Merge pull request #12 from contentstack/release/sprint_42

Security and workflow fixes
contentstack · Sep 25, 2023 · f549e8b · f549e8b
2 parents 8f39ef6 + a49e05a
commit f549e8b
Show file tree

Hide file tree

Showing 14 changed files with 7,863 additions and 3,049 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,50 @@
+name: Release
+
+on:
+  push:
+    branches: [master]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: "16.x"
+      - run: npm install
+
+      - name: get-package-details
+        id: package
+        uses: codex-team/[email protected]
+      - name: install npm packall
+        run: npm install npm-pack-all
+
+      - run: node node_modules/.bin/npm-pack-all
+      - uses: Klemensas/action-autotag@stable
+        id: update_tag
+        with:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          tag_prefix: "v"
+      - name: Create Release
+        if: steps.update_tag.outputs.tagname
+        uses: actions/create-release@v1
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          tag_name: ${{ steps.update_tag.outputs.tagname }}
+          release_name: Release ${{ steps.update_tag.outputs.tagname }}
+          draft: false # Default value, but nice to set explicitly
+          prerelease: false # Default value, but nice to set explicitly
+      - name: Upload Release Asset
+        if: steps.update_tag.outputs.tagname
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing its ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
+          asset_path: ./${{ steps.package.outputs.name }}-${{ steps.package.outputs.version }}.tgz
+          asset_name: ${{ steps.package.outputs.name }}-${{ steps.package.outputs.version }}.tgz
+          asset_content_type: application/tgz
diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,4 @@ example/**/*
 playground
 newQueryBuilder.ts
 query-builder.ts
+dist
diff --git a/.talismanrc b/.talismanrc
@@ -1,4 +1,4 @@
 fileignoreconfig:
 - filename: package-lock.json
-  checksum: 218e63a11ff5af63d734e6facf8d71a2965870700eadf98c423ac74839036a46
+  checksum: a618ae6c113021eef425f224f1dfd7066b15af1a45249ea063a193517ce5a92f
 version: ""
diff --git a/LICENCE b/LICENCE
@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright (c) 2022 Contentstack LLC <https://www.contentstack.com/>
+Copyright (c) 2023 Contentstack LLC <https://www.contentstack.com/>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.
diff --git a/dist/config.js b/dist/config.js
diff --git a/dist/index.js b/dist/index.js