semantic-release-lerna 2.2.0 → 2.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "semantic-release-lerna",
-  "version": "2.2.0",
+  "version": "2.4.0",
   "description": "semantic-release plugin to publish lerna monorepo packages to npm",
   "keywords": [
     "npm",
@@ -26,96 +26,33 @@
     "Gregor Martynus (https://twitter.com/gr2m)"
   ],
   "type": "module",
-  "main": "index.js",
+  "main": "dist/index.js",
   "files": [
-    "lib",
-    "index.js",
-    "!*.test.js"
+    "dist"
   ],
-  "scripts": {
-    "codecov": "codecov -f coverage/coverage-final.json",
-    "eslint": "eslint --cache .",
-    "eslint:fix": "eslint --cache --fix .",
-    "prettier:check": "prettier --check .",
-    "prettier:write": "prettier --write .",
-    "semantic-release": "semantic-release",
-    "pretest": "npm run eslint && npm run prettier:check",
-    "test": "jest --collectCoverage"
-  },
-  "prettier": "@html-validate/prettier-config",
-  "jest": {
-    "testTimeout": 30000,
-    "transformIgnorePatterns": []
-  },
   "dependencies": {
-    "@lerna/package": "^6.0.0",
-    "@lerna/package-graph": "^6.0.0",
-    "@lerna/project": "^6.0.0",
     "@semantic-release/error": "^4.0.0",
     "@semantic-release/release-notes-generator": "^12.0.0",
-    "aggregate-error": "^5.0.0",
     "conventional-changelog-writer": "^7.0.0",
     "conventional-commits-filter": "^4.0.0",
     "conventional-commits-parser": "^5.0.0",
-    "debug": "^4.3.0",
-    "execa": "^8.0.0",
-    "get-stream": "^8.0.0",
-    "into-stream": "^8.0.0",
+    "cosmiconfig": "^7.0.0",
     "libnpmversion": "^5.0.0",
-    "minimatch": "^9.0.0",
-    "npmlog": "^7.0.0",
-    "read-pkg-up": "^10.0.0",
-    "semver": "^7.0.0",
-    "tempy": "^3.0.0",
-    "write-json-file": "^5.0.0"
-  },
-  "devDependencies": {
-    "@babel/core": "7.23.9",
-    "@babel/preset-env": "7.23.9",
-    "@html-validate/eslint-config": "5.12.8",
-    "@html-validate/eslint-config-jest": "5.12.7",
-    "@html-validate/prettier-config": "2.4.10",
-    "@semantic-release/npm": "11.0.2",
-    "@types/jest": "29.5.11",
-    "@types/npmlog": "7.0.0",
-    "babel-plugin-transform-import-meta": "2.2.1",
-    "codecov": "3.8.3",
-    "fs-extra": "11.2.0",
-    "jest": "29.7.0",
-    "lerna": "8.0.2",
-    "npm-pkg-lint": "2.1.0",
-    "semantic-release": "23.0.0",
-    "stream-buffers": "3.0.2",
-    "verdaccio": "5.29.0"
+    "registry-auth-token": "^5.0.0"
   },
   "peerDependencies": {
-    "@semantic-release/npm": ">= 10",
     "lerna": "^5 || ^6 || ^7 || ^8",
     "semantic-release": "^22 || ^23"
   },
+  "peerDependenciesMeta": {
+    "lerna": {
+      "optional": true
+    }
+  },
   "engines": {
     "node": ">= 18.17"
   },
   "publishConfig": {
     "access": "public"
-  },
-  "renovate": {
-    "extends": [
-      "gitlab>html-validate/renovate-config"
-    ],
-    "packageRules": [
-      {
-        "matchPackageNames": [
-          "lerna"
-        ],
-        "matchUpdateTypes": [
-          "major"
-        ],
-        "commitMessageAction": "support",
-        "commitMessageTopic": "{{depName}}",
-        "commitMessageExtra": "v{{newMajor}}",
-        "semanticCommitType": "feat"
-      }
-    ]
   }
 }

package/index.js

@@ -1,97 +0,0 @@
-import AggregateError from "aggregate-error";
-import { temporaryFile } from "tempy";
-import getPkg from "@semantic-release/npm/lib/get-pkg.js";
-import verifyNpmConfig from "@semantic-release/npm/lib/verify-config.js";
-import verifyNpmAuth from "./lib/verify-auth.js";
-import verifyGit from "./lib/verify-git.js";
-import prepareNpm from "./lib/prepare.js";
-import publishNpm from "./lib/publish.js";
-
-export { generateNotes } from "./lib/generate-notes.js";
-
-let verified;
-const npmrc = temporaryFile({ name: ".npmrc" });
-
-const defaultConfig = {
-	npmVerifyAuth: true,
-	npmPublish: undefined,
-	tarballDir: undefined,
-	pkgRoot: undefined,
-	latch: "minor",
-};
-
-/**
- * @template T
- * @param {T} value
- * @param {T} defaultValue
- * @returns {T}
- */
-function defaultTo(value, defaultValue) {
-	return value === null || value === undefined ? defaultValue : value;
-}
-
-export async function verifyConditions(pluginConfig, context) {
-	pluginConfig.npmVerifyAuth = defaultTo(pluginConfig.npmVerifyAuth, defaultConfig.npmVerifyAuth);
-	pluginConfig.npmPublish = defaultTo(pluginConfig.npmPublish, defaultConfig.npmPublish);
-	pluginConfig.tarballDir = defaultTo(pluginConfig.tarballDir, defaultConfig.tarballDir);
-	pluginConfig.pkgRoot = defaultTo(pluginConfig.pkgRoot, defaultConfig.pkgRoot);
-
-	const errors = [...verifyNpmConfig(pluginConfig), ...(await verifyGit(context))];
-
-	try {
-		if (pluginConfig.npmVerifyAuth) {
-			const pkg = await getPkg(pluginConfig, context);
-			await verifyNpmAuth(npmrc, pkg, context);
-		}
-	} catch (error) {
-		errors.push(...error.errors);
-	}
-
-	if (errors.length > 0) {
-		throw new AggregateError(errors);
-	}
-
-	verified = true;
-}
-
-export async function prepare(pluginConfig, context) {
-	pluginConfig.latch = defaultTo(pluginConfig.latch, defaultConfig.latch);
-
-	const errors = verified ? [] : verifyNpmConfig(pluginConfig);
-
-	try {
-		if (pluginConfig.npmVerifyAuth) {
-			const pkg = await getPkg(pluginConfig, context);
-			await verifyNpmAuth(npmrc, pkg, context);
-		}
-	} catch (error) {
-		errors.push(...error);
-	}
-
-	if (errors.length > 0) {
-		throw new AggregateError(errors);
-	}
-
-	await prepareNpm(npmrc, pluginConfig, context);
-}
-
-export async function publish(pluginConfig, context) {
-	let pkg;
-	const errors = verified ? [] : verifyNpmConfig(pluginConfig);
-
-	try {
-		// Reload package.json in case a previous external step updated it
-		pkg = await getPkg(pluginConfig, context);
-		if (!verified && pluginConfig.npmPublish !== false && pkg.private !== true) {
-			await verifyNpmAuth(npmrc, pkg, context);
-		}
-	} catch (error) {
-		errors.push(...error);
-	}
-
-	if (errors.length > 0) {
-		throw new AggregateError(errors);
-	}
-
-	return publishNpm(npmrc, pluginConfig, pkg, context);
-}

package/lib/definitions/errors.js

@@ -1,6 +0,0 @@
-export function EDIRTYWC({ files }) {
-	return {
-		message: "Dirty working copy.",
-		details: `The git working copy must be clean before releasing:\n\n${files.join("\n")}\n`,
-	};
-}

package/lib/generate-notes.js

@@ -1,134 +0,0 @@
-import { format } from "node:url";
-import getStream from "get-stream";
-import intoStream from "into-stream";
-import { sync as parser } from "conventional-commits-parser";
-import writer from "conventional-changelog-writer";
-import filter from "conventional-commits-filter";
-import { readPackageUp } from "read-pkg-up";
-import debugFactory from "debug";
-import loadChangelogConfig from "@semantic-release/release-notes-generator/lib/load-changelog-config.js";
-import HOSTS_CONFIG from "@semantic-release/release-notes-generator/lib/hosts-config.js";
-import { Project } from "@lerna/project";
-import { makeDiffPredicate } from "./utils/index.js";
-
-const debug = debugFactory("semantic-release:release-notes-generator");
-
-/**
- * Generate the changelog for all the commits in `options.commits`.
- *
- * @param {Object} pluginConfig The plugin configuration.
- * @param {String} pluginConfig.preset conventional-changelog preset ('angular', 'atom', 'codemirror', 'ember', 'eslint', 'express', 'jquery', 'jscs', 'jshint').
- * @param {String} pluginConfig.config Requierable npm package with a custom conventional-changelog preset
- * @param {Object} pluginConfig.parserOpts Additional `conventional-changelog-parser` options that will overwrite ones loaded by `preset` or `config`.
- * @param {Object} pluginConfig.writerOpts Additional `conventional-changelog-writer` options that will overwrite ones loaded by `preset` or `config`.
- * @param {Object} context The semantic-release context.
- * @param {Array<Object>} context.commits The commits to analyze.
- * @param {Object} context.lastRelease The last release with `gitHead` corresponding to the commit hash used to make the last release and `gitTag` corresponding to the git tag associated with `gitHead`.
- * @param {Object} context.nextRelease The next release with `gitHead` corresponding to the commit hash used to make the  release, the release `version` and `gitTag` corresponding to the git tag associated with `gitHead`.
- * @param {Object} context.options.repositoryUrl The git repository URL.
- *
- * @returns {String} The changelog for all the commits in `context.commits`.
- */
-/* eslint-disable-next-line complexity, sonarjs/cognitive-complexity -- technical debt */
-export async function generateNotes(pluginConfig, context) {
-	const { commits, lastRelease, nextRelease, options, cwd, logger } = context;
-	const { generateNotes = false } = pluginConfig;
-
-	if (!generateNotes) {
-		logger.log(`Release notes scope disabled, skipping`);
-		return "";
-	}
-
-	const repositoryUrl = options.repositoryUrl.replace(/\.git$/i, "");
-	const { parserOpts, writerOpts } = await loadChangelogConfig(pluginConfig, context);
-
-	const project = new Project(cwd);
-	const packages = await project.getPackages();
-
-	function fillScope(parsedCommit) {
-		if (parsedCommit.scope) {
-			return parsedCommit;
-		}
-
-		const hasDiff = makeDiffPredicate(`${parsedCommit.hash}^!`, { cwd });
-		const scope = packages.filter((pkg) => !pkg.private && hasDiff(pkg)).map((pkg) => pkg.name);
-		if (scope.length > 0) {
-			parsedCommit.scope = scope.join(", ");
-		}
-
-		return parsedCommit;
-	}
-
-	const [match, auth, host, path] =
-		/* eslint-disable-next-line security/detect-unsafe-regex -- technical debt  */
-		/^(?!.+:\/\/)(?:(?<auth>.*)@)?(?<host>.*?):(?<path>.*)$/.exec(repositoryUrl) || [];
-	const authString = auth ? `${auth}@` : "";
-	const url = new URL(match ? `ssh://${authString}${host}/${path}` : repositoryUrl);
-	const { hostname, pathname } = url;
-	let { port, protocol } = url;
-	port = protocol.includes("ssh") ? "" : port;
-	protocol = protocol && /http[^s]/.test(protocol) ? "http" : "https";
-	/* eslint-disable-next-line security/detect-unsafe-regex -- technical debt  */
-	const [, owner, repository] = /^\/(?<owner>[^/]+)?\/?(?<repository>.+)?$/.exec(pathname);
-
-	const { issue, commit, referenceActions, issuePrefixes } =
-		Object.values(HOSTS_CONFIG).find((conf) => conf.hostname === hostname) || HOSTS_CONFIG.default;
-	const parsedCommits = filter(
-		commits
-			.filter(({ message, hash }) => {
-				if (!message.trim()) {
-					debug("Skip commit %s with empty message", hash);
-					return false;
-				}
-
-				return true;
-			})
-			.map((rawCommit) =>
-				fillScope({
-					...rawCommit,
-					...parser(rawCommit.message, { referenceActions, issuePrefixes, ...parserOpts }),
-				}),
-			),
-	);
-	const previousTag = lastRelease.gitTag || lastRelease.gitHead;
-	const currentTag = nextRelease.gitTag || nextRelease.gitHead;
-	const {
-		host: hostConfig,
-		linkCompare,
-		linkReferences,
-		commit: commitConfig,
-		issue: issueConfig,
-	} = pluginConfig;
-	const defaultContext = {
-		version: nextRelease.version,
-		host: format({ protocol, hostname, port }),
-		owner,
-		repository,
-		previousTag,
-		currentTag,
-		linkCompare: currentTag && previousTag,
-		issue,
-		commit,
-		packageData: ((await readPackageUp({ normalize: false, cwd })) || {}).packageJson,
-	};
-	const userConfig = {
-		host: hostConfig,
-		linkCompare,
-		linkReferences,
-		commit: commitConfig,
-		issue: issueConfig,
-	};
-	const changelogContext = { ...defaultContext, ...userConfig };
-
-	debug("version: %o", changelogContext.version);
-	debug("host: %o", changelogContext.hostname);
-	debug("owner: %o", changelogContext.owner);
-	debug("repository: %o", changelogContext.repository);
-	debug("previousTag: %o", changelogContext.previousTag);
-	debug("currentTag: %o", changelogContext.currentTag);
-	debug("linkReferences: %o", changelogContext.linkReferences);
-	debug("issue: %o", changelogContext.issue);
-	debug("commit: %o", changelogContext.commit);
-
-	return getStream(intoStream.object(parsedCommits).pipe(writer(changelogContext, writerOpts)));
-}

package/lib/get-changed-packages.js

@@ -1,113 +0,0 @@
-import { format } from "node:util";
-import { PackageGraph } from "@lerna/package-graph";
-import { Project } from "@lerna/project";
-import { execaSync } from "execa";
-import { shouldLatch } from "./should-latch.js";
-import { collectPackages, hasTags, makeDiffPredicate } from "./utils/index.js";
-
-function describeRefSync(execOptions) {
-	const args = [
-		"describe",
-		"--tags",
-		// Fallback to short sha if no tags located
-		"--always",
-		// Always return full result, helps identify existing release
-		"--long",
-		// Annotate if uncommitted changes present
-		"--dirty",
-		// Prefer tags originating on upstream branch
-		"--first-parent",
-	];
-	const { stdout } = execaSync("git", args, execOptions);
-	return parse(stdout, execOptions);
-}
-
-function parse(stdout, options = {}) {
-	const minimalShaRegex = /^([\da-f]{7,40})(-dirty)?$/;
-	// When git describe fails to locate tags, it returns only the minimal sha
-	if (minimalShaRegex.test(stdout)) {
-		// Repo might still be dirty
-		const [, sha, isDirty] = minimalShaRegex.exec(stdout);
-
-		// Count number of commits since beginning of time
-		const refCount = childProcess.execSync("git", ["rev-list", "--count", sha], options);
-
-		return { refCount, sha, isDirty: Boolean(isDirty) };
-	}
-
-	/* eslint-disable-next-line security/detect-unsafe-regex -- technical debt  */
-	const result = /^((?:.*@)?(.*))-(\d+)-g([\da-f]+)(-dirty)?$/.exec(stdout) || [];
-	const [, lastTagName, lastVersion, refCount, sha, isDirty] = result;
-
-	return { lastTagName, lastVersion, refCount, sha, isDirty: Boolean(isDirty) };
-}
-
-function collectUpdates(filteredPackages, packageGraph, execOptions, commandOptions) {
-	const { version, logger, latch } = commandOptions;
-
-	const packages =
-		filteredPackages.length === packageGraph.size
-			? packageGraph
-			: new Map(filteredPackages.map(({ name }) => [name, packageGraph.get(name)]));
-
-	let committish;
-
-	if (hasTags(execOptions)) {
-		// Describe the last annotated tag in the current branch
-		const { refCount, lastTagName } = describeRefSync(execOptions);
-
-		if (refCount === "0" && !committish) {
-			// No commits since previous release
-			logger.warn("", "Current HEAD is already released, skipping change detection.");
-
-			return [];
-		}
-
-		// If no tags found, this will be undefined and we'll use the initial commit
-		committish = lastTagName;
-	}
-
-	if (shouldLatch(version, latch)) {
-		logger.log(`Bumping all packages because configuration is set to latch on ${latch} and higher`);
-		return collectPackages(packages);
-	}
-
-	if (!committish) {
-		logger.log("Failed to find last release tag, assuming all packages changed");
-		return collectPackages(packages);
-	}
-
-	logger.log(`Looking for changed packages since ${committish}`);
-
-	const hasDiff = makeDiffPredicate(committish, execOptions, commandOptions.ignoreChanges);
-
-	return collectPackages(packages, {
-		isCandidate: (node) => hasDiff(node),
-	});
-}
-
-/**
- * @param {"major" | "minor" | "patch" | "prerelease" | "none"} latch
- * @param {any} context
- * @returns {Promise<any[]>}
- */
-export default async function getChangedPackages(latch, context) {
-	const { cwd, logger, version } = context;
-	const project = new Project(cwd);
-	const packages = await project.getPackages();
-	const packageGraph = new PackageGraph(packages);
-	logger.log(
-		`%d package${packages.length === 1 ? "" : "s"} found: %s`,
-		packages.length,
-		format(packages.map((pkg) => pkg.name)),
-	);
-
-	const updates = collectUpdates(
-		packageGraph.rawPackageList,
-		packageGraph,
-		{ cwd },
-		{ logger, version, latch },
-	);
-
-	return updates.map((node) => packages.find((pkg) => pkg.name === node.name));
-}

package/lib/get-error.js

@@ -1,8 +0,0 @@
-import SemanticReleaseError from "@semantic-release/error";
-import * as ERROR_DEFINITIONS from "./definitions/errors.js";
-
-export default function (code, ctx = {}) {
-	/* eslint-disable-next-line import/namespace -- this is how upstream does it */
-	const { message, details } = ERROR_DEFINITIONS[code](ctx);
-	return new SemanticReleaseError(message, code, details);
-}

package/lib/prepare.js

@@ -1,223 +0,0 @@
-import path from "node:path";
-import fs from "node:fs/promises";
-import { existsSync } from "node:fs";
-import { format } from "node:util";
-import { execa } from "execa";
-import npmVersion from "libnpmversion";
-import { Project } from "@lerna/project";
-import { Package } from "@lerna/package";
-import { writeJsonFile } from "write-json-file";
-import semverParse from "semver/functions/parse.js";
-import getChangedPackages from "./get-changed-packages.js";
-
-/**
- * @param {string} path
- * @returns {any}
- **/
-async function readJson(path) {
-	return JSON.parse(await fs.readFile(path));
-}
-
-/**
- * Bump version in "lerna.json".
- *
- * @param {string} basePath
- * @param {any} context
- * @returns {Promise<void>}
- */
-async function updateLernaJson(basePath, context) {
-	const {
-		logger,
-		nextRelease: { version },
-	} = context;
-	logger.log("Write version %s to lerna.json in %s", version, basePath);
-	const project = new Project(basePath);
-	project.version = version;
-	await project.serializeConfig();
-}
-
-/**
- * Bump version in a single package "package.json".
- *
- * @param {string} npmrc
- * @param {Package} pkg
- * @param {any} context
- * @param {Record<string, string>} currentVersions
- * @returns {Promise<void>}
- */
-async function updatePackage(npmrc, pkg, context, currentVersions) {
-	const {
-		nextRelease: { version },
-		logger,
-	} = context;
-	logger.log("Write version %s to package.json in %s", version, pkg.location);
-
-	await npmVersion(version, {
-		path: pkg.location,
-		allowSameVersion: true,
-		commitHooks: false,
-		gitTagVersion: false,
-		signGitCommit: false,
-		signGitTag: false,
-		force: false,
-		ignoreScripts: false,
-		silent: false,
-	});
-
-	/* Bump dependencies */
-	if (currentVersions) {
-		await updatePackageDependencies(pkg, version, currentVersions);
-	}
-}
-
-/**
- * Bump version in a single package "package-lock.json".
- *
- * Noop if "package-lock.json" does not exist.
- *
- * @param {string} npmrc
- * @param {Package} pkg
- * @param {any} context
- * @returns {Promise<void>}
- */
-async function updateLockfile(npmrc, pkg, context) {
-	const { env, stdout, stderr, logger } = context;
-
-	const lockfile = path.join(pkg.location, "package-lock.json");
-	if (!existsSync(lockfile)) {
-		return;
-	}
-
-	logger.log("Update package-lock.json in %s", pkg.location);
-
-	const versionResult = execa(
-		"npm",
-		["install", "--package-lock-only", "--ignore-scripts", "--no-audit", "--userconfig", npmrc],
-		{
-			cwd: pkg.location,
-			env,
-		},
-	);
-	versionResult.stdout.pipe(stdout, { end: false });
-	versionResult.stderr.pipe(stderr, { end: false });
-	await versionResult;
-}
-
-/**
- * @param {Record<string, string>} dependencies
- * @param {string} newVersion
- * @param {Record<string, string>} currentVersions
- * @returns {void}
- */
-function bumpDependency(dependencies, newVersion, currentVersions) {
-	const newParsed = semverParse(newVersion);
-	if (!newParsed) {
-		return;
-	}
-	for (const [dep, range] of Object.entries(dependencies)) {
-		if (!currentVersions[dep]) {
-			continue;
-		}
-
-		const version = currentVersions[dep];
-		const parsed = semverParse(version);
-		if (!parsed) {
-			continue;
-		}
-
-		/* Exact versions */
-		if (range === version) {
-			dependencies[dep] = newVersion;
-		}
-
-		/* Hat ^x.y.z */
-		if (range === `^${version}`) {
-			dependencies[dep] = `^${newVersion}`;
-		}
-
-		/* Hat ^x.y */
-		if (range === `^${parsed.major}.${parsed.minor}`) {
-			dependencies[dep] = `^${newParsed.major}.${newParsed.minor}`;
-		}
-
-		/* Hat ^x */
-		if (range === `^${parsed.major}`) {
-			dependencies[dep] = `^${newParsed.major}`;
-		}
-	}
-}
-
-/**
- * @param {Package} pkg
- * @param {string} newVersion
- * @param {Record<string, string>} currentVersions
- * @returns {Promise<void>}
- */
-async function updatePackageDependencies(pkg, newVersion, currentVersions) {
-	const pkgData = await readJson(pkg.manifestLocation);
-
-	bumpDependency(pkgData.dependencies || {}, newVersion, currentVersions);
-	bumpDependency(pkgData.devDependencies || {}, newVersion, currentVersions);
-	bumpDependency(pkgData.peerDependencies || {}, newVersion, currentVersions);
-
-	await writeJsonFile(pkg.manifestLocation, pkgData, { indent: 2, detectIndent: true });
-}
-
-/**
- * Get current version from `package.json`.
- *
- * @param {Package} pkg
- * @returns {Promise<[string, string]>}
- */
-async function getCurrentVersion(pkg) {
-	const pkgData = await readJson(pkg.manifestLocation);
-	return [pkgData.name, pkgData.version];
-}
-
-/**
- * @param {string} npmrc
- * @param {any} context
- * @returns {Promise<void>}
- */
-export default async function (npmrc, pluginConfig, context) {
-	const {
-		cwd,
-		nextRelease: { version },
-		logger,
-	} = context;
-	const basePath = pluginConfig.pkgRoot ? path.resolve(cwd, pluginConfig.pkgRoot) : cwd;
-	const rootPkg = new Package(readJson(path.join(basePath, "package.json")), basePath);
-	const { rootVersion = true } = pluginConfig;
-
-	const changed = await getChangedPackages(pluginConfig.latch, { cwd, logger, version });
-	if (changed.length === 0) {
-		logger.log("No packages changed, applying version bump on root package only");
-		await updateLernaJson(basePath, context);
-		await updatePackage(npmrc, rootPkg, context);
-		return;
-	}
-
-	const s = changed.length > 1 ? "s" : "";
-	logger.log(
-		`${changed.length} package${s} need version bump: ${format(changed.map((pkg) => pkg.name))}`,
-	);
-
-	const currentVersions = Object.fromEntries(
-		await Promise.all(changed.map((pkg) => getCurrentVersion(pkg))),
-	);
-
-	/* Bump version in all changed packages */
-	for (const pkg of changed) {
-		await updatePackage(npmrc, pkg, context, currentVersions);
-	}
-
-	/* Bump version in "lerna.json" */
-	await updateLernaJson(basePath, context);
-
-	if (rootVersion) {
-		await updatePackage(npmrc, rootPkg, context);
-		await updateLockfile(npmrc, rootPkg, context);
-	} else {
-		logger.log("Don't write version to root package.json");
-	}
-}