fimo 0.2.2 → 0.2.3-staging.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/bundle.json
CHANGED
package/package.json
CHANGED
package/release.json
CHANGED
package/scripts/bump-version.mjs
CHANGED
|
@@ -1,28 +1,21 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
// Bumps the Fimo CLI version
|
|
2
|
+
// Bumps the Fimo CLI version in apps/cli/package.json — NO git tag, NO commit.
|
|
3
3
|
//
|
|
4
|
-
//
|
|
5
|
-
//
|
|
6
|
-
// `
|
|
7
|
-
//
|
|
8
|
-
//
|
|
4
|
+
// Under the branch-driven release model the version lives in
|
|
5
|
+
// apps/cli/package.json and you bump it in a PR. CI creates the
|
|
6
|
+
// `cli@<version>` git tag when it publishes `@latest` on a `production`
|
|
7
|
+
// merge, so this script must NOT create a tag — that would collide with
|
|
8
|
+
// CI's tag-guard (the publish would skip, thinking the version already
|
|
9
|
+
// shipped).
|
|
9
10
|
//
|
|
10
11
|
// Usage:
|
|
11
12
|
// pnpm -F fimo release:bump patch
|
|
12
13
|
// pnpm -F fimo release:bump minor
|
|
13
14
|
// pnpm -F fimo release:bump major
|
|
14
|
-
// pnpm -F fimo release:bump prerelease --preid next
|
|
15
15
|
// pnpm -F fimo release:bump 1.2.3 # explicit version
|
|
16
16
|
//
|
|
17
|
-
//
|
|
18
|
-
//
|
|
19
|
-
// caught in the release commit).
|
|
20
|
-
// 2. Delegates to `pnpm version` for the semver bump + commit + tag -
|
|
21
|
-
// same battle-tested machinery as `npm version`, just plumbed with our
|
|
22
|
-
// `cli@` tag prefix and a conventional-commit message.
|
|
23
|
-
//
|
|
24
|
-
// Tags this produces are LOCAL only. Push them with `git push origin cli@x.y.z`
|
|
25
|
-
// - that's the trigger for the CI release workflow (P0-7).
|
|
17
|
+
// After bumping, commit the change in your PR. Merging it through to
|
|
18
|
+
// `production` is what publishes `@latest` and creates the tag.
|
|
26
19
|
|
|
27
20
|
import { spawnSync } from 'node:child_process';
|
|
28
21
|
import { dirname, resolve } from 'node:path';
|
|
@@ -50,22 +43,10 @@ if (!VALID_INCREMENTS.has(increment) && !isExplicitVersion) {
|
|
|
50
43
|
process.exit(1);
|
|
51
44
|
}
|
|
52
45
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
}
|
|
58
|
-
if (status.stdout.trim() !== '') {
|
|
59
|
-
console.error('[cli/bump] working tree is not clean. Commit or stash before bumping.');
|
|
60
|
-
console.error(status.stdout);
|
|
61
|
-
process.exit(1);
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
console.log(`[cli/bump] increment: ${increment}`);
|
|
65
|
-
console.log(`[cli/bump] cwd: ${CLI_ROOT}`);
|
|
66
|
-
|
|
67
|
-
const versionArgs = ['version', '--tag-version-prefix=cli@', '--message=chore(cli): release cli@%s', ...args];
|
|
68
|
-
|
|
46
|
+
// Bump package.json ONLY — `--no-git-tag-version` skips both the commit and
|
|
47
|
+
// the tag. CI owns the `cli@<version>` tag (created on the @latest publish).
|
|
48
|
+
// Use pnpm (not npm) — npm chokes on the `workspace:*` devDeps.
|
|
49
|
+
const versionArgs = ['version', '--no-git-tag-version', ...args];
|
|
69
50
|
console.log(`[cli/bump] $ pnpm ${versionArgs.join(' ')}`);
|
|
70
51
|
const result = spawnSync('pnpm', versionArgs, { cwd: CLI_ROOT, stdio: 'inherit' });
|
|
71
52
|
if (result.status !== 0) {
|
|
@@ -73,5 +54,5 @@ if (result.status !== 0) {
|
|
|
73
54
|
process.exit(result.status ?? 1);
|
|
74
55
|
}
|
|
75
56
|
|
|
76
|
-
console.log('[cli/bump]
|
|
77
|
-
console.log('
|
|
57
|
+
console.log('[cli/bump] bumped apps/cli/package.json (no tag, no commit).');
|
|
58
|
+
console.log('[cli/bump] commit it in your PR — merging to `production` publishes @latest + tags it.');
|
package/scripts/publish-npm.mjs
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
// 3. Bakes a channel-appropriate release.json (lib/release-core.mjs) —
|
|
14
14
|
// staging URLs for experimental/staging, prod for latest. Never a tunnel.
|
|
15
15
|
// 4. For prerelease channels, synthesizes a disposable X.Y.Z-<tag>.<n> version.
|
|
16
|
-
// 5. Runs `npm publish --tag <distTag>` (
|
|
16
|
+
// 5. Runs `npm publish --tag <distTag>` (no --provenance — strapi/fimo is private).
|
|
17
17
|
// 6. Restores package.json + removes the transient release.json.
|
|
18
18
|
//
|
|
19
19
|
// `npm publish` triggers prepublishOnly (clean → build → build:bundle), so the
|
|
@@ -106,11 +106,11 @@ try {
|
|
|
106
106
|
// 3. Bake release.json (allowlist-enforced).
|
|
107
107
|
writeReleaseJson(CLI_ROOT, channel);
|
|
108
108
|
|
|
109
|
-
// 4. Publish.
|
|
109
|
+
// 4. Publish. No --provenance: sigstore provenance requires a PUBLIC source
|
|
110
|
+
// repo, and strapi/fimo is private (npm returns 422 otherwise). Trusted
|
|
111
|
+
// Publishing (OIDC auth) works regardless of repo visibility — it's only
|
|
112
|
+
// the attestation that's public-repo-only.
|
|
110
113
|
const publishArgs = ['publish', '--access', 'public', '--tag', channel.distTag];
|
|
111
|
-
if (isCI) {
|
|
112
|
-
publishArgs.push('--provenance');
|
|
113
|
-
}
|
|
114
114
|
if (dryRun) {
|
|
115
115
|
publishArgs.push('--dry-run');
|
|
116
116
|
}
|