amclin / aem-packager Goto Github PK
View Code? Open in Web Editor NEWA node plugin that creates AEM packages installable through the Adobe Experience Manager package manager.
License: MIT License
A node plugin that creates AEM packages installable through the Adobe Experience Manager package manager.
License: MIT License
Is your feature request related to a problem? Please describe.
I don't want my projects tied to someone else's idea about structure
Describe the solution you'd like
Ability to specify the paths for where my compiled assets are and where I want the Maven working directory to be.
We need the ability to change the AC Handling (Overwrite, Replace, Merge, MergePreserve etc) to be settable from config, currently it's hardcoded to replace which breaks our install of multiple packages.
In the Filter section fetch MODE settings from config.options.acHandling, default to replace
Thank you very much
Describe the bug
Project dependencies include the compromised module "event-stream"
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Malicious Package │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ flatmap-stream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm-run-all [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm-run-all > ps-tree > event-stream > flatmap-stream │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/737 │
└───────────────┴──────────────────────────────────────────────────────────────┘
https://nodesecurity.io/advisories/737
npm-run-all fixes this in mysticatea/npm-run-all#149
devDependency
@commitlint/cli was updated from 8.0.0
to 8.1.0
.devDependency
@commitlint/config-angular was updated from 8.0.0
to 8.1.0
.This version is covered by your current version range and after updating it in your project the build failed.
This monorepo update includes releases of one or more dependencies which all belong to the commitlint group definition.
commitlint is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 39 commits.
c17420d
v8.1.0
ca19d70
chore: update dependency lodash to v4.17.14 (#724)
5757ef2
build(deps): bump lodash.template from 4.4.0 to 4.5.0 (#721)
5b5f855
build(deps): bump lodash.merge from 4.6.0 to 4.6.2 (#722)
4cb979d
build(deps): bump lodash from 4.17.11 to 4.17.13 (#723)
a89c1ba
chore: add devcontainer setup
9aa5709
chore: pin dependencies (#714)
c9ef5e2
chore: centralize typescript and jest setups (#710)
c9dcf1a
chore: pin dependencies (#708)
6a6a8b0
refactor: rewrite top level to typescript (#679)
0fedbc0
chore: update dependency @types/jest to v24.0.15 (#694)
0b9c7ed
chore: update dependency typescript to v3.5.2 (#695)
4efb34b
chore: update dependency globby to v10 (#705)
804af8b
chore: update dependency lint-staged to v8.2.1 (#696)
9075844
fix: add explicit dependency on chalk (#687)
There are 39 commits in total.
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
master
branch failed. 🚨I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here is some links that can help you:
If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.
An npm token must be created and set in the NPM_TOKEN
environment variable on your CI environment.
Please make sure to create an npm token and to set it in the NPM_TOKEN
environment variable on your CI environment. The token must allow to publish to the registry https://registry.npmjs.org/
.
Good luck with your project ✨
Your semantic-release bot 📦🚀
Is your feature request related to a problem? Please describe.
I hate when projects don't have documentation
Describe the solution you'd like
Update the readme with instructions and examples on how to use this project.
Describe the bug
Tried using the module, and found that when we provide value mappings in package.json, they are not recognized properly. Even after providing buildDir value with a custom path, the package still gets created inside target folder
Expected behavior
buildDir value should be honored for creation of package
Screenshots and Logs
Last line from log : AEM package has been created and can be found in the current user's Maven package repository or in ./target
Environment (please complete the following information):
Additional context
Found the root cause. When consolidating the config, instead of calling the method getConfigsFromPackage
the method identifier is passed.
Describe the bug
When using this npm package, encountered maven error below:
[ERROR] Failed to execute goal com.day.jcr.vault:content-package-maven-plugin:0.0.24:check-signature (default-check-signature) on project XXX: Execution default check-signature of goal com.day.jcr.vault:content-package-maven-plugin:0.0.24:check-signature failed: A required class was missing while executing com.day.jcr.vault:content-package-maven-plugin:0.0.24:check-signature: org/codehaus/mojo/animal_sniffer/logging/Logger
[ERROR] ------------
[ERROR] realm =. extension>com.day.jcr.vault:content-package-maven-plugin:0.0.24
[ERROR] strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy
[ERROR] urls[0] = file:XXXXXXX/.m2_repo/com/day/jcr/vault/content-package-maven-plugin/0.0.24/content-package-maven-plugin-0.0.24.jar
[ERROR] urls[1] = file:XXXXXXX/.m2_repo/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
[ERROR] Number of foreign imports: 1
To Reproduce
Unable to reproduce this issue on different machines. I use a Mac with Maven 3.9 and OpenJDK11. It works fine wrt building the package. But in my office network where there are more restrictions, I encountered the error stated above with Windows 10, Maven 3.8 and JDK 11.
Expected behavior
Should be consistent across platforms
Screenshots and Logs
Shared above
Environment (please complete the following information):
Additional context
Instead of trying to identify rootcause, it may be worth switching to jackrabbit package maven plugin which is the new one even Adobe recommends, and we tested the same to confirm there are no such errors. Will be sending a PR for this.
Is your feature request related to a problem? Please describe.
Having a very long package.json makes it hard to maintain when many different NPM modules require settings to be populated in that file.
Describe the solution you'd like
I would like to be able to define the AEM properties in a dedicated config file independently of package.json
Additional context
YAML support would be ideal so that the file can support comments (unlike JSON)
Describe the bug
NPM package setting configurations don't work with Node 8. GroupId is no longer passed through from package.json to the generated package
To Reproduce
Steps to reproduce the behavior:
groupId
in package.jsonExpected behavior
GroupId is passed through
Screenshots and Logs
Environment (please complete the following information):
Additional context
Starting in NPM 8 (possibly NPM 7? but that's not a LTS version) the variables in process.env
that are namespaced npm_package_
are no longer available. The only one passed through is npm_package_version
. Other expected ones like npm_package_aem-packager_groupId
are no longer available, presumably for security reasons. See #385
Needs some research to identify the preferred method of passing these variables in newer NPM and if this breaks the various methods currently supported for providing configurations to aem-packager
npm/cli#2609
https://github.com/npm/rfcs/blob/main/implemented/0021-reduce-lifecycle-script-environment.md
Describe the bug
Security vulnerability in transitive devDependency minimist
https://github.com/amclin/aem-packager/network/alert/package-lock.json/minimist/open
Cannot be automatically fixed. Might just need an npm audit fix
Is your feature request related to a problem? Please describe.
Having extraneous warnings in logs makes it harder to identify problems. Running this plugin generates maven warnings that can probably be avoided.
Describe the solution you'd like
Maven warns against having dynamic values in specific properties to reduce the risk of generating malformed packages. The normal expectation is that these properties are defined explicitilty as the pom.xml is the source of truth. However, since this plugin moves the responsibility of the source of truth outside of Maven to the NPM package, they must be dynamically populated.
Investigate alternative approaches to specifying these required details without triggering warnings. A few options could include
Additional context
Maven log:
Starting AEM Packager.
Processing list of Defines.
Generating a default JCR installation path.
Package contents will be installed to /apps/com.github.amclin/npm-packager-example/clientlibs
Running AEM Packager for com.github.amclin.npm-packager-example
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.github.amclin:npm-packager-example:content-package:1.0.0
[WARNING] 'groupId' contains an expression but should be a constant. @ ${npmgroupId}:${npmartifactId}:${npmversion}, /Users/amclin/git/aem-packager/src/pom.xml, line 10, column 11
[WARNING] 'artifactId' contains an expression but should be a constant. @ ${npmgroupId}:${npmartifactId}:${npmversion}, /Users/amclin/git/aem-packager/src/pom.xml, line 11, column 14
[WARNING] 'version' contains an expression but should be a constant. @ ${npmgroupId}:${npmartifactId}:${npmversion}, /Users/amclin/git/aem-packager/src/pom.xml, line 12, column 11
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
Is your feature request related to a problem? Please describe.
The default AEM package information generated from an NPM project may not match what's expected naming conventions when that package is installed into a running AEM instance.
Describe the solution you'd like
I would like to be able to specify the values used for the AEM package name, group, and version, instead of relying on the values auto-retrieved from my NPM package.json
NPM modules support a syntax for the name that defines the organization and the project:
https://docs.npmjs.com/files/package.json
@myorg/mypackage
This syntax is not safe for Maven package names, but would be a good option if parsed and split so that "myorg" is used for the Maven/AEM groupId, and "mypackage" is used for the package name.
Hello! We're using your package in frontend projects worked on by developers without Java/Maven installed on their systems. That should normally be just fine, since we're only running this package in our CI system (local development doesn't require packaging for AEM). However, due to your preinstall script that runs mvn -v
, developers get an error about mvn
not being found when they attempt to do a simple npm install
on the frontend project. Would it be possible to remove that preinstall script so that developers aren't required to install Java/Maven?
Our workaround in the meantime is to run npm install --ignore-scripts
instead.
Thanks!
Describe the bug
The jcrPath
option is not used currently.
To Reproduce
Steps to reproduce the behavior:
jcrPath
Expected behavior
Expect the built package to use the jcrPath
defined in the options.
Environment (please complete the following information):
Not relevant
Additional context
I fixed this in a fork, will PR it :). Looks like there is a different method used when grabbing the options passed jcrRoot
vs srcDir
and buildDir
; grabbing jcrPath using the resolvePath
method like the other options corrects this.
Is your feature request related to a problem? Please describe.
Not all projects are going to be clientlibs projects. Sometimes I have custom path needs for where in the JCR my AEM package contents are installed
Describe the solution you'd like
I would like to be able to specify the JCR installation path via configuration.
I would like an option to choose the output folder myself via config
I would like an option to not include the datetime-stamp in the output filename
The details provided by an NPM project's package.json should be automatically used to populate the information in the compiled maven package.
When building my project (either locally or via Jenkins), the default groupId is loaded instead of what is in "aem-packager" under package.json
Steps to reproduce the behavior:
aem-packager
Starting AEM Packager.
Processing list of Defines.
Generating a default JCR installation path.
Package contents will be installed to /apps/npm/corporate-frontend-svelte/clientlibs
Running AEM Packager for npm.corporate-frontend-svelte
Expected behavior
Starting AEM Packager.
Processing list of Defines.
Generating a default JCR installation path.
Package contents will be installed to /apps/au.industry.city/corporate-frontend-svelte/clientlibs
Running AEM Packager for au.industry.city.corporate-frontend-svelte
Environment (please complete the following information):
Is your feature request related to a problem? Please describe.
It is common to have a Maven Profile to install the package into an AEM instance. It would be nice to have that here.
Describe the solution you'd like
A flag to auto-install the package into an AEM instance.
Describe alternatives you've considered
I'm currently using the AEM curl command to install the package after the package has been built.
Additional context
Travis CI now limits the monthly amount of build minutes, which means the automation in place on this project cannot run to keep security patches going.
Example:
#281
Need to migrate to GitHub actions.
5.1.0
to 5.1.1
.This version is covered by your current version range and after updating it in your project the build failed.
command-line-args is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
The new version differs by 7 commits.
b07cb35
5.1.1
e28c9b0
use .indexOf instead of .includes for node v4 compatibility
b9860f4
add tests and support for '--exec='
62cca98
Merge branch 'parse-correctly-when-eval-option' of https://github.com/zawataki/command-line-args into zawataki-parse-correctly-when-eval-option
f87d7ba
Merge pull request #100 from zawataki/master
3da987f
Parse correctly when Node runs with --eval or -e
e88e500
Make git ignore node_modules directory
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Travis-ci builds failing, probably due to shift in Node version tags for NVM:
https://travis-ci.com/github/amclin/aem-packager/jobs/347626071
This is preventing dependabot from merging #227
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.