Skip to content

Commit b44c430

Browse files
authored
fix: replace sfdx with bundled plugin-trust (#278)
* fix: replace sfdx with bundled plugin-trust * fix: add plugin-trust as an oclif plugin
1 parent 77a6b11 commit b44c430

File tree

9 files changed

+1244
-123
lines changed

9 files changed

+1244
-123
lines changed

command-snapshot.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,11 @@
7070
"plugin": "@salesforce/plugin-release-management",
7171
"flags": ["json", "loglevel", "verbose"]
7272
},
73+
{
74+
"command": "plugins:trust:verify",
75+
"plugin": "@salesforce/plugin-trust",
76+
"flags": ["json", "loglevel", "npm", "registry"]
77+
},
7378
{
7479
"command": "repositories",
7580
"plugin": "@salesforce/plugin-release-management",

package.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
"@salesforce/command": "^3.0.5",
1414
"@salesforce/core": "^2.23.2",
1515
"@salesforce/kit": "^1.3.3",
16+
"@salesforce/plugin-trust": "^1.0.6",
1617
"@salesforce/ts-types": "^1.4.3",
1718
"@types/semver": "^7.3.6",
1819
"@types/sinon": "10.0.2",
@@ -100,6 +101,9 @@
100101
"commands": "./lib/commands",
101102
"node": "14.15.4",
102103
"bin": "sfdx",
104+
"plugins": [
105+
"@salesforce/plugin-trust"
106+
],
103107
"devPlugins": [
104108
"@oclif/plugin-help",
105109
"@oclif/plugin-command-snapshot",

src/commands/npm/lerna/release.ts

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,10 @@
66
*/
77

88
import * as os from 'os';
9+
import * as chalk from 'chalk';
910
import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
1011
import { Messages, SfdxError } from '@salesforce/core';
12+
import { PackageInfo } from '../../../repository';
1113
import { verifyDependencies } from '../../../dependencies';
1214
import { Access, isMonoRepo, LernaRepo } from '../../../repository';
1315
import { SigningResponse } from '../../../codeSigning/SimplifiedSigning';
@@ -135,7 +137,11 @@ export default class Release extends SfdxCommand {
135137

136138
if (this.flags.sign && this.flags.verify && !this.flags.dryrun) {
137139
lernaRepo.printStage('Verify Signed Packaged');
138-
lernaRepo.verifySignature(this.flags.sign);
140+
const pkgs = lernaRepo.getPkgInfo(this.flags.sign);
141+
142+
for (const pkg of pkgs) {
143+
await this.verifySign(pkg);
144+
}
139145
}
140146

141147
this.ux.log(lernaRepo.getSuccessMessage());
@@ -144,4 +150,16 @@ export default class Release extends SfdxCommand {
144150
return { name: pkg.name, version: pkg.getNextVersion() };
145151
});
146152
}
153+
154+
protected async verifySign(pkgInfo: PackageInfo): Promise<void> {
155+
const cmd = 'trust:plugins:verify';
156+
const argv = `--npm ${pkgInfo.name}@${pkgInfo.nextVersion} ${pkgInfo.registryParam}`;
157+
158+
this.ux.log(chalk.dim(`sf-release ${cmd} ${argv}`) + os.EOL);
159+
try {
160+
await this.config.runCommand(cmd, argv.split(' '));
161+
} catch (err) {
162+
throw new SfdxError(err, 'FailedCommandExecution');
163+
}
164+
}
147165
}

src/commands/npm/package/release.ts

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,11 @@
55
* For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
66
*/
77

8+
import * as os from 'os';
9+
import * as chalk from 'chalk';
810
import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
911
import { Messages, SfdxError } from '@salesforce/core';
12+
import { PackageInfo } from '../../../repository';
1013
import { verifyDependencies } from '../../../dependencies';
1114
import { Access, isMonoRepo, SinglePackageRepo } from '../../../repository';
1215
import { SigningResponse } from '../../../codeSigning/SimplifiedSigning';
@@ -124,7 +127,7 @@ export default class Release extends SfdxCommand {
124127
try {
125128
if (this.flags.sign && this.flags.verify && !this.flags.dryrun) {
126129
pkg.printStage('Verify Signed Packaged');
127-
pkg.verifySignature();
130+
await this.verifySign(pkg.getPkgInfo());
128131
}
129132
} finally {
130133
if (!this.flags.dryrun) {
@@ -140,4 +143,16 @@ export default class Release extends SfdxCommand {
140143
name: pkg.name,
141144
};
142145
}
146+
147+
protected async verifySign(pkgInfo: PackageInfo): Promise<void> {
148+
const cmd = 'trust:plugins:verify';
149+
const argv = `--npm ${pkgInfo.name}@${pkgInfo.nextVersion} ${pkgInfo.registryParam}`;
150+
151+
this.ux.log(chalk.dim(`sf-release ${cmd} ${argv}`) + os.EOL);
152+
try {
153+
await this.config.runCommand(cmd, argv.split(' '));
154+
} catch (err) {
155+
throw new SfdxError(err, 'FailedCommandExecution');
156+
}
157+
}
143158
}

src/dependencies.ts

Lines changed: 4 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,13 @@
44
* Licensed under the BSD 3-Clause license.
55
* For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
66
*/
7-
import { which } from 'shelljs';
87
import { Env } from '@salesforce/kit';
98
import { OutputFlags } from '@oclif/parser';
109

1110
// eslint-disable-next-line @typescript-eslint/no-explicit-any
1211
type Flags = OutputFlags<any>;
1312
type ConditionFn = (flags: Flags) => boolean;
14-
type DependencyType = 'bin' | 'env';
13+
type DependencyType = 'env';
1514

1615
interface Dependency {
1716
name: string;
@@ -27,11 +26,6 @@ interface Result {
2726
}
2827

2928
const DEPENDENCIES: Dependency[] = [
30-
{
31-
name: 'sfdx',
32-
type: 'bin',
33-
condition: (flags): boolean => !!flags.sign,
34-
},
3529
{
3630
name: 'AWS_ACCESS_KEY_ID',
3731
type: 'env',
@@ -64,21 +58,9 @@ export function verifyDependencies(args: Flags): { failures: number; results: Re
6458
passed: true,
6559
};
6660
if (dep.condition(args)) {
67-
switch (dep.type) {
68-
case 'bin':
69-
result.passed = !!which(dep.name);
70-
if (!result.passed) {
71-
result.message = `Install ${dep.name}`;
72-
}
73-
break;
74-
case 'env':
75-
result.passed = !!env.getString(dep.name);
76-
if (!result.passed) {
77-
result.message = `Set ${dep.name} environment variable`;
78-
}
79-
break;
80-
default:
81-
break;
61+
result.passed = !!env.getString(dep.name);
62+
if (!result.passed) {
63+
result.message = `Set ${dep.name} environment variable`;
8264
}
8365
}
8466
results.push(result);

src/repository.ts

Lines changed: 23 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,12 @@ interface VersionsByPackage {
4646
};
4747
}
4848

49+
export interface PackageInfo {
50+
name: string;
51+
nextVersion: string;
52+
registryParam: string;
53+
}
54+
4955
type PollFunction = () => boolean;
5056

5157
export async function isMonoRepo(): Promise<boolean> {
@@ -183,7 +189,7 @@ abstract class Repository extends AsyncOptionalCreatable<RepositoryOptions> {
183189
public abstract getSuccessMessage(): string;
184190
public abstract validate(): VersionValidation | VersionValidation[];
185191
public abstract prepare(options: PrepareOpts): void;
186-
public abstract verifySignature(packageNames?: string[]): void;
192+
public abstract getPkgInfo(packageNames?: string[]): PackageInfo | PackageInfo[];
187193
public abstract publish(options: PublishOpts): Promise<void>;
188194
public abstract sign(packageNames?: string[]): Promise<SigningResponse | SigningResponse[]>;
189195
public abstract waitForAvailability(): Promise<boolean>;
@@ -282,14 +288,19 @@ export class LernaRepo extends Repository {
282288
});
283289
}
284290

285-
public verifySignature(packageNames: string[]): void {
291+
public getPkgInfo(packageNames: string[]): PackageInfo[] {
286292
const packages = this.packages.filter((pkg) => packageNames.includes(pkg.name));
293+
let pkgsInfo: PackageInfo[];
294+
287295
for (const pkg of packages) {
288-
const cmd = `sfdx plugins:trust:verify --npm ${
289-
pkg.name
290-
}@${pkg.getNextVersion()} ${this.registry.getRegistryParameter()}`;
291-
this.execCommand(cmd);
296+
pkgsInfo.push({
297+
name: pkg.name,
298+
nextVersion: pkg.getNextVersion(),
299+
registryParam: this.registry.getRegistryParameter(),
300+
});
292301
}
302+
303+
return pkgsInfo;
293304
}
294305

295306
public getSuccessMessage(): string {
@@ -388,11 +399,12 @@ export class SinglePackageRepo extends Repository {
388399
return packAndSignApi.revertPackageJsonIfExists();
389400
}
390401

391-
public verifySignature(): void {
392-
const cmd = `sfdx plugins:trust:verify --npm ${this.name}@${
393-
this.nextVersion
394-
} ${this.registry.getRegistryParameter()}`;
395-
this.execCommand(cmd);
402+
public getPkgInfo(): PackageInfo {
403+
return {
404+
name: this.name,
405+
nextVersion: this.nextVersion,
406+
registryParam: this.registry.getRegistryParameter(),
407+
};
396408
}
397409

398410
public async publish(opts: PublishOpts = {}): Promise<void> {

test/dependencies.test.ts

Lines changed: 1 addition & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -8,19 +8,16 @@
88
import { expect } from 'chai';
99
import { testSetup } from '@salesforce/core/lib/testSetup';
1010
import { Env } from '@salesforce/kit';
11-
import * as shelljs from 'shelljs';
1211
import { verifyDependencies } from '../src/dependencies';
1312

1413
const $$ = testSetup();
1514

1615
describe('Dependencies', () => {
17-
it('should pass when all required env variables and bin scripts exist', () => {
16+
it('should pass when all required env variables exist', () => {
1817
$$.SANDBOX.stub(Env.prototype, 'getString').returns('foobar');
19-
$$.SANDBOX.stub(shelljs, 'which').returns('foobar' as shelljs.ShellString);
2018
const validation = verifyDependencies({ sign: true });
2119
expect(validation.failures).to.equal(0);
2220
expect(validation.results).to.deep.equal([
23-
{ name: 'sfdx', type: 'bin', passed: true },
2421
{ name: 'AWS_ACCESS_KEY_ID', type: 'env', passed: true },
2522
{ name: 'AWS_SECRET_ACCESS_KEY', type: 'env', passed: true },
2623
{ name: 'NPM_TOKEN', type: 'env', passed: true },
@@ -30,11 +27,9 @@ describe('Dependencies', () => {
3027

3128
it('should pass when required env variables are NOT set', () => {
3229
$$.SANDBOX.stub(Env.prototype, 'getString').returns(null);
33-
$$.SANDBOX.stub(shelljs, 'which').returns('foobar' as shelljs.ShellString);
3430
const validation = verifyDependencies({ sign: true });
3531
expect(validation.failures).to.equal(3);
3632
expect(validation.results).to.deep.equal([
37-
{ name: 'sfdx', type: 'bin', passed: true },
3833
{
3934
name: 'AWS_ACCESS_KEY_ID',
4035
type: 'env',
@@ -56,23 +51,4 @@ describe('Dependencies', () => {
5651
{ name: 'GH_TOKEN', type: 'env', passed: true },
5752
]);
5853
});
59-
60-
it('should pass when required bin scripts do not exist', () => {
61-
$$.SANDBOX.stub(Env.prototype, 'getString').returns('foobar');
62-
$$.SANDBOX.stub(shelljs, 'which').returns(null as shelljs.ShellString);
63-
const validation = verifyDependencies({ sign: true });
64-
expect(validation.failures).to.equal(1);
65-
expect(validation.results).to.deep.equal([
66-
{
67-
message: 'Install sfdx',
68-
name: 'sfdx',
69-
type: 'bin',
70-
passed: false,
71-
},
72-
{ name: 'AWS_ACCESS_KEY_ID', type: 'env', passed: true },
73-
{ name: 'AWS_SECRET_ACCESS_KEY', type: 'env', passed: true },
74-
{ name: 'NPM_TOKEN', type: 'env', passed: true },
75-
{ name: 'GH_TOKEN', type: 'env', passed: true },
76-
]);
77-
});
7854
});

test/repository.test.ts

Lines changed: 0 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -271,27 +271,6 @@ describe('SinglePackageRepo', () => {
271271
});
272272
});
273273

274-
describe('verifySignature', () => {
275-
beforeEach(async () => {
276-
stubMethod($$.SANDBOX, Package.prototype, 'readPackageJson').returns(
277-
Promise.resolve({ name: pkgName, version: '1.1.0' })
278-
);
279-
stubMethod($$.SANDBOX, Package.prototype, 'retrieveNpmPackage').returns({
280-
name: pkgName,
281-
version: '1.0.0',
282-
versions: ['1.0.0'],
283-
});
284-
execStub = stubMethod($$.SANDBOX, SinglePackageRepo.prototype, 'execCommand').returns('success');
285-
});
286-
287-
it('should use plugin-trust to verify that the package was signed', async () => {
288-
const repo = await SinglePackageRepo.create({ ux: uxStub });
289-
repo.verifySignature();
290-
expect(execStub.callCount).to.equal(1);
291-
expect(execStub.firstCall.args[0]).to.include('sfdx plugins:trust:verify');
292-
});
293-
});
294-
295274
describe('publish', () => {
296275
let repo: SinglePackageRepo;
297276

@@ -465,20 +444,6 @@ describe('LernaRepo', () => {
465444
});
466445
});
467446

468-
describe('verifySignature', () => {
469-
beforeEach(async () => {
470-
stubMethod($$.SANDBOX, Package.prototype, 'readPackageJson').returns(
471-
Promise.resolve({ name: pkgName, version: '1.1.0' })
472-
);
473-
});
474-
475-
it('should use plugin-trust to verify that the packages were signed', async () => {
476-
const repo = await LernaRepo.create({ ux: uxStub });
477-
repo.verifySignature([pkgName]);
478-
expect(execStub.lastCall.args[0]).to.include('sfdx plugins:trust:verify');
479-
});
480-
});
481-
482447
describe('publish', () => {
483448
let repo: LernaRepo;
484449

0 commit comments

Comments
 (0)