NOUIY · pull · Nov 29, 2023 · Nov 29, 2023 · Dec 4, 2023 · Dec 8, 2023
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,7 +1,27 @@
 version: 2.1
 
 orbs:
-  prodsec: snyk/[email protected]
+  prodsec: snyk/prodsec-orb@1
+
+commands:
+  install:
+    steps:
+      - run:
+          name: Install
+          command: npm ci
+
+jobs:
+  security-scans:
+    resource_class: small
+    docker:
+      - image: cimg/node:lts
+    steps:
+      - checkout
+      - install
+      - prodsec/security_scans:
+          mode: auto
+          open-source-additional-arguments: --exclude=mocked_data
+          iac-scan: disabled
 
 workflows:
   version: 2
@@ -11,4 +31,11 @@ workflows:
           name: Scan repository for secrets
           context:
             - snyk-bot-slack
-          channel: hammerhead-alerts
+          channel: snyk-on-snyk-devex_ide
+          filters:
+            branches:
+              ignore:
+                - main
+
+      - security-scans:
+          context: devex_ide
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -53,6 +53,9 @@
     "no-continue": "off",
     "@typescript-eslint/restrict-template-expressions": "off",
     "@typescript-eslint/no-unsafe-assignment": "warn",
+    "@typescript-eslint/no-explicit-any": "warn",
+    "@typescript-eslint/no-redundant-type-constituents": "warn",
+    "@typescript-eslint/no-unsafe-enum-comparison": "warn",
     "import/no-extraneous-dependencies": "off",
     "no-useless-constructor": "off",
     "@typescript-eslint/no-useless-constructor": ["error"],

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,5 +1 @@
-* @snyk/hammerhead
-src/snyk/common/services/learnService.ts @snyk/owl
-src/test/unit/common/services/learnService.test.ts @snyk/owl
-src/snyk/snykCode/codeSettings.ts @snyk/hammerhead @snyk/zenith @snyk/nebula
-src/test/unit/snykCode/codeSettings.test.ts @snyk/hammerhead @snyk/zenith @snyk/nebula
+* @snyk/ide
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -2,11 +2,9 @@ name: CI
 on:
   pull_request:
     branches:
-      - main
+      - 'main'
   workflow_call:
-    secrets:
-      ITERATIVELY_KEY:
-        required: true
+
 jobs:
   build:
     name: Build and Test
@@ -21,7 +19,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v2
         with:
-          node-version: '14'
+          node-version: '18'
 
       - name: Cache NPM files
         uses: actions/cache@v2
@@ -42,3 +40,14 @@ jobs:
 
       - name: Run unit tests
         run: npm run test:unit
+
+      - name: Run integration tests
+        run: |
+          sudo apt-get install xvfb
+          xvfb-run --auto-servernum npm run test:integration
+        if: runner.os == 'Linux'
+      - name: Run integration tests
+        run: npm run test:integration
+        if: runner.os != 'Linux'
+
+
diff --git a/.github/workflows/readme-sync.yaml b/.github/workflows/readme-sync.yaml
@@ -52,7 +52,7 @@ jobs:
             echo "No documentation changes detected, exiting."
           fi
         env:
-          SOURCE_PATH: ./docs/docs/integrations/ide-tools/visual-studio-code-extension/README.md
+          SOURCE_PATH: ./docs/docs/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension/README.md
           FILE_TO_COMMIT: README.md
           DESTINATION_REPOSITORY: vscode-extension
           DESTINATION_BRANCH: docs/automatic-gitbook-update

diff --git a/.github/workflows/release-preview.yaml b/.github/workflows/release-preview.yaml
@@ -2,14 +2,11 @@ name: Build and Release "Preview"
 on:
   push:
     branches:
-      # TODO: revert back to main once this feature is released
-      - feat/HEAD-78_oss_via_ls
+      - main
 jobs:
   build:
     uses: snyk/vscode-extension/.github/workflows/ci.yaml@main
-    secrets:
-      ITERATIVELY_KEY: ${{ secrets.ITERATIVELY_KEY }}
-
+
   release-preview:
     name: Release Preview
     runs-on: ubuntu-latest
@@ -25,13 +22,10 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Verify analytics events
-        run: npm run ampli:verify -- -t ${{ secrets.ITERATIVELY_KEY }}
-
+        # Naming convention for the preview version means we can only release one preview per hour
       - name: Patch to preview version
         run: npm run patch-preview
         env:
-          SNYK_VSCE_SEGMENT_WRITE_KEY: ${{ secrets.SNYK_VSCE_SEGMENT_WRITE_KEY }}
           SNYK_VSCE_AMPLITUDE_EXPERIMENT_API_KEY: ${{ secrets.SNYK_VSCE_AMPLITUDE_EXPERIMENT_API_KEY }}
           SNYK_VSCE_SENTRY_DSN_KEY: ${{ secrets.SNYK_VSCE_SENTRY_DSN_KEY }}
 

diff --git a/.github/workflows/release-stable.yaml b/.github/workflows/release-stable.yaml
@@ -2,14 +2,14 @@ name: Build and Release
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: '0 9 * * 2' # every Tuesday at 9 am UTC
+    branches:
+      - main
+  # schedule: TODO: align release schedule with CLI
+  #   - cron: '0 9 * * 2' # every Tuesday at 9 am UTC
 
 jobs:
   build:
     uses: snyk/vscode-extension/.github/workflows/ci.yaml@main
-    secrets:
-      ITERATIVELY_KEY: ${{ secrets.ITERATIVELY_KEY }}
 
   publish:
     runs-on: ubuntu-latest
@@ -29,21 +29,17 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Verify analytics events
-        run: npm run ampli:verify -- -t ${{ secrets.ITERATIVELY_KEY }}
-
       - name: Bump patch version
         id: patched-tag
         uses: mathieudutour/[email protected]
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          release_branches: main
+          release_branches: main,fix.*,chore.*
           default_bump: patch
 
       - name: Add Credentials
         run: |
           sed -i \
-              -e 's|${env.SNYK_VSCE_SEGMENT_WRITE_KEY}|${{ secrets.SNYK_VSCE_SEGMENT_WRITE_KEY }}|g' \
               -e 's|${env.SNYK_VSCE_AMPLITUDE_EXPERIMENT_API_KEY}|${{ secrets.SNYK_VSCE_AMPLITUDE_EXPERIMENT_API_KEY }}|g' \
               -e 's|${env.SNYK_VSCE_SENTRY_DSN_KEY}|${{ secrets.SNYK_VSCE_SENTRY_DSN_KEY }}|g' \
               snyk.config.json
@@ -67,7 +63,14 @@ jobs:
         run: npm ci
 
       - name: Package VSIX
-        run: echo y | vsce package --no-git-tag-version --no-update-package-json ${{ needs.publish.outputs.new-version }}
+        run: |
+          run: |
+          sed -i \
+              -e 's|${env.SNYK_VSCE_AMPLITUDE_EXPERIMENT_API_KEY}|${{ secrets.SNYK_VSCE_AMPLITUDE_EXPERIMENT_API_KEY }}|g' \
+              -e 's|${env.SNYK_VSCE_SENTRY_DSN_KEY}|${{ secrets.SNYK_VSCE_SENTRY_DSN_KEY }}|g' \
+              snyk.config.json
+
+          echo y | vsce package --no-git-tag-version --no-update-package-json ${{ needs.publish.outputs.new-version }}
 
       - name: Extract release notes
         id: extract-release-notes

diff --git a/.gitignore b/.gitignore
@@ -21,6 +21,7 @@ yarn-error.log
 #################################
 .idea/
 *.iml
+.vscode/
 
 #################################
 # Logs and temp files           #

diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+18.19
diff --git a/.prettierignore b/.prettierignore
@@ -0,0 +1 @@
+**/*.md
diff --git a/.vscode/settings.json b/.vscode/settings.json