diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index c4f9d9f575..caa4bbdfea 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -3,11 +3,11 @@ on: pull_request: types: [opened] jobs: - security: + security-jira: if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@v2 - name: Login into JIRA uses: atlassian/gajira-login@master env: @@ -26,3 +26,8 @@ jobs: PR: ${{ github.event.pull_request.html_url }} fields: "${{ secrets.JIRA_FIELDS }}" + - name: Transition issue + uses: atlassian/gajira-transition@v3 + with: + issue: ${{ steps.create.outputs.issue }} + transition: ${{ secrets.JIRA_TRANSITION }} diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml new file mode 100644 index 0000000000..3b9521a551 --- /dev/null +++ b/.github/workflows/sast-scan.yml @@ -0,0 +1,11 @@ +name: SAST Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-sast: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Semgrep Scan + run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index 21ac795a5b..f09161f538 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -3,20 +3,10 @@ on: pull_request: types: [opened, synchronize, reopened] jobs: - security: + security-sca: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - uses: pnpm/action-setup@v2 - with: - version: 7 - - name: Use Node.js 18.x - uses: actions/setup-node@v3.7.0 - with: - node-version: '18.x' - cache: 'pnpm' - - name: Install dependencies - run: pnpm install --no-frozen-lockfile - name: Run Snyk to check for vulnerabilities uses: snyk/actions/node@master env: diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml new file mode 100644 index 0000000000..c0d8140ce5 --- /dev/null +++ b/.github/workflows/secrets-scan.yml @@ -0,0 +1,54 @@ +name: Secrets Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-secrets: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Expect, jq and Python + run: sudo apt-get update --fix-missing && sudo apt-get install -y expect jq python3 python3-pip wkhtmltopdf + + - name: Install Python packages + run: pip install pandas json2html tabulate + + - name: Install Talisman + run: | + curl --silent https://raw.githubusercontent.com/thoughtworks/talisman/v1.32.0/install.sh > install.bash + chmod +x install.bash + ./install.bash + + - name: Run Talisman + id: run_talisman + run: /usr/local/bin/talisman --scan + continue-on-error: true + + - name: Convert JSON to HTML + run: | + python3 -c " + import json + import os + from json2html import * + with open('talisman_report/talisman_reports/data/report.json') as f: + data = json.load(f) + html = json2html.convert(json = data) + os.makedirs('talisman_html_report', exist_ok=True) + with open('talisman_html_report/report.html', 'w') as f: + f.write(html) + " && wkhtmltopdf talisman_html_report/report.html talisman_report.pdf + + - name: Upload Report + id: upload_report + uses: actions/upload-artifact@v4 + with: + name: talisman-report-pdf + path: talisman_report.pdf + + - name: Check the status of talisman scan + run: | + # if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi + echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}"; \ No newline at end of file diff --git a/packages/contentstack-bootstrap/README.md b/packages/contentstack-bootstrap/README.md index 2c40af0a0f..ee0fb9b800 100644 --- a/packages/contentstack-bootstrap/README.md +++ b/packages/contentstack-bootstrap/README.md @@ -15,7 +15,7 @@ $ npm install -g @contentstack/cli-cm-bootstrap $ csdx COMMAND running command... $ csdx (--version) -@contentstack/cli-cm-bootstrap/1.8.0 darwin-arm64 node-v18.19.0 +@contentstack/cli-cm-bootstrap/1.8.0 darwin-arm64 node-v20.8.0 $ csdx --help [COMMAND] USAGE $ csdx COMMAND diff --git a/packages/contentstack-bulk-publish/package.json b/packages/contentstack-bulk-publish/package.json index b1fed62ceb..88f1826605 100644 --- a/packages/contentstack-bulk-publish/package.json +++ b/packages/contentstack-bulk-publish/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli-cm-bulk-publish", "description": "Contentstack CLI plugin for bulk publish actions", - "version": "1.4.0", + "version": "1.4.1", "author": "Contentstack", "bugs": "https://github.com/contentstack/cli/issues", "dependencies": { diff --git a/packages/contentstack-bulk-publish/src/consumer/publish.js b/packages/contentstack-bulk-publish/src/consumer/publish.js index 98c5d7b34d..92d7c21c75 100644 --- a/packages/contentstack-bulk-publish/src/consumer/publish.js +++ b/packages/contentstack-bulk-publish/src/consumer/publish.js @@ -43,6 +43,7 @@ async function publishEntry(data, _config, queue) { .publish({ publishDetails: { environments: entryObj.environments, locales: lang }, locale: entryObj.locale || 'en-us', + version: entryObj.version }) .then((publishEntryResponse) => { if (!publishEntryResponse.error_message) { diff --git a/packages/contentstack-bulk-publish/src/producer/cross-publish.js b/packages/contentstack-bulk-publish/src/producer/cross-publish.js index c9127bc4aa..301d47c511 100644 --- a/packages/contentstack-bulk-publish/src/producer/cross-publish.js +++ b/packages/contentstack-bulk-publish/src/producer/cross-publish.js @@ -44,6 +44,7 @@ async function bulkAction(stack, items, bulkPublish, filter, destEnv, apiVersion uid: items[index].data.uid, content_type: items[index].content_type_uid, locale: items[index].data.locale || 'en-us', + version: items[index].data._version, publish_details: [items[index].data.publish_details] || [], }); } @@ -110,7 +111,9 @@ async function bulkAction(stack, items, bulkPublish, filter, destEnv, apiVersion publish_details: [items[index].data.publish_details], environments: destEnv, entryUid: items[index].data.uid, + version: items[index].data._version, locale: items[index].data.locale || 'en-us', + version: items[index].data._version, Type: 'entry', stack: stack, }); diff --git a/packages/contentstack-config/README.md b/packages/contentstack-config/README.md index 8f354746ed..2f4584481f 100644 --- a/packages/contentstack-config/README.md +++ b/packages/contentstack-config/README.md @@ -292,6 +292,8 @@ EXAMPLES $ csdx config:set:region AZURE-EU + $ csdx config:set:region GCP-NA + $ csdx config:set:region --cma --cda --ui-host --name "India" ``` diff --git a/packages/contentstack/package.json b/packages/contentstack/package.json index c2aa51a7b1..5de8ccb814 100755 --- a/packages/contentstack/package.json +++ b/packages/contentstack/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli", "description": "Command-line tool (CLI) to interact with Contentstack", - "version": "1.14.0", + "version": "1.14.1", "author": "Contentstack", "bin": { "csdx": "./bin/run" @@ -26,7 +26,7 @@ "@contentstack/cli-auth": "~1.3.17", "@contentstack/cli-cm-bootstrap": "~1.9.0", "@contentstack/cli-cm-branches": "~1.0.22", - "@contentstack/cli-cm-bulk-publish": "~1.4.0", + "@contentstack/cli-cm-bulk-publish": "~1.4.1", "@contentstack/cli-cm-export": "~1.11.0", "@contentstack/cli-cm-clone": "~1.10.1", "@contentstack/cli-cm-export-to-csv": "~1.7.0",