreePath), 'optionalAccess', _280 => _280.toString, 'call', _281 => _281()]) : "",
         null,
         workspaceConfig
       )
@@ -82911,7 +82939,7 @@ async function generateChangelogForProjects({
         workspaceRoot: ""
       });
     }
-    const newVersion = _optionalChain([projectsVersionData, 'access', _281 => _281[project.name], 'optionalAccess', _282 => _282.newVersion]);
+    const newVersion = _optionalChain([projectsVersionData, 'access', _282 => _282[project.name], 'optionalAccess', _283 => _283.newVersion]);
     if (!newVersion) {
       continue;
     }
@@ -82967,7 +82995,7 @@ ${contents}`.trim()
             releaseVersion,
             interpolatedTreePath,
             contents,
-            tree.exists(interpolatedTreePath) ? _optionalChain([tree, 'access', _283 => _283.read, 'call', _284 => _284(interpolatedTreePath), 'optionalAccess', _285 => _285.toString, 'call', _286 => _286()]) : "",
+            tree.exists(interpolatedTreePath) ? _optionalChain([tree, 'access', _284 => _284.read, 'call', _285 => _285(interpolatedTreePath), 'optionalAccess', _286 => _286.toString, 'call', _287 => _287()]) : "",
             project.name,
             workspaceConfig
           )
@@ -82991,11 +83019,11 @@ ${contents}`.trim()
   return projectChangelogs;
 }
 function checkChangelogFilesEnabled(nxReleaseConfig) {
-  if (_optionalChain([nxReleaseConfig, 'access', _287 => _287.changelog, 'optionalAccess', _288 => _288.workspaceChangelog]) && _optionalChain([nxReleaseConfig, 'access', _289 => _289.changelog, 'optionalAccess', _290 => _290.workspaceChangelog, 'access', _291 => _291.file])) {
+  if (_optionalChain([nxReleaseConfig, 'access', _288 => _288.changelog, 'optionalAccess', _289 => _289.workspaceChangelog]) && _optionalChain([nxReleaseConfig, 'access', _290 => _290.changelog, 'optionalAccess', _291 => _291.workspaceChangelog, 'access', _292 => _292.file])) {
     return true;
   }
   return Object.values(_nullishCoalesce(nxReleaseConfig.groups, () => ( {}))).some(
-    (releaseGroup) => typeof _optionalChain([releaseGroup, 'optionalAccess', _292 => _292.changelog]) === "boolean" && releaseGroup.changelog || _optionalChain([releaseGroup, 'optionalAccess', _293 => _293.changelog, 'optionalAccess', _294 => _294.file])
+    (releaseGroup) => typeof _optionalChain([releaseGroup, 'optionalAccess', _293 => _293.changelog]) === "boolean" && releaseGroup.changelog || _optionalChain([releaseGroup, 'optionalAccess', _294 => _294.changelog, 'optionalAccess', _295 => _295.file])
   );
 }
 async function getCommits(fromSHA, toSHA) {
@@ -83089,7 +83117,7 @@ function formatGithubReleaseNotes(releaseVersion, content, projectName, workspac
   if (!workspaceConfig) {
     return content;
   }
-  return `![${_optionalChain([titleCase, 'call', _295 => _295(workspaceConfig.organization), 'optionalAccess', _296 => _296.replaceAll, 'call', _297 => _297(" ", "-")])}](${workspaceConfig.release.banner})
+  return `![${_optionalChain([titleCase, 'call', _296 => _296(workspaceConfig.organization), 'optionalAccess', _297 => _297.replaceAll, 'call', _298 => _298(" ", "-")])}](${workspaceConfig.release.banner})
 ${workspaceConfig.release.header || ""}
 
 # ${projectName ? `${titleCase(projectName)} ` : ""}v${releaseVersion.rawVersion}
@@ -83098,7 +83126,7 @@ We at [${titleCase(workspaceConfig.organization)}](${workspaceConfig.homepage})
 
 These changes are released under the ${workspaceConfig.license.includes("license") ? workspaceConfig.license : `${workspaceConfig.license} license`}. You can find more details on [our licensing page](${workspaceConfig.licensing}). You can find guides, API references, and other documentation around this release (and much more) on [our documentation site](${workspaceConfig.docs}).
 
-If you have any questions or comments, feel free to reach out to the team on [Discord](${workspaceConfig.account.discord}) or [our contact page](${workspaceConfig.contact}). Please help us spread the word by giving [this repository](https://github.com/${workspaceConfig.organization}/${workspaceConfig.name}) a star \u2B50 on GitHub or [posting on X (Twitter)](https://x.com/intent/tweet?text=Check%20out%20the%20latest%20@${workspaceConfig.account.twitter}%20release%20${projectName ? `${_optionalChain([titleCase, 'call', _298 => _298(projectName), 'optionalAccess', _299 => _299.replaceAll, 'call', _300 => _300(" ", "%20")])}%20` : ""}v${releaseVersion.rawVersion}%20%F0%9F%9A%80%0D%0A%0D%0Ahttps://github.com/${workspaceConfig.organization}/${workspaceConfig.name}/releases/tag/${releaseVersion.gitTag}) about this release!
+If you have any questions or comments, feel free to reach out to the team on [Discord](${workspaceConfig.account.discord}) or [our contact page](${workspaceConfig.contact}). Please help us spread the word by giving [this repository](https://github.com/${workspaceConfig.organization}/${workspaceConfig.name}) a star \u2B50 on GitHub or [posting on X (Twitter)](https://x.com/intent/tweet?text=Check%20out%20the%20latest%20@${workspaceConfig.account.twitter}%20release%20${projectName ? `${_optionalChain([titleCase, 'call', _299 => _299(projectName), 'optionalAccess', _300 => _300.replaceAll, 'call', _301 => _301(" ", "%20")])}%20` : ""}v${releaseVersion.rawVersion}%20%F0%9F%9A%80%0D%0A%0D%0Ahttps://github.com/${workspaceConfig.organization}/${workspaceConfig.name}/releases/tag/${releaseVersion.gitTag}) about this release!
 
 ## Release Notes
 
@@ -83179,6 +83207,18 @@ var DEFAULT_RELEASE_CONFIG = {
 
 // src/release/run.ts
 var runRelease = async (config, options) => {
+  if (!process.env.GITHUB_ACTOR) {
+    throw new Error("The `GITHUB_ACTOR` environment variable is not set.");
+  }
+  if (!await isUserAnOrganizationMember(process.env.GITHUB_ACTOR, config)) {
+    _chunkXE275LJTcjs.writeFatal.call(void 0, 
+      "You must be a member of the Storm Software organization to run the release process.",
+      config
+    );
+    throw new Error(
+      `The GitHub actor "${process.env.GITHUB_ACTOR}" is not a member of the organization "${config.organization}". Only members of the organization can initiate releases.`
+    );
+  }
   const name = config.bot.name;
   const email = config.bot.email ? config.bot.email : config.bot.name ? `${config.bot.name}@users.noreply.github.com` : "bot@stormsoftware.com";
   process.env.GIT_AUTHOR_NAME = name;
@@ -83200,10 +83240,10 @@ var runRelease = async (config, options) => {
 `,
     config
   );
-  if (_optionalChain([nxJson, 'access', _301 => _301.release, 'optionalAccess', _302 => _302.groups])) {
+  if (_optionalChain([nxJson, 'access', _302 => _302.release, 'optionalAccess', _303 => _303.groups])) {
     nxJson.release.groups = Object.keys(nxJson.release.groups).reduce(
       (ret, groupName) => {
-        const groupConfig = _optionalChain([nxJson, 'access', _303 => _303.release, 'optionalAccess', _304 => _304.groups, 'optionalAccess', _305 => _305[groupName]]);
+        const groupConfig = _optionalChain([nxJson, 'access', _304 => _304.release, 'optionalAccess', _305 => _305.groups, 'optionalAccess', _306 => _306[groupName]]);
         ret[groupName] = _chunkFMYKTN2Zcjs.defu.call(void 0, groupConfig, DEFAULT_RELEASE_GROUP_CONFIG);
         return ret;
       },
@@ -83233,7 +83273,7 @@ var runRelease = async (config, options) => {
   });
   await releaseChangelog({
     ...options,
-    version: _optionalChain([nxReleaseConfig, 'optionalAccess', _306 => _306.projectsRelationship]) !== "fixed" ? void 0 : workspaceVersion,
+    version: _optionalChain([nxReleaseConfig, 'optionalAccess', _307 => _307.projectsRelationship]) !== "fixed" ? void 0 : workspaceVersion,
     versionData: projectsVersionData,
     dryRun: false,
     verbose: _chunkXE275LJTcjs.isVerbose.call(void 0, config.logLevel),
@@ -83250,7 +83290,7 @@ var runRelease = async (config, options) => {
     );
   } else {
     const changedProjects = Object.keys(projectsVersionData).filter(
-      (key) => _optionalChain([projectsVersionData, 'access', _307 => _307[key], 'optionalAccess', _308 => _308.newVersion])
+      (key) => _optionalChain([projectsVersionData, 'access', _308 => _308[key], 'optionalAccess', _309 => _309.newVersion])
     );
     if (changedProjects.length > 0) {
       _chunkXE275LJTcjs.writeInfo.call(void 0, 
@@ -83266,14 +83306,14 @@ ${changedProjects.map((changedProject) => `  - ${changedProject}`).join("\n")}
         verbose: _chunkXE275LJTcjs.isVerbose.call(void 0, config.logLevel)
       });
       const failedProjects = Object.keys(result2).filter(
-        (key) => _optionalChain([result2, 'access', _309 => _309[key], 'optionalAccess', _310 => _310.code]) && _optionalChain([result2, 'access', _311 => _311[key], 'optionalAccess', _312 => _312.code]) > 0
+        (key) => _optionalChain([result2, 'access', _310 => _310[key], 'optionalAccess', _311 => _311.code]) && _optionalChain([result2, 'access', _312 => _312[key], 'optionalAccess', _313 => _313.code]) > 0
       );
       if (failedProjects.length > 0) {
         throw new Error(
           `The Storm release process was not completed successfully! One or more errors occured while running the \`nx-release-publish\` executor tasks.
 
 Please review the workflow details for the following project(s):
-${failedProjects.map((failedProject) => `  - ${failedProject} (Error Code: ${_optionalChain([result2, 'access', _313 => _313[failedProject], 'optionalAccess', _314 => _314.code])})`).join("\n")}
+${failedProjects.map((failedProject) => `  - ${failedProject} (Error Code: ${_optionalChain([result2, 'access', _314 => _314[failedProject], 'optionalAccess', _315 => _315.code])})`).join("\n")}
 `
         );
       }
@@ -83287,7 +83327,7 @@ async function updatePackageManifests(projectsVersionData, config) {
   let projectGraph;
   try {
     projectGraph = (0, import_devkit2.readCachedProjectGraph)();
-  } catch (e18) {
+  } catch (e19) {
     await (0, import_devkit2.createProjectGraphAsync)();
     projectGraph = (0, import_devkit2.readCachedProjectGraph)();
   }
@@ -83295,7 +83335,7 @@ async function updatePackageManifests(projectsVersionData, config) {
     await Promise.all(
       Object.keys(projectsVersionData).map(async (node) => {
         const projectNode = projectGraph.nodes[node];
-        if (!_optionalChain([projectNode, 'optionalAccess', _315 => _315.data, 'access', _316 => _316.root])) {
+        if (!_optionalChain([projectNode, 'optionalAccess', _316 => _316.data, 'access', _317 => _317.root])) {
           _chunkXE275LJTcjs.writeWarning.call(void 0, 
             `Project node ${node} not found in the project graph. Skipping manifest update.`,
             config
@@ -83303,7 +83343,7 @@ async function updatePackageManifests(projectsVersionData, config) {
           return;
         }
         const versionData = projectsVersionData[node];
-        if (_optionalChain([projectNode, 'optionalAccess', _317 => _317.data, 'access', _318 => _318.root]) && versionData && versionData.newVersion !== null) {
+        if (_optionalChain([projectNode, 'optionalAccess', _318 => _318.data, 'access', _319 => _319.root]) && versionData && versionData.newVersion !== null) {
           _chunkXE275LJTcjs.writeTrace.call(void 0, 
             `Writing version ${versionData.newVersion} update to manifest file for ${node}
         `,

package/bin/git.js

@@ -92267,37 +92267,33 @@ async function resolveTokenData(hostname) {
   );
 }
 async function getGithubReleaseByTag(config, tag) {
-  return await makeGithubRequest(
+  return (await makeGithubRequest(
     config,
     `/repos/${config.repo}/releases/tags/${tag}`,
     {}
-  );
+  )).data;
 }
 async function makeGithubRequest(config, url2, opts = {}) {
-  return (await axios_default(url2, {
+  return await axios_default(url2, {
     ...opts,
     baseURL: config.apiBaseUrl,
     headers: {
       ...opts.headers,
       Authorization: config.token ? `Bearer ${config.token}` : void 0
     }
-  })).data;
+  });
 }
 async function createGithubRelease(config, body) {
-  return await makeGithubRequest(config, `/repos/${config.repo}/releases`, {
+  return (await makeGithubRequest(config, `/repos/${config.repo}/releases`, {
     method: "POST",
     data: body
-  });
+  })).data;
 }
 async function updateGithubRelease(config, id, body) {
-  return await makeGithubRequest(
-    config,
-    `/repos/${config.repo}/releases/${id}`,
-    {
-      method: "PATCH",
-      data: body
-    }
-  );
+  return (await makeGithubRequest(config, `/repos/${config.repo}/releases/${id}`, {
+    method: "PATCH",
+    data: body
+  })).data;
 }
 function githubNewReleaseURL(config, release) {
   let url2 = `https://${config.hostname}/${config.repo}/releases/new?tag=${release.version}&title=${release.version}&body=${encodeURIComponent(release.body)}&target=${release.commit}`;
@@ -92323,6 +92319,38 @@ async function createGithubRemoteReleaseClient(remoteName = "origin") {
     await resolveTokenData(repoData.hostname)
   );
 }
+async function isUserAnOrganizationMember(userId, config, remoteName = "origin") {
+  try {
+    const repoData = getGitHubRepoData(remoteName, "github");
+    if (!repoData) {
+      throw new Error(
+        `Unable to validate GitHub actor because the GitHub repo slug could not be determined. Please ensure you have a valid GitHub remote configured.`
+      );
+    }
+    const tokenData = await resolveTokenData(repoData.hostname);
+    if (!tokenData.token) {
+      throw new Error(
+        `Unable to validate GitHub actor because no token was provided. Please set the GITHUB_TOKEN or GH_TOKEN environment variable, or ensure you have an active session via the official gh CLI tool (https://cli.github.com).`
+      );
+    }
+    const result2 = await makeGithubRequest(
+      {
+        repo: repoData.slug,
+        hostname: repoData.hostname,
+        apiBaseUrl: repoData.apiBaseUrl,
+        token: tokenData?.token || null
+      },
+      `/orgs/${config.organization}/members/${userId}`,
+      {}
+    );
+    if (result2.status !== 204) {
+      return false;
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
 
 // src/release/changelog.ts
 function createAPI(overrideReleaseConfig) {
@@ -93429,6 +93457,18 @@ var DEFAULT_RELEASE_CONFIG = {
 
 // src/release/run.ts
 var runRelease = async (config, options) => {
+  if (!process.env.GITHUB_ACTOR) {
+    throw new Error("The `GITHUB_ACTOR` environment variable is not set.");
+  }
+  if (!await isUserAnOrganizationMember(process.env.GITHUB_ACTOR, config)) {
+    writeFatal(
+      "You must be a member of the Storm Software organization to run the release process.",
+      config
+    );
+    throw new Error(
+      `The GitHub actor "${process.env.GITHUB_ACTOR}" is not a member of the organization "${config.organization}". Only members of the organization can initiate releases.`
+    );
+  }
   const name = config.bot.name;
   const email = config.bot.email ? config.bot.email : config.bot.name ? `${config.bot.name}@users.noreply.github.com` : "bot@stormsoftware.com";
   process.env.GIT_AUTHOR_NAME = name;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@storm-software/git-tools",
-  "version": "2.111.28",
+  "version": "2.112.1",
   "type": "module",
   "description": "Tools for managing Git repositories within a Nx workspace.",
   "repository": {