diff --git a/.github/workflows/automated-release-tasks.yml b/.github/workflows/automated-release-tasks.yml new file mode 100644 index 000000000..726f0f49b --- /dev/null +++ b/.github/workflows/automated-release-tasks.yml @@ -0,0 +1,63 @@ +name: automated-release-tasks +on: + schedule: + # Cron syntax is "minute[0-59] hour[0-23] date[1-31] month[1-12] day[0-6]". '*' is 'any value,' and multiple values + # can be specified with comma-separated lists. All times are UTC. + # So this expression means "run at 12 PM UTC, every Friday". + - cron: "0 12 * * 5" + + +jobs: + # Depending on circumstances, we may want to exit early instead of running the workflow to completion. + verify-should-run: + runs-on: macos-latest + outputs: + should-run: ${{ steps.main.outputs.should_run }} + steps: + - id: main + run: | + # `date -u` returns UTC datetime, and `%u` formats the output to be the day of the week, with 1 being Monday, + # 2 being Tuesday, etc. + TODAY_DOW=$(date -u +%u) + # This `date` expression returns the last Tuesday of the month, which is our Release Day. %d formats the output + # as the day of the month (1-31). + NEXT_RELEASE_DATE=$(date -u -v1d -v+1m -v-1d -v-tue +%d) + # This `date` expression returns next Tuesday, and `%d` formats the output as the day of the month (1-31). + NEXT_TUESDAY_DATE=$(date -u -v+tue +%d) + # This workflow should only be allowed to run to completion on the Friday before Release Day. + [[ $TODAY_DOW != 5 || $NEXT_RELEASE_DATE != $NEXT_TUESDAY_DATE ]] && echo "should_run=false" >> "$GITHUB_OUTPUT" || echo "should_run=true" >> "$GITHUB_OUTPUT" + create-v5-release-branch: + runs-on: macos-latest + needs: verify-should-run + if: ${{ needs.verify-should-run.outputs.should-run == 'true' }} + steps: + - name: Invoke v5 beta workflow + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'create-release-branch.yml', + ref: 'dev' + }); + create-v4-release-branch: + runs-on: macos-latest + needs: verify-should-run + if: ${{ needs.verify-should-run.outputs.should-run == 'true' }} + steps: + - name: Invoke v4 GA workflow + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'create-release-branch.yml', + ref: 'dev-4', + inputs: { + "release-type": "minor" + } + }); diff --git a/.github/workflows/create-github-release.yml b/.github/workflows/create-github-release.yml index b8368b57d..1be0f5aae 100644 --- a/.github/workflows/create-github-release.yml +++ b/.github/workflows/create-github-release.yml @@ -2,7 +2,7 @@ name: create-github-release on: pull_request: branches: - - main-5 + - main types: # There's no event type for "merged", so we just run any time a PR is closed, and exit early # if the PR wasn't actually merged. @@ -10,7 +10,7 @@ on: jobs: create-github-release: - # Since the workflow runs any time a PR against main-5 is closed, we need this + # Since the workflow runs any time a PR against main is closed, we need this # `if` to make sure that the workflow only does anything meaningful if the PR # was actually merged. if: github.event.pull_request.merged == true @@ -18,10 +18,10 @@ jobs: permissions: contents: write steps: - - name: Checkout main-5 + - name: Checkout main uses: actions/checkout@v4 with: - ref: main-5 + ref: main - name: Get version property id: get-version-property run: | @@ -32,7 +32,7 @@ jobs: with: tag_name: v${{ steps.get-version-property.outputs.package_version }} name: v${{ steps.get-version-property.outputs.package_version }} - target_commitish: main-5 + target_commitish: main body: See [release notes](https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/release-notes.html) token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} make_latest: true diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml index 4007ef6b5..8f41a9b8a 100644 --- a/.github/workflows/create-release-branch.yml +++ b/.github/workflows/create-release-branch.yml @@ -12,10 +12,10 @@ jobs: outputs: branch-name: ${{ steps.create-branch.outputs.branch_name }} steps: - # Checkout `dev-5` + # Checkout `dev` - uses: actions/checkout@v4 with: - ref: 'dev-5' + ref: 'dev' # We need to set up Node and install our Node dependencies. - uses: actions/setup-node@v4 with: @@ -24,7 +24,7 @@ jobs: # Increment the version as desired locally, without actually committing anything. - name: Locally increment version run: | - npm --no-git-tag-version version prerelease --preid alpha + npm --no-git-tag-version version prerelease --preid beta # The branch protection rule for `release-x.y.z` branches prevents pushing commits directly. To work around this, # we create an interim branch that we _can_ push commits to, and we'll do our version bookkeeping in that branch # instead. diff --git a/.github/workflows/daily-smoke-tests.yml b/.github/workflows/daily-smoke-tests.yml index cb534e345..16f0ada10 100644 --- a/.github/workflows/daily-smoke-tests.yml +++ b/.github/workflows/daily-smoke-tests.yml @@ -12,4 +12,17 @@ jobs: uses: ./.github/workflows/run-tests.yml with: node-matrix: "[{version: 'lts/*', artifact: 'lts'}, {version: 'latest', artifact: 'latest'}]" - java-matrix: "['11']" + v4-smoke-test: + runs-on: macos-latest + steps: + - name: Invoke v4 smoke tests + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'daily-smoke-tests.yml', + ref: 'dev-4' + }); diff --git a/.github/workflows/production-heartbeat.yml b/.github/workflows/production-heartbeat.yml index b72143bf4..1cb5500be 100644 --- a/.github/workflows/production-heartbeat.yml +++ b/.github/workflows/production-heartbeat.yml @@ -10,139 +10,16 @@ on: - cron: '45 13,17,21 * * 1,2,3,4,5' jobs: production-heartbeat: - strategy: - # By default, if any job in a matrix fails, all other jobs are immediately cancelled. This makes the jobs run to completion instead. - fail-fast: false - matrix: - os: [{vm: ubuntu-latest, exe: .sh}, {vm: windows-2019, exe: .cmd}] - node: ['lts/*'] - runs-on: ${{ matrix.os.vm }} - timeout-minutes: 60 + runs-on: macos-latest steps: - # === Setup. We need to get the code, set up nodejs, and create the results directory. === - - uses: actions/checkout@v4 + - name: Invoke v4 workflow + uses: actions/github-script@v6 with: - ref: 'release' - - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node }} - - run: mkdir smoke-test-results - - # === Set our environment variables, either using default values or the repo's secrets === - - name: Set environment variables - id: env_var_setup - # We'll want to use bash for this, to avoid any cross-platform shenanigans - shell: bash - run: | - # In the following script, the use of the `echo "name=value" >> $GITHUB_ENV` structure is used to set/update - # environment variables. Such updates are visible to all subsequent steps. - # - # If the CLI_VERSION repo secret is set, we want to install that version ofsf-cli, so we set an environment - # variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`. - # Note: This can be used to intentionally fail the GHA by providing an invalid version number. - if [[ -n "${{ secrets.CLI_VERSION }}" ]]; then - echo "CLI_VERSION=@${{ secrets.CLI_VERSION}}" >> $GITHUB_ENV - fi - # If the SCANNER_VERSION repo secret is set, we want to install that version of sfdx-scanner, so we set an - # environment variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`. - # Note: This can be used to intentionally fail the GHA by providing an invalid version number. - if [[ -n "${{ secrets.SCANNER_VERSION }}" ]]; then - echo "SCANNER_VERSION=@${{ secrets.SCANNER_VERSION }}" >> $GITHUB_ENV - fi - # If the FAIL_SMOKE_TESTS repo secret is set to ANY value, we should respond by deleting the `test/test-jars` - # folder. The smoke tests expect this folder's contents to exist, so an invocation of `scanner:rule:add` should - # fail, thereby failing the smoke tests as a whole. - # Note: This serves no purpose aside from providing a way to simulate a smoke test failure. - if [[ -n "${{ secrets.FAIL_SMOKE_TESTS }}" ]]; then - rm -rf ./test/test-jars - fi - - - # === Make three attempts to install SF through npm === - - name: Install SF - id: sf_install - # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up. - # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made. - run: | - (echo "::set-output name=retry_count::0" && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) || - (echo "::set-output name=retry_count::1" && sleep 60 && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) || - (echo "::set-output name=retry_count::2" && sleep 300 && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) - - # === Make three attempts to install the scanner plugin through sf === - - name: Install Scanner Plugin - id: scanner_install - # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up. - # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made. - run: | - (echo "::set-output name=retry_count::0" && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) || - (echo "::set-output name=retry_count::1" && sleep 60 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) || - (echo "::set-output name=retry_count::2" && sleep 300 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) - - # === Log the installed plugins for easier debugging === - - name: Log plugins - run: sf plugins - - # === Attempt to execute the smoke tests === - - name: Run smoke tests - id: smoke_tests - run: smoke-tests/smoke-test${{ matrix.os.exe }} sf - - # === Upload the smoke-test-results folder as an artifact === - - name: Upload smoke-test-results folder as artifact - if: ${{ always() }} - uses: actions/upload-artifact@v4 - with: - name: smoke-test-results-${{ runner.os }} - path: smoke-test-results - - # === Report any problems === - - name: Report problems - # There are problems if any step failed or was skipped. - # Note that the `join()` call omits null values, so if any steps were skipped, they won't have a corresponding - # value in the string. - if: ${{ failure() || cancelled() }} - shell: bash - env: - # If we're here because steps failed or were skipped, then that's a critical problem. Otherwise it's a normal one. - # We can't use the `failure()` or `cancelled()` convenience methods outside of the `if` condition, hence the - # `contains()` calls. - IS_CRITICAL: ${{ contains(join(steps.*.outcome), 'failure') || contains(join(steps.*.outcome), 'skipped') }} - # Build the status strings for each step as environment variables to save space later. Null retry_count values - # will be replaced with `n/a` to maintain readability in the alert. - CLI_INSTALL_STATUS: ${{ steps.sf_install.outcome }} after ${{ steps.sf_install.outputs.retry_count || 'n/a' }} retries - SCANNER_INSTALL_STATUS: ${{ steps.scanner_install.outcome }} after ${{ steps.scanner_install.outputs.retry_count || 'n/a' }} retries - SMOKE_TESTS_STATUS: ${{ steps.smoke_tests.outcome }} - # A link to this run, so the PagerDuty assignee can quickly get here. - RUN_LINK: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - run: | - # GHA env-vars don't have robust conditional logic, so we'll use this if-else branch to define some bash env-vars. - if [[ ${{ env.IS_CRITICAL }} == true ]]; then - ALERT_SEV="critical" - ALERT_SUMMARY="Production heartbeat script failed on ${{ runner.os }}" - else - ALERT_SEV="info" - ALERT_SUMMARY="Production heartbeat script succeeded with retries on ${{ runner.os }}" - fi - # Define a helper function to create our POST request's data, to sidestep issues with nested quotations. - generate_post_data() { - # This is known as a HereDoc, and it lets us declare multi-line input ending when the specified limit string, - # in this case EOF, is encountered. - cat <> $GITHUB_OUTPUT id: get-branch-commit # Checkout the tag we want to release, and get its head commit as output for later. @@ -31,9 +31,9 @@ jobs: - name: Fail non-matching commits if: ${{ steps.get-branch-commit.outputs.COMMIT_ID != steps.get-tag-commit.outputs.COMMIT_ID }} run: | - echo "Tag commit must match latest commit in main-5. Branch is ${{ steps.get-branch-commit.outputs.COMMIT_ID }}. Tag is ${{ steps.get-tag-commit.outputs.COMMIT_ID }}" + echo "Tag commit must match latest commit in main. Branch is ${{ steps.get-branch-commit.outputs.COMMIT_ID }}. Tag is ${{ steps.get-tag-commit.outputs.COMMIT_ID }}" exit 1 - # Verify that the `package.json`'s version property is 5.Y.Z, as we want to restrict the `dev-5` and `main-5` + # Verify that the `package.json`'s version property is 5.Y.Z, as we want to restrict the `dev` and `main` # branches to publishing v5.x. - name: Verify major version run: | @@ -53,7 +53,7 @@ jobs: with: ctc: false # We've been told we don't have to care about this until someone makes us care. sign: true - tag: latest-alpha-rc # Publish as a release candidate, so we can do our validations against it. + tag: latest-beta-rc # Publish as a release candidate, so we can do our validations against it. githubTag: ${{ github.event.release.tag_name || inputs.tag }} secrets: inherit # Step 3: Run smoke tests against the release candidate. @@ -81,7 +81,7 @@ jobs: java-version: '11' # For now, Java version is hardcoded. # Install SF, and the release candidate version. - run: npm install -g @salesforce/cli - - run: sf plugins install @salesforce/plugin-code-analyzer@latest-alpha-rc + - run: sf plugins install @salesforce/plugin-code-analyzer@latest-beta-rc # Log the installed plugins for easier debugging. - run: sf plugins # Attempt to run the smoke tests. @@ -102,9 +102,9 @@ jobs: node-version: 'lts/*' - run: | echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - npm dist-tag add @salesforce/plugin-code-analyzer@${{ github.event.release.tag_name || inputs.tag }} latest-alpha + npm dist-tag add @salesforce/plugin-code-analyzer@${{ github.event.release.tag_name || inputs.tag }} latest-beta npm dist-tag add @salesforce/plugin-code-analyzer@${{ github.event.release.tag_name || inputs.tag }} latest - # Step 5: Create a Pull Request for merging `main-5` into `dev-5` + # Step 5: Create a Pull Request for merging `main` into `dev` create-main2dev-pull-request: needs: promote-to-latest runs-on: macos-latest @@ -114,31 +114,31 @@ jobs: contents: write pull-requests: write steps: - # Check out `main-5` + # Check out `main` - uses: actions/checkout@v4 with: - ref: 'main-5' - # Create a new branch based on `main-5`, so that merge conflicts can be manually resolved if need be. + ref: 'main' + # Create a new branch based on `main`, so that merge conflicts can be manually resolved if need be. - run: | NEW_VERSION=$(jq -r ".version" package.json) git checkout -b m2d/v$NEW_VERSION git push --set-upstream origin m2d/v$NEW_VERSION - # Create a Pull Request from the new branch into `dev-5`. + # Create a Pull Request from the new branch into `dev`. - run: | NEW_VERSION=$(jq -r ".version" package.json) # For whatever reason, the version of 'echo' on GHAs doesn't process backspace by default. # The non-POSIX-standard -e flag causes it to do that. echo -e "This branch and PR were automatically created following the successful release of v$NEW_VERSION.\n\ - It must be MERGED into dev-5, NOT SQUASHED OR REBASED. Squashing or rebasing this branch onto dev-5 can cause potentially irreconcilable merge conflicts later.\n\ - As an additional safeguard and reminder, the title of this PR MUST include the word 'merging' in the description portion of the PR title, e.g., 'Main2Dev @W-XXXXXXX@ Merging main-5 to dev-5 after vX.Y.Z'.\n\ - If there are conflicts between dev-5 and this branch, you should do the following locally:\n\ - - $ git checkout dev-5\n\ + It must be MERGED into dev, NOT SQUASHED OR REBASED. Squashing or rebasing this branch onto dev can cause potentially irreconcilable merge conflicts later.\n\ + As an additional safeguard and reminder, the title of this PR MUST include the word 'merging' in the description portion of the PR title, e.g., 'Main2Dev @W-XXXXXXX@ Merging main to dev after vX.Y.Z'.\n\ + If there are conflicts between dev and this branch, you should do the following locally:\n\ + - $ git checkout dev\n\ - $ git pull\n\ - $ git fetch --all\n\ - $ git checkout m2d/v$NEW_VERSION\n\ - - $ git pull origin dev-5 --no-rebase # You MUST include this flag, or someone's day will be ruined.\n\ + - $ git pull origin dev --no-rebase # You MUST include this flag, or someone's day will be ruined.\n\ - Resolve the merge conflicts manually. When in doubt, ask the code's author for help.\n\ - $ git commit\n\ - $ git push" > body.txt # Create the pull request. - gh pr create -B dev-5 -H m2d/v$NEW_VERSION --title "Filler title. Read description and rename." -F body.txt + gh pr create -B dev -H m2d/v$NEW_VERSION --title "Filler title. Read description and rename." -F body.txt diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index 21c6a9bdd..f18485e84 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -96,6 +96,9 @@ jobs: with: distribution: 'temurin' java-version: '11' + - uses: actions/setup-python@v5 + with: + python-version: '3.12' # Install SF CLI via NPM - run: npm install -g @salesforce/cli # Download and install the Tarball artifact @@ -112,7 +115,7 @@ jobs: shell: bash run: | # We need to determine the Tarball's name first. - TARBALL_NAME=$(ls ~/downloads/tarball | grep salesforce-plugin-code-analyzer-5\\.0\\.0-alpha\\.[0-9]*\\.tgz) + TARBALL_NAME=$(ls ~/downloads/tarball | grep salesforce-plugin-code-analyzer-5\\.0\\.0-beta\\.[0-9]*\\.tgz) # We need to determine the Tarball's location in an installable way. # Get the path to the download folder. Swap out backslashes for forward slashes to ensure Windows compatibility. RAW_TARBALL_PATH=`echo '${{ steps.download.outputs.download-path }}' | tr '\\' '/'` diff --git a/.github/workflows/validate-pr.yml b/.github/workflows/validate-pr.yml index d2ed0a913..2e1747677 100644 --- a/.github/workflows/validate-pr.yml +++ b/.github/workflows/validate-pr.yml @@ -4,14 +4,14 @@ on: types: [edited, opened, reopened, synchronize] jobs: - # We want to prevent cross-contamination between the 3.x and 4.x pipelines. So we should prevent PRs - # based on this flow to merge into `dev-3` or `release-3`. + # We want to prevent cross-contamination between the 4.x and 5.x pipelines. So we should prevent PRs + # based on this flow to merge into `dev-4` or `main-4`. verify_target_branch: runs-on: ubuntu-latest steps: - - if: ${{ github.base_ref == 'dev-3' || github.base_ref == 'release-3' }} + - if: ${{ github.base_ref == 'dev-4' || github.base_ref == 'main-4' }} run: | - echo "Forbidden to merge this branch into dev-3 or release-3" + echo "Forbidden to merge this branch into dev-4 or release-4" exit 1 # We need to verify that the Pull Request's title matches the desired format. verify_pr_title: diff --git a/.npmrc b/.npmrc new file mode 100644 index 000000000..d263b35ba --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +registry=https://registry.yarnpkg.com \ No newline at end of file diff --git a/github-actions/verify-pr-title/dist/index.js b/github-actions/verify-pr-title/dist/index.js index f1f8e7cae..e7ef48617 100644 --- a/github-actions/verify-pr-title/dist/index.js +++ b/github-actions/verify-pr-title/dist/index.js @@ -31258,7 +31258,7 @@ function run() { return; } } - else if (baseBranch == "dev" || /^release-\d+\.\d+\.\d+$/.test(baseBranch)) { + else if (baseBranch == "dev" || /^release-\d+\.\d+\.\d+\.*$/.test(baseBranch)) { // There's a title convention for merging feature branch PRs into `dev` or `release-X.Y.Z` // branches. if ((0, verifyFeaturePrTitle_1.verifyFeaturePrTitle)(title)) { diff --git a/github-actions/verify-pr-title/src/index.ts b/github-actions/verify-pr-title/src/index.ts index 8de7ff413..7ab4e6eb9 100644 --- a/github-actions/verify-pr-title/src/index.ts +++ b/github-actions/verify-pr-title/src/index.ts @@ -46,7 +46,7 @@ function run(): void { ); return; } - } else if (baseBranch == "dev" || /^release-\d+\.\d+\.\d+$/.test(baseBranch)) { + } else if (baseBranch == "dev" || /^release-\d+\.\d+\.\d+\.*$/.test(baseBranch)) { // There's a title convention for merging feature branch PRs into `dev` or `release-X.Y.Z` // branches. if (verifyFeaturePrTitle(title)) { diff --git a/messages/action-summary-viewer.md b/messages/action-summary-viewer.md index 2fe72f796..ad5f1be66 100644 --- a/messages/action-summary-viewer.md +++ b/messages/action-summary-viewer.md @@ -6,10 +6,34 @@ Summary Additional log information written to: -# config-action.no-outfiles - -No output file was specified. - # config-action.outfile-location Configuration written to: + +# rules-action.found-no-rules + +Found 0 rules. + +# rules-action.rules-total + +Found %d rule(s) from %d engine(s): + +# rules-action.rules-item + +%d %s rule(s) found. + +# run-action.found-no-violations + +Found 0 violations. + +# run-action.violations-total + +Found %d violation(s) across %d file(s): + +# run-action.violations-item + +%d %s severity violation(s) found. + +# run-action.outfiles-total + +Results written to: diff --git a/messages/config-command.md b/messages/config-command.md index a7d73693f..1339fa37f 100644 --- a/messages/config-command.md +++ b/messages/config-command.md @@ -8,6 +8,8 @@ Code Analyzer gives you the ability to configure settings that modify Code Analy To apply a custom configuration with Code Analyzer, either keep your custom configuration settings in a `code-analyzer.yml` file located in the current folder from which you are executing commands, or specify the location of your custom configuration file to the Code Analyzer commands with the --config-file flag. +We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at http://sfdc.co/CodeAnalyzerFeedback. + # command.examples - Display the current state of the Code Analyzer configuration using the default behavior: display top level configuration, display the engine and rule override settings associated with all the rules that have a "Recommended" tag; and automatically apply any existing custom configuration settings found in a `code-analyzer.yml` or `code-analyzer.yaml` file in the current folder: diff --git a/messages/path-start-util.md b/messages/path-start-util.md index 8c8415903..e40d93bcf 100644 --- a/messages/path-start-util.md +++ b/messages/path-start-util.md @@ -1,7 +1,7 @@ # error.glob-method-conflict -*DRAFT*: Path start point %s is invalid: When specifying a method with the #methodName syntax, glob patterns cannot be used. +Path start point %s is invalid: You can't use glob patterns when specifying a method with the #methodName syntax. # error.negative-globs-unsupported -*DRAFT*: Path start point %s is invalid: Negative globs are unsupported. +Path start point %s is invalid: Negative globs are unsupported. diff --git a/messages/progress-event-listener.md b/messages/progress-event-listener.md index e8f383b91..fee84255f 100644 --- a/messages/progress-event-listener.md +++ b/messages/progress-event-listener.md @@ -5,13 +5,13 @@ Selecting rules Eligible engines: %s; Completion: %d%; Elapsed time: %ds # selection-spinner.finished-status -done. Selected rules from %s. +done. # execution-spinner.action Executing rules # execution-spinner.progress-summary -%d of %d engines still executing after %ds. +%d of %d engines finished after %ds. # execution-spinner.engine-status - %s at %d% completion. diff --git a/messages/results-viewer.md b/messages/results-viewer.md index 4d85513f3..e9e526005 100644 --- a/messages/results-viewer.md +++ b/messages/results-viewer.md @@ -1,11 +1,11 @@ -# summary.detail.found-results - -Found %d violation(s) across %d file(s): - # summary.detail.violation-header %d. %s +# summary.shared.results-relative-to + +Violation file paths relative to '%s'. + # summary.table.found-results Found %d violation(s) across %d file(s) relative to '%s': diff --git a/messages/results-writer.md b/messages/results-writer.md index b29c1060c..03076e48e 100644 --- a/messages/results-writer.md +++ b/messages/results-writer.md @@ -1,3 +1,3 @@ # error.unrecognized-file-format -The output file %s has an unsupported extension. Valid extensions include: .csv; .html/.htm; .json; .junit/.junit.xml; .sarif/.sarif.json; .xml. +The output file %s has an unsupported extension. Valid extensions include: .csv; .html/.htm; .json; .sarif/.sarif.json; .xml. diff --git a/messages/rule-viewer.md b/messages/rule-viewer.md index b6bcf2726..7f150c7de 100644 --- a/messages/rule-viewer.md +++ b/messages/rule-viewer.md @@ -1,11 +1,3 @@ -# summary.found-no-rules - -Found 0 rules. - -# summary.found-rules - -Found %d rule(s): - # summary.detail.header %d. %s diff --git a/messages/rules-command.md b/messages/rules-command.md index d225950b3..7e2e243d3 100644 --- a/messages/rules-command.md +++ b/messages/rules-command.md @@ -8,6 +8,8 @@ You can also view details about the rules, such as the engine it's associated wi Use this command to determine the exact set of rules to analyze your code. The `code-analyzer run` command has similar flags as this command, so once you've determined the flag values for this command that list the rules you want to run, you specify the same values to the `code-analyzer run` command. +We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at http://sfdc.co/CodeAnalyzerFeedback. + # command.examples - List rules using the default behavior: include rules from all engines that have a "Recommended" tag; display the rules using concise table format; and automatically apply rule or engine overrides if a "code-analyzer.yml" or "code-analyzer.yaml" file exists in the current folder: diff --git a/messages/run-command.md b/messages/run-command.md index 154d493b7..bb2ee25d9 100644 --- a/messages/run-command.md +++ b/messages/run-command.md @@ -8,6 +8,8 @@ You can scan your codebase with the recommended rules. Or use flags to filter th If you want to preview the list of rules before you actually run them, use the `code-analyzer rules` command, which also has the "--rules-selector", "--workspace", and "--config-file" flags that together define the list of rules to be run. +We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at http://sfdc.co/CodeAnalyzerFeedback. + # command.examples - Analyze code using the default behavior: analyze the files in the current folder (default workspace) using the Recommended rules; display the output in the terminal with the concise table view; and automatically apply rule or engine overrides if a "code-analyzer.yml" or "code-analyzer.yaml" file exists in the current folder: @@ -120,6 +122,8 @@ Format to display the command results in the terminal. The format `table` is concise and shows minimal output, the format `detail` shows all available information. +If you specify neither --view nor --output-file, then the default table view is shown. If you specify --output-file but not --view, only summary information is shown. + # flags.output-file.summary Output file that contains the analysis results. The file format depends on the extension you specify, such as .csv, .html, .xml, and so on. @@ -131,7 +135,6 @@ If you don't specify this flag, the command outputs the results in the terminal. - .csv - .html or .htm - .json -- .junit or .junit.xml - .sarif or .sarif.json - .xml diff --git a/messages/run-summary-viewer.md b/messages/run-summary-viewer.md deleted file mode 100644 index ab712ae84..000000000 --- a/messages/run-summary-viewer.md +++ /dev/null @@ -1,27 +0,0 @@ -# summary.header - -Summary - -# summary.found-no-violations - -Found 0 violations. - -# summary.violations-total - -Found %d violation(s): - -# summary.violations-item - -%d %s severity violation(s) found. - -# summary.no-outfiles - -No results files were specified. - -# summary.outfiles-total - -Results written to: - -# summary.log-file-location - -Additional log information written to: diff --git a/messages/shared.md b/messages/shared.md index c39149101..f5b76e129 100644 --- a/messages/shared.md +++ b/messages/shared.md @@ -1,7 +1,11 @@ # label.command-state -Developer Preview +Beta # warning.command-state This command is in %s. + +# log.give-us-feedback + +We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at http://sfdc.co/CodeAnalyzerFeedback. diff --git a/messages/workspace-util.md b/messages/workspace-util.md index c9b61fa7f..57b4ac1fe 100644 --- a/messages/workspace-util.md +++ b/messages/workspace-util.md @@ -1,3 +1,3 @@ # error.negative-globs-unsupported -*DRAFT*: Workspace path %s is invalid: Negative globs are unsupported. +Workspace path %s is invalid: Negative globs are unsupported. diff --git a/package.json b/package.json index b7f6f06bd..8ac1cd984 100644 --- a/package.json +++ b/package.json @@ -1,17 +1,18 @@ { "name": "@salesforce/plugin-code-analyzer", "description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.", - "version": "5.0.0-alpha.3", + "version": "5.0.0-beta.0", "author": "Salesforce Code Analyzer Team", "bugs": "https://github.com/forcedotcom/sfdx-scanner/issues", "dependencies": { "@oclif/core": "^3.3.2", - "@salesforce/code-analyzer-core": "0.14.1", - "@salesforce/code-analyzer-engine-api": "0.11.1", - "@salesforce/code-analyzer-eslint-engine": "0.11.1", - "@salesforce/code-analyzer-pmd-engine": "0.11.1", - "@salesforce/code-analyzer-regex-engine": "0.11.1", - "@salesforce/code-analyzer-retirejs-engine": "0.11.1", + "@salesforce/code-analyzer-core": "0.20.2", + "@salesforce/code-analyzer-engine-api": "0.16.1", + "@salesforce/code-analyzer-eslint-engine": "0.17.0", + "@salesforce/code-analyzer-flowtest-engine": "0.16.2", + "@salesforce/code-analyzer-pmd-engine": "0.17.1", + "@salesforce/code-analyzer-regex-engine": "0.16.2", + "@salesforce/code-analyzer-retirejs-engine": "0.16.2", "@salesforce/core": "^5", "@salesforce/sf-plugins-core": "^5.0.4", "@salesforce/ts-types": "^2.0.9", diff --git a/pmd-appexchange/docs/AvoidApiSessionId.md b/pmd-appexchange/docs/AvoidApiSessionId.md new file mode 100644 index 000000000..97a2490a5 --- /dev/null +++ b/pmd-appexchange/docs/AvoidApiSessionId.md @@ -0,0 +1,18 @@ +AvoidApiSessionId[](#avoidapisessionid) +------------------------------------------------------------------------------------------------------------------------------------------------------ + +**Violation:** + + Session ID use may not be approved. + + +**Priority:** High (2) + +**Description:** + + Detects use of Api.Session_ID to retrieve a session ID. For more guidance on approved use cases, read the [Session Id Guidance][https://partners.salesforce.com/sfc/servlet.shepherd/version/download/0684V00000O83jT?asPdf=false&operationContext=CHATTER] document. + +**Example(s):** + + + diff --git a/pmd-appexchange/docs/AvoidApiSessionIdInXML.md b/pmd-appexchange/docs/AvoidApiSessionIdInXML.md new file mode 100644 index 000000000..a8b810832 --- /dev/null +++ b/pmd-appexchange/docs/AvoidApiSessionIdInXML.md @@ -0,0 +1,18 @@ +AvoidApiSessionIdInXML[](#avoidapisessionidinxml) +------------------------------------------------------------------------------------------------------------------------------------------------------ + +**Violation:** + + Session ID use is not approved. + + +**Priority:** High (2) + +**Description:** + + Detects use of Api.Session_ID to retrieve a session ID. For more guidance on approved use cases, read the [Session Id Guidance][https://partners.salesforce.com/sfc/servlet.shepherd/version/download/0684V00000O83jT?asPdf=false&operationContext=CHATTER] document. + +**Example(s):** + + + diff --git a/pmd-appexchange/docs/AvoidAuraAppWithLockerDisabled.md b/pmd-appexchange/docs/AvoidAuraAppWithLockerDisabled.md new file mode 100644 index 000000000..8c01d3458 --- /dev/null +++ b/pmd-appexchange/docs/AvoidAuraAppWithLockerDisabled.md @@ -0,0 +1,18 @@ +AvoidAuraAppWithLockerDisabled[](#avoidauraappwithlockerdisabled) +------------------------------------------------------------------------------------------------------------------------------------------------------ + +**Violation:** + + To enable Lightning Locker, update the apiVersion to version 40 or greater. + + +**Priority:** Critical (1) + +**Description:** + + Detects use of API versions with Lightning Locker disabled in Aura components. Use API version 40 or greater. + +**Example(s):** + + + diff --git a/pmd-appexchange/docs/AvoidAuraCmpWithLockerDisabled.md b/pmd-appexchange/docs/AvoidAuraCmpWithLockerDisabled.md new file mode 100644 index 000000000..998cc0ef1 --- /dev/null +++ b/pmd-appexchange/docs/AvoidAuraCmpWithLockerDisabled.md @@ -0,0 +1,18 @@ +AvoidAuraCmpWithLockerDisabled[](#avoidauracmpwithlockerdisabled) +------------------------------------------------------------------------------------------------------------------------------------------------------ + +**Violation:** + + To enable Lightning Locker, update the apiVersion to version 40 or greater. + + +**Priority:** Critical (1) + +**Description:** + + Detects use of API versions with Lightning Locker disabled in Aura components. Use API version 40 or greater. + +**Example(s):** + + + diff --git a/pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md b/pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md new file mode 100644 index 000000000..c66a30f3d --- /dev/null +++ b/pmd-appexchange/docs/AvoidChangeProtectionUnprotected.md @@ -0,0 +1,18 @@ +AvoidChangeProtectionUnprotected[](#avoidchangeprotectionunprotected) +------------------------------------------------------------------------------------------------------------------------------------------------------ + +**Violation:** + + Ensure appropriate authorization checks are in-place before invoking FeatureManagement.changeProtection called with 'UnProtected' argument. + + +**Priority:** Critical (1) + +**Description:** + + Detects potential misuse of FeatureManagement.changeProtection. + +**Example(s):** + + + diff --git a/pmd-appexchange/docs/AvoidCreateElementScriptLinkTag.md b/pmd-appexchange/docs/AvoidCreateElementScriptLinkTag.md new file mode 100644 index 000000000..0e07ad64a --- /dev/null +++ b/pmd-appexchange/docs/AvoidCreateElementScriptLinkTag.md @@ -0,0 +1,28 @@ +AvoidCreateElementScriptLinkTag[](#avoidcreateelementscriptlinktag) +------------------------------------------------------------------------------------------------------------------------------------------------------ + +**Violation:** + + Load JavaScript/CSS only from static resources. + + +**Priority:** High (2) + +**Description:** + +Detects dynamic creation of script or link tags +Note: This rule identifies the `