Merge branch 'main' into fix/pgroll-upload

xataio · Sep 19, 2024 · 5055ac6 · 5055ac6
2 parents 5bef7ac + 75f5653
commit 5055ac6
Show file tree

Hide file tree

Showing 141 changed files with 6,619 additions and 3,505 deletions.
diff --git a/.changeset/rich-parents-count.md b/.changeset/rich-parents-count.md
@@ -0,0 +1,5 @@
+---
+"@xata.io/cli": patch
+---
+
+Update dependencies and fix vulnerabilities
diff --git a/.github/workflows/release-cli-assets.yml b/.github/workflows/release-cli-assets.yml
@@ -7,17 +7,38 @@ on:
         description: 'Published packages'
         required: true
         type: string
+      commitSha:
+        description: 'Commit SHA'
+        required: true
+        type: string
   workflow_dispatch:
     inputs:
       publishedPackages:
         description: 'Published packages'
         required: true
         default: '[{"name": "@xata.io/cli", "version": "1.2.0"}]'
         type: string
+      commitSha:
+        description: 'Commit SHA'
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: write
+  packages: write
+  pages: write
+  pull-requests: write
 
 jobs:
   release-cli-assets:
     name: Release CLI assets
+    outputs:
+      version: ${{ steps.capture-version.outputs.version }}
+      mac_intel_sha: ${{steps.sha-macos.outputs.sha-macos-intel}}
+      mac_arm_sha: ${{ steps.sha-macos.outputs.sha-macos-arm }}
+      linux_sha: ${{ steps.sha-ubuntu.outputs.sha-linux }}
+      linux_arm_sha: ${{ steps.sha-ubuntu.outputs.sha-linux-arm }}
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
@@ -78,17 +99,191 @@ jobs:
         if: matrix.os == 'ubuntu-latest'
         run: |
           sudo apt-get update
-          sudo apt-get install -y nsis
-          sudo apt-get install -y p7zip
+          sudo apt-get install -y nsis p7zip osslsigncode
+
+      - name: Write windows certificate to file
+        env:
+          XATA_WINDOWS_CERTIFICATE_KEY: ${{ secrets.WINDOWS_CERTIFICATE_KEY }}
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          echo -n $XATA_WINDOWS_CERTIFICATE_KEY | base64 --decode > ~/xata.key
+
+      - name: Configure AWS Credentials for production
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CLI_ASSETS_UPLOAD_ROLE }}
+          aws-region: us-east-1
+          mask-aws-account-id: 'no'
 
-      - name: Release CLI Assets
-        run: pnpm run release:cli
+      - name: Pack
+        run: pnpm run release:cli:pack
         env:
           PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
+          MATRIX_OS: ${{ matrix.os }}
+          XATA_WINDOWS_SIGNING_PASS: ${{ secrets.WINDOWS_CERTIFICATE_SECRET }}
+
+      - name: Upload CLI Assets to GitHub Releases
+        run: pnpm run release:cli:upload:gh
+        env:
           MATRIX_OS: ${{ matrix.os }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Debian cert
+        if: matrix.os == 'ubuntu-latest'
+        working-directory: /home/runner/work/client-ts/client-ts/packages/cli/dist/deb
+        run: |
+          echo "$DEBIAN_GPG_KEY_PRIVATE" | gpg --import --batch --passphrase "$DEBIAN_GPG_KEY_PASS"
+          gpg --digest-algo SHA512 --clearsign --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o InRelease Release 
+          gpg --digest-algo SHA512 -abs --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o Release.gpg Release 
+          echo "Signed debian packages successfully"
+          echo "sha256 sums:"
+          sha256sum *Release*
+
+          mkdir -p /home/runner/work/client-ts/client-ts/packages/cli/dist/apt
+          echo "$DEBIAN_GPG_KEY_PUBLIC" > /home/runner/work/client-ts/client-ts/packages/cli/dist/apt/release.key
+        env:
+          DEBIAN_GPG_KEY_PRIVATE: ${{ secrets.DEBIAN_GPG_KEY_PRIVATE }}
+          DEBIAN_GPG_KEY_PASS: ${{ secrets.DEBIAN_GPG_KEY_PASS }}
+          DEBIAN_GPG_KEY_PUBLIC: ${{ secrets.DEBIAN_GPG_KEY_PUBLIC }}
+          DEBIAN_GPG_KEY_ID: ${{ secrets.DEBIAN_GPG_KEY_ID }}
+
+      - name: Capture version
+        id: capture-version
+        working-directory: ./cli
+        run: echo "version=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT
+
+      - name: Create SHA outputs macos
+        if: matrix.os == 'macos-latest'
+        working-directory: ./packages/cli/dist
+        id: sha-macos
+        run: |
+          ls -l
+          VER="${{steps.capture-version.outputs.version}}"
+          COMMITSHA="${{inputs.commitSha}}"
+          COM="$(echo $COMMITSHA | head -c8)"
+          echo "sha-macos-arm=$(shasum --algorithm 256 xata-v${VER}-${COM}-darwin-arm64.tar.xz | cut -d" " -f1)" >> "$GITHUB_OUTPUT"
+          echo "sha-macos-intel=$(shasum --algorithm 256 xata-v${VER}-${COM}-darwin-x64.tar.xz | cut -d" " -f1)" >> "$GITHUB_OUTPUT"
+
+      - name: Create SHA outputs ubuntu
+        if: matrix.os == 'ubuntu-latest'
+        working-directory: ./packages/cli/dist
+        id: sha-ubuntu
+        run: |
+          ls -l
+          VER="${{steps.capture-version.outputs.version}}"
+          COMMITSHA="${{inputs.commitSha}}"
+          COM="$(echo $COMMITSHA | head -c8)"
+          echo "sha-linux=$(sha256sum xata-v${VER}-${COM}-linux-arm.tar.xz | cut -d " " -f1)" >> "$GITHUB_OUTPUT"
+          echo "sha-linux-arm=$(sha256sum xata-v${VER}-${COM}-linux-arm64.tar.xz | cut -d " " -f1)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload and Promote CLI Assets to S3
+        run: pnpm run release:cli:upload:s3
+        env:
+          MATRIX_OS: ${{ matrix.os }}
+          COMMIT_SHA: ${{ inputs.commitSha }}
+
+      - name: Pack (Windows only)
+        if: matrix.os == 'ubuntu-latest'
+        run: pnpm run release:cli:pack
+        env:
+          PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
+          MATRIX_OS: ${{ matrix.os }}
+          OS_OVERRIDE: windows-latest
+          XATA_WINDOWS_SIGNING_PASS: ${{ secrets.WINDOWS_CERTIFICATE_SECRET }}
+
+      - name: Upload CLI Assets to GitHub Releases (Windows only)
+        run: pnpm run release:cli:upload:gh
+        if: matrix.os == 'ubuntu-latest'
+        env:
+          MATRIX_OS: ${{ matrix.os }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OS_OVERRIDE: windows-latest
+
+      - name: Upload and Promote CLI Assets to S3 (Windows only)
+        if: matrix.os == 'ubuntu-latest'
+        run: pnpm run release:cli:upload:s3
+        env:
+          MATRIX_OS: ${{ matrix.os }}
+          COMMIT_SHA: ${{ inputs.commitSha }}
+          OS_OVERRIDE: windows-latest
+
       - name: Clean up keychain
         if: matrix.os == 'macos-latest'
         run: |
           security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
+
+  update-homebrew:
+    needs: [release-cli-assets]
+    name: Update Homebrew Formula
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          repository: xataio/homebrew-brew
+          ref: 'main'
+          token: ${{ secrets.GIT_TOKEN }}
+          fetch-depth: 0
+
+      - name: setup git config
+        run: |
+          git config user.email "system@xata.io"
+          git config user.name "Xata"
+
+      - name: Read template file
+        id: gettemplate
+        run: |
+          {
+            echo 'template<<EOF'
+            cat ./Template/xata.rb
+            echo
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Update Homebrew Formula using template variables
+        id: updateformula
+        env:
+          TEMPLATE_CONTENTS: ${{ steps.gettemplate.outputs.template }}
+        run: |
+          echo "$TEMPLATE_CONTENTS" > ./Formula/xata.rb
+          sed -i 's/__CLI_VERSION__/${{ needs.release-cli-assets.outputs.version }}/g' ./Formula/xata.rb
+          sed -i 's/__CLI_MAC_INTEL_SHA256__/${{ needs.release-cli-assets.outputs.mac_intel_sha }}/g' ./Formula/xata.rb
+          sed -i 's/__CLI_MAC_ARM_SHA256__/${{ needs.release-cli-assets.outputs.mac_arm_sha }}/g' ./Formula/xata.rb
+          sed -i 's/__CLI_LINUX_SHA256__/${{ needs.release-cli-assets.outputs.linux_sha }}/g' ./Formula/xata.rb
+          sed -i 's/__CLI_LINUX_ARM_SHA256__/${{ needs.release-cli-assets.outputs.linux_arm_sha }}/g' ./Formula/xata.rb
+
+          VER="${{needs.release-cli-assets.outputs.version}}"
+          COMMITSHA="${{inputs.commitSha}}"
+          COM="$(echo $COMMITSHA | head -c8)"
+          BASE_URL="https://xata-cli-assets.s3.us-east-1.amazonaws.com/versions/${VER}/${COM}/xata-v${VER}-${COM}"
+
+          CLI_MAC_INTEL_DOWNLOAD_URL="${BASE_URL}-darwin-x64.tar.xz"
+          CLI_MAC_ARM_DOWNLOAD_URL="${BASE_URL}-darwin-arm64.tar.xz"
+          CLI_LINUX_DOWNLOAD_URL="${BASE_URL}-linux-x64.tar.xz"
+          CLI_LINUX_ARM_DOWNLOAD_URL="${BASE_URL}-linux-arm64.tar.xz"
+
+          sed -i "s|__CLI_MAC_INTEL_DOWNLOAD_URL__|${CLI_MAC_INTEL_DOWNLOAD_URL}|g" ./Formula/xata.rb
+          sed -i "s|__CLI_MAC_ARM_DOWNLOAD_URL__|${CLI_MAC_ARM_DOWNLOAD_URL}|g" ./Formula/xata.rb
+          sed -i "s|__CLI_LINUX_DOWNLOAD_URL__|${CLI_LINUX_DOWNLOAD_URL}|g" ./Formula/xata.rb
+          sed -i "s|__CLI_LINUX_ARM_DOWNLOAD_URL__|${CLI_LINUX_ARM_DOWNLOAD_URL}|g" ./Formula/xata.rb
+
+      - name: Read formula file
+        id: getformula
+        run: |
+          {
+            echo 'formula<<EOF'
+            cat ./Formula/xata.rb
+            echo
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+
+      - name: commit changes
+        run: git commit -a -m "Update dependencies to version ${{ needs.release-cli-assets.outputs.version }}"
+
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GIT_TOKEN }}
+          branch: main
+          repository: xataio/homebrew-brew
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -68,11 +68,12 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
-  publish-cli-assets:
-    name: Publish CLI assets
+  release-assets:
+    name: Release CLI assets
     needs: [release]
-    if: needs.release.outputs.published == 'true'
+    if: needs.release.outputs.published == 'true' && github.ref_name == 'main'
     uses: ./.github/workflows/release-cli-assets.yml
     with:
       publishedPackages: ${{ needs.release.outputs.publishedPackages }}
+      commitSha: ${{ github.sha }}
     secrets: inherit
diff --git a/.github/workflows/tsc.yml b/.github/workflows/tsc.yml
@@ -13,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        target: ['next', 'beta', 'latest', '5.3.3', '5.2.2', '5.1.6', '5.0.4', '4.9.5', '4.8.4', '4.7.4']
+        target: ['next', 'beta', 'latest', '5.6.2', '5.5.4', '5.4.5', '5.3.3', '5.2.2', '5.1.6', '5.0.4']
 
     steps:
       - name: 🛑 Cancel Previous Runs

diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
@@ -28,7 +28,7 @@ jobs:
         uses: mathiasvr/command-output@v1
         id: ncu
         with:
-          run: npx -y npm-check-updates -u -t latest --deep --filterVersion "/^[^=]/"
+          run: npx -y npm-check-updates -u -t latest --deep --filterVersion "/^[^=]/" --dep prod,dev,optional
 
       - name: Install new versions
         run: |

diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@
 This is the repository where we develop:
 
 - The [Xata SDK and ORM](./packages/client/README.md)
-- The [Xata CLI](./cli/README.md)
+- The [Xata CLI](./packages/cli/README.md)
 
 There's also other packages that we use internally that might be of your interest:
 

diff --git a/compatibility.json b/compatibility.json
@@ -1,6 +1,6 @@
 {
   "@xata.io/cli": {
-    "latest": "0.16.0",
+    "latest": "0.16.7",
     "compatibility": [
       {
         "range": ">=0.0.0"

diff --git a/eslint.config.mjs b/eslint.config.mjs
@@ -9,11 +9,14 @@ export default tseslint.config(
   {
     rules: {
       "no-undef": "off",
-      "@typescript-eslint/ban-types": "off",
+      "@typescript-eslint/no-empty-object-type": "off",
+      "@typescript-eslint/no-unsafe-function-type": "off",
+      "@typescript-eslint/no-require-imports": "off",
       "@typescript-eslint/no-var-requires": "off",
       '@typescript-eslint/ban-ts-comment': 'off',
       '@typescript-eslint/no-explicit-any': 'off',
-      '@typescript-eslint/no-unused-vars': ['warn', { argsIgnorePattern: '^_', varsIgnorePattern: '^_' }]
+      "@typescript-eslint/no-unused-expressions": "off",
+      '@typescript-eslint/no-unused-vars': ['warn', { argsIgnorePattern: '^_', varsIgnorePattern: '^_', caughtErrors: 'none' }],
     }
   },
   {