Feature: Add js client (#2)

* add dummy js-client * update yarn.lock * update package.json * fix formatting * fix comments and add js-client github actions * update js-client test workflow * fix test workflow * fix lint * update workflow * wip * fix comments and add implementation * update yarn lock and remove docs workflow * Update packages/contracts-ethers/package.json Co-authored-by: Jør∂¡ <4456749+brickpop@users.noreply.github.com> * Update packages/js-client/src/context.ts Co-authored-by: Jør∂¡ <4456749+brickpop@users.noreply.github.com> * Update packages/js-client/test/unit/context.test.ts Co-authored-by: Jør∂¡ <4456749+brickpop@users.noreply.github.com> * add tests * fix comments * fix comments * update client-common version * fix lint command * Update packages/js-client/src/internal/modules/methods.ts Co-authored-by: Jør∂¡ <4456749+brickpop@users.noreply.github.com> * update size limit * update gh actions * update gh actions * fix gh actions * add build command * update gh actions * fix gh action * fix lint * fix lint * ignore js-client tests * minor fixes --------- Co-authored-by: Jør∂¡ <4456749+brickpop@users.noreply.github.com>
aragon · Jul 18, 2023 · 70b6b7e · 70b6b7e
1 parent 066c53a
commit 70b6b7e
Show file tree

Hide file tree

Showing 48 changed files with 7,660 additions and 363 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,14 @@
+# These labels (common, client, ipfs and client-common) are only informative.
+# While the labels <pkg-name>-release are for trriggering the release process.
+
+js-client:
+  - ./packages/js-client/**/*
+  - ./packages/js-client/*
+
+subgraph:
+  - ./packages/subgraph/**/*
+  - ./packages/subgraph/*
+
+contracts:
+  - ./packages/contracts/**/*
+  - ./packages/contracts/*
diff --git a/.github/scripts/js-client-generate-release-matrix.py b/.github/scripts/js-client-generate-release-matrix.py
@@ -0,0 +1,59 @@
+import json
+import os
+
+#
+# // PULL_LABELS = toJson(github.event.pull_request.labels)
+# 
+# [
+# 	{
+# 		"color": "FFFFF7",
+# 		"default": false,
+# 		"description": "Issue describes change in the development process",
+# 		"id": 1786730933,
+# 		"name": "label_pqr-xyz-release",
+# 		"node_id": "MDU6TGFiZWwxNzg2NzMwOTMz",
+# 		"url": "https://api.github.com/repos/parzh/parzh.github.io/labels/Domain:%20dev"
+# 	},
+# 	{
+# 		"color": "cc062a",
+# 		"default": false,
+# 		"description": "Issue must be addressed right now",
+# 		"id": 1786706637,
+# 		"name": "label_abc-release",
+# 		"node_id": "MDU6TGFiZWwxNzg2NzA2NjM3",
+# 		"url": "https://api.github.com/repos/parzh/parzh.github.io/labels/Priority:%20top"
+# 	},
+# 	{
+# 		"color": "00727C",
+# 		"default": false,
+# 		"description": "Issue describes lack of a functionality or an open possibility of enhancement",
+# 		"id": 1786726751,
+# 		"name": "label_123-improvement",
+# 		"node_id": "MDU6TGFiZWwxNzg2NzI2NzUx",
+# 		"url": "https://api.github.com/repos/parzh/parzh.github.io/labels/Type:%20improvement"
+# 	}
+# ]
+#
+# Test:
+# PULL_LABELS=$(cat labels.json) python3 js-clientt-generate-release-matrix.py
+#
+
+try:
+    labels = json.loads(os.getenv('PULL_LABELS'))
+except:
+    labels = []
+
+trigger_substring = "-release"
+matrix = []
+hasLabels = False
+for label in labels:
+    label_name = str(label['name'])
+    trigger_substring_index = label_name.find(trigger_substring)
+    if trigger_substring_index != -1:
+        matrix.append({
+            'package': label_name[:trigger_substring_index],
+        })
+        hasLabels = True
+# print("hasLabels=" + str(hasLabels) + " >> $GITHUB_OUTPUT")
+# print("matrix=" + json.dumps({'include': matrix}) + " >> $GITHUB_OUTPUT")
+print(json.dumps({'include': matrix}))
diff --git a/.github/scripts/js-client-generate-release-notes.py b/.github/scripts/js-client-generate-release-notes.py
@@ -0,0 +1,26 @@
+import sys
+
+changelog = sys.argv[1]
+
+releaseNotesLines = []
+with open(changelog, 'r') as f:
+    lines = f.readlines()
+    foundStart = False
+    i = 0
+    while i < len(lines):
+        line = lines[i]
+        if foundStart:
+            if line.startswith('## ['):
+                break
+            releaseNotesLines.append(line.strip())
+        if line.startswith("<!--\n"):  # Skip the token line
+            i += 3
+            continue
+        if line.startswith('## [UPCOMING]'):
+            foundStart = True
+        i += 1
+
+releaseNotesMsg='  \n'.join(releaseNotesLines)
+
+with open("release-notes.txt", "w") as f:
+    f.write(releaseNotesMsg)
diff --git a/.github/workflows/js-client-publish.yml b/.github/workflows/js-client-publish.yml
@@ -0,0 +1,90 @@
+name: 02-JS-Publish
+
+on:
+  push:
+    tags:
+      - '*'
+    paths:
+      - 'packages/js-client/**'
+      - '.github/workflows/js-client-*.yml'
+
+jobs:
+  check_tag:
+    runs-on: ubuntu-latest
+    outputs:
+      package: ${{ steps.tag-info.outputs.package }}
+      version: ${{ steps.tag-info.outputs.version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Get package and version from Github Tag
+        id: tag-info
+        run: |
+          GITHUB_REF="${{ github.ref }}"
+          TAG=${GITHUB_REF##*/}
+          VERSION=$(echo "$TAG" | grep -woP "([0-9]+\.[0-9]+\.[0-9]+)-\w+" | sed 's/-javascript//')
+          PACKAGE=$(echo "$TAG" | grep -oP "javascript-(.+)" | sed 's/javascript-//')
+          if [ -d "./packages/$PACKAGE" ]; then
+            echo "package=$PACKAGE" >> $GITHUB_OUTPUT
+            echo "version=$VERSION" >> $GITHUB_OUTPUT
+          fi
+
+  test:
+    uses: ./.github/workflows/javascript_test.yml
+    secrets:
+      IPFS_API_KEY: ${{ secrets.IPFS_API_KEY }}
+    with:
+      run: true
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: [check_tag, test]
+    if: ${{ needs.check_tag.outputs.package }}
+    steps:
+      - name: Validate values (package and version) from Github Tag
+        run: |
+          if [ -z "${{ needs.check_tag.outputs.package }}" ]; then
+            echo "::error ::No package found in tag"
+            exit 1
+          fi
+          if [ -z "${{ needs.check_tag.outputs.version }}" ]; then
+            echo "::error ::No version found in tag"
+            exit 1
+          fi
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: 'develop'
+      - name: Setup NodeJS
+        uses: actions/setup-node@v3
+        with:
+          cache: 'yarn'
+          node-version: 16.x
+          registry-url: https://registry.npmjs.org
+      - name: Install deps
+        run: yarn install --frozen-lockfile
+      - name: Build subpackages
+        run: yarn run build
+      - name: Publish NPM pkg (${{ needs.check_tag.outputs.package }} - ${{ needs.check_tag.outputs.version }})
+        run: yarn publish --no-git-tag-version --new-version ${{ needs.check_tag.outputs.version }}
+        working-directory: ./packages/${{ needs.check_tag.outputs.package }}
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+      - name: Setup Python environment
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+      - name: Generate release-notes.txt
+        id: notes
+        run: python ./.github/scripts/js-client-generate-release-notes.py "./packages/${{ needs.check_tag.outputs.package }}/CHANGELOG.md"
+      - name: Add NPM pkg info to release-notes.txt
+        run: |
+          echo "### NPM Packages" >> release-notes.txt
+          echo "- [@aragon/sdk-${{ needs.check_tag.outputs.package }} version ${{ needs.check_tag.outputs.version }}](https://www.npmjs.com/package/@aragon/sdk-${{ needs.check_tag.outputs.package }})" >> release-notes.txt
+          echo " " >> release-notes.txt
+      - name: Create a Github Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          prerelease: false
+          body_path: release-notes.txt
diff --git a/.github/workflows/js-client-release.yml b/.github/workflows/js-client-release.yml
@@ -0,0 +1,75 @@
+name: 01-JS-Release
+
+on:
+  pull_request:
+    types:
+      - closed
+    paths:
+      - 'packages/js-client/**'
+      - '.github/workflows/js-client-*.yml'
+
+jobs:
+  test:
+    uses: ./.github/workflows/javascript_test.yml
+    secrets:
+      IPFS_API_KEY: ${{ secrets.IPFS_API_KEY }}
+
+  prepare:
+    name: Prepare release generation
+    needs: ['test']
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.merged
+    outputs:
+      PACKAGE_LIST: ${{ steps.matrix.outputs.pkg_list }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: 'develop'
+      - name: Setup Python environment
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+      - name: Get package-list from label-list
+        id: matrix
+        run: |
+          PKG_LIST=$(python ./.github/scripts/js-client-generate-release-matrix.py)
+          PR_LABEL_LIST="${{ toJson(github.event.pull_request.labels.*.name) }}"
+          echo "Pkg list: $PKG_LIST"
+          echo "Label list: $PR_LABEL_LIST"
+          echo "pkg_list=$PKG_LIST" >> $GITHUB_OUTPUT
+        env:
+          PULL_LABELS: ${{ toJson(github.event.pull_request.labels) }}
+
+  release:
+    name: Set Github Tag
+    runs-on: ubuntu-latest
+    needs: [prepare]
+    ## This condition gets TRUE if used in this way: ${{ contains(toJson(xyz), 'substr') }}
+    if: ${{ contains( toJson(github.event.pull_request.labels.*.name), '-release' ) }}
+    strategy:
+      fail-fast: true
+      matrix: ${{ fromJson(needs.prepare.outputs.PACKAGE_LIST) }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: 'develop'
+      - name: Get version from '${{ matrix.package }}' package.json
+        id: getver
+        working-directory: './packages/${{ matrix.package }}'
+        run: |
+          VERSION=$(cat package.json | jq -r .version)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Version: $VERSION"
+      - name: Set Github Tag via API
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.ARABOT_PAT_TRIGGER_WORKFLOW }}
+          script: |
+            github.rest.git.createRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: `refs/tags/${{ steps.getver.outputs.version }}-javascript-${{ matrix.package }}`,
+              sha: "${{ github.sha }}"
+            })
diff --git a/.github/workflows/js-client-scan-vuln-deps.yml b/.github/workflows/js-client-scan-vuln-deps.yml
@@ -0,0 +1,83 @@
+name: Scan vulnerable dependencies
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - 'packages/js-client/**'
+      - '.github/workflows/js-client-*.yml'
+
+jobs:
+  scan-vuln-deps-in-repo:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set myvars
+        id: myvars
+        run: |
+          branchname=$(echo ${GITHUB_REF#refs/heads/} | tr '/' '-' )
+          dateinsecs=$(date +%s)
+          githashshort=$(git rev-parse --short HEAD)
+          echo "BRANCH_NAME=$branchname" >> $GITHUB_OUTPUT
+          echo "GIT_HASH_SHORT=$githashshort" >> $GITHUB_OUTPUT
+          echo "DATE_IN_SECS=$dateinsecs" >> $GITHUB_OUTPUT
+
+      ## The 'fs' scan mode requires *.lock files in order to scan for vulns
+      ## and to collect license info of packages you should run npm install before.
+      - name: Setup NodeJS before scanning with Trivy
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16.x
+          cache: 'yarn'
+
+      - name: Install deps before scanning with Trivy
+        run: yarn install
+        # run: yarn install --frozen-lockfile
+
+      # - name: Build subpackages
+      #   run: yarn run build
+
+      - name: Scan in Repo (html)
+        uses: aquasecurity/trivy-action@master
+        if: success() || failure()
+        with:
+          scan-type: fs
+          scanners: vuln,secret,config
+          scan-ref: .
+          format: template
+          template: '@/contrib/html.tpl'
+          output: trivy-results-repo-${{ steps.myvars.outputs.GIT_HASH_SHORT }}.html
+        env:
+          TRIVY_USERNAME: ${{ github.repository_owner }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Scan in Repo (sarif)
+        uses: aquasecurity/trivy-action@master
+        if: success() || failure()
+        with:
+          scan-type: fs
+          scanners: vuln,secret,config
+          scan-ref: .
+          format: sarif
+          output: trivy-results-repo-${{ steps.myvars.outputs.GIT_HASH_SHORT }}.sarif
+        env:
+          TRIVY_USERNAME: ${{ github.repository_owner }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish Repo Scan Results as Artifact
+        uses: actions/upload-artifact@v3
+        if: success() || failure()
+        with:
+          name: trivy-results-repo-${{ steps.myvars.outputs.DATE_IN_SECS }}
+          path: trivy-results-repo-${{ steps.myvars.outputs.GIT_HASH_SHORT }}.*
+
+      - name: Load Repo Scan Results (sarif) to Github
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        #if: false        ## false = bypass
+        with:
+          sarif_file: trivy-results-repo-${{ steps.myvars.outputs.GIT_HASH_SHORT }}.sarif
+          category: vulns-in-repo