diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index 37f98b18..735f6162 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -4,13 +4,13 @@ on: pull_request: permissions: - id-token: write contents: write pull-requests: write - checks: write jobs: - pull-request-auto-merge: + auto-merge: + if: github.event.pull_request.draft == false + runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 237f13f8..8a8bdb3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,16 +9,6 @@ on: workflow_dispatch: -permissions: - actions: read - checks: write - contents: none - deployments: none - issues: none - packages: none - repository-projects: none - statuses: write - jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 07a116c3..8be0b073 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,24 +20,16 @@ on: schedule: - cron: '34 3 * * 1' -permissions: - actions: read - checks: write - contents: none - deployments: none - issues: none - packages: none - repository-projects: none - statuses: write jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: + security-events: write + packages: read actions: read contents: read - security-events: write strategy: fail-fast: false diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml new file mode 100644 index 00000000..d50760bc --- /dev/null +++ b/.github/workflows/create-release-pr.yml @@ -0,0 +1,119 @@ +name: Create Release Pull Request +description: Create a pull request to release a new version + +on: + workflow_dispatch: + inputs: + version: + description: 'Version type' + required: true + type: choice + options: + - patch + - minor + - major + +jobs: + create-release-pr: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: Configure Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + + - name: Setup Node.js + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 + with: + node-version: 'lts/*' + check-latest: true + package-manager-cache: false + + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + with: + run_install: | + - recursive: true + args: [--no-frozen-lockfile] + + # No need to install dependencies - npm version works without them + - name: Version bump + id: version + run: | + VERSION=$(pnpm version "$VERSION_TYPE" --no-git-tag-version) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + pnpm --recursive exec pnpm pkg set version=$(node -p "JSON.parse(fs.readFileSync('package.json', 'utf8')).version") + env: + VERSION_TYPE: ${{ github.event.inputs.version }} + + - name: Get release notes + id: release-notes + run: | + # Get the default branch + DEFAULT_BRANCH=$(gh api "repos/$GITHUB_REPOSITORY" --jq '.default_branch') + + # Get the latest release tag using GitHub API + # Use the exit code to determine if a release exists + if LAST_TAG=$(gh api "repos/$GITHUB_REPOSITORY/releases/latest" --jq '.tag_name' 2>/dev/null); then + echo "Previous release found: $LAST_TAG" + else + LAST_TAG="" + echo "No previous releases found - this will be the first release" + fi + + # Generate release notes - only include previous_tag_name if we have a valid previous tag + echo "Generating release notes for tag: $VERSION" + if [ -n "$LAST_TAG" ]; then + echo "Using previous tag: $LAST_TAG" + RELEASE_NOTES=$(gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + "/repos/$GITHUB_REPOSITORY/releases/generate-notes" \ + -f "tag_name=$VERSION" \ + -f "target_commitish=$DEFAULT_BRANCH" \ + -f "previous_tag_name=$LAST_TAG" \ + --jq '.body') + else + echo "Generating notes from all commits" + RELEASE_NOTES=$(gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + "/repos/$GITHUB_REPOSITORY/releases/generate-notes" \ + -f "tag_name=$VERSION" \ + -f "target_commitish=$DEFAULT_BRANCH" \ + --jq '.body') + fi + + # Set release notes as environment variable + echo "RELEASE_NOTES<> "$GITHUB_OUTPUT" + echo "$RELEASE_NOTES" >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ github.token }} + VERSION: ${{ steps.version.outputs.version }} + GITHUB_REPOSITORY: ${{ github.repository }} + + - name: Create Pull Request + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + env: + RELEASE_NOTES: ${{ steps.release-notes.outputs.RELEASE_NOTES }} + VERSION: ${{ steps.version.outputs.version }} + with: + branch: release/${{ steps.version.outputs.version }} + delete-branch: true + title: "Release ${{ steps.version.outputs.version }}" + body: | + ${{ env.RELEASE_NOTES }} + commit-message: "chore: release ${{ steps.version.outputs.version }}" + labels: | + Type: Release + assignees: ${{ github.actor }} + draft: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1a02c5d5..25aceb7f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,56 +1,60 @@ name: Automatic release on: - release: + pull_request: + branches: + - master + - main types: - - published + - closed workflow_dispatch: -permissions: - actions: read - checks: write - contents: none - deployments: none - issues: none - packages: none - repository-projects: none - statuses: write - jobs: release: + if: | + github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'Type: Release') + permissions: + contents: write + id-token: write # OIDC + pull-requests: write # PR comment + name: check version, add tag and release runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v5 + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - - name: setup Node + - name: Setup Node uses: actions/setup-node@v5 - env : - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} with: - node-version: 22.x + node-version: 'lts/*' registry-url: 'https://registry.npmjs.org' - scope : 'appstore-connect-jwt-generator-clie' - always-auth : true + scope : 'appstore-connect-jwt-generator-core' package-manager-cache: false - - uses: pnpm/action-setup@v4 - name: Install pnpm + - name: Can Publish + run : npx can-npm-publish --verbose + working-directory: package + + - name: Install latest npm + run: | + echo "Current npm version: $(npm -v)" + npm install -g npm@latest + echo "Updated npm version: $(npm -v)" + + - name: Install pnpm + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 with: run_install: | - recursive: true args: [--no-frozen-lockfile] - - - name: Can Publish - run : npx can-npm-publish --verbose - env : - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - name: Build run : pnpm build - env : - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + working-directory: package + - name: Publish - run : npm publish --access=public - env : - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} \ No newline at end of file + run : pnpm -r publish --no-git-checks --access public --provenance + working-directory: package diff --git a/README.md b/README.md index 4f87a342..6958cfe0 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,18 @@ [![npm version](https://badge.fury.io/js/appstore-connect-jwt-generator-cli.svg)](https://badge.fury.io/js/appstore-connect-jwt-generator-cli) -## Install +## Useage + +### Run using npx without global installation + +```sh +npx -y appstore-connect-jwt-generator-cli@latest \ + --cert "${APP_STORE_CONNECT_PRIVATE_KEY}" \ + --keyId "${APP_STORE_CONNECT_API_KEY_ID}" \ + --issuerId "${APP_STORE_CONNECT_ISSURE_ID}" +``` + +### Install globally and run ```sh npm i -g appstore-connect-jwt-generator-cli @@ -14,8 +25,14 @@ or yarn global add appstore-connect-jwt-generator-cli ``` -## Usage +or + +```sh +pnpm add -g appstore-connect-jwt-generator-cli +``` ```sh -jwt-gen --cert ${APP_STORE_CONNECT_PRIVATE_KEY} --keyId ${APP_STORE_CONNECT_API_KEY_ID} --issuerId ${APP_STORE_CONNECT_ISSURE_ID} +jwt-gen --cert "${APP_STORE_CONNECT_PRIVATE_KEY}" \ + --keyId "${APP_STORE_CONNECT_API_KEY_ID}" \ + --issuerId "${APP_STORE_CONNECT_ISSURE_ID}" ``` diff --git a/bin/cli.js b/bin/cli.js old mode 100644 new mode 100755 diff --git a/package.json b/package.json index 8b22409b..c79fd8a3 100644 --- a/package.json +++ b/package.json @@ -5,20 +5,23 @@ "license": "MIT", "private": false, "homepage": "https://github.com/poad/appstore-connect-jwt-generator-cli#readme", + "main": "bin/index.js", "bin": { - "jwt-gen": "bin/index.js" + "jwt-gen": "./bin/cli.js", + "appstore-jwt-gen": "./bin/cli.js" }, - "main": "bin/cli.js", "type": "module", "repository": { "type": "git", "url": "git+https://github.com/poad/appstore-connect-jwt-generator-cli.git" }, "keywords": [ - "jwt", "appstore", + "jwt", + "api", "cli" ], + "preferGlobal": false, "scripts": { "test": "vitest run --silent=false --coverage --passWithNoTests", "clean": "tsc --build --clean", @@ -55,7 +58,7 @@ "vitest": "^3.2.4" }, "dependencies": { - "appstore-connect-jwt-generator-core": "^2.0.1", + "appstore-connect-jwt-generator-core": "^2.0.2", "arg": "^5.0.2", "chalk": "^5.6.2", "chalk-template": "^1.1.2", @@ -63,7 +66,8 @@ }, "files": [ "package.json", - "bin/*" + "bin/*", + "README.md" ], "exports": { ".": { @@ -74,7 +78,6 @@ "engines": { "npm": "use pnpm please!", "yarn": "use pnpm please!", - "pnpm": ">=8.7.1", "node": ">=22.0.0" }, "publishConfig": {