Gathering detailed insights and metrics for @semantic-release/exec
Gathering detailed insights and metrics for @semantic-release/exec
🐚 semantic-release plugin to execute custom shell commands
Installations
npm install @semantic-release/execDeveloper
semantic-release
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=14.17
Typescript Support
No
Node Version
16.13.1
NPM Version
7.24.2
Statistics
136 Stars
339 Commits
26 Forks
5 Watching
17 Branches
18 Contributors
Updated on 17 Nov 2024
Bundle Size
144.19 kB
Minified
52.75 kB
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
39,040,104
Last day
11.7%
76,045
Compared to previous day
Last week
7.6%
379,380
Compared to previous week
Last month
13.9%
1,534,371
Compared to previous month
Last year
34.4%
13,960,939
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
6
Versions
@semantic-release/exec
semantic-release plugin to execute custom shell commands.
| Step | Description |
|---|---|
verifyConditions | Execute a shell command to verify if the release should happen. |
analyzeCommits | Execute a shell command to determine the type of release. |
verifyRelease | Execute a shell command to verifying a release that was determined before and is about to be published. |
generateNotes | Execute a shell command to generate the release note. |
prepare | Execute a shell command to prepare the release. |
publish | Execute a shell command to publish the release. |
success | Execute a shell command to notify of a new release. |
fail | Execute a shell command to notify of a failed release. |
Install
1$ npm install @semantic-release/exec -D
Usage
The plugin can be configured in the semantic-release configuration file:
1{ 2 "plugins": [ 3 "@semantic-release/commit-analyzer", 4 "@semantic-release/release-notes-generator", 5 ["@semantic-release/exec", { 6 "verifyConditionsCmd": "./verify.sh", 7 "publishCmd": "./publish.sh ${nextRelease.version} ${branch.name} ${commits.length} ${Date.now()}" 8 }], 9 ] 10}
With this example:
- the shell command
./verify.shwill be executed on the verify conditions step - the shell command
./publish.sh 1.0.0 master 3 870668040000(for the release of version1.0.0from branchmasterwith3commits onAugust 4th, 1997 at 2:14 AM) will be executed on the publish step
Note: it's required to define a plugin for the analyze commits step. If no analyzeCommitsCmd is defined the plugin @semantic-release/commit-analyzer must be defined in the plugins list.
Configuration
Options
| Options | Description |
|---|---|
verifyConditionsCmd | The shell command to execute during the verify condition step. See verifyConditionsCmd. |
analyzeCommitsCmd | The shell command to execute during the analyze commits step. See analyzeCommitsCmd. |
verifyReleaseCmd | The shell command to execute during the verify release step. See verifyReleaseCmd. |
generateNotesCmd | The shell command to execute during the generate notes step. See generateNotesCmd. |
prepareCmd | The shell command to execute during the prepare step. See prepareCmd. |
addChannelCmd | The shell command to execute during the add channel step. See addChannelCmd. |
publishCmd | The shell command to execute during the publish step. See publishCmd. |
successCmd | The shell command to execute during the success step. See successCmd. |
failCmd | The shell command to execute during the fail step. See failCmd. |
shell | The shell to use to run the command. See execa#shell. |
execCwd | The path to use as current working directory when executing the shell commands. This path is relative to the path from which semantic-release is running. For example if semantic-release runs from /my-project and execCwd is set to buildScripts then the shell command will be executed from /my-project/buildScripts |
Each shell command is generated with Lodash template. All the objects passed to the semantic-release plugins are available as template options.
verifyConditionsCmd
Execute a shell command to verify if the release should happen.
| Command property | Description |
|---|---|
exit code | 0 if the verification is successful, or any other exit code otherwise. |
stdout | Write only the reason for the verification to fail. |
stderr | Can be used for logging. |
analyzeCommitsCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | Only the release type (major, minor or patch etc..) can be written to stdout. If no release has to be done the command must not write to stdout. |
stderr | Can be used for logging. |
verifyReleaseCmd
| Command property | Description |
|---|---|
exit code | 0 if the verification is successful, or any other exit code otherwise. |
stdout | Only the reason for the verification to fail can be written to stdout. |
stderr | Can be used for logging. |
generateNotesCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | Only the release note must be written to stdout. |
stderr | Can be used for logging. |
prepareCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | Can be used for logging. |
stderr | Can be used for logging. |
addChannelCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | The release information can be written to stdout as parseable JSON (for example {"name": "Release name", "url": "http://url/release/1.0.0"}). If the command write non parseable JSON to stdout no release information will be returned. |
stderr | Can be used for logging. |
publishCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | The release information can be written to stdout as parseable JSON (for example {"name": "Release name", "url": "http://url/release/1.0.0"}). If the command write non parseable JSON to stdout no release information will be returned. |
stderr | Can be used for logging. |
successCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | Can be used for logging. |
stderr | Can be used for logging. |
failCmd
| Command property | Description |
|---|---|
exit code | Any non 0 code is considered as an unexpected error and will stop the semantic-release execution with an error. |
stdout | Can be used for logging. |
stderr | Can be used for logging. |
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
all dependencies are pinned
Details
- Info: 6 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/semantic-release/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/semantic-release/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/semantic-release/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/semantic-release/.github/.github/SECURITY.md:1
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:12
Reason
0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Reason
Found 0/1 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:10
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More