diff --git a/.github/workflows/ast-cli-team-review.yml b/.github/workflows/ast-cli-team-review.yml deleted file mode 100644 index e44e870..0000000 --- a/.github/workflows/ast-cli-team-review.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: add-assignee-and-reviewers - -on: - pull_request_target: - types: [ready_for_review, opened, reopened, review_requested, edited] - -permissions: - contents: read - issues: write - pull-requests: read - -jobs: - add-assignee-and-reviewers: - runs-on: cx-public-ubuntu-x64 - if: ${{ github.event.pull_request.user.type != 'Bot' }} - steps: - - name: Set up GitHub CLI - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - with: - version: latest - - - name: Authenticate GitHub CLI - env: - GH_TOKEN: ${{ secrets.AST_CLI_GH_TOKEN }} - run: gh auth status - - - name: Fetch team members - id: team - env: - GH_TOKEN: ${{ secrets.AST_CLI_GH_TOKEN }} - run: | - gh api orgs/Checkmarx/teams/ast-sypher-team/members --jq '.[].login' > team_members.txt - echo "✅ Team members:" - cat team_members.txt - - - name: Fetch current reviewers - id: reviewers - env: - GH_TOKEN: ${{ secrets.AST_CLI_GH_TOKEN }} - PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - gh pr view "$PR_NUMBER" --json reviewRequests --jq '.reviewRequests' > all_reviewers.json - - jq -r '.[] | select(.type == "User") | .login' all_reviewers.json > user_reviewers.txt - jq -r '.[] | select(.type == "Team") | .login' all_reviewers.json > team_reviewers.txt - - echo "👤 User reviewers:" - cat user_reviewers.txt || echo "None" - - echo "👥 Team reviewers:" - cat team_reviewers.txt || echo "None" - - - name: Validate reviewers are only from ast-sypher-team - run: | - INVALID_USERS=() - while read reviewer; do - if ! grep -qx "$reviewer" team_members.txt; then - INVALID_USERS+=("$reviewer") - fi - done < user_reviewers.txt || true - - INVALID_TEAMS=() - while read team; do - if [ "$team" != "ast-sypher-team" ]; then - INVALID_TEAMS+=("$team") - fi - done < team_reviewers.txt || true - - if [ ${#INVALID_USERS[@]} -gt 0 ] || [ ${#INVALID_TEAMS[@]} -gt 0 ]; then - echo "❌ Invalid reviewers detected!" - echo "Invalid users: ${INVALID_USERS[*]}" - echo "Invalid teams: ${INVALID_TEAMS[*]}" - exit 1 - fi - - echo "✅ All reviewers are valid members of the ast-sypher-team or the team itself." diff --git a/.github/workflows/auto-merge-pr.yml b/.github/workflows/auto-merge-pr.yml deleted file mode 100644 index 548bb47..0000000 --- a/.github/workflows/auto-merge-pr.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Post-Check Actions -on: [pull_request] - -permissions: - contents: read - -jobs: - dependabot-merge: - permissions: - contents: write - pull-requests: write - runs-on: cx-public-ubuntu-x64 - if: contains(github.head_ref, 'feature/update_cli') - steps: - - name: Enable auto-merge for Dependabot PRs - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh pr merge --auto --squash "$PR_URL" - - name: Auto approve dependabot PRs - uses: step-security/auto-approve-action@0c28339628c8e79ab2f6813291e7e6cd584b4d30 # v4.0.0 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ae6ab87..39bb705 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,8 +34,16 @@ jobs: uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22.11.0 - registry-url: https://npm.pkg.github.com/ + registry-url: https://npm.echohq.com/ + - name: Configure echohq auth (both hosts) + env: + ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} + run: | + npm config set //npm.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" + npm config set //packages.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" - run: npm ci + env: + ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} - name: Code Linting run: npm run lint - run: npm run build --if-present diff --git a/.github/workflows/pr-automation.yml b/.github/workflows/pr-automation.yml deleted file mode 100644 index 2c5da62..0000000 --- a/.github/workflows/pr-automation.yml +++ /dev/null @@ -1,22 +0,0 @@ -# name: PR Automation -# on: -# pull_request_target: -# types: [ready_for_review, opened, reopened] - -# permissions: -# contents: none -# issues: write -# pull-requests: write - -# jobs: -# add-reviewers: -# runs-on: ubuntu-latest -# if: ${{ github.event.pull_request.user.type != 'Bot' }} -# steps: -# - name: Request reviewers -# env: -# GH_REPO: ${{ github.repository }} -# GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} -# PRNUM: ${{ github.event.pull_request.number }} -# PRAUTHOR: ${{ github.event.pull_request.user.login }} -# run: gh pr edit $PRNUM diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e81704b..7792f44 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -101,6 +101,14 @@ jobs: node-version: 22.11.0 registry-url: https://npm.echohq.com/ + # CONFIGURE ECHOHQ AUTH + - name: Configure echohq auth (both hosts) + env: + ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} + run: | + npm config set //npm.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" + npm config set //packages.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" + # CONFIGURE GITHUB PACKAGES AUTH FOR PUBLISH - name: Configure GitHub Packages auth env: @@ -145,6 +153,8 @@ jobs: # RUN NPM INSTALL AND BUILD - name: NPM ci and build + env: + ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} run: | npm ci npm run build diff --git a/.npmrc b/.npmrc index 9990ccf..3280741 100644 --- a/.npmrc +++ b/.npmrc @@ -1,4 +1,6 @@ # Default registry for most packages registry=https://npm.echohq.com/ - +//npm.echohq.com/:_authToken= +//packages.echohq.com/:_authToken= +always-auth=true ignore-scripts=true \ No newline at end of file diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index fae1739..e62a93d 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.54 +2.3.55 diff --git a/package-lock.json b/package-lock.json index 5c5d50f..e847573 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1279,7 +1279,6 @@ "integrity": "sha512-VlJEV0fOQ7BExOsHYAGrgbEiZoi8D+Bl2+f6V2RrXerRSylnp+ZBHmPvaIa8cz0Ajx7WO7Z5RqfgYg7ED1nRhA==", "dev": true, "license": "BSD-2-Clause", - "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "5.62.0", "@typescript-eslint/types": "5.62.0", @@ -1441,7 +1440,6 @@ "integrity": "sha512-xRQbDb9BnwDafYNn6Vwl839DYVjqXYb1XVGtWAZ1kcDc6iwAL4hg3B1dZlRiuENFeO2H53gFG3in621AdERVAg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -1699,11 +1697,14 @@ } }, "node_modules/balanced-match": { - "version": "1.0.2", - "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "version": "4.0.4", + "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", "dev": true, - "license": "MIT" + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } }, "node_modules/baseline-browser-mapping": { "version": "2.10.38", @@ -1719,13 +1720,16 @@ } }, "node_modules/brace-expansion": { - "version": "2.0.3", - "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/brace-expansion/-/brace-expansion-2.0.3.tgz", - "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==", + "version": "5.0.7", + "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/brace-expansion/-/brace-expansion-5.0.7.tgz", + "integrity": "sha512-7oFy703dxfY3/NLxC1fh2SUCQ0H9rmAY+5EpDVfXjUTTs+HEwR2nYaqLv+GWcTsumwxPfiz6CzCNkwXwBUwqCA==", "dev": true, "license": "MIT", "dependencies": { - "balanced-match": "^1.0.0" + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" } }, "node_modules/braces": { @@ -1761,7 +1765,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "baseline-browser-mapping": "^2.10.38", "caniuse-lite": "^1.0.30001799", @@ -2213,7 +2216,6 @@ "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint/eslintrc": "^1.0.3", "@humanwhocodes/config-array": "^0.6.0", @@ -2718,21 +2720,6 @@ "dev": true, "license": "ISC" }, - "node_modules/fsevents": { - "version": "2.3.3", - "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/fsevents/-/fsevents-2.3.3.tgz", - "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", - "dev": true, - "hasInstallScript": true, - "license": "MIT", - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, "node_modules/function-bind": { "version": "1.1.2", "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/function-bind/-/function-bind-1.1.2.tgz", @@ -3196,7 +3183,6 @@ "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@jest/core": "^29.7.0", "@jest/types": "^29.6.3", @@ -4165,9 +4151,9 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "4.2.0", - "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/js-yaml/-/js-yaml-4.2.0.tgz", - "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==", + "version": "4.3.0", + "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/js-yaml/-/js-yaml-4.3.0.tgz", + "integrity": "sha512-1td788aAnnZ5qs7V2QIRl1owjtYpbKt749Y3xauqQgwIIGF/xXWz1wMTEBx5O3LK3lXLVuqXPdPxj2BoFHaW9Q==", "dev": true, "funding": [ { @@ -5514,7 +5500,6 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", - "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/package.json b/package.json index 19d2f8b..3e95b18 100644 --- a/package.json +++ b/package.json @@ -44,10 +44,10 @@ "flatted": "^3.4.2", "picomatch": "2.3.2", "serialize-javascript": "6.0.2", - "brace-expansion": "2.0.3", + "brace-expansion": "5.0.7", "lodash": "4.18.0", "uuid": "14.0.0", - "js-yaml": "4.2.0" + "js-yaml": "4.3.0" }, "publishConfig": { "registry": "https://npm.pkg.github.com" diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux index 85f008e..452bd05 100755 --- a/src/main/wrapper/resources/cx-linux +++ b/src/main/wrapper/resources/cx-linux @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:776d9864c0104e1d0023641ef931bd1c58478cf56768ce77f2bfbfd6e9e64493 -size 80568482 +oid sha256:d76d1d464af46b0dc5976f8c79560344d86e1641b6eb1959e7a8120f5eab7293 +size 83103906 diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac index e137bc6..951f21f 100755 --- a/src/main/wrapper/resources/cx-mac +++ b/src/main/wrapper/resources/cx-mac @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:df4a2d6b72936afa65df8730f0ee491f6d518286421063f50df2e48d3d5b56f9 -size 160422432 +oid sha256:2a777f54cae91dc22e27dead84734ef5e84107011c9ffde441be988b9c25ac86 +size 165550656 diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe index f2f6b69..7d3cbb8 100644 --- a/src/main/wrapper/resources/cx.exe +++ b/src/main/wrapper/resources/cx.exe @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c7227ac9dd89f344c12629d367774a2428595b3daff0a2e710981d924f13dbf4 -size 82488128 +oid sha256:8c9bf6f587910590eebde2364f19c4884f814561afbcdfcc9be3f038fdfc1199 +size 85082432