amclin / aem-packager Goto Github PK

Is your feature request related to a problem? Please describe.
I don't want my projects tied to someone else's idea about structure

Describe the solution you'd like
Ability to specify the paths for where my compiled assets are and where I want the Maven working directory to be.

We need the ability to change the AC Handling (Overwrite, Replace, Merge, MergePreserve etc) to be settable from config, currently it's hardcoded to replace which breaks our install of multiple packages.

In the Filter section fetch MODE settings from config.options.acHandling, default to replace

Thank you very much

Describe the bug
Project dependencies include the compromised module "event-stream"

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Malicious Package                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ flatmap-stream                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm-run-all [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ npm-run-all > ps-tree > event-stream > flatmap-stream        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/737                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

https://nodesecurity.io/advisories/737

npm-run-all fixes this in mysticatea/npm-run-all#149

There have been updates to the commitlint monorepo:

• • The devDependency @commitlint/cli was updated from 8.0.0 to 8.1.0.

• The devDependency @commitlint/config-angular was updated from 8.0.0 to 8.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

This monorepo update includes releases of one or more dependencies which all belong to the commitlint group definition.

commitlint is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

No npm token specified.

An npm token must be created and set in the NPM_TOKEN environment variable on your CI environment.

Please make sure to create an npm token and to set it in the NPM_TOKEN environment variable on your CI environment. The token must allow to publish to the registry https://registry.npmjs.org/.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Is your feature request related to a problem? Please describe.
I hate when projects don't have documentation

Describe the solution you'd like
Update the readme with instructions and examples on how to use this project.

Describe the bug
Tried using the module, and found that when we provide value mappings in package.json, they are not recognized properly. Even after providing buildDir value with a custom path, the package still gets created inside target folder

Expected behavior
buildDir value should be honored for creation of package

Screenshots and Logs
Last line from log : AEM package has been created and can be found in the current user's Maven package repository or in ./target

Environment (please complete the following information):

• OS: Windows and Mac
• Version: [3.1.3]
• NodeJS Version: [18.6.1]
• NPM Version: [9.5.1]

Additional context
Found the root cause. When consolidating the config, instead of calling the method getConfigsFromPackage the method identifier is passed.

Describe the bug
When using this npm package, encountered maven error below:

[ERROR] Failed to execute goal com.day.jcr.vault:content-package-maven-plugin:0.0.24:check-signature (default-check-signature) on project XXX: Execution default check-signature of goal com.day.jcr.vault:content-package-maven-plugin:0.0.24:check-signature failed: A required class was missing while executing com.day.jcr.vault:content-package-maven-plugin:0.0.24:check-signature: org/codehaus/mojo/animal_sniffer/logging/Logger
[ERROR] ------------
[ERROR] realm =. extension>com.day.jcr.vault:content-package-maven-plugin:0.0.24
[ERROR] strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy
[ERROR] urls[0] = file:XXXXXXX/.m2_repo/com/day/jcr/vault/content-package-maven-plugin/0.0.24/content-package-maven-plugin-0.0.24.jar
[ERROR] urls[1] = file:XXXXXXX/.m2_repo/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
[ERROR] Number of foreign imports: 1

To Reproduce
Unable to reproduce this issue on different machines. I use a Mac with Maven 3.9 and OpenJDK11. It works fine wrt building the package. But in my office network where there are more restrictions, I encountered the error stated above with Windows 10, Maven 3.8 and JDK 11.

Expected behavior
Should be consistent across platforms

Screenshots and Logs
Shared above

Environment (please complete the following information):

• OS: [Windows 10]
• Version: [3.1.3]
• NodeJS Version: [18.x]
• NPM Version: [9.x]

Additional context
Instead of trying to identify rootcause, it may be worth switching to jackrabbit package maven plugin which is the new one even Adobe recommends, and we tested the same to confirm there are no such errors. Will be sending a PR for this.

Is your feature request related to a problem? Please describe.
Having a very long package.json makes it hard to maintain when many different NPM modules require settings to be populated in that file.

Describe the solution you'd like
I would like to be able to define the AEM properties in a dedicated config file independently of package.json

Additional context
YAML support would be ideal so that the file can support comments (unlike JSON)

Describe the bug
NPM package setting configurations don't work with Node 8. GroupId is no longer passed through from package.json to the generated package

To Reproduce
Steps to reproduce the behavior:

1. Set the groupId in package.json
2. Run aem-packager
3. Observe the contents of the generated package

Expected behavior
GroupId is passed through

Screenshots and Logs

Environment (please complete the following information):

• OS: OSX
• Version: Monterey
• NodeJS Version: v16.13.0
• NPM Version: v8.1.0

Additional context
Starting in NPM 8 (possibly NPM 7? but that's not a LTS version) the variables in process.env that are namespaced npm_package_ are no longer available. The only one passed through is npm_package_version. Other expected ones like npm_package_aem-packager_groupId are no longer available, presumably for security reasons. See #385

Needs some research to identify the preferred method of passing these variables in newer NPM and if this breaks the various methods currently supported for providing configurations to aem-packager
npm/cli#2609
https://github.com/npm/rfcs/blob/main/implemented/0021-reduce-lifecycle-script-environment.md

Describe the bug
Security vulnerability in transitive devDependency minimist
https://github.com/amclin/aem-packager/network/alert/package-lock.json/minimist/open

Cannot be automatically fixed. Might just need an npm audit fix

Is your feature request related to a problem? Please describe.
Having extraneous warnings in logs makes it harder to identify problems. Running this plugin generates maven warnings that can probably be avoided.

Describe the solution you'd like
Maven warns against having dynamic values in specific properties to reduce the risk of generating malformed packages. The normal expectation is that these properties are defined explicitilty as the pom.xml is the source of truth. However, since this plugin moves the responsibility of the source of truth outside of Maven to the NPM package, they must be dynamically populated.

Investigate alternative approaches to specifying these required details without triggering warnings. A few options could include

1. Changing how variables are used in the pom.xml to not rely on package properties
2. Generating temporary static pom.xml files instead of using Maven variables

Additional context
Maven log:

Starting AEM Packager.
Processing list of Defines.
Generating a default JCR installation path.
Package contents will be installed to /apps/com.github.amclin/npm-packager-example/clientlibs
Running AEM Packager for com.github.amclin.npm-packager-example
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for com.github.amclin:npm-packager-example:content-package:1.0.0
[WARNING] 'groupId' contains an expression but should be a constant. @ ${npmgroupId}:${npmartifactId}:${npmversion}, /Users/amclin/git/aem-packager/src/pom.xml, line 10, column 11
[WARNING] 'artifactId' contains an expression but should be a constant. @ ${npmgroupId}:${npmartifactId}:${npmversion}, /Users/amclin/git/aem-packager/src/pom.xml, line 11, column 14
[WARNING] 'version' contains an expression but should be a constant. @ ${npmgroupId}:${npmartifactId}:${npmversion}, /Users/amclin/git/aem-packager/src/pom.xml, line 12, column 11
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 

Is your feature request related to a problem? Please describe.
The default AEM package information generated from an NPM project may not match what's expected naming conventions when that package is installed into a running AEM instance.

Describe the solution you'd like
I would like to be able to specify the values used for the AEM package name, group, and version, instead of relying on the values auto-retrieved from my NPM package.json

NPM modules support a syntax for the name that defines the organization and the project:
https://docs.npmjs.com/files/package.json
@myorg/mypackage

This syntax is not safe for Maven package names, but would be a good option if parsed and split so that "myorg" is used for the Maven/AEM groupId, and "mypackage" is used for the package name.

Hello! We're using your package in frontend projects worked on by developers without Java/Maven installed on their systems. That should normally be just fine, since we're only running this package in our CI system (local development doesn't require packaging for AEM). However, due to your preinstall script that runs mvn -v, developers get an error about mvn not being found when they attempt to do a simple npm install on the frontend project. Would it be possible to remove that preinstall script so that developers aren't required to install Java/Maven?

Our workaround in the meantime is to run npm install --ignore-scripts instead.

Thanks!

Describe the bug
The jcrPath option is not used currently.

To Reproduce
Steps to reproduce the behavior:

1. Define jcrPath
2. Build
3. Observe default directory used

Expected behavior
Expect the built package to use the jcrPath defined in the options.

Environment (please complete the following information):
Not relevant

Additional context
I fixed this in a fork, will PR it :). Looks like there is a different method used when grabbing the options passed jcrRoot vs srcDir and buildDir; grabbing jcrPath using the resolvePath method like the other options corrects this.

Is your feature request related to a problem? Please describe.
Not all projects are going to be clientlibs projects. Sometimes I have custom path needs for where in the JCR my AEM package contents are installed

Describe the solution you'd like
I would like to be able to specify the JCR installation path via configuration.

I would like an option to choose the output folder myself via config

I would like an option to not include the datetime-stamp in the output filename

The details provided by an NPM project's package.json should be automatically used to populate the information in the compiled maven package.

When building my project (either locally or via Jenkins), the default groupId is loaded instead of what is in "aem-packager" under package.json

Steps to reproduce the behavior:

1. Run command aem-packager
2. Logs...

Starting AEM Packager.
Processing list of Defines.
Generating a default JCR installation path.
Package contents will be installed to /apps/npm/corporate-frontend-svelte/clientlibs
Running AEM Packager for npm.corporate-frontend-svelte

Expected behavior

Starting AEM Packager.
Processing list of Defines.
Generating a default JCR installation path.
Package contents will be installed to /apps/au.industry.city/corporate-frontend-svelte/clientlibs
Running AEM Packager for au.industry.city.corporate-frontend-svelte

Environment (please complete the following information):

• OS: Linux/Mac
• NodeJS Version: 14.17.3
• NPM Version: 6.14.13

Is your feature request related to a problem? Please describe.
It is common to have a Maven Profile to install the package into an AEM instance. It would be nice to have that here.

Describe the solution you'd like
A flag to auto-install the package into an AEM instance.

Describe alternatives you've considered
I'm currently using the AEM curl command to install the package after the package has been built.

Additional context

Travis CI now limits the monthly amount of build minutes, which means the automation in place on this project cannot run to keep security patches going.

Example:
#281

Need to migrate to GitHub actions.

The dependency command-line-args was updated from 5.1.0 to 5.1.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

command-line-args is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Travis-ci builds failing, probably due to shift in Node version tags for NVM:
https://travis-ci.com/github/amclin/aem-packager/jobs/347626071

This is preventing dependabot from merging #227