From ec985c84ef7d6d8cfdc9bc93febc39bc00f75cf6 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 15:47:31 -0400 Subject: [PATCH 01/31] ci: consolidate and refactor workflow --- .github/workflows/ci.yml | 23 ------------ .github/workflows/release.yml | 67 ----------------------------------- 2 files changed, 90 deletions(-) delete mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index e2eefb8..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: CI - -on: - pull_request: - -permissions: - contents: read # for checkout - -jobs: - commitlint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Fetch full history to check commit differences - - name: Set up Node.js - uses: actions/setup-node@v4 - with: - node-version: '22.x' - - name: Install dependencies - run: npm ci - - name: Validate all commits from push - run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index ba59243..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Release - -on: - pull_request: - branches: - - main - - next - - beta - - alpha - workflow_run: - workflows: ["CI"] # The name of the CI workflow - types: - - completed - -permissions: - contents: read # for checkout - -jobs: - release: - if: | - github.event_name == 'pull_request' && - github.ref == 'refs/heads/main' || - github.ref == 'refs/heads/next' || - github.ref == 'refs/heads/beta' || - github.ref == 'refs/heads/alpha' || - (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') - runs-on: ubuntu-latest - permissions: - contents: write # to be able to publish a GitHub release - issues: write # to be able to comment on released issues - pull-requests: write # to be able to comment on released pull requests - id-token: write # to enable use of OIDC for npm provenance - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - # Note: Automatically populated GITHUB_TOKEN cannot be used if branch protection is enabled - # for the target branch. If the risk is acceptable, some extra configuration is needed. The - # actions/checkout persist-credentials option needs to be false, otherwise the generated - # GITHUB_TOKEN will interfere with the custom one. - # ref: https://github.com/semantic-release/semantic-release/blob/master/docs/recipes/ci-configurations/github-actions.md#pushing-packagejson-changes-to-your-repository - persist-credentials: false - - name: Set up Node.js - uses: actions/setup-node@v4 - with: - node-version: '22.x' - registry-url: 'https://npm.pkg.github.com' - scope: '@mitre-attack' - - name: Install - run: npm clean-install - - name: Build - run: npm run build - - name: Test - run: npm run test - - name: Upload test logs - uses: actions/upload-artifact@v4 - if: always() - with: - name: test-logs - path: .test-logs/ - - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies - run: npm audit signatures - - name: Release - run: npx semantic-release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 3741f0a9ac7c7cfd0678c6988ddde4cd7768279b Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 15:48:06 -0400 Subject: [PATCH 02/31] ci: consolidate and refactor workflow --- .github/workflows/ci.yml | 97 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..fe063f0 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,97 @@ +name: CI and Release + +on: + push: + branches: + - main + - next + - beta + - alpha + - '*.*.x' # Matches branches like '1.2.x', '2.3.x' + - '*.x' # Matches branches like '1.x', '2.x' + pull_request: + branches: + - main + - next + - beta + - alpha + - '*.*.x' # Matches PRs targeting '1.2.x', '2.3.x' + - '*.x' # Matches PRs targeting '1.x', '2.x' + +permissions: + contents: read + +jobs: + # Job 1: Commit Linting + commitlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Fetch full history to check commit differences + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' + - name: Install dependencies + run: npm ci + - name: Validate all commits + run: npx commitlint --from ${{ github.event.pull_request.base.sha || github.event.before }} --to ${{ github.event.pull_request.head.sha || github.sha }} --verbose + + # Job 2: Build and Test + build: + runs-on: ubuntu-latest + needs: [commitlint] + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' + - name: Install + run: npm ci + - name: Build + run: npm run build + - name: Test + run: npm run test + - name: Upload test logs + uses: actions/upload-artifact@v4 + if: always() + with: + name: test-logs + path: .test-logs/ + - name: Verify integrity of dependencies + run: npm audit signatures + + # Job 3: Publish + publish: + needs: [build] + runs-on: ubuntu-latest + permissions: + contents: write # To publish a GitHub release + issues: write # To comment on released issues + pull-requests: write # To comment on released pull requests + id-token: write # To enable OIDC for npm provenance + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + persist-credentials: false + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' + registry-url: 'https://npm.pkg.github.com' + scope: '@mitre-attack' + - name: Semantic Release + uses: cycjimmy/semantic-release-action@v2 + with: + extra_plugins: | + @semantic-release/git + @semantic-release/exec + @semantic-release/changelog + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c58afbdc4d39e7d5cb83e91d7ef831b6cd6f2de6 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 15:54:16 -0400 Subject: [PATCH 03/31] ci: upgrade semantic-release-action plugin to v4 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fe063f0..0b04336 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: registry-url: 'https://npm.pkg.github.com' scope: '@mitre-attack' - name: Semantic Release - uses: cycjimmy/semantic-release-action@v2 + uses: cycjimmy/semantic-release-action@v4 with: extra_plugins: | @semantic-release/git From 72fbc708a54ce86625285c4cd8a5065faa50fe42 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 16:03:30 -0400 Subject: [PATCH 04/31] ci: change semantic-release plugins --- .github/workflows/ci.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0b04336..67feabf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,8 +90,9 @@ jobs: uses: cycjimmy/semantic-release-action@v4 with: extra_plugins: | - @semantic-release/git - @semantic-release/exec - @semantic-release/changelog + @semantic-release/commit-analyzer + @semantic-release/release-notes-generator + @semantic-release/npm + @semantic-release/github env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 73663d399fb395b6e91d650d1ab28eaa1b44cb03 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 16:13:45 -0400 Subject: [PATCH 05/31] test(ci): identifying reason for no files found in .test-logs/ --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67feabf..221d937 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,12 +56,14 @@ jobs: run: npm run build - name: Test run: npm run test + - name: List test logs + run: ls -la .test-logs/ - name: Upload test logs uses: actions/upload-artifact@v4 if: always() with: name: test-logs - path: .test-logs/ + path: .test-logs/** - name: Verify integrity of dependencies run: npm audit signatures From 6645e65b74639d9d5685370ec68bdfcbba80193d Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 16:17:07 -0400 Subject: [PATCH 06/31] fix(ci): add include-hidden-files option to "Upload test logs" step --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 221d937..aaa5b09 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,6 +64,7 @@ jobs: with: name: test-logs path: .test-logs/** + include-hidden-files: true - name: Verify integrity of dependencies run: npm audit signatures From 2687c245fdd894f4005ca0be49526b66b2d54505 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 16:25:55 -0400 Subject: [PATCH 07/31] fix(ci): replace cycjimmy/semantic-release-action@v4 plugin with manual commands --- .github/workflows/ci.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aaa5b09..a8bc276 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,13 +89,19 @@ jobs: node-version: '22.x' registry-url: 'https://npm.pkg.github.com' scope: '@mitre-attack' + # - name: Semantic Release + # uses: cycjimmy/semantic-release-action@v4 + # with: + # extra_plugins: | + # @semantic-release/commit-analyzer + # @semantic-release/release-notes-generator + # @semantic-release/npm + # @semantic-release/github + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies + run: npm audit signatures - name: Semantic Release - uses: cycjimmy/semantic-release-action@v4 - with: - extra_plugins: | - @semantic-release/commit-analyzer - @semantic-release/release-notes-generator - @semantic-release/npm - @semantic-release/github + run: npx semantic-release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From de4abf0753996fa7c9711436f3880f218893878a Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Fri, 18 Oct 2024 16:29:30 -0400 Subject: [PATCH 08/31] fix(ci): add missing steps to publish job --- .github/workflows/ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a8bc276..f64e2a3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,7 +99,11 @@ jobs: # @semantic-release/github # env: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies + - name: Install + run: npm clean-install + - name: Build + run: npm run build + - name: Verify Provenance run: npm audit signatures - name: Semantic Release run: npx semantic-release From 15304fcd4410ca00d15dc12e8fd92280ba7348e4 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 09:05:57 -0400 Subject: [PATCH 09/31] style(ci): format ci.yml workflow file --- .github/workflows/ci.yml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f64e2a3..af53d2e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,12 +29,15 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 # Fetch full history to check commit differences + - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '22.x' + - name: Install dependencies run: npm ci + - name: Validate all commits run: npx commitlint --from ${{ github.event.pull_request.base.sha || github.event.before }} --to ${{ github.event.pull_request.head.sha || github.sha }} --verbose @@ -46,18 +49,24 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '22.x' + - name: Install run: npm ci + - name: Build run: npm run build + - name: Test run: npm run test + - name: List test logs run: ls -la .test-logs/ + - name: Upload test logs uses: actions/upload-artifact@v4 if: always() @@ -65,6 +74,7 @@ jobs: name: test-logs path: .test-logs/** include-hidden-files: true + - name: Verify integrity of dependencies run: npm audit signatures @@ -83,28 +93,23 @@ jobs: with: fetch-depth: 0 persist-credentials: false + - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '22.x' registry-url: 'https://npm.pkg.github.com' scope: '@mitre-attack' - # - name: Semantic Release - # uses: cycjimmy/semantic-release-action@v4 - # with: - # extra_plugins: | - # @semantic-release/commit-analyzer - # @semantic-release/release-notes-generator - # @semantic-release/npm - # @semantic-release/github - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Install run: npm clean-install + - name: Build run: npm run build + - name: Verify Provenance run: npm audit signatures + - name: Semantic Release run: npx semantic-release env: From a9d140139c5d69923648403162ed5da5f84e93e5 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 09:29:45 -0400 Subject: [PATCH 10/31] fix(ci): remove redundant build step --- .github/workflows/ci.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index af53d2e..6db9e88 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 # Fetch full history to check commit differences - + - name: Set up Node.js uses: actions/setup-node@v4 with: @@ -101,16 +101,13 @@ jobs: registry-url: 'https://npm.pkg.github.com' scope: '@mitre-attack' - - name: Install + - name: Install dependencies run: npm clean-install - - name: Build - run: npm run build - - - name: Verify Provenance + - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures - - name: Semantic Release - run: npx semantic-release + - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: npx semantic-release From ba034545a9ac50e9198ed0253a96ef620ce9468f Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 09:49:41 -0400 Subject: [PATCH 11/31] fix(ci): allow semantic-release to skip husky git hooks --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6db9e88..2676a2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -110,4 +110,5 @@ jobs: - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + HUSKY_SKIP_HOOKS: '1' run: npx semantic-release From 15f992ccafd0e45bc13d1382bd32462a0f8bf570 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 10:03:15 -0400 Subject: [PATCH 12/31] fix(ci): add packages:write scope to ci workflow --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2676a2a..a283db0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -84,6 +84,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: write # To publish a GitHub release + packages: write # To publish to GitHub Package registry issues: write # To comment on released issues pull-requests: write # To comment on released pull requests id-token: write # To enable OIDC for npm provenance From ea649490602b324fec522e9a340a0cd2f4c0575f Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 10:16:44 -0400 Subject: [PATCH 13/31] fix(package.json): correct formatting of repository.url --- package.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/package.json b/package.json index b2c5dfe..86fb419 100644 --- a/package.json +++ b/package.json @@ -19,8 +19,7 @@ "email": "attack@mitre.org" }, "repository": { - "type": "git", - "url": "https://github.com/mitre-attack/attack-data-model.git" + "url": "git+https://github.com/mitre-attack/attack-data-model.git" }, "publishConfig": { "registry": "https://npm.pkg.github.com/" From 7c4323b7731290d0d459c4ad43acd1d77770517c Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 10:17:12 -0400 Subject: [PATCH 14/31] fix(ci): add NPM_TOKEN to semantic-release --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a283db0..1eca5a1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,5 +111,6 @@ jobs: - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} HUSKY_SKIP_HOOKS: '1' run: npx semantic-release From fbc6e96313cf1a8b0f54a7fd2effca983d110874 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 10:21:42 -0400 Subject: [PATCH 15/31] fix(ci): rename build job to test --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1eca5a1..c225832 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: run: npx commitlint --from ${{ github.event.pull_request.base.sha || github.event.before }} --to ${{ github.event.pull_request.head.sha || github.sha }} --verbose # Job 2: Build and Test - build: + test: runs-on: ubuntu-latest needs: [commitlint] steps: @@ -80,7 +80,7 @@ jobs: # Job 3: Publish publish: - needs: [build] + needs: [test] runs-on: ubuntu-latest permissions: contents: write # To publish a GitHub release From 0d359c8922e4fe8494797529678f864f5b5e264b Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 10:45:46 -0400 Subject: [PATCH 16/31] feat(ci): trigger build From 8cc28024ebc0e6a0321045a71cc8c2352ccb71b9 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 10:56:36 -0400 Subject: [PATCH 17/31] fix(ci): install only prod deps during publish job to stop Husky x semantic-release conflict --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c225832..b5e83b1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,7 +103,7 @@ jobs: scope: '@mitre-attack' - name: Install dependencies - run: npm clean-install + run: npm clean-install --only=production - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures From e1f83bff436bbf1b58192846a64bfeaa2fbccce9 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:20:56 -0400 Subject: [PATCH 18/31] fix(ci): add HUSKY=0 in publish job to disable husky --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5e83b1..203b0e3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,6 +104,8 @@ jobs: - name: Install dependencies run: npm clean-install --only=production + env: + HUSKY: '0' # Disable Husky installation - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures @@ -112,5 +114,5 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - HUSKY_SKIP_HOOKS: '1' + HUSKY: 0 # Temporarily disables all Git hooks run: npx semantic-release From 026e24742805181a6eaf86ef6a5a37954527ee52 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:24:37 -0400 Subject: [PATCH 19/31] fix(ci): change flag that handles omitting dev dependencies from the install --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 203b0e3..34cdcd8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,7 +103,7 @@ jobs: scope: '@mitre-attack' - name: Install dependencies - run: npm clean-install --only=production + run: npm clean-install --omit=dev env: HUSKY: '0' # Disable Husky installation From 669a73232cbfac5f4f5009c904b21af90dfd572c Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:30:39 -0400 Subject: [PATCH 20/31] fix(husky): use script-based workflow for installing husky to support ci integration --- .github/workflows/ci.yml | 4 +--- .husky/install.mjs | 6 ++++++ package.json | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 .husky/install.mjs diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 34cdcd8..d52c1c0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,9 +103,7 @@ jobs: scope: '@mitre-attack' - name: Install dependencies - run: npm clean-install --omit=dev - env: - HUSKY: '0' # Disable Husky installation + run: npm clean-install - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures diff --git a/.husky/install.mjs b/.husky/install.mjs new file mode 100644 index 0000000..0bf841c --- /dev/null +++ b/.husky/install.mjs @@ -0,0 +1,6 @@ +// Skip Husky install in production and CI +if (process.env.NODE_ENV === 'production' || process.env.CI === 'true') { + process.exit(0); +} +const husky = (await import('husky')).default; +console.log(husky()); \ No newline at end of file diff --git a/package.json b/package.json index 86fb419..c7d81d1 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "test:interactive": "vitest", "export": "npm pack", "clean": "rm -rf test/**/*.js test/**/*.js.map test/**/*.d.ts test/**/*.ts.map src/**/*.js src/**/*.js.map src/**/*.d.ts", - "prepare": "husky", + "prepare": "node .husky/install.mjs", "lint": "npx eslint src", "lint:fix": "npm run lint -- --fix", "prettier": "npx prettier src --check", From cb6a9a71ef9f1a7ab686bf7fdad0a50ef2f92aa5 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:40:08 -0400 Subject: [PATCH 21/31] fix(ci): remove NPM_TOKEN from publish job --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d52c1c0..58b2de8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,6 +111,6 @@ jobs: - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + # NPM_TOKEN: ${{ secrets.NPM_TOKEN }} DO NOT USE HUSKY: 0 # Temporarily disables all Git hooks run: npx semantic-release From fdfabd14f702e234823e28ef77cebc86284a3db3 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:47:08 -0400 Subject: [PATCH 22/31] fix(package-lock): synchronize version property --- package-lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9c17002..6945d04 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@mitre-attack/attack-data-model", - "version": "1.0.0-rc.1", + "version": "0.0.0-semantically-released", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@mitre-attack/attack-data-model", - "version": "1.0.0-rc.1", + "version": "0.0.0-semantically-released", "license": "APACHE-2.0", "dependencies": { "axios": "^1.7.5", From e765a7c83537bf2a550314d85b01f9043db65d40 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:52:16 -0400 Subject: [PATCH 23/31] fix(husky): try simplifying npm prepare script --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c7d81d1..6ec0a8b 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "test:interactive": "vitest", "export": "npm pack", "clean": "rm -rf test/**/*.js test/**/*.js.map test/**/*.d.ts test/**/*.ts.map src/**/*.js src/**/*.js.map src/**/*.d.ts", - "prepare": "node .husky/install.mjs", + "prepare": "husky || true", "lint": "npx eslint src", "lint:fix": "npm run lint -- --fix", "prettier": "npx prettier src --check", From b760ba517b2994d78e5eb738308ef6f8e05fb968 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:06:07 -0400 Subject: [PATCH 24/31] build: add .npmrc config --- .npmrc | 1 + 1 file changed, 1 insertion(+) create mode 100644 .npmrc diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..6ebb15c --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +@mitre-attack:registry=https://npm.pkg.github.com \ No newline at end of file From e72f6202a803df22d9eb84d88b27befb62da9945 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:09:25 -0400 Subject: [PATCH 25/31] fix(husky): remove install script --- .husky/install.mjs | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 .husky/install.mjs diff --git a/.husky/install.mjs b/.husky/install.mjs deleted file mode 100644 index 0bf841c..0000000 --- a/.husky/install.mjs +++ /dev/null @@ -1,6 +0,0 @@ -// Skip Husky install in production and CI -if (process.env.NODE_ENV === 'production' || process.env.CI === 'true') { - process.exit(0); -} -const husky = (await import('husky')).default; -console.log(husky()); \ No newline at end of file From d5246205df516e5b5fc4750d052d22b29603c6ef Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:14:57 -0400 Subject: [PATCH 26/31] fix(semantic-release): test removing semantic-release/npm plugin --- .releaserc | 1 - 1 file changed, 1 deletion(-) diff --git a/.releaserc b/.releaserc index f93a507..5bf1dd9 100644 --- a/.releaserc +++ b/.releaserc @@ -2,7 +2,6 @@ "plugins": [ "@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", - "@semantic-release/npm", "@semantic-release/github" ] } \ No newline at end of file From ed921b877321abeca130c8128082c28c41960c01 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:49:39 -0400 Subject: [PATCH 27/31] fix(semantic-release): test restoring semantic-release/npm plugin --- .releaserc | 1 + 1 file changed, 1 insertion(+) diff --git a/.releaserc b/.releaserc index 5bf1dd9..f93a507 100644 --- a/.releaserc +++ b/.releaserc @@ -2,6 +2,7 @@ "plugins": [ "@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", + "@semantic-release/npm", "@semantic-release/github" ] } \ No newline at end of file From ffe4c6041fecd66bf2b7da7db734b2c4a0b6c7da Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:57:21 -0400 Subject: [PATCH 28/31] fix(ci): try using GH_TOKEN instead of GITHUB_TOKEN --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58b2de8..04df31b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -110,7 +110,7 @@ jobs: - name: Release env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # NPM_TOKEN: ${{ secrets.NPM_TOKEN }} DO NOT USE HUSKY: 0 # Temporarily disables all Git hooks run: npx semantic-release From e53c7bfa54d3c5f4007a41f47c9a587ad48ddb88 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 13:11:18 -0400 Subject: [PATCH 29/31] fix(package.json): update repository proeprty --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 6ec0a8b..c9f06c2 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,8 @@ "email": "attack@mitre.org" }, "repository": { - "url": "git+https://github.com/mitre-attack/attack-data-model.git" + "type": "git", + "url": "https://github.com/mitre-attack/attack-data-model.git" }, "publishConfig": { "registry": "https://npm.pkg.github.com/" From f7dfc8c275d81db707ef104b50b29326f546caac Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 13:11:39 -0400 Subject: [PATCH 30/31] fix(ci): add NODE_AUTH_TOKEN to publish job --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04df31b..424e9aa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,6 +104,8 @@ jobs: - name: Install dependencies run: npm clean-install + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies run: npm audit signatures @@ -111,6 +113,7 @@ jobs: - name: Release env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # NPM_TOKEN: ${{ secrets.NPM_TOKEN }} DO NOT USE HUSKY: 0 # Temporarily disables all Git hooks run: npx semantic-release From f8144a16f95f68c0a957f4e6f254e442e2537af4 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 21 Oct 2024 13:17:05 -0400 Subject: [PATCH 31/31] fix(ci): restore GITHUB_TOKEN on release step --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 424e9aa..61383e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,6 +112,7 @@ jobs: - name: Release env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # NPM_TOKEN: ${{ secrets.NPM_TOKEN }} DO NOT USE