Scaffold safe-chain-bun setup command

2026-05-26 12:10:49 +00:00 · 2025-09-05 15:34:57 +02:00 · 2025-09-05 15:34:57 +02:00 · 59762d2472
commit 59762d2472
parent 8f6742504f
4 changed files with 80 additions and 11 deletions
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@ -27,8 +27,10 @@ jobs:
          version="${{ github.ref_name }}"
          echo "tag=$version" >> $GITHUB_OUTPUT

-      - name: Set the version in safe-chain package
-        run: npm --no-git-tag-version version ${{ steps.get_version.outputs.tag }} --workspace=packages/safe-chain
+      - name: Set the version in both packages
+        run: |
+          npm --no-git-tag-version version ${{ steps.get_version.outputs.tag }} --workspace=packages/safe-chain
+          npm --no-git-tag-version version ${{ steps.get_version.outputs.tag }} --workspace=packages/safe-chain-bun

      - name: Install dependencies
        run: npm ci
@ -42,9 +44,24 @@ jobs:
          cp LICENSE packages/safe-chain/
          cp -r docs packages/safe-chain/

-      - name: Publish to npm
+      - name: Publish safe-chain to npm
        run: |
-          echo "Publishing version ${{ steps.get_version.outputs.tag }} to NPM"
+          echo "Publishing safe-chain version ${{ steps.get_version.outputs.tag }} to NPM"
          npm publish --workspace=packages/safe-chain --access public
        env:
          NPM_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
+
+      - name: Update safe-chain-bun dependency for publishing
+        run: |
+          # During development, safe-chain-bun uses "file:../safe-chain" to depend on the local package
+          # This works great for local development but breaks when published to npm registry
+          # We need to replace it with the actual version number so users can install from npm
+          # Changes: "@aikidosec/safe-chain": "file:../safe-chain" → "@aikidosec/safe-chain": "1.0.0"
+          sed -i 's/"@aikidosec\/safe-chain": "file:..\/safe-chain"/"@aikidosec\/safe-chain": "${{ steps.get_version.outputs.tag }}"/g' packages/safe-chain-bun/package.json
+
+      - name: Publish safe-chain-bun to npm
+        run: |
+          echo "Publishing safe-chain-bun version ${{ steps.get_version.outputs.tag }} to NPM"
+          npm publish --workspace=packages/safe-chain-bun --access public
+        env:
+          NPM_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
--- a/.github/workflows/test-on-pr.yml
+++ b/.github/workflows/test-on-pr.yml
@ -26,14 +26,16 @@ jobs:
      - name: Run ESLint
        run: npm run lint

-      - name: Create package tarball
-        run: npm pack --workspace=packages/safe-chain
+      - name: Create package tarballs
+        run: |
+          npm pack --workspace=packages/safe-chain
+          npm pack --workspace=packages/safe-chain-bun

-      - name: Upload package tarball
+      - name: Upload package tarballs
        uses: actions/upload-artifact@v4
        with:
-          name: safe-chain-package
-          path: aikidosec-safe-chain-*.tgz
+          name: safe-chain-packages
+          path: aikidosec-*.tgz

  e2e-tests:
    name: Run E2E tests
--- a/packages/safe-chain-bun/bin/safe-chain-bun.js
+++ b/packages/safe-chain-bun/bin/safe-chain-bun.js
@ -0,0 +1,41 @@
+#!/usr/bin/env node
+
+// Placeholder for setup function - will be implemented in next step
+function setup(configFile) {
+  console.log("Setup functionality coming soon...");
+  console.log("Target config file:", configFile || "~/.bunfig.toml");
+}
+
+if (process.argv.length < 3) {
+  console.error("No command provided. Please provide a command to execute.");
+  console.log();
+  writeHelp();
+  process.exit(1);
+}
+
+const command = process.argv[2];
+
+if (command === "help" || command === "--help" || command === "-h") {
+  writeHelp();
+  process.exit(0);
+}
+
+if (command === "setup") {
+  const configFile = process.argv[3];
+  setup(configFile);
+} else {
+  console.error(`Unknown command: ${command}.`);
+  console.log();
+  writeHelp();
+  process.exit(1);
+}
+
+function writeHelp() {
+  console.log("Usage: safe-chain-bun <command>");
+  console.log();
+  console.log("Available commands: setup, help");
+  console.log();
+  console.log("- safe-chain-bun setup: Register Safe-Chain-Bun as a security scanner in ~/.bunfig.toml");
+  console.log("- safe-chain-bun setup <file>: Register Safe-Chain-Bun as a security scanner in specified bunfig.toml file");
+  console.log();
+}
--- a/packages/safe-chain-bun/package.json
+++ b/packages/safe-chain-bun/package.json
@ -3,6 +3,9 @@
  "version": "1.0.0",
  "type": "module",
  "main": "src/index.js",
+  "bin": {
+    "safe-chain-bun": "bin/safe-chain-bun.js"
+  },
  "scripts": {
    "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'"
  },
@ -12,7 +15,13 @@
      "default": "./src/index.js"
    }
  },
-  "keywords": ["bun", "security", "scanner", "malware", "aikido"],
+  "keywords": [
+    "bun",
+    "security",
+    "scanner",
+    "malware",
+    "aikido"
+  ],
  "author": "Aikido Security",
  "license": "AGPL-3.0-or-later",
  "description": "Aikido Security Scanner for Bun package manager - detects malware and security threats during package installation",