nx 21.6.1-beta.1 → 21.6.1-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generators.json +6 -0
- package/package.json +11 -11
- package/schemas/nx-schema.json +14 -0
- package/src/ai/set-up-ai-agents/get-agent-rules.d.ts +2 -0
- package/src/ai/set-up-ai-agents/get-agent-rules.d.ts.map +1 -0
- package/src/ai/set-up-ai-agents/get-agent-rules.js +26 -0
- package/src/ai/set-up-ai-agents/schema.d.ts +8 -0
- package/src/ai/set-up-ai-agents/schema.json +25 -0
- package/src/ai/set-up-ai-agents/set-up-ai-agents.d.ts +6 -0
- package/src/ai/set-up-ai-agents/set-up-ai-agents.d.ts.map +1 -0
- package/src/ai/set-up-ai-agents/set-up-ai-agents.js +84 -0
- package/src/command-line/release/config/config.d.ts.map +1 -1
- package/src/command-line/release/config/config.js +3 -0
- package/src/command-line/release/version/release-group-processor.d.ts +1 -0
- package/src/command-line/release/version/release-group-processor.d.ts.map +1 -1
- package/src/command-line/release/version/release-group-processor.js +5 -0
- package/src/config/nx-json.d.ts +9 -0
- package/src/config/nx-json.d.ts.map +1 -1
- package/src/core/graph/main.js +1 -1
- package/src/devkit-internals.d.ts +1 -1
- package/src/devkit-internals.d.ts.map +1 -1
- package/src/devkit-internals.js +2 -1
- package/src/executors/run-script/run-script.impl.d.ts.map +1 -1
- package/src/executors/run-script/run-script.impl.js +33 -8
- package/src/native/nx.wasm32-wasi.wasm +0 -0
- package/src/tasks-runner/fork.js +31 -5
- package/src/tasks-runner/task-orchestrator.js +2 -2
- package/src/utils/package-json.d.ts +4 -0
- package/src/utils/package-json.d.ts.map +1 -1
- package/src/utils/package-json.js +50 -0
- package/src/utils/package-manager.d.ts +5 -1
- package/src/utils/package-manager.d.ts.map +1 -1
- package/src/utils/package-manager.js +9 -3
- package/src/utils/provenance.d.ts +3 -1
- package/src/utils/provenance.d.ts.map +1 -1
- package/src/utils/provenance.js +52 -30
|
@@ -14,7 +14,7 @@ export { splitTarget } from './utils/split-target';
|
|
|
14
14
|
export { combineOptionsForExecutor } from './utils/params';
|
|
15
15
|
export { sortObjectByKeys } from './utils/object-sort';
|
|
16
16
|
export { stripIndent } from './utils/logger';
|
|
17
|
-
export { readModulePackageJson } from './utils/package-json';
|
|
17
|
+
export { readModulePackageJson, installPackageToTmp, } from './utils/package-json';
|
|
18
18
|
export { splitByColons } from './utils/split-target';
|
|
19
19
|
export { hashObject } from './hasher/file-hasher';
|
|
20
20
|
export { hashWithWorkspaceContext, hashMultiGlobWithWorkspaceContext, } from './utils/workspace-context';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"devkit-internals.d.ts","sourceRoot":"","sources":["../../../../packages/nx/src/devkit-internals.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EACL,sBAAsB,EACtB,aAAa,GACd,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,UAAU,IAAI,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,EAAE,2BAA2B,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,EAAE,gDAAgD,EAAE,MAAM,gDAAgD,CAAC;AAClH,OAAO,EAAE,yBAAyB,EAAE,MAAM,mDAAmD,CAAC;AAC9F,OAAO,EACL,oCAAoC,EACpC,uBAAuB,GACxB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,
|
|
1
|
+
{"version":3,"file":"devkit-internals.d.ts","sourceRoot":"","sources":["../../../../packages/nx/src/devkit-internals.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EACL,sBAAsB,EACtB,aAAa,GACd,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,UAAU,IAAI,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,EAAE,2BAA2B,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,EAAE,gDAAgD,EAAE,MAAM,gDAAgD,CAAC;AAClH,OAAO,EAAE,yBAAyB,EAAE,MAAM,mDAAmD,CAAC;AAC9F,OAAO,EACL,oCAAoC,EACpC,uBAAuB,GACxB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EACL,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EACL,wBAAwB,EACxB,iCAAiC,GAClC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,kDAAkD,EAClD,kBAAkB,GACnB,MAAM,6CAA6C,CAAC;AACrD,OAAO,EAAE,6BAA6B,EAAE,MAAM,gDAAgD,CAAC;AAC/F,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC1E,cAAc,6BAA6B,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC"}
|
package/src/devkit-internals.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.isUsingPrettierInTree = exports.isCI = exports.interpolate = exports.registerTsProject = exports.LoadedNxPlugin = exports.retrieveProjectConfigurations = exports.findProjectForPath = exports.createProjectRootMappingsFromProjectConfigurations = exports.hashMultiGlobWithWorkspaceContext = exports.hashWithWorkspaceContext = exports.hashObject = exports.splitByColons = exports.readModulePackageJson = exports.stripIndent = exports.sortObjectByKeys = exports.combineOptionsForExecutor = exports.splitTarget = exports.findMatchingConfigFiles = exports.readProjectConfigurationsFromRootMap = exports.mergeTargetConfigurations = exports.retrieveProjectConfigurationsWithAngularProjects = exports.calculateDefaultProjectName = exports.readNxJsonFromDisk = exports.parseExecutor = exports.getExecutorInformation = exports.createTempNpmDirectory = void 0;
|
|
3
|
+
exports.isUsingPrettierInTree = exports.isCI = exports.interpolate = exports.registerTsProject = exports.LoadedNxPlugin = exports.retrieveProjectConfigurations = exports.findProjectForPath = exports.createProjectRootMappingsFromProjectConfigurations = exports.hashMultiGlobWithWorkspaceContext = exports.hashWithWorkspaceContext = exports.hashObject = exports.splitByColons = exports.installPackageToTmp = exports.readModulePackageJson = exports.stripIndent = exports.sortObjectByKeys = exports.combineOptionsForExecutor = exports.splitTarget = exports.findMatchingConfigFiles = exports.readProjectConfigurationsFromRootMap = exports.mergeTargetConfigurations = exports.retrieveProjectConfigurationsWithAngularProjects = exports.calculateDefaultProjectName = exports.readNxJsonFromDisk = exports.parseExecutor = exports.getExecutorInformation = exports.createTempNpmDirectory = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
/**
|
|
6
6
|
* Note to developers: STOP! These exports are available via requireNx in @nx/devkit.
|
|
@@ -33,6 +33,7 @@ var logger_1 = require("./utils/logger");
|
|
|
33
33
|
Object.defineProperty(exports, "stripIndent", { enumerable: true, get: function () { return logger_1.stripIndent; } });
|
|
34
34
|
var package_json_1 = require("./utils/package-json");
|
|
35
35
|
Object.defineProperty(exports, "readModulePackageJson", { enumerable: true, get: function () { return package_json_1.readModulePackageJson; } });
|
|
36
|
+
Object.defineProperty(exports, "installPackageToTmp", { enumerable: true, get: function () { return package_json_1.installPackageToTmp; } });
|
|
36
37
|
var split_target_2 = require("./utils/split-target");
|
|
37
38
|
Object.defineProperty(exports, "splitByColons", { enumerable: true, get: function () { return split_target_2.splitByColons; } });
|
|
38
39
|
var file_hasher_1 = require("./hasher/file-hasher");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run-script.impl.d.ts","sourceRoot":"","sources":["../../../../../../packages/nx/src/executors/run-script/run-script.impl.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"run-script.impl.d.ts","sourceRoot":"","sources":["../../../../../../packages/nx/src/executors/run-script/run-script.impl.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AASpE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,yBACE,OAAO,EAAE,gBAAgB,EACzB,OAAO,EAAE,eAAe;;GA6BzB"}
|
|
@@ -3,8 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.default = default_1;
|
|
4
4
|
const child_process_1 = require("child_process");
|
|
5
5
|
const path = require("path");
|
|
6
|
+
const treeKill = require("tree-kill");
|
|
6
7
|
const pseudo_terminal_1 = require("../../tasks-runner/pseudo-terminal");
|
|
7
8
|
const package_manager_1 = require("../../utils/package-manager");
|
|
9
|
+
const LARGE_BUFFER = 1024 * 1000000;
|
|
8
10
|
async function default_1(options, context) {
|
|
9
11
|
const pm = (0, package_manager_1.getPackageManagerCommand)();
|
|
10
12
|
try {
|
|
@@ -22,7 +24,7 @@ async function default_1(options, context) {
|
|
|
22
24
|
await ptyProcess(command, cwd, env);
|
|
23
25
|
}
|
|
24
26
|
else {
|
|
25
|
-
nodeProcess(command, cwd, env);
|
|
27
|
+
await nodeProcess(command, cwd, env);
|
|
26
28
|
}
|
|
27
29
|
return { success: true };
|
|
28
30
|
}
|
|
@@ -31,19 +33,42 @@ async function default_1(options, context) {
|
|
|
31
33
|
}
|
|
32
34
|
}
|
|
33
35
|
function nodeProcess(command, cwd, env) {
|
|
34
|
-
(
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
36
|
+
return new Promise((res, rej) => {
|
|
37
|
+
let cp = (0, child_process_1.exec)(command, { cwd, env, maxBuffer: LARGE_BUFFER, windowsHide: false }, (error) => {
|
|
38
|
+
if (error) {
|
|
39
|
+
rej(error);
|
|
40
|
+
}
|
|
41
|
+
else {
|
|
42
|
+
res();
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
// Forward stdout/stderr to parent process
|
|
46
|
+
cp.stdout.pipe(process.stdout);
|
|
47
|
+
cp.stderr.pipe(process.stderr);
|
|
48
|
+
const exitHandler = (signal) => {
|
|
49
|
+
if (cp && cp.pid && !cp.killed) {
|
|
50
|
+
treeKill(cp.pid, signal, (error) => {
|
|
51
|
+
// On Windows, tree-kill (which uses taskkill) may fail when the process or its child process is already terminated.
|
|
52
|
+
// Ignore the errors, otherwise we will log them unnecessarily.
|
|
53
|
+
if (error && process.platform !== 'win32') {
|
|
54
|
+
rej(error);
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
res();
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
};
|
|
62
|
+
process.on('SIGINT', () => exitHandler('SIGINT'));
|
|
63
|
+
process.on('SIGTERM', () => exitHandler('SIGTERM'));
|
|
64
|
+
process.on('SIGHUP', () => exitHandler('SIGHUP'));
|
|
39
65
|
});
|
|
40
66
|
}
|
|
41
|
-
let cp;
|
|
42
67
|
async function ptyProcess(command, cwd, env) {
|
|
43
68
|
const terminal = (0, pseudo_terminal_1.createPseudoTerminal)();
|
|
44
69
|
await terminal.init();
|
|
45
70
|
return new Promise((res, rej) => {
|
|
46
|
-
cp = terminal.runCommand(command, { cwd, jsEnv: env });
|
|
71
|
+
let cp = terminal.runCommand(command, { cwd, jsEnv: env });
|
|
47
72
|
cp.onExit((code) => {
|
|
48
73
|
if (code === 0) {
|
|
49
74
|
res();
|
|
Binary file
|
package/src/tasks-runner/fork.js
CHANGED
|
@@ -20,26 +20,52 @@ const childProcess = (0, child_process_1.fork)(script, {
|
|
|
20
20
|
const pseudoIPC = new pseudo_ipc_1.PseudoIPCClient(pseudoIPCPath);
|
|
21
21
|
pseudoIPC.onMessageFromParent(forkId, (message) => {
|
|
22
22
|
childProcess.send(message);
|
|
23
|
+
}, () => {
|
|
24
|
+
// IPC connection closed
|
|
25
|
+
cleanup();
|
|
26
|
+
process.exit(0);
|
|
27
|
+
}, () => {
|
|
28
|
+
// IPC connection error
|
|
29
|
+
cleanup();
|
|
30
|
+
process.exit(0);
|
|
23
31
|
});
|
|
24
32
|
pseudoIPC.notifyChildIsReady(forkId);
|
|
25
33
|
process.on('message', (message) => {
|
|
26
34
|
pseudoIPC.sendMessageToParent(message);
|
|
27
35
|
});
|
|
28
36
|
childProcess.on('exit', (code) => {
|
|
29
|
-
|
|
37
|
+
cleanup();
|
|
30
38
|
process.exit(code);
|
|
31
39
|
});
|
|
40
|
+
let isCleaningUp = false;
|
|
41
|
+
function cleanup() {
|
|
42
|
+
if (isCleaningUp) {
|
|
43
|
+
return;
|
|
44
|
+
}
|
|
45
|
+
isCleaningUp = true;
|
|
46
|
+
// Kill child process if still running
|
|
47
|
+
if (childProcess && !childProcess.killed) {
|
|
48
|
+
childProcess.kill('SIGTERM');
|
|
49
|
+
}
|
|
50
|
+
// Close IPC connection
|
|
51
|
+
try {
|
|
52
|
+
pseudoIPC.close();
|
|
53
|
+
}
|
|
54
|
+
catch {
|
|
55
|
+
// Ignore errors when closing, connection might already be broken
|
|
56
|
+
}
|
|
57
|
+
}
|
|
32
58
|
// Terminate the child process when exiting
|
|
33
59
|
process.on('exit', () => {
|
|
34
|
-
|
|
60
|
+
cleanup();
|
|
35
61
|
});
|
|
36
62
|
process.on('SIGINT', () => {
|
|
37
|
-
|
|
63
|
+
cleanup();
|
|
38
64
|
process.exit((0, exit_codes_1.signalToCode)('SIGINT'));
|
|
39
65
|
});
|
|
40
66
|
process.on('SIGTERM', () => {
|
|
41
|
-
|
|
67
|
+
cleanup();
|
|
42
68
|
});
|
|
43
69
|
process.on('SIGHUP', () => {
|
|
44
|
-
|
|
70
|
+
cleanup();
|
|
45
71
|
});
|
|
@@ -667,7 +667,7 @@ class TaskOrchestrator {
|
|
|
667
667
|
...Array.from(this.runningContinuousTasks).map(async ([taskId, t]) => {
|
|
668
668
|
try {
|
|
669
669
|
await t.kill();
|
|
670
|
-
this.options.lifeCycle.setTaskStatus(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
670
|
+
this.options.lifeCycle.setTaskStatus?.(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
671
671
|
}
|
|
672
672
|
catch (e) {
|
|
673
673
|
console.error(`Unable to terminate ${taskId}\nError:`, e);
|
|
@@ -700,7 +700,7 @@ class TaskOrchestrator {
|
|
|
700
700
|
const runningTask = this.runningContinuousTasks.get(taskId);
|
|
701
701
|
if (runningTask) {
|
|
702
702
|
runningTask.kill();
|
|
703
|
-
this.options.lifeCycle.setTaskStatus(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
703
|
+
this.options.lifeCycle.setTaskStatus?.(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
704
704
|
}
|
|
705
705
|
}
|
|
706
706
|
}
|
|
@@ -104,5 +104,9 @@ export declare function readModulePackageJson(moduleSpecifier: string, requirePa
|
|
|
104
104
|
packageJson: PackageJson;
|
|
105
105
|
path: string;
|
|
106
106
|
};
|
|
107
|
+
export declare function installPackageToTmp(pkg: string, requiredVersion: string): {
|
|
108
|
+
tempDir: string;
|
|
109
|
+
cleanup: () => void;
|
|
110
|
+
};
|
|
107
111
|
export {};
|
|
108
112
|
//# sourceMappingURL=package-json.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"package-json.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-json.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EACL,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACpB,MAAM,uCAAuC,CAAC;AAI/C,OAAO,
|
|
1
|
+
{"version":3,"file":"package-json.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-json.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EACL,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACpB,MAAM,uCAAuC,CAAC;AAI/C,OAAO,EAML,sBAAsB,EACvB,MAAM,mBAAmB,CAAC;AAI3B,MAAM,WAAW,iCACf,SAAQ,OAAO,CAAC,oBAAoB,CAAC;IACrC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,MAAM,iBAAiB,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC;AACvE,MAAM,MAAM,iBAAiB,GACzB,CAAC,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,EAAE,GACjD,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3B,MAAM,MAAM,YAAY,GAAG,iBAAiB,GAAG,iBAAiB,CAAC;AAEjE,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,KAAK,eAAe,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,eAAe,CAAA;CAAE,CAAC;AAEnE,MAAM,WAAW,WAAW;IAE1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EACJ,MAAM,GACN,MAAM,CACJ,MAAM,EACJ,MAAM,GACN;QACE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CACJ,CAAC;IACN,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9C,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC7D,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE;QACL,SAAS,CAAC,EAAE,eAAe,CAAC;KAC7B,CAAC;IACF,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC;IACtC,UAAU,CAAC,EACP,MAAM,EAAE,GACR;QACE,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IACN,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAGjB,EAAE,CAAC,EAAE,iCAAiC,CAAC;IAGvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAC;IACrD,WAAW,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAC;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,wBAAgB,qBAAqB,CACnC,YAAY,EAAE,YAAY,GACzB,iBAAiB,CASnB;AAED,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,GACzB,yBAAyB,GAAG;IAAE,YAAY,CAAC,EAAE,iBAAiB,CAAA;CAAE,CAyBlE;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,EACpC,qBAAqB,EAAE,sBAAsB,GAC5C,mBAAmB,CAWrB;AAID,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,WAAW,EACxB,4BAA4B,EAAE,OAAO,GACpC,eAAe,CAejB;AAED,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,EAAE,CASzE;AAED,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,mBAAmB,EAC3B,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,4CA8CtB;AAcD;;;;;;GAMG;AACH,wBAAgB,qCAAqC,CACnD,eAAe,EAAE,MAAM,EACvB,YAAY,WAAsB,GACjC;IACD,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAaA;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,CACnC,eAAe,EAAE,MAAM,EACvB,YAAY,WAAsB,GACjC;IACD,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAgCA;AAED,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,eAAe,EAAE,MAAM,GACtB;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CAwCA"}
|
|
@@ -8,12 +8,15 @@ exports.getTagsFromPackageJson = getTagsFromPackageJson;
|
|
|
8
8
|
exports.readTargetsFromPackageJson = readTargetsFromPackageJson;
|
|
9
9
|
exports.readModulePackageJsonWithoutFallbacks = readModulePackageJsonWithoutFallbacks;
|
|
10
10
|
exports.readModulePackageJson = readModulePackageJson;
|
|
11
|
+
exports.installPackageToTmp = installPackageToTmp;
|
|
11
12
|
const fs_1 = require("fs");
|
|
12
13
|
const path_1 = require("path");
|
|
13
14
|
const project_configuration_utils_1 = require("../project-graph/utils/project-configuration-utils");
|
|
14
15
|
const fileutils_1 = require("./fileutils");
|
|
15
16
|
const installation_directory_1 = require("./installation-directory");
|
|
16
17
|
const package_manager_1 = require("./package-manager");
|
|
18
|
+
const tmp_1 = require("tmp");
|
|
19
|
+
const child_process_1 = require("child_process");
|
|
17
20
|
function normalizePackageGroup(packageGroup) {
|
|
18
21
|
return Array.isArray(packageGroup)
|
|
19
22
|
? packageGroup.map((x) => typeof x === 'string' ? { package: x, version: '*' } : x)
|
|
@@ -191,3 +194,50 @@ function readModulePackageJson(moduleSpecifier, requirePaths = (0, installation_
|
|
|
191
194
|
path: packageJsonPath,
|
|
192
195
|
};
|
|
193
196
|
}
|
|
197
|
+
function installPackageToTmp(pkg, requiredVersion) {
|
|
198
|
+
const { dir: tempDir, cleanup } = (0, package_manager_1.createTempNpmDirectory)?.() ?? {
|
|
199
|
+
dir: (0, tmp_1.dirSync)().name,
|
|
200
|
+
cleanup: () => { },
|
|
201
|
+
};
|
|
202
|
+
console.log(`Fetching ${pkg}...`);
|
|
203
|
+
const packageManager = (0, package_manager_1.detectPackageManager)();
|
|
204
|
+
const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';
|
|
205
|
+
generatePackageManagerFiles(tempDir, packageManager);
|
|
206
|
+
const preInstallCommand = (0, package_manager_1.getPackageManagerCommand)(packageManager).preInstall;
|
|
207
|
+
if (preInstallCommand) {
|
|
208
|
+
// ensure package.json and repo in tmp folder is set to a proper package manager state
|
|
209
|
+
(0, child_process_1.execSync)(preInstallCommand, {
|
|
210
|
+
cwd: tempDir,
|
|
211
|
+
stdio: isVerbose ? 'inherit' : 'ignore',
|
|
212
|
+
windowsHide: false,
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
const pmCommands = (0, package_manager_1.getPackageManagerCommand)(packageManager);
|
|
216
|
+
let addCommand = pmCommands.addDev;
|
|
217
|
+
if (packageManager === 'pnpm') {
|
|
218
|
+
addCommand = 'pnpm add -D'; // we need to ensure that we are not using workspace command
|
|
219
|
+
}
|
|
220
|
+
(0, child_process_1.execSync)(`${addCommand} ${pkg}@${requiredVersion} ${pmCommands.ignoreScriptsFlag ?? ''}`, {
|
|
221
|
+
cwd: tempDir,
|
|
222
|
+
stdio: isVerbose ? 'inherit' : 'ignore',
|
|
223
|
+
windowsHide: false,
|
|
224
|
+
});
|
|
225
|
+
return {
|
|
226
|
+
tempDir,
|
|
227
|
+
cleanup,
|
|
228
|
+
};
|
|
229
|
+
}
|
|
230
|
+
/**
|
|
231
|
+
* Generates necessary files needed for the package manager to work
|
|
232
|
+
* and for the node_modules to be accessible.
|
|
233
|
+
*/
|
|
234
|
+
function generatePackageManagerFiles(root, packageManager = (0, package_manager_1.detectPackageManager)()) {
|
|
235
|
+
const [pmMajor] = (0, package_manager_1.getPackageManagerVersion)(packageManager).split('.');
|
|
236
|
+
switch (packageManager) {
|
|
237
|
+
case 'yarn':
|
|
238
|
+
if (+pmMajor >= 2) {
|
|
239
|
+
(0, fs_1.writeFileSync)((0, path_1.join)(root, '.yarnrc.yml'), 'nodeLinker: node-modules\nenableScripts: false');
|
|
240
|
+
}
|
|
241
|
+
break;
|
|
242
|
+
}
|
|
243
|
+
}
|
|
@@ -81,8 +81,12 @@ export declare function copyPackageManagerConfigurationFiles(root: string, desti
|
|
|
81
81
|
* For cases where you'd want to install packages that require an `.npmrc` set up,
|
|
82
82
|
* this function looks up for the nearest `.npmrc` (if exists) and copies it over to the
|
|
83
83
|
* temp directory.
|
|
84
|
+
*
|
|
85
|
+
* @param skipCopy - If true, skips copying package manager configuration files to the temporary directory.
|
|
86
|
+
* This is useful when creating a workspace from scratch (e.g., in create-nx-workspace)
|
|
87
|
+
* where no existing configuration files are available to copy.
|
|
84
88
|
*/
|
|
85
|
-
export declare function createTempNpmDirectory(): {
|
|
89
|
+
export declare function createTempNpmDirectory(skipCopy?: boolean): {
|
|
86
90
|
dir: string;
|
|
87
91
|
cleanup: () => Promise<void>;
|
|
88
92
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"package-manager.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-manager.ts"],"names":[],"mappings":"AA+BA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;AAE7D,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAE/C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,CACP,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,GAAG,EAAE,MAAM,KACR,MAAM,CAAC;IAEZ,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAW,GAAG,cAAc,CAYrE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,OAAO,CAmBT;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,sBAAsB,CAiIxB;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,GAAG,SAAgB,GAClB,MAAM,CAwBR;AAED,wBAAgB,mCAAmC,CACjD,uBAAuB,EAAE,MAAM,EAC/B,wBAAwB,EAAE,MAAM,GAAG,SAAS,GAC3C,IAAI,GAAG,MAAM,CAkBf;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,MAAsB,GAChC,MAAM,GAAG,IAAI,CAUf;AAED;;;;;;;;;GASG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAkBzE;AAED;;;;;;;;;GASG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOtE;AAED,wBAAgB,oCAAoC,CAClD,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,QAuCpB;AAED
|
|
1
|
+
{"version":3,"file":"package-manager.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-manager.ts"],"names":[],"mappings":"AA+BA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;AAE7D,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAE/C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,CACP,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,GAAG,EAAE,MAAM,KACR,MAAM,CAAC;IAEZ,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAW,GAAG,cAAc,CAYrE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,OAAO,CAmBT;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,sBAAsB,CAiIxB;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,GAAG,SAAgB,GAClB,MAAM,CAwBR;AAED,wBAAgB,mCAAmC,CACjD,uBAAuB,EAAE,MAAM,EAC/B,wBAAwB,EAAE,MAAM,GAAG,SAAS,GAC3C,IAAI,GAAG,MAAM,CAkBf;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,MAAsB,GAChC,MAAM,GAAG,IAAI,CAUf;AAED;;;;;;;;;GASG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAkBzE;AAED;;;;;;;;;GASG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOtE;AAED,wBAAgB,oCAAoC,CAClD,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,QAuCpB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,UAAQ;;;EAsBtD;AAED;;;GAGG;AACH,wBAAsB,kCAAkC,CACtD,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CA8BjB;AAED;;;;GAIG;AACH,wBAAsB,sCAAsC,CAC1D,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CAgBjB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,CAAC,CAoBjB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBlC;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,MAAM,EAAE,CAoBV;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,MAAM,EACnB,cAAc,GAAE,cAAuC,EACvD,UAAU,GAAE,MAAM,EAAyC,EAC3D,IAAI,GAAE,MAAsB,GAC3B,IAAI,CAiEN"}
|
|
@@ -339,13 +339,19 @@ function copyPackageManagerConfigurationFiles(root, destination) {
|
|
|
339
339
|
* For cases where you'd want to install packages that require an `.npmrc` set up,
|
|
340
340
|
* this function looks up for the nearest `.npmrc` (if exists) and copies it over to the
|
|
341
341
|
* temp directory.
|
|
342
|
+
*
|
|
343
|
+
* @param skipCopy - If true, skips copying package manager configuration files to the temporary directory.
|
|
344
|
+
* This is useful when creating a workspace from scratch (e.g., in create-nx-workspace)
|
|
345
|
+
* where no existing configuration files are available to copy.
|
|
342
346
|
*/
|
|
343
|
-
function createTempNpmDirectory() {
|
|
347
|
+
function createTempNpmDirectory(skipCopy = false) {
|
|
344
348
|
const dir = (0, tmp_1.dirSync)().name;
|
|
345
349
|
// A package.json is needed for pnpm pack and for .npmrc to resolve
|
|
346
350
|
(0, fileutils_1.writeJsonFile)(`${dir}/package.json`, {});
|
|
347
|
-
|
|
348
|
-
|
|
351
|
+
if (!skipCopy) {
|
|
352
|
+
const isNonJs = !(0, fs_1.existsSync)((0, path_1.join)(workspace_root_1.workspaceRoot, 'package.json'));
|
|
353
|
+
copyPackageManagerConfigurationFiles(isNonJs ? (0, installation_directory_1.getNxInstallationPath)(workspace_root_1.workspaceRoot) : workspace_root_1.workspaceRoot, dir);
|
|
354
|
+
}
|
|
349
355
|
const cleanup = async () => {
|
|
350
356
|
try {
|
|
351
357
|
await (0, promises_1.rm)(dir, { recursive: true, force: true });
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
export declare function ensurePackageHasProvenance(packageName: string, packageVersion: string): Promise<void>;
|
|
2
|
-
export declare
|
|
2
|
+
export declare class ProvenanceError extends Error {
|
|
3
|
+
constructor(packageName: string, packageVersion: string, error?: string);
|
|
4
|
+
}
|
|
3
5
|
export declare function getNxPackageGroup(): string[];
|
|
4
6
|
export type DecodedAttestationPayload = {
|
|
5
7
|
_type: 'https://in-toto.io/Statement/v1';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/provenance.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/provenance.ts"],"names":[],"mappings":"AAaA,wBAAsB,0BAA0B,CAC9C,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CA+Gf;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM;CAOxE;AAED,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAa5C;AAoBD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,iCAAiC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,aAAa,EAAE,gCAAgC,CAAC;IAChD,SAAS,EAAE;QACT,eAAe,EAAE;YACf,SAAS,EAAE,MAAM,CAAC;YAClB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACzC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC;SAC7C,CAAC;QACF,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,EAAE,EAAE,MAAM,CAAC;gBACX,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;gBAC3C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aAClC,CAAC;YACF,QAAQ,CAAC,EAAE;gBACT,YAAY,CAAC,EAAE,MAAM,CAAC;gBACtB,SAAS,CAAC,EAAE,MAAM,CAAC;gBACnB,UAAU,CAAC,EAAE,MAAM,CAAC;aACrB,CAAC;YACF,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;SACnC,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QACP,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;KACnC,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH"}
|
package/src/utils/provenance.js
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.ProvenanceError = void 0;
|
|
4
4
|
exports.ensurePackageHasProvenance = ensurePackageHasProvenance;
|
|
5
5
|
exports.getNxPackageGroup = getNxPackageGroup;
|
|
6
6
|
const child_process_1 = require("child_process");
|
|
7
7
|
const path_1 = require("path");
|
|
8
8
|
const util_1 = require("util");
|
|
9
9
|
const fileutils_1 = require("./fileutils");
|
|
10
|
+
const os_1 = require("os");
|
|
10
11
|
/*
|
|
11
12
|
* Verifies that the given npm package has provenance attestations
|
|
12
13
|
* generated by the GitHub Actions workflow at .github/workflows/publish.yml
|
|
@@ -21,42 +22,63 @@ async function ensurePackageHasProvenance(packageName, packageVersion) {
|
|
|
21
22
|
return;
|
|
22
23
|
}
|
|
23
24
|
const execFileAsync = (0, util_1.promisify)(child_process_1.execFile);
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
25
|
+
try {
|
|
26
|
+
const result = await execFileAsync((0, os_1.platform)() === 'win32' ? 'npm.cmd' : 'npm', ['view', `${packageName}@${packageVersion}`, '--json', '--silent'], {
|
|
27
|
+
timeout: 20000,
|
|
28
|
+
});
|
|
29
|
+
const npmViewResult = JSON.parse(result.stdout.trim());
|
|
30
|
+
const attURL = npmViewResult.dist?.attestations?.url;
|
|
31
|
+
if (!attURL)
|
|
32
|
+
throw new ProvenanceError(packageName, packageVersion, 'No attestation URL found');
|
|
33
|
+
const response = await fetch(attURL);
|
|
34
|
+
if (!response.ok) {
|
|
35
|
+
throw new ProvenanceError(packageName, packageVersion, `HTTP ${response.status}: ${response.statusText}`);
|
|
36
|
+
}
|
|
37
|
+
const attestations = (await response.json());
|
|
38
|
+
const provenanceAttestation = attestations?.attestations?.find((a) => a.predicateType === 'https://slsa.dev/provenance/v1');
|
|
39
|
+
const dsseEnvelopePayload = JSON.parse(Buffer.from(provenanceAttestation.bundle.dsseEnvelope.payload, 'base64').toString());
|
|
40
|
+
const workflowParameters = dsseEnvelopePayload?.predicate?.buildDefinition?.externalParameters
|
|
41
|
+
?.workflow;
|
|
42
|
+
// verify that provenance was actually generated from the right publishing workflow
|
|
43
|
+
if (!workflowParameters) {
|
|
44
|
+
throw new ProvenanceError(packageName, packageVersion, 'Missing workflow parameters in attestation');
|
|
45
|
+
}
|
|
46
|
+
if (workflowParameters.repository !== 'https://github.com/nrwl/nx') {
|
|
47
|
+
throw new ProvenanceError(packageName, packageVersion, 'Repository does not match nrwl/nx');
|
|
48
|
+
}
|
|
49
|
+
if (workflowParameters.path !== '.github/workflows/publish.yml') {
|
|
50
|
+
throw new ProvenanceError(packageName, packageVersion, 'Publishing workflow does not match .github/workflows/publish.yml');
|
|
51
|
+
}
|
|
52
|
+
if (workflowParameters.ref !== `refs/tags/${npmViewResult.version}`) {
|
|
53
|
+
throw new ProvenanceError(packageName, packageVersion, `Version ref does not match refs/tags/${npmViewResult.version}`);
|
|
54
|
+
}
|
|
55
|
+
// verify that provenance was generated from the exact same artifact as the one we are installing
|
|
56
|
+
const distSha = Buffer.from(npmViewResult.dist.integrity.replace('sha512-', ''), 'base64').toString('hex');
|
|
57
|
+
const attestationSha = dsseEnvelopePayload.subject[0].digest.sha512;
|
|
58
|
+
if (distSha !== attestationSha) {
|
|
59
|
+
throw new ProvenanceError(packageName, packageVersion, 'Integrity hash does not match attestation hash');
|
|
60
|
+
}
|
|
61
|
+
return;
|
|
43
62
|
}
|
|
44
|
-
|
|
45
|
-
|
|
63
|
+
catch (error) {
|
|
64
|
+
if (error instanceof ProvenanceError) {
|
|
65
|
+
throw error;
|
|
66
|
+
}
|
|
67
|
+
throw new ProvenanceError(packageName, packageVersion, error.message || error);
|
|
46
68
|
}
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
throw (0, exports.noProvenanceError)(packageName, packageVersion, 'Integrity hash does not match attestation hash');
|
|
69
|
+
}
|
|
70
|
+
class ProvenanceError extends Error {
|
|
71
|
+
constructor(packageName, packageVersion, error) {
|
|
72
|
+
super(`An error occurred while checking the provenance of ${packageName}@${packageVersion}. This could indicate a security risk. Please double check https://www.npmjs.com/package/${packageName} to see if the package is published correctly or file an issue at https://github.com/nrwl/nx/issues. To disable this check at your own risk, you can set the NX_SKIP_PROVENANCE_CHECK environment variable to true. \n Error: ${error ?? ''}`);
|
|
52
73
|
}
|
|
53
|
-
return;
|
|
54
74
|
}
|
|
55
|
-
|
|
56
|
-
exports.noProvenanceError = noProvenanceError;
|
|
75
|
+
exports.ProvenanceError = ProvenanceError;
|
|
57
76
|
function getNxPackageGroup() {
|
|
58
77
|
const packageJsonPath = (0, path_1.join)(__dirname, '../../package.json');
|
|
59
78
|
const packageJson = (0, fileutils_1.readJsonFile)(packageJsonPath);
|
|
79
|
+
if (!packageJson['nx-migrations']?.packageGroup) {
|
|
80
|
+
return ['nx'];
|
|
81
|
+
}
|
|
60
82
|
const packages = packageJson['nx-migrations'].packageGroup.filter((dep) => typeof dep === 'string' && dep.startsWith('@nx/'));
|
|
61
83
|
packages.push('nx');
|
|
62
84
|
return packages;
|