semantic-release-vsce 5.7.3 → 6.0.0

package/.github/workflows/ci.yaml

@@ -10,6 +10,9 @@ on:
       - master
       - next
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -17,9 +20,8 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 16
-          - 18
           - 20
+          - 22
 
     steps:
       - uses: actions/checkout@v4
@@ -34,11 +36,18 @@ jobs:
 
     needs: test
 
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+
     steps:
       - uses: actions/checkout@v4
       - uses: volta-cli/action@v4
       - run: npm ci
-      - run: npm run release
+      - run: npm audit signatures
+      - run: npx semantic-release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

package/README.md

@@ -96,11 +96,12 @@ The directory of the extension relative to the current working directory. Defaul
 
 The following environment variables are supported by this plugin:
 
-| Variable      | Description                                                                                                                                                                                                                                                                                                     |
-| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `OVSX_PAT`    | _Optional_. The personal access token to push to Open VSX Registry                                                                                                                                                                                                                                              |
-| `VSCE_PAT`    | _Optional_. The personal access token to publish to Visual Studio Marketplace                                                                                                                                                                                                                                   |
-| `VSCE_TARGET` | _Optional_. The target to use when packaging or publishing the extension (used as `vsce package --target ${VSCE_TARGET}`). When set to `universal`, behave as if `VSCE_TARGET` was not set (i.e. build the universal/generic `vsix`). See [the platform-specific example](#platform-specific-on-github-actions) |
+| Variable                | Description                                                                                                                                                                                                                                                                                                     |
+| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `OVSX_PAT`              | _Optional_. The personal access token to push to Open VSX Registry                                                                                                                                                                                                                                              |
+| `VSCE_PAT`              | _Optional_. The personal access token to publish to Visual Studio Marketplace. _Note:_ Cannot be set at the same time as `VSCE_AZURE_CREDENTIAL`.                                                                                                                                                               |
+| `VSCE_AZURE_CREDENTIAL` | _Optional_. When set to `true` or `1`, `vsce` will use the `--azure-credential` flag to authenticate. _Note:_ Cannot be set at the same time as `VSCE_PAT`.                                                                                                                                                     |
+| `VSCE_TARGET`           | _Optional_. The target to use when packaging or publishing the extension (used as `vsce package --target ${VSCE_TARGET}`). When set to `universal`, behave as if `VSCE_TARGET` was not set (i.e. build the universal/generic `vsix`). See [the platform-specific example](#platform-specific-on-github-actions) |
 
 ### Configuring `vsce`
 
@@ -193,7 +194,10 @@ jobs:
 
    ```js
    // package.release.config.js
-   module.exports = {
+   /**
+    * @type {import('semantic-release').GlobalConfig}
+    */
+   export default {
      plugins: [
        '@semantic-release/commit-analyzer',
        '@semantic-release/release-notes-generator',
@@ -213,7 +217,10 @@ jobs:
 
    ```js
    // publish.release.config.js
-   module.exports = {
+   /**
+    * @type {import('semantic-release').GlobalConfig}
+    */
+   export default {
      plugins: [
        '@semantic-release/commit-analyzer',
        '@semantic-release/release-notes-generator',
@@ -254,9 +261,6 @@ jobs:
           - os: windows-latest
             target: win32-x64
             npm_config_arch: x64
-          - os: windows-latest
-            target: win32-ia32
-            npm_config_arch: ia32
           - os: windows-latest
             target: win32-arm64
             npm_config_arch: arm
@@ -336,4 +340,37 @@ jobs:
           OVSX_PAT: ${{ secrets.OVSX_PAT }}
 ```
 
+### GitHub Actions - Release to VS Marketplace with Azure credentials
+
+```yaml
+name: release
+
+on:
+  push:
+    branches: [master]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - run: npm ci
+
+      # Log into Azure CLI to get VSCE credentials
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VSCE_AZURE_CREDENTIAL: 'true'
+```
+
 A reference implementation can also be found in the [VS Code ShellCheck extension](https://github.com/vscode-shellcheck/vscode-shellcheck/pull/805).

package/eslint.config.js

@@ -0,0 +1,7 @@
+// @ts-check
+
+import neostandard from 'neostandard';
+
+export default neostandard({
+  noStyle: true,
+});

package/index.js

@@ -1,27 +1,27 @@
 // @ts-check
 
-const path = require('path');
-const verifyVsce = require('./lib/verify');
-const vscePublish = require('./lib/publish');
-const vscePrepare = require('./lib/prepare');
+import { join } from 'node:path';
+import { prepare as vscePrepare } from './lib/prepare.js';
+import { publish as vscePublish } from './lib/publish.js';
+import { verify as vsceVerify } from './lib/verify.js';
 
 let verified = false;
 let prepared = false;
 let packagePath;
 
-async function verifyConditions(pluginConfig, { logger, cwd }) {
+export async function verifyConditions(pluginConfig, { logger, cwd }) {
   cwd = getPackageRoot(pluginConfig, cwd);
-  await verifyVsce(pluginConfig, { logger, cwd });
+  await vsceVerify(pluginConfig, { logger, cwd });
   verified = true;
 }
 
-async function prepare(
+export async function prepare(
   pluginConfig,
   { nextRelease: { version }, logger, cwd },
 ) {
   cwd = getPackageRoot(pluginConfig, cwd);
   if (!verified) {
-    await verifyVsce(pluginConfig, { logger, cwd });
+    await vsceVerify(pluginConfig, { logger, cwd });
     verified = true;
   }
   packagePath = await vscePrepare(
@@ -33,13 +33,13 @@ async function prepare(
   prepared = true;
 }
 
-async function publish(
+export async function publish(
   pluginConfig,
   { nextRelease: { version }, logger, cwd },
 ) {
   cwd = getPackageRoot(pluginConfig, cwd);
   if (!verified) {
-    await verifyVsce(pluginConfig, { logger, cwd });
+    await vsceVerify(pluginConfig, { logger, cwd });
     verified = true;
   }
 
@@ -60,21 +60,13 @@ async function publish(
 
   if (pluginConfig?.publishPackagePath) {
     // Expand glob
-    const globSync = require('glob').glob.sync;
-    packagePath = globSync(pluginConfig.publishPackagePath, { cwd });
+    const glob = (await import('glob')).glob;
+    packagePath = await glob(pluginConfig.publishPackagePath, { cwd });
   }
 
   return vscePublish(version, packagePath, logger, cwd);
 }
 
 function getPackageRoot(pluginConfig, cwd) {
-  return pluginConfig.packageRoot
-    ? path.join(cwd, pluginConfig.packageRoot)
-    : cwd;
+  return pluginConfig.packageRoot ? join(cwd, pluginConfig.packageRoot) : cwd;
 }
-
-module.exports = {
-  verifyConditions,
-  prepare,
-  publish,
-};

package/lib/prepare.js

@@ -1,11 +1,12 @@
 // @ts-check
 
-const execa = require('execa');
-const { readJson } = require('fs-extra');
-const path = require('path');
-const { isOvsxPublishEnabled, isTargetEnabled } = require('./utils');
+import { execa } from 'execa';
+import { readJson } from 'fs-extra/esm';
+import { join } from 'node:path';
+import process from 'node:process';
+import { isOvsxPublishEnabled, isTargetEnabled } from './utils.js';
 
-module.exports = async (version, packageVsix, logger, cwd) => {
+export async function prepare(version, packageVsix, logger, cwd) {
   if (packageVsix === false) {
     return;
   }
@@ -24,7 +25,7 @@ module.exports = async (version, packageVsix, logger, cwd) => {
     if (typeof packageVsix === 'string') {
       packagePath = packageVsix;
     } else {
-      const { name } = await readJson(path.join(cwd, './package.json'));
+      const { name } = await readJson(join(cwd, './package.json'));
       if (isTargetEnabled()) {
         packagePath = `${name}-${process.env.VSCE_TARGET}-${version}.vsix`;
       } else {
@@ -49,4 +50,4 @@ module.exports = async (version, packageVsix, logger, cwd) => {
 
     return packagePath;
   }
-};
+}

package/lib/publish.js

@@ -1,16 +1,18 @@
 // @ts-check
 
-const execa = require('execa');
-const { readJson } = require('fs-extra');
-const path = require('path');
-const {
+import { execa } from 'execa';
+import { readJson } from 'fs-extra/esm';
+import { join } from 'node:path';
+import process from 'node:process';
+import {
+  isAzureCredentialEnabled,
   isOvsxPublishEnabled,
   isTargetEnabled,
   isVscePublishEnabled,
-} = require('./utils');
+} from './utils.js';
 
-module.exports = async (version, packagePath, logger, cwd) => {
-  const { publisher, name } = await readJson(path.join(cwd, './package.json'));
+export async function publish(version, packagePath, logger, cwd) {
+  const { publisher, name } = await readJson(join(cwd, './package.json'));
 
   const options = ['publish'];
 
@@ -33,6 +35,10 @@ module.exports = async (version, packagePath, logger, cwd) => {
     }
   }
 
+  if (isAzureCredentialEnabled()) {
+    options.push('--azure-credential');
+  }
+
   const releases = [];
   if (isVscePublishEnabled()) {
     logger.log(message + ' to Visual Studio Marketplace');
@@ -64,4 +70,4 @@ module.exports = async (version, packagePath, logger, cwd) => {
   // TODO: uncomment after https://github.com/semantic-release/semantic-release/issues/2123
   // return releases;
   return releases.shift();
-};
+}

package/lib/utils.js

@@ -1,21 +1,25 @@
 // @ts-check
 
-const isOvsxPublishEnabled = () => {
+import process from 'node:process';
+
+function envToBoolean(name) {
+  return process.env[name] === 'true' || process.env[name] === '1';
+}
+
+export function isOvsxPublishEnabled() {
   return 'OVSX_PAT' in process.env;
-};
+}
 
-const isVscePublishEnabled = () => {
-  return 'VSCE_PAT' in process.env;
-};
+export function isAzureCredentialEnabled() {
+  return envToBoolean('VSCE_AZURE_CREDENTIAL');
+}
 
-const isTargetEnabled = () => {
+export function isVscePublishEnabled() {
+  return 'VSCE_PAT' in process.env || isAzureCredentialEnabled();
+}
+
+export function isTargetEnabled() {
   return (
     'VSCE_TARGET' in process.env && process.env.VSCE_TARGET !== 'universal'
   );
-};
-
-module.exports = {
-  isTargetEnabled,
-  isOvsxPublishEnabled,
-  isVscePublishEnabled,
-};
+}

package/lib/verify-ovsx-auth.js

@@ -1,9 +1,10 @@
 // @ts-check
 
-const SemanticReleaseError = require('@semantic-release/error');
-const execa = require('execa');
+import SemanticReleaseError from '@semantic-release/error';
+import { execa } from 'execa';
+import process from 'node:process';
 
-module.exports = async (logger, cwd) => {
+export async function verifyOvsxAuth(logger, cwd) {
   logger.log('Verifying authentication for ovsx');
 
   if (!process.env.OVSX_PAT) {
@@ -21,4 +22,4 @@ module.exports = async (logger, cwd) => {
       'EINVALIDOVSXPAT',
     );
   }
-};
+}

package/lib/verify-pkg.js

@@ -1,14 +1,13 @@
 // @ts-check
 
-const SemanticReleaseError = require('@semantic-release/error');
-const { readJson } = require('fs-extra');
-const fs = require('fs');
-const path = require('path');
+import SemanticReleaseError from '@semantic-release/error';
+import { pathExists, readJson } from 'fs-extra/esm';
+import { join } from 'node:path';
 
-module.exports = async (cwd) => {
-  const packagePath = path.join(cwd, './package.json');
+export async function verifyPkg(cwd) {
+  const packagePath = join(cwd, './package.json');
 
-  if (!fs.existsSync(packagePath)) {
+  if (!(await pathExists(packagePath))) {
     throw new SemanticReleaseError(
       `${packagePath} was not found. A \`package.json\` is required to release with vsce.`,
       'ENOPKG',
@@ -40,4 +39,4 @@ module.exports = async (cwd) => {
       'ENOPUBLISHER',
     );
   }
-};
+}

package/lib/verify-target.js

@@ -1,9 +1,10 @@
 // @ts-check
 
-const SemanticReleaseError = require('@semantic-release/error');
-const { isTargetEnabled } = require('./utils');
+import SemanticReleaseError from '@semantic-release/error';
+import process from 'node:process';
+import { isTargetEnabled } from './utils.js';
 
-module.exports = async () => {
+export async function verifyTarget() {
   if (!isTargetEnabled()) {
     return;
   }
@@ -16,7 +17,7 @@ module.exports = async () => {
   }
 
   if (process.env.VSCE_TARGET !== 'universal') {
-    const targets = require('@vscode/vsce/out/package').Targets;
+    const targets = (await import('@vscode/vsce/out/package.js')).Targets;
 
     // Throw if the target is not supported
     if (!targets.has(process.env.VSCE_TARGET)) {
@@ -28,4 +29,4 @@ module.exports = async () => {
       );
     }
   }
-};
+}

package/lib/verify-vsce-auth.js

@@ -1,24 +1,39 @@
 // @ts-check
 
-const SemanticReleaseError = require('@semantic-release/error');
-const execa = require('execa');
+import SemanticReleaseError from '@semantic-release/error';
+import { execa } from 'execa';
+import process from 'node:process';
+import { isAzureCredentialEnabled } from './utils.js';
 
-module.exports = async (logger, cwd) => {
-  logger.log('Verifying authentication for vsce');
+export async function verifyVsceAuth(logger, cwd) {
+  const pat = 'VSCE_PAT' in process.env && process.env.VSCE_PAT;
+  const azureCredential = isAzureCredentialEnabled();
 
-  if (!process.env.VSCE_PAT) {
+  if (!pat && !azureCredential) {
     throw new SemanticReleaseError(
-      'Empty vsce personal access token (`VSCE_PAT` environment variable) specified.',
-      'EEMPTYVSCEPAT',
+      'Neither vsce personal access token (`VSCE_PAT` environment variable) or azure credential flag (`VSCE_AZURE_CREDENTIAL` environment variable) specified.',
+      'EVSCEAUTHNOTPROVIDED',
     );
   }
 
+  if (pat && azureCredential) {
+    throw new SemanticReleaseError(
+      'Both vsce personal access token (`VSCE_PAT` environment variable) and azure credential flag (`VSCE_AZURE_CREDENTIAL` environment variable) specified. Please use only one.',
+      'EVSCEDUPLICATEAUTHPROVIDED',
+    );
+  }
+
+  const vsceArgs = ['verify-pat'];
+  if (azureCredential) {
+    vsceArgs.push('--azure-credential');
+  }
+
   try {
-    await execa('vsce', ['verify-pat'], { preferLocal: true, cwd });
+    await execa('vsce', vsceArgs, { preferLocal: true, cwd });
   } catch (e) {
     throw new SemanticReleaseError(
-      `Invalid vsce personal access token. Additional information:\n\n${e}`,
+      `Invalid vsce personal access token or azure credential. Additional information:\n\n${e}`,
       'EINVALIDVSCEPAT',
     );
   }
-};
+}

package/lib/verify.js

@@ -1,13 +1,13 @@
 // @ts-check
 
-const SemanticReleaseError = require('@semantic-release/error');
-const verifyPkg = require('./verify-pkg');
-const verifyVsceAuth = require('./verify-vsce-auth');
-const verifyOvsxAuth = require('./verify-ovsx-auth');
-const verifyTarget = require('./verify-target');
-const { isOvsxPublishEnabled, isVscePublishEnabled } = require('./utils');
+import SemanticReleaseError from '@semantic-release/error';
+import { isOvsxPublishEnabled, isVscePublishEnabled } from './utils.js';
+import { verifyOvsxAuth } from './verify-ovsx-auth.js';
+import { verifyPkg } from './verify-pkg.js';
+import { verifyTarget } from './verify-target.js';
+import { verifyVsceAuth } from './verify-vsce-auth.js';
 
-module.exports = async (pluginConfig, { logger, cwd }) => {
+export async function verify(pluginConfig, { logger, cwd }) {
   await verifyPkg(cwd);
   await verifyTarget();
 
@@ -16,7 +16,7 @@ module.exports = async (pluginConfig, { logger, cwd }) => {
     const ovsxPublishEnabled = isOvsxPublishEnabled();
     if (!vscePublishEnabled && !ovsxPublishEnabled) {
       throw new SemanticReleaseError(
-        'No personal access token was detected. Set the `VSCE_PAT` or the `OVSX_PAT` environment variable, at least one of them must be present when publish is enabled.\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing',
+        'No personal access token was detected. Set `VSCE_PAT`, `VSCE_AZURE_CREDENTIAL`, or the `OVSX_PAT` environment variable. At least one of them must be present when publish is enabled.\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing',
         'ENOPAT',
       );
     }
@@ -24,7 +24,7 @@ module.exports = async (pluginConfig, { logger, cwd }) => {
       await verifyVsceAuth(logger, cwd);
     } else {
       logger.log(
-        'Skipping verification of the vsce personal access token as the `VSCE_PAT` environment variable is not set.\n\nDid you know you can easily start publishing to Visual Studio Marketplace with `semantic-release-vsce`?\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing-to-visual-studio-marketplace',
+        'Skipping verification of the vsce personal access token as the `VSCE_PAT` or `VSCE_AZURE_CREDENTIAL` environment variables are not set.\n\nDid you know you can easily start publishing to Visual Studio Marketplace with `semantic-release-vsce`?\nLearn more at https://github.com/felipecrs/semantic-release-vsce#publishing-to-visual-studio-marketplace',
       );
     }
     if (ovsxPublishEnabled) {
@@ -35,4 +35,4 @@ module.exports = async (pluginConfig, { logger, cwd }) => {
       );
     }
   }
-};
+}

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "semantic-release-vsce",
-  "version": "5.7.3",
+  "version": "6.0.0",
   "description": "semantic-release plugin to package and publish VS Code extensions",
   "license": "MIT",
+  "type": "module",
   "engines": {
-    "node": ">=18"
+    "node": "^20.8.1 || >=22.0.0"
   },
   "repository": "https://github.com/felipecrs/semantic-release-vsce.git",
   "bugs": "https://github.com/felipecrs/semantic-release-vsce/issues",
@@ -21,10 +22,9 @@
   ],
   "main": "index.js",
   "scripts": {
-    "lint": "prettier --check . && eslint . ",
-    "release": "semantic-release",
-    "test": "nyc ava",
-    "posttest": "npm run lint && installed-check --ignore-dev --ignore=semantic-release",
+    "lint": "prettier --check . && eslint . && installed-check --ignore-dev",
+    "test": "c8 ava",
+    "posttest": "npm run lint",
     "prepare": "husky"
   },
   "ava": {
@@ -43,39 +43,38 @@
     ]
   },
   "volta": {
-    "node": "20.16.0",
-    "npm": "10.8.2"
+    "node": "22.12.0",
+    "npm": "11.0.0"
   },
   "dependencies": {
-    "@semantic-release/error": "^3.0.0",
-    "@vscode/vsce": "^2.15.0",
-    "execa": "^5.0.0",
+    "@semantic-release/error": "^4.0.0",
+    "@vscode/vsce": "^3.0.0",
+    "execa": "^9.5.2",
     "fs-extra": "^11.1.0",
-    "glob": "^10.2.1",
-    "ovsx": "^0.8.0"
+    "glob": "^11.0.0",
+    "ovsx": "^0.10.0"
   },
   "peerDependencies": {
-    "semantic-release": ">=18"
+    "semantic-release": ">=20"
   },
   "devDependencies": {
     "ava": "^6.1.2",
+    "c8": "^10.1.3",
     "conventional-changelog-conventionalcommits": "^8.0.0",
-    "eslint": "^8.7.0",
-    "eslint-config-prettier": "^9.0.0",
-    "eslint-config-standard": "^17.0.0",
-    "eslint-plugin-import": "^2.20.1",
-    "eslint-plugin-n": "^16.6.2",
-    "eslint-plugin-promise": "^6.0.0",
+    "eslint": "^9.12.0",
+    "esmock": "^2.6.9",
     "husky": "^9.0.11",
     "installed-check": "^9.0.0",
     "lint-staged": "^15.0.1",
-    "nyc": "^17.0.0",
+    "neostandard": "^0.12.0",
     "prettier": "^3.2.5",
-    "proxyquire": "^2.1.3",
     "semantic-release": "^24.0.0",
-    "sinon": "^18.0.0"
+    "sinon": "^19.0.2"
   },
   "lint-staged": {
     "**/*": "prettier --write --ignore-unknown"
+  },
+  "publishConfig": {
+    "provenance": true
   }
 }

package/release.config.js

@@ -1,4 +1,7 @@
-module.exports = {
+/**
+ * @type {import('semantic-release').GlobalConfig}
+ */
+export default {
   plugins: [
     [
       '@semantic-release/commit-analyzer',
@@ -17,6 +20,11 @@ module.exports = {
             scope: 'deps',
             release: 'patch',
           },
+          // https://github.com/semantic-release/commit-analyzer/issues/413#issuecomment-1465299187
+          {
+            breaking: true,
+            release: 'major',
+          },
         ],
       },
     ],