Merge branch 'master' into fix/DX-1995

Author: cs-raj

.github/workflows/issues-jira.yml

@@ -0,0 +1,31 @@
+name: Create Jira Ticket for Github Issue
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  issue-jira:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Login to Jira
+        uses: atlassian/gajira-login@master
+        env:
+          JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+
+      - name: Create Jira Issue
+        id: create_jira
+        uses: atlassian/gajira-create@master
+        with:
+          project: ${{ secrets.JIRA_PROJECT }}
+          issuetype: ${{ secrets.JIRA_ISSUE_TYPE }}
+          summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }}
+          description: |
+            *GitHub Issue:* ${{ github.event.issue.html_url }}
+            
+            *Description:*
+            ${{ github.event.issue.body }}
+          fields: "${{ secrets.ISSUES_JIRA_FIELDS }}"

.github/workflows/jira.yml

@@ -0,0 +1,46 @@
+name: Checks the security policy and configurations
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-policy:
+    if: github.event.repository.visibility == 'public'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@master
+      - name: Checks for SECURITY.md policy file
+        run: |
+          if ! [[ -f "SECURITY.md" || -f ".github/SECURITY.md" ]]; then exit 1; fi
+  security-license:
+    if: github.event.repository.visibility == 'public'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@master
+      - name: Checks for License file
+        run: |
+          expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt")
+          license_file_found=false
+          current_year=$(date +"%Y")
+
+          for license_file in "${expected_license_files[@]}"; do
+              if  [ -f "$license_file" ]; then
+                 license_file_found=true
+                 # check the license file for the current year, if not exists, exit with error
+                  if  ! grep -q "$current_year" "$license_file"; then
+                      echo "License file $license_file does not contain the current year."
+                      exit 2
+                  fi
+                  break
+              fi        
+          done
+
+          if [ "$license_file_found" = false ]; then
+              echo "No license file found. Please add a license file to the repository."
+              exit 1
+          fi

.github/workflows/policy-scan.yml

@@ -8,43 +8,65 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      # Checkout the repository
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
         with:
-          node-version: "16.x"
-      - run: npm install
+          node-version: "22.x"
+
+      - name: Install dependencies
+        run: npm install
 
-      - name: get-package-details
+      - name: Get package details
         id: package
         uses: codex-team/action-nodejs-package-info@v1.1
-      - name: install npm packall
-        run: npm install npm-pack-all
 
-      - run: node node_modules/.bin/npm-pack-all
-      - uses: Klemensas/action-autotag@stable
+      - name: Install npm pack
+        run: npm install npm-pack
+
+      - name: Pack the npm package
+        run: npm pack
+
+      # Publish package to npm
+      - name: Publish to npm
+        id: publish_npm
+        uses: JS-DevTools/npm-publish@v3
+        with:
+          token: ${{ secrets.NPM_TOKEN }}
+          # access: public # Uncomment this line if you want to publish the package as public for first time
+
+      # Auto-tag new version
+      - name: Auto-tag new version
         id: update_tag
+        uses: Klemensas/action-autotag@stable
         with:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           tag_prefix: "v"
-      - name: Create Release
-        if: steps.update_tag.outputs.tagname
+
+      # Create GitHub Release
+      - name: Create GitHub Release
+        if: steps.update_tag.outputs.tagname != ''
         uses: actions/create-release@v1
         id: create_release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           tag_name: ${{ steps.update_tag.outputs.tagname }}
           release_name: Release ${{ steps.update_tag.outputs.tagname }}
-          draft: false # Default value, but nice to set explicitly
-          prerelease: false # Default value, but nice to set explicitly
+          draft: false
+          prerelease: false
+
+      # Upload release asset
       - name: Upload Release Asset
-        if: steps.update_tag.outputs.tagname
-        id: upload-release-asset
+        if: steps.update_tag.outputs.tagname != ''
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing its ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
-          asset_path: ./${{ steps.package.outputs.name }}-${{ steps.package.outputs.version }}.tgz
-          asset_name: ${{ steps.package.outputs.name }}-${{ steps.package.outputs.version }}.tgz
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: "./contentstack-datasync-filesystem-sdk-${{ steps.package.outputs.version }}.tgz"
+          asset_name: "contentstack-datasync-filesystem-sdk-${{ steps.package.outputs.version }}.tgz"
           asset_content_type: application/tgz

.github/workflows/release.yml

@@ -0,0 +1,29 @@
+name: Secrets Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '2'
+          ref: '${{ github.event.pull_request.head.ref }}'
+      - run: |
+          git reset --soft HEAD~1
+      - name: Install Talisman
+        run: |
+          # Download Talisman
+          wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman
+
+          # Checksum verification
+          checksum=$(sha256sum ./talisman | awk '{print $1}')
+          if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi  
+
+          # Make it executable
+          chmod +x talisman
+      - name: Run talisman
+        run: |
+          # Run Talisman with the pre-commit hook
+          ./talisman --githook pre-commit

.github/workflows/sast-scan.yml

@@ -1,4 +1,7 @@
 fileignoreconfig:
+- filename: .github/workflows/secrets-scan.yml
+  ignore_detectors:
+    - filecontent
 - filename: package-lock.json
   checksum: d86ac5add96a781c3f2df86ee68fc010168aa6cc4cbf1d1ee6d63067a0f1b3e2
 version: ""

.github/workflows/secrets-scan.yml

@@ -8,7 +8,7 @@ Contentstack is a headless CMS with an API-first approach. It is a CMS that deve
 
 ### Prerequisite
 
-- Nodejs, v8 or higher
+- Nodejs, v20 or higher
 - You should have the data synced through [Contentstack DataSync](https://www.contentstack.com/docs/guide/synchronization/contentstack-datasync)
 
 ### Configuration