diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 83c11d9..a372e1e 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -11,23 +11,38 @@ permissions: jobs: set-version: + name: Set version number runs-on: ubuntu-latest outputs: version: ${{ steps.get_version.outputs.tag }} + is_prerelease: ${{ steps.check_prerelease.outputs.is_prerelease }} steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Set version number id: get_version run: | version="${{ github.ref_name }}" echo "tag=$version" >> $GITHUB_OUTPUT + - name: Check if pre-release + id: check_prerelease + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + IS_PRERELEASE=$(gh release view ${{ steps.get_version.outputs.tag }} --json isPrerelease --jq '.isPrerelease') + echo "is_prerelease=$IS_PRERELEASE" >> $GITHUB_OUTPUT + echo "Release ${{ steps.get_version.outputs.tag }} is pre-release: $IS_PRERELEASE" + create-binaries: needs: set-version uses: ./.github/workflows/create-artifact.yml with: version: ${{ needs.set-version.outputs.version }} - build: + publish-binaries: + name: Publish to GitHub release needs: [set-version, create-binaries] runs-on: ubuntu-latest @@ -35,37 +50,6 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - - name: Set up Node.js - uses: actions/setup-node@v3 - with: - node-version: "lts/*" - registry-url: "https://registry.npmjs.org/" - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} - - - name: Setup safe-chain - run: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci - - - name: Set the version in safe-chain package - run: npm --no-git-tag-version version ${{ needs.set-version.outputs.version }} --workspace=packages/safe-chain - - - name: Install dependencies - run: npm ci - - - name: Run tests - run: npm run test - - - name: Copy documentation files to package - run: | - cp README.md packages/safe-chain/ - cp LICENSE packages/safe-chain/ - cp -r docs packages/safe-chain/ - - - name: Publish to npm - run: | - echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM" - npm publish --workspace=packages/safe-chain --access public --provenance - - name: Download all binary artifacts uses: actions/download-artifact@v4 with: @@ -107,3 +91,44 @@ jobs: release-artifacts/install-safe-chain.ps1 \ release-artifacts/uninstall-safe-chain.sh \ release-artifacts/uninstall-safe-chain.ps1 + + publish-npm: + name: Publish to npm + needs: [set-version, create-binaries] + if: needs.set-version.outputs.is_prerelease != 'true' + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: "lts/*" + registry-url: "https://registry.npmjs.org/" + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} + + - name: Setup safe-chain + run: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci + + - name: Set the version in safe-chain package + run: npm --no-git-tag-version version ${{ needs.set-version.outputs.version }} --workspace=packages/safe-chain + + - name: Install dependencies + run: npm ci + + - name: Run tests + run: npm run test + + - name: Copy documentation files to package + run: | + cp README.md packages/safe-chain/ + cp LICENSE packages/safe-chain/ + cp -r docs packages/safe-chain/ + + - name: Publish to npm + run: | + echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM" + npm publish --workspace=packages/safe-chain --access public --provenance diff --git a/README.md b/README.md index a13395c..f08daad 100644 --- a/README.md +++ b/README.md @@ -33,8 +33,6 @@ Aikido Safe Chain supports the following package managers: Installing the Aikido Safe Chain is easy with our one-line installer. -> ⚠️ **Already installed via npm?** See the [migration guide](https://github.com/AikidoSec/safe-chain/blob/main/docs/npm-to-binary-migration.md) to switch to the binary version. - ### Unix/Linux/macOS ```shell @@ -206,6 +204,7 @@ You can set the minimum package age through multiple sources (in order of priori Configure Safe Chain to scan packages from custom or private registries. Supported ecosystems: + - Node.js - Python @@ -348,5 +347,4 @@ pipeline { } ``` - After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection. diff --git a/install-scripts/install-safe-chain.sh b/install-scripts/install-safe-chain.sh index 94a9b55..80e4493 100755 --- a/install-scripts/install-safe-chain.sh +++ b/install-scripts/install-safe-chain.sh @@ -159,6 +159,66 @@ remove_volta_installation() { fi } +# Check and uninstall nvm-managed package if present across all Node versions +remove_nvm_installation() { + # This script is run in sh shell for greatest compatibility. + # Because nvm is usually setup in bash/zsh/fish startup scripts, we need to source it. + # Otherwise it won't be available in sh. + if [ -s "$HOME/.nvm/nvm.sh" ]; then + # Source nvm to make it available in this script + . "$HOME/.nvm/nvm.sh" >/dev/null 2>&1 + elif [ -s "$NVM_DIR/nvm.sh" ]; then + . "$NVM_DIR/nvm.sh" >/dev/null 2>&1 + fi + + # Check if nvm is now available + if ! command_exists nvm; then + return + fi + + nvm_versions=$(nvm list 2>/dev/null | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' || echo "") + + if [ -z "$nvm_versions" ]; then + return + fi + + # Track if we found any installations + found_installation=false + uninstall_failed=false + current_version=$(nvm current 2>/dev/null || echo "") + + # Check each version for safe-chain installation + for version in $nvm_versions; do + # Check if this version has safe-chain installed + # Use nvm exec to run npm list in the context of that Node version + if nvm exec "$version" npm list -g @aikidosec/safe-chain >/dev/null 2>&1; then + if [ "$found_installation" = false ]; then + info "Detected nvm installation(s) of @aikidosec/safe-chain" + info "Uninstalling from all Node versions..." + found_installation=true + fi + + info " Removing from Node $version..." + if nvm exec "$version" npm uninstall -g @aikidosec/safe-chain >/dev/null 2>&1; then + info " Successfully uninstalled from Node $version" + else + warn " Failed to uninstall from Node $version" + uninstall_failed=true + fi + fi + done + + # Restore original Node version if it was set + if [ -n "$current_version" ] && [ "$current_version" != "none" ] && [ "$current_version" != "system" ]; then + nvm use "$current_version" >/dev/null 2>&1 || true + fi + + # If any uninstall failed, error out instead of continuing + if [ "$uninstall_failed" = true ]; then + error "Failed to uninstall @aikidosec/safe-chain from all nvm Node versions. Please uninstall manually and try again." + fi +} + # Parse command-line arguments parse_arguments() { for arg in "$@"; do @@ -204,9 +264,10 @@ main() { info "$INSTALL_MSG" - # Check for existing safe-chain installation through npm or volta + # Check for existing safe-chain installation through nvm, volta, or npm remove_npm_installation remove_volta_installation + remove_nvm_installation # Detect platform OS=$(detect_os) diff --git a/install-scripts/uninstall-safe-chain.sh b/install-scripts/uninstall-safe-chain.sh index 4b2d7ec..e208319 100755 --- a/install-scripts/uninstall-safe-chain.sh +++ b/install-scripts/uninstall-safe-chain.sh @@ -75,6 +75,68 @@ remove_volta_installation() { fi } +# Check and uninstall nvm-managed package if present across all Node versions +remove_nvm_installation() { + # This script is run in sh shell for greatest compatibility. + # Because nvm is usually setup in bash/zsh/fish startup scripts, we need to source it. + # Otherwise it won't be available in sh. + if [ -s "$HOME/.nvm/nvm.sh" ]; then + # Source nvm to make it available in this script + . "$HOME/.nvm/nvm.sh" >/dev/null 2>&1 + elif [ -s "$NVM_DIR/nvm.sh" ]; then + . "$NVM_DIR/nvm.sh" >/dev/null 2>&1 + fi + + # Check if nvm is now available + if ! command_exists nvm; then + return + fi + + # Get list of installed Node versions + nvm_versions=$(nvm list 2>/dev/null | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' || echo "") + + if [ -z "$nvm_versions" ]; then + return + fi + + # Track if we found any installations + found_installation=false + uninstall_failed=false + current_version=$(nvm current 2>/dev/null || echo "") + + # Check each version for safe-chain installation + for version in $nvm_versions; do + # Check if this version has safe-chain installed + # Use nvm exec to run npm list in the context of that Node version + if nvm exec "$version" npm list -g @aikidosec/safe-chain >/dev/null 2>&1; then + if [ "$found_installation" = false ]; then + info "Detected nvm installation(s) of @aikidosec/safe-chain" + info "Uninstalling from all Node versions..." + found_installation=true + fi + + info " Removing from Node $version..." + if nvm exec "$version" npm uninstall -g @aikidosec/safe-chain >/dev/null 2>&1; then + info " Successfully uninstalled from Node $version" + else + warn " Failed to uninstall from Node $version" + uninstall_failed=true + fi + fi + done + + # Restore original Node version if it was set + if [ -n "$current_version" ] && [ "$current_version" != "none" ] && [ "$current_version" != "system" ]; then + nvm use "$current_version" >/dev/null 2>&1 || true + fi + + # Show warning if any uninstall failed (but don't error out during uninstall) + if [ "$uninstall_failed" = true ]; then + warn "Failed to uninstall @aikidosec/safe-chain from some nvm Node versions" + warn "You may need to manually run: nvm exec npm uninstall -g @aikidosec/safe-chain" + fi +} + # Main uninstallation main() { SAFE_CHAIN_LOCATION="$INSTALL_DIR/safe-chain" @@ -89,8 +151,10 @@ main() { warn "safe-chain command not found. Proceeding with uninstallation." fi + # Check for existing safe-chain installation through nvm, volta, or npm remove_npm_installation remove_volta_installation + remove_nvm_installation # Remove install dir recursively if it exists if [ -d "$INSTALL_DIR" ]; then