nx 21.6.1-beta.1 → 21.6.1-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generators.json +6 -0
- package/package.json +11 -11
- package/schemas/nx-schema.json +14 -0
- package/src/ai/set-up-ai-agents/get-agent-rules.d.ts +2 -0
- package/src/ai/set-up-ai-agents/get-agent-rules.d.ts.map +1 -0
- package/src/ai/set-up-ai-agents/get-agent-rules.js +26 -0
- package/src/ai/set-up-ai-agents/schema.d.ts +8 -0
- package/src/ai/set-up-ai-agents/schema.json +25 -0
- package/src/ai/set-up-ai-agents/set-up-ai-agents.d.ts +6 -0
- package/src/ai/set-up-ai-agents/set-up-ai-agents.d.ts.map +1 -0
- package/src/ai/set-up-ai-agents/set-up-ai-agents.js +84 -0
- package/src/command-line/graph/graph.d.ts.map +1 -1
- package/src/command-line/graph/graph.js +37 -14
- package/src/command-line/release/config/config.d.ts.map +1 -1
- package/src/command-line/release/config/config.js +3 -0
- package/src/command-line/release/version/release-group-processor.d.ts +1 -0
- package/src/command-line/release/version/release-group-processor.d.ts.map +1 -1
- package/src/command-line/release/version/release-group-processor.js +5 -0
- package/src/config/nx-json.d.ts +9 -0
- package/src/config/nx-json.d.ts.map +1 -1
- package/src/config/workspace-json-project-json.d.ts +5 -1
- package/src/config/workspace-json-project-json.d.ts.map +1 -1
- package/src/core/graph/index.html +4 -2
- package/src/core/graph/main.js +1 -1
- package/src/core/graph/styles.css +1 -1
- package/src/daemon/server/shutdown-utils.d.ts.map +1 -1
- package/src/daemon/server/shutdown-utils.js +6 -2
- package/src/devkit-internals.d.ts +1 -1
- package/src/devkit-internals.d.ts.map +1 -1
- package/src/devkit-internals.js +2 -1
- package/src/executors/run-script/run-script.impl.d.ts.map +1 -1
- package/src/executors/run-script/run-script.impl.js +33 -8
- package/src/native/nx.wasm32-wasi.wasm +0 -0
- package/src/tasks-runner/create-task-graph.d.ts.map +1 -1
- package/src/tasks-runner/create-task-graph.js +17 -3
- package/src/tasks-runner/fork.js +31 -5
- package/src/tasks-runner/run-command.d.ts.map +1 -1
- package/src/tasks-runner/run-command.js +12 -7
- package/src/tasks-runner/task-orchestrator.d.ts.map +1 -1
- package/src/tasks-runner/task-orchestrator.js +8 -5
- package/src/utils/package-json.d.ts +4 -0
- package/src/utils/package-json.d.ts.map +1 -1
- package/src/utils/package-json.js +50 -0
- package/src/utils/package-manager.d.ts +5 -1
- package/src/utils/package-manager.d.ts.map +1 -1
- package/src/utils/package-manager.js +9 -3
- package/src/utils/provenance.d.ts +3 -1
- package/src/utils/provenance.d.ts.map +1 -1
- package/src/utils/provenance.js +52 -30
|
@@ -505,8 +505,9 @@ class TaskOrchestrator {
|
|
|
505
505
|
if (this.tuiEnabled) {
|
|
506
506
|
this.options.lifeCycle.setTaskStatus(task.id, 9 /* NativeTaskStatus.Stopped */);
|
|
507
507
|
}
|
|
508
|
-
this.
|
|
509
|
-
|
|
508
|
+
if (this.runningContinuousTasks.delete(task.id)) {
|
|
509
|
+
this.runningTasksService.removeRunningTask(task.id);
|
|
510
|
+
}
|
|
510
511
|
});
|
|
511
512
|
await this.scheduleNextTasksAndReleaseThreads();
|
|
512
513
|
if (this.initializingTaskIds.has(task.id)) {
|
|
@@ -667,13 +668,15 @@ class TaskOrchestrator {
|
|
|
667
668
|
...Array.from(this.runningContinuousTasks).map(async ([taskId, t]) => {
|
|
668
669
|
try {
|
|
669
670
|
await t.kill();
|
|
670
|
-
this.options.lifeCycle.setTaskStatus(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
671
|
+
this.options.lifeCycle.setTaskStatus?.(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
671
672
|
}
|
|
672
673
|
catch (e) {
|
|
673
674
|
console.error(`Unable to terminate ${taskId}\nError:`, e);
|
|
674
675
|
}
|
|
675
676
|
finally {
|
|
676
|
-
this.
|
|
677
|
+
if (this.runningContinuousTasks.delete(taskId)) {
|
|
678
|
+
this.runningTasksService.removeRunningTask(taskId);
|
|
679
|
+
}
|
|
677
680
|
}
|
|
678
681
|
}),
|
|
679
682
|
...Array.from(this.runningRunCommandsTasks).map(async ([taskId, t]) => {
|
|
@@ -700,7 +703,7 @@ class TaskOrchestrator {
|
|
|
700
703
|
const runningTask = this.runningContinuousTasks.get(taskId);
|
|
701
704
|
if (runningTask) {
|
|
702
705
|
runningTask.kill();
|
|
703
|
-
this.options.lifeCycle.setTaskStatus(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
706
|
+
this.options.lifeCycle.setTaskStatus?.(taskId, 9 /* NativeTaskStatus.Stopped */);
|
|
704
707
|
}
|
|
705
708
|
}
|
|
706
709
|
}
|
|
@@ -104,5 +104,9 @@ export declare function readModulePackageJson(moduleSpecifier: string, requirePa
|
|
|
104
104
|
packageJson: PackageJson;
|
|
105
105
|
path: string;
|
|
106
106
|
};
|
|
107
|
+
export declare function installPackageToTmp(pkg: string, requiredVersion: string): {
|
|
108
|
+
tempDir: string;
|
|
109
|
+
cleanup: () => void;
|
|
110
|
+
};
|
|
107
111
|
export {};
|
|
108
112
|
//# sourceMappingURL=package-json.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"package-json.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-json.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EACL,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACpB,MAAM,uCAAuC,CAAC;AAI/C,OAAO,
|
|
1
|
+
{"version":3,"file":"package-json.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-json.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EACL,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACpB,MAAM,uCAAuC,CAAC;AAI/C,OAAO,EAML,sBAAsB,EACvB,MAAM,mBAAmB,CAAC;AAI3B,MAAM,WAAW,iCACf,SAAQ,OAAO,CAAC,oBAAoB,CAAC;IACrC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,MAAM,iBAAiB,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC;AACvE,MAAM,MAAM,iBAAiB,GACzB,CAAC,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,EAAE,GACjD,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3B,MAAM,MAAM,YAAY,GAAG,iBAAiB,GAAG,iBAAiB,CAAC;AAEjE,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,KAAK,eAAe,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,eAAe,CAAA;CAAE,CAAC;AAEnE,MAAM,WAAW,WAAW;IAE1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EACJ,MAAM,GACN,MAAM,CACJ,MAAM,EACJ,MAAM,GACN;QACE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CACJ,CAAC;IACN,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9C,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC7D,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE;QACL,SAAS,CAAC,EAAE,eAAe,CAAC;KAC7B,CAAC;IACF,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC;IACtC,UAAU,CAAC,EACP,MAAM,EAAE,GACR;QACE,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IACN,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAGjB,EAAE,CAAC,EAAE,iCAAiC,CAAC;IAGvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAC;IACrD,WAAW,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAC;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,wBAAgB,qBAAqB,CACnC,YAAY,EAAE,YAAY,GACzB,iBAAiB,CASnB;AAED,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,GACzB,yBAAyB,GAAG;IAAE,YAAY,CAAC,EAAE,iBAAiB,CAAA;CAAE,CAyBlE;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,EACpC,qBAAqB,EAAE,sBAAsB,GAC5C,mBAAmB,CAWrB;AAID,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,WAAW,EACxB,4BAA4B,EAAE,OAAO,GACpC,eAAe,CAejB;AAED,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,EAAE,CASzE;AAED,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,mBAAmB,EAC3B,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,4CA8CtB;AAcD;;;;;;GAMG;AACH,wBAAgB,qCAAqC,CACnD,eAAe,EAAE,MAAM,EACvB,YAAY,WAAsB,GACjC;IACD,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAaA;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,CACnC,eAAe,EAAE,MAAM,EACvB,YAAY,WAAsB,GACjC;IACD,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAgCA;AAED,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,eAAe,EAAE,MAAM,GACtB;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CAwCA"}
|
|
@@ -8,12 +8,15 @@ exports.getTagsFromPackageJson = getTagsFromPackageJson;
|
|
|
8
8
|
exports.readTargetsFromPackageJson = readTargetsFromPackageJson;
|
|
9
9
|
exports.readModulePackageJsonWithoutFallbacks = readModulePackageJsonWithoutFallbacks;
|
|
10
10
|
exports.readModulePackageJson = readModulePackageJson;
|
|
11
|
+
exports.installPackageToTmp = installPackageToTmp;
|
|
11
12
|
const fs_1 = require("fs");
|
|
12
13
|
const path_1 = require("path");
|
|
13
14
|
const project_configuration_utils_1 = require("../project-graph/utils/project-configuration-utils");
|
|
14
15
|
const fileutils_1 = require("./fileutils");
|
|
15
16
|
const installation_directory_1 = require("./installation-directory");
|
|
16
17
|
const package_manager_1 = require("./package-manager");
|
|
18
|
+
const tmp_1 = require("tmp");
|
|
19
|
+
const child_process_1 = require("child_process");
|
|
17
20
|
function normalizePackageGroup(packageGroup) {
|
|
18
21
|
return Array.isArray(packageGroup)
|
|
19
22
|
? packageGroup.map((x) => typeof x === 'string' ? { package: x, version: '*' } : x)
|
|
@@ -191,3 +194,50 @@ function readModulePackageJson(moduleSpecifier, requirePaths = (0, installation_
|
|
|
191
194
|
path: packageJsonPath,
|
|
192
195
|
};
|
|
193
196
|
}
|
|
197
|
+
function installPackageToTmp(pkg, requiredVersion) {
|
|
198
|
+
const { dir: tempDir, cleanup } = (0, package_manager_1.createTempNpmDirectory)?.() ?? {
|
|
199
|
+
dir: (0, tmp_1.dirSync)().name,
|
|
200
|
+
cleanup: () => { },
|
|
201
|
+
};
|
|
202
|
+
console.log(`Fetching ${pkg}...`);
|
|
203
|
+
const packageManager = (0, package_manager_1.detectPackageManager)();
|
|
204
|
+
const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';
|
|
205
|
+
generatePackageManagerFiles(tempDir, packageManager);
|
|
206
|
+
const preInstallCommand = (0, package_manager_1.getPackageManagerCommand)(packageManager).preInstall;
|
|
207
|
+
if (preInstallCommand) {
|
|
208
|
+
// ensure package.json and repo in tmp folder is set to a proper package manager state
|
|
209
|
+
(0, child_process_1.execSync)(preInstallCommand, {
|
|
210
|
+
cwd: tempDir,
|
|
211
|
+
stdio: isVerbose ? 'inherit' : 'ignore',
|
|
212
|
+
windowsHide: false,
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
const pmCommands = (0, package_manager_1.getPackageManagerCommand)(packageManager);
|
|
216
|
+
let addCommand = pmCommands.addDev;
|
|
217
|
+
if (packageManager === 'pnpm') {
|
|
218
|
+
addCommand = 'pnpm add -D'; // we need to ensure that we are not using workspace command
|
|
219
|
+
}
|
|
220
|
+
(0, child_process_1.execSync)(`${addCommand} ${pkg}@${requiredVersion} ${pmCommands.ignoreScriptsFlag ?? ''}`, {
|
|
221
|
+
cwd: tempDir,
|
|
222
|
+
stdio: isVerbose ? 'inherit' : 'ignore',
|
|
223
|
+
windowsHide: false,
|
|
224
|
+
});
|
|
225
|
+
return {
|
|
226
|
+
tempDir,
|
|
227
|
+
cleanup,
|
|
228
|
+
};
|
|
229
|
+
}
|
|
230
|
+
/**
|
|
231
|
+
* Generates necessary files needed for the package manager to work
|
|
232
|
+
* and for the node_modules to be accessible.
|
|
233
|
+
*/
|
|
234
|
+
function generatePackageManagerFiles(root, packageManager = (0, package_manager_1.detectPackageManager)()) {
|
|
235
|
+
const [pmMajor] = (0, package_manager_1.getPackageManagerVersion)(packageManager).split('.');
|
|
236
|
+
switch (packageManager) {
|
|
237
|
+
case 'yarn':
|
|
238
|
+
if (+pmMajor >= 2) {
|
|
239
|
+
(0, fs_1.writeFileSync)((0, path_1.join)(root, '.yarnrc.yml'), 'nodeLinker: node-modules\nenableScripts: false');
|
|
240
|
+
}
|
|
241
|
+
break;
|
|
242
|
+
}
|
|
243
|
+
}
|
|
@@ -81,8 +81,12 @@ export declare function copyPackageManagerConfigurationFiles(root: string, desti
|
|
|
81
81
|
* For cases where you'd want to install packages that require an `.npmrc` set up,
|
|
82
82
|
* this function looks up for the nearest `.npmrc` (if exists) and copies it over to the
|
|
83
83
|
* temp directory.
|
|
84
|
+
*
|
|
85
|
+
* @param skipCopy - If true, skips copying package manager configuration files to the temporary directory.
|
|
86
|
+
* This is useful when creating a workspace from scratch (e.g., in create-nx-workspace)
|
|
87
|
+
* where no existing configuration files are available to copy.
|
|
84
88
|
*/
|
|
85
|
-
export declare function createTempNpmDirectory(): {
|
|
89
|
+
export declare function createTempNpmDirectory(skipCopy?: boolean): {
|
|
86
90
|
dir: string;
|
|
87
91
|
cleanup: () => Promise<void>;
|
|
88
92
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"package-manager.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-manager.ts"],"names":[],"mappings":"AA+BA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;AAE7D,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAE/C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,CACP,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,GAAG,EAAE,MAAM,KACR,MAAM,CAAC;IAEZ,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAW,GAAG,cAAc,CAYrE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,OAAO,CAmBT;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,sBAAsB,CAiIxB;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,GAAG,SAAgB,GAClB,MAAM,CAwBR;AAED,wBAAgB,mCAAmC,CACjD,uBAAuB,EAAE,MAAM,EAC/B,wBAAwB,EAAE,MAAM,GAAG,SAAS,GAC3C,IAAI,GAAG,MAAM,CAkBf;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,MAAsB,GAChC,MAAM,GAAG,IAAI,CAUf;AAED;;;;;;;;;GASG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAkBzE;AAED;;;;;;;;;GASG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOtE;AAED,wBAAgB,oCAAoC,CAClD,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,QAuCpB;AAED
|
|
1
|
+
{"version":3,"file":"package-manager.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/package-manager.ts"],"names":[],"mappings":"AA+BA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;AAE7D,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAE/C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,CACP,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EACzB,GAAG,EAAE,MAAM,KACR,MAAM,CAAC;IAEZ,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAW,GAAG,cAAc,CAYrE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,OAAO,CAmBT;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,sBAAsB,CAiIxB;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,cAAc,GAAE,cAAuC,EACvD,GAAG,SAAgB,GAClB,MAAM,CAwBR;AAED,wBAAgB,mCAAmC,CACjD,uBAAuB,EAAE,MAAM,EAC/B,wBAAwB,EAAE,MAAM,GAAG,SAAS,GAC3C,IAAI,GAAG,MAAM,CAkBf;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,MAAsB,GAChC,MAAM,GAAG,IAAI,CAUf;AAED;;;;;;;;;GASG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAkBzE;AAED;;;;;;;;;GASG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOtE;AAED,wBAAgB,oCAAoC,CAClD,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,QAuCpB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,UAAQ;;;EAsBtD;AAED;;;GAGG;AACH,wBAAsB,kCAAkC,CACtD,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CA8BjB;AAED;;;;GAIG;AACH,wBAAsB,sCAAsC,CAC1D,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CAgBjB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,CAAC,CAoBjB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBlC;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,GAAE,cAAuC,EACvD,IAAI,GAAE,MAAsB,GAC3B,MAAM,EAAE,CAoBV;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,MAAM,EACnB,cAAc,GAAE,cAAuC,EACvD,UAAU,GAAE,MAAM,EAAyC,EAC3D,IAAI,GAAE,MAAsB,GAC3B,IAAI,CAiEN"}
|
|
@@ -339,13 +339,19 @@ function copyPackageManagerConfigurationFiles(root, destination) {
|
|
|
339
339
|
* For cases where you'd want to install packages that require an `.npmrc` set up,
|
|
340
340
|
* this function looks up for the nearest `.npmrc` (if exists) and copies it over to the
|
|
341
341
|
* temp directory.
|
|
342
|
+
*
|
|
343
|
+
* @param skipCopy - If true, skips copying package manager configuration files to the temporary directory.
|
|
344
|
+
* This is useful when creating a workspace from scratch (e.g., in create-nx-workspace)
|
|
345
|
+
* where no existing configuration files are available to copy.
|
|
342
346
|
*/
|
|
343
|
-
function createTempNpmDirectory() {
|
|
347
|
+
function createTempNpmDirectory(skipCopy = false) {
|
|
344
348
|
const dir = (0, tmp_1.dirSync)().name;
|
|
345
349
|
// A package.json is needed for pnpm pack and for .npmrc to resolve
|
|
346
350
|
(0, fileutils_1.writeJsonFile)(`${dir}/package.json`, {});
|
|
347
|
-
|
|
348
|
-
|
|
351
|
+
if (!skipCopy) {
|
|
352
|
+
const isNonJs = !(0, fs_1.existsSync)((0, path_1.join)(workspace_root_1.workspaceRoot, 'package.json'));
|
|
353
|
+
copyPackageManagerConfigurationFiles(isNonJs ? (0, installation_directory_1.getNxInstallationPath)(workspace_root_1.workspaceRoot) : workspace_root_1.workspaceRoot, dir);
|
|
354
|
+
}
|
|
349
355
|
const cleanup = async () => {
|
|
350
356
|
try {
|
|
351
357
|
await (0, promises_1.rm)(dir, { recursive: true, force: true });
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
export declare function ensurePackageHasProvenance(packageName: string, packageVersion: string): Promise<void>;
|
|
2
|
-
export declare
|
|
2
|
+
export declare class ProvenanceError extends Error {
|
|
3
|
+
constructor(packageName: string, packageVersion: string, error?: string);
|
|
4
|
+
}
|
|
3
5
|
export declare function getNxPackageGroup(): string[];
|
|
4
6
|
export type DecodedAttestationPayload = {
|
|
5
7
|
_type: 'https://in-toto.io/Statement/v1';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/provenance.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/provenance.ts"],"names":[],"mappings":"AAaA,wBAAsB,0BAA0B,CAC9C,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CA+Gf;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM;CAOxE;AAED,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAa5C;AAoBD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,iCAAiC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,aAAa,EAAE,gCAAgC,CAAC;IAChD,SAAS,EAAE;QACT,eAAe,EAAE;YACf,SAAS,EAAE,MAAM,CAAC;YAClB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACzC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC;SAC7C,CAAC;QACF,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,EAAE,EAAE,MAAM,CAAC;gBACX,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;gBAC3C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aAClC,CAAC;YACF,QAAQ,CAAC,EAAE;gBACT,YAAY,CAAC,EAAE,MAAM,CAAC;gBACtB,SAAS,CAAC,EAAE,MAAM,CAAC;gBACnB,UAAU,CAAC,EAAE,MAAM,CAAC;aACrB,CAAC;YACF,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;SACnC,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QACP,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;KACnC,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH"}
|
package/src/utils/provenance.js
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.ProvenanceError = void 0;
|
|
4
4
|
exports.ensurePackageHasProvenance = ensurePackageHasProvenance;
|
|
5
5
|
exports.getNxPackageGroup = getNxPackageGroup;
|
|
6
6
|
const child_process_1 = require("child_process");
|
|
7
7
|
const path_1 = require("path");
|
|
8
8
|
const util_1 = require("util");
|
|
9
9
|
const fileutils_1 = require("./fileutils");
|
|
10
|
+
const os_1 = require("os");
|
|
10
11
|
/*
|
|
11
12
|
* Verifies that the given npm package has provenance attestations
|
|
12
13
|
* generated by the GitHub Actions workflow at .github/workflows/publish.yml
|
|
@@ -21,42 +22,63 @@ async function ensurePackageHasProvenance(packageName, packageVersion) {
|
|
|
21
22
|
return;
|
|
22
23
|
}
|
|
23
24
|
const execFileAsync = (0, util_1.promisify)(child_process_1.execFile);
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
25
|
+
try {
|
|
26
|
+
const result = await execFileAsync((0, os_1.platform)() === 'win32' ? 'npm.cmd' : 'npm', ['view', `${packageName}@${packageVersion}`, '--json', '--silent'], {
|
|
27
|
+
timeout: 20000,
|
|
28
|
+
});
|
|
29
|
+
const npmViewResult = JSON.parse(result.stdout.trim());
|
|
30
|
+
const attURL = npmViewResult.dist?.attestations?.url;
|
|
31
|
+
if (!attURL)
|
|
32
|
+
throw new ProvenanceError(packageName, packageVersion, 'No attestation URL found');
|
|
33
|
+
const response = await fetch(attURL);
|
|
34
|
+
if (!response.ok) {
|
|
35
|
+
throw new ProvenanceError(packageName, packageVersion, `HTTP ${response.status}: ${response.statusText}`);
|
|
36
|
+
}
|
|
37
|
+
const attestations = (await response.json());
|
|
38
|
+
const provenanceAttestation = attestations?.attestations?.find((a) => a.predicateType === 'https://slsa.dev/provenance/v1');
|
|
39
|
+
const dsseEnvelopePayload = JSON.parse(Buffer.from(provenanceAttestation.bundle.dsseEnvelope.payload, 'base64').toString());
|
|
40
|
+
const workflowParameters = dsseEnvelopePayload?.predicate?.buildDefinition?.externalParameters
|
|
41
|
+
?.workflow;
|
|
42
|
+
// verify that provenance was actually generated from the right publishing workflow
|
|
43
|
+
if (!workflowParameters) {
|
|
44
|
+
throw new ProvenanceError(packageName, packageVersion, 'Missing workflow parameters in attestation');
|
|
45
|
+
}
|
|
46
|
+
if (workflowParameters.repository !== 'https://github.com/nrwl/nx') {
|
|
47
|
+
throw new ProvenanceError(packageName, packageVersion, 'Repository does not match nrwl/nx');
|
|
48
|
+
}
|
|
49
|
+
if (workflowParameters.path !== '.github/workflows/publish.yml') {
|
|
50
|
+
throw new ProvenanceError(packageName, packageVersion, 'Publishing workflow does not match .github/workflows/publish.yml');
|
|
51
|
+
}
|
|
52
|
+
if (workflowParameters.ref !== `refs/tags/${npmViewResult.version}`) {
|
|
53
|
+
throw new ProvenanceError(packageName, packageVersion, `Version ref does not match refs/tags/${npmViewResult.version}`);
|
|
54
|
+
}
|
|
55
|
+
// verify that provenance was generated from the exact same artifact as the one we are installing
|
|
56
|
+
const distSha = Buffer.from(npmViewResult.dist.integrity.replace('sha512-', ''), 'base64').toString('hex');
|
|
57
|
+
const attestationSha = dsseEnvelopePayload.subject[0].digest.sha512;
|
|
58
|
+
if (distSha !== attestationSha) {
|
|
59
|
+
throw new ProvenanceError(packageName, packageVersion, 'Integrity hash does not match attestation hash');
|
|
60
|
+
}
|
|
61
|
+
return;
|
|
43
62
|
}
|
|
44
|
-
|
|
45
|
-
|
|
63
|
+
catch (error) {
|
|
64
|
+
if (error instanceof ProvenanceError) {
|
|
65
|
+
throw error;
|
|
66
|
+
}
|
|
67
|
+
throw new ProvenanceError(packageName, packageVersion, error.message || error);
|
|
46
68
|
}
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
throw (0, exports.noProvenanceError)(packageName, packageVersion, 'Integrity hash does not match attestation hash');
|
|
69
|
+
}
|
|
70
|
+
class ProvenanceError extends Error {
|
|
71
|
+
constructor(packageName, packageVersion, error) {
|
|
72
|
+
super(`An error occurred while checking the provenance of ${packageName}@${packageVersion}. This could indicate a security risk. Please double check https://www.npmjs.com/package/${packageName} to see if the package is published correctly or file an issue at https://github.com/nrwl/nx/issues. To disable this check at your own risk, you can set the NX_SKIP_PROVENANCE_CHECK environment variable to true. \n Error: ${error ?? ''}`);
|
|
52
73
|
}
|
|
53
|
-
return;
|
|
54
74
|
}
|
|
55
|
-
|
|
56
|
-
exports.noProvenanceError = noProvenanceError;
|
|
75
|
+
exports.ProvenanceError = ProvenanceError;
|
|
57
76
|
function getNxPackageGroup() {
|
|
58
77
|
const packageJsonPath = (0, path_1.join)(__dirname, '../../package.json');
|
|
59
78
|
const packageJson = (0, fileutils_1.readJsonFile)(packageJsonPath);
|
|
79
|
+
if (!packageJson['nx-migrations']?.packageGroup) {
|
|
80
|
+
return ['nx'];
|
|
81
|
+
}
|
|
60
82
|
const packages = packageJson['nx-migrations'].packageGroup.filter((dep) => typeof dep === 'string' && dep.startsWith('@nx/'));
|
|
61
83
|
packages.push('nx');
|
|
62
84
|
return packages;
|