@xcelera/cli 1.2.0 → 1.2.2

package/.github/workflows/ci.yml

@@ -68,43 +68,3 @@ jobs:
       - name: Print Output
         id: output
         run: echo "${{ steps.test-action.outputs.status }}"
-
-      - name: Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npx semantic-release
-
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # to be able to publish a GitHub release
-      issues: write # to be able to comment on released issues
-      pull-requests: write # to be able to comment on released pull requests
-      id-token: write # to enable use of OIDC for npm provenance
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 'lts/*'
-
-      - name: Install dependencies
-        run: npm clean-install
-
-      - name:
-          Verify the integrity of provenance attestations and registry
-          signatures for installed dependencies
-        run: npm audit signatures
-
-      - name: Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npx semantic-release

package/.github/workflows/release.yml

@@ -0,0 +1,56 @@
+name: Release
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_run:
+    workflows: [Continuous Integration]
+    types: [completed]
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    name: Release
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        id: setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+          cache: npm
+
+      - name: Install dependencies
+        run: npm clean-install
+
+      - name:
+          Verify the integrity of provenance attestations and registry
+          signatures for installed dependencies
+        run: npm audit signatures
+
+      - name: package
+        run: npm run package
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npx semantic-release

package/dist/cli.js

@@ -0,0 +1,307 @@
+#!/usr/bin/env node
+import { parseArgs } from 'node:util';
+import { execSync } from 'node:child_process';
+import require$$0 from 'url';
+
+async function requestAudit(url, token, github) {
+    const apiUrl = `${getApiBaseUrl()}/api/v1/audit`;
+    const response = await fetch(apiUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${token}`
+        },
+        body: JSON.stringify({
+            url,
+            github
+        })
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`API request failed: ${response.status} ${response.statusText} - ${errorText}`);
+    }
+    const data = await response.json();
+    return data;
+}
+function getApiBaseUrl() {
+    if (process.env.NODE_ENV === 'development' ||
+        process.env.GITHUB_ACTIONS !== 'true') {
+        return 'http://localhost:3000';
+    }
+    return 'https://xcelera.dev';
+}
+
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
+/*!
+ * parse-github-url <https://github.com/jonschlinkert/parse-github-url>
+ *
+ * Copyright (c) 2015-2017, Jon Schlinkert.
+ * Released under the MIT License.
+ */
+
+var parseGithubUrl$1;
+var hasRequiredParseGithubUrl;
+
+function requireParseGithubUrl () {
+	if (hasRequiredParseGithubUrl) return parseGithubUrl$1;
+	hasRequiredParseGithubUrl = 1;
+
+	var url = require$$0;
+	var cache = { __proto__: null };
+
+	function isChecksum(str) {
+		return (/^[a-f0-9]{40}$/i).test(str);
+	}
+
+	function getBranch(str, obj) {
+		var segs = str.split('#');
+		var branch;
+		if (segs.length > 1) {
+			branch = segs[segs.length - 1];
+		}
+		if (!branch && obj.hash && obj.hash.charAt(0) === '#') {
+			branch = obj.hash.slice(1);
+		}
+		return branch || 'master';
+	}
+
+	function trimSlash(path) {
+		return path.charAt(0) === '/' ? path.slice(1) : path;
+	}
+
+	function name(str) {
+		return str ? str.replace(/\.git$/, '') : null;
+	}
+
+	function owner(str) {
+		if (!str) {
+			return null;
+		}
+		var idx = str.indexOf(':');
+		if (idx > -1) {
+			return str.slice(idx + 1);
+		}
+		return str;
+	}
+
+	function parse(str) {
+		if (typeof str !== 'string' || !str.length) {
+			return null;
+		}
+
+		if (str.indexOf('git@gist') !== -1 || str.indexOf('//gist') !== -1) {
+			return null;
+		}
+
+		// parse the URL
+		var obj = url.parse(str);
+		if (typeof obj.path !== 'string' || !obj.path.length || typeof obj.pathname !== 'string' || !obj.pathname.length) {
+			return null;
+		}
+
+		if (!obj.host && (/^git@/).test(str) === true) {
+			// return the correct host for git@ URLs
+			obj.host = url.parse('http://' + str.replace(/git@([^:]+):/, '$1/')).host;
+		}
+
+		obj.path = trimSlash(obj.path);
+		obj.pathname = trimSlash(obj.pathname);
+		obj.filepath = null;
+
+		if (obj.path.indexOf('repos') === 0) {
+			obj.path = obj.path.slice(6);
+		}
+
+		var seg = obj.path.split('/').filter(Boolean);
+		var hasBlob = seg[2] === 'blob';
+		if (hasBlob && !isChecksum(seg[3])) {
+			obj.branch = seg[3];
+			if (seg.length > 4) {
+				obj.filepath = seg.slice(4).join('/');
+			}
+		}
+
+		var blob = str.indexOf('blob');
+		if (hasBlob && blob !== -1) {
+			obj.blob = str.slice(blob + 5);
+		}
+
+		var hasTree = seg[2] === 'tree';
+		var tree = str.indexOf('tree');
+		if (hasTree && tree !== -1) {
+			var idx = tree + 5;
+			var branch = str.slice(idx);
+			var slash = branch.indexOf('/');
+			if (slash !== -1) {
+				branch = branch.slice(0, slash);
+			}
+			obj.branch = branch;
+		}
+
+		obj.owner = owner(seg[0]);
+		obj.name = name(seg[1]);
+
+		if (seg.length > 1 && obj.owner && obj.name) {
+			obj.repo = obj.owner + '/' + obj.name;
+		} else {
+			var href = obj.href.split(':');
+			if (href.length === 2 && obj.href.indexOf('//') === -1) {
+				obj.repo = obj.repo || href[href.length - 1];
+				var repoSegments = obj.repo.split('/');
+				obj.owner = repoSegments[0];
+				obj.name = repoSegments[1];
+
+			} else {
+				var match = obj.href.match(/\/([^/]*)$/);
+				obj.owner = match ? match[1] : null;
+				obj.repo = null;
+			}
+
+			if (obj.repo && (!obj.owner || !obj.name)) {
+				var segs = obj.repo.split('/');
+				if (segs.length === 2) {
+					obj.owner = segs[0];
+					obj.name = segs[1];
+				}
+			}
+		}
+
+		if (!obj.branch) {
+			obj.branch = seg[2] || getBranch(obj.path, obj);
+			if (seg.length > 3) {
+				obj.filepath = seg.slice(3).join('/');
+			}
+		}
+
+		obj.host = obj.host || 'github.com';
+		obj.owner = obj.owner || null;
+		obj.name = obj.name || null;
+		obj.repository = obj.repo;
+		return obj;
+	}
+
+	parseGithubUrl$1 = function parseGithubUrl(str) {
+		if (!cache[str]) {
+			cache[str] = parse(str);
+		}
+		return cache[str];
+	};
+	return parseGithubUrl$1;
+}
+
+var parseGithubUrlExports = requireParseGithubUrl();
+var parseGithubUrl = /*@__PURE__*/getDefaultExportFromCjs(parseGithubUrlExports);
+
+function inferGitContext() {
+    if (!isGitRepository()) {
+        throw new Error('Not git repository detected.');
+    }
+    const remoteUrl = getRemoteUrl();
+    const parsed = parseGithubUrl(remoteUrl);
+    if (!parsed || !parsed.owner || !parsed.repo) {
+        throw new Error(`Could not parse GitHub URL: ${remoteUrl}. Expected format: https://github.com/owner/repo or git@github.com:owner/repo`);
+    }
+    const { owner, repo } = parsed;
+    const sha = getCurrentSha();
+    // repo is parsed as owner/repo but we want to use just the repo name
+    const repoName = repo.replace(`${owner}/`, '');
+    return { owner, repo: repoName, sha };
+}
+function isGitRepository() {
+    try {
+        execSync('git rev-parse --git-dir', { stdio: 'ignore' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function getRemoteUrl() {
+    try {
+        const remoteUrl = execSync('git remote get-url origin', {
+            encoding: 'utf8',
+            stdio: 'pipe'
+        }).trim();
+        if (!remoteUrl) {
+            throw new Error('No origin remote found');
+        }
+        return remoteUrl;
+    }
+    catch {
+        throw new Error('Could not determine git remote URL. Please ensure you have an origin remote configured.');
+    }
+}
+function getCurrentSha() {
+    try {
+        return execSync('git rev-parse HEAD', {
+            encoding: 'utf8',
+            stdio: 'pipe'
+        }).trim();
+    }
+    catch {
+        throw new Error('Could not determine current commit SHA');
+    }
+}
+
+const options = {
+    url: {
+        type: 'string',
+        required: true
+    },
+    token: {
+        type: 'string',
+        required: true,
+        default: process.env.XCELERA_TOKEN
+    }
+};
+const { positionals, values } = parseArgs({
+    options,
+    allowPositionals: true,
+    args: process.argv.slice(2)
+});
+const command = positionals[0];
+if (!command) {
+    console.error('A command is required. Only "audit" is currently supported.');
+    printHelp();
+    process.exit(1);
+}
+if (command === 'help') {
+    printHelp();
+}
+if (command !== 'audit') {
+    console.error('Invalid command. Only "audit" is currently supported.');
+    printHelp();
+    process.exit(1);
+}
+const { url, token } = values;
+if (!url) {
+    console.error('URL is required. Use --url <url> to specify the URL to audit.');
+    process.exit(1);
+}
+if (!token) {
+    console.error('A token is required. Use --token or set XCELERA_TOKEN environment variable.');
+    process.exit(1);
+}
+try {
+    const githubContext = inferGitContext();
+    await requestAudit(url, token, githubContext);
+    console.log('✅ Audit scheduled successfully!');
+}
+catch (error) {
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
+    console.error(`❌ ${errorMessage}`);
+    process.exit(1);
+}
+function printHelp() {
+    console.log('Usage: xcelera audit --url <url> [--token <token>]');
+    console.log('');
+    console.log('Options:');
+    console.log('  --token <token>  The xcelera API token to use for authentication.');
+    console.log('Can also be set with the XCELERA_TOKEN environment variable.');
+    console.log('  --url <url>      The URL to audit.');
+    console.log('');
+}
+//# sourceMappingURL=cli.js.map

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@xcelera/cli",
   "description": "CLI for xcelera.dev",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "author": "",
   "type": "module",
   "repository": {
@@ -27,7 +27,6 @@
     "node": ">=20"
   },
   "scripts": {
-    "bundle": "npm run format:write && npm run package",
     "ci-test": "NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 npx jest --passWithNoTests",
     "coverage": "npx make-coverage-badge --output-path ./badges/coverage.svg",
     "format:write": "npx prettier --write .",