diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 788f7a9f..0b836e11 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,4 +13,4 @@ # limitations under the License. docker: image: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest - digest: sha256:fe04ae044dadf5ad88d979dbcc85e0e99372fb5d6316790341e6aca5e4e3fbc8 + digest: sha256:e6d785d6de3cab027f6213d95ccedab4cab3811b0d3172b78db2216faa182e32 diff --git a/.kokoro/publish.sh b/.kokoro/publish.sh index 949e3e1d..ca1d47af 100755 --- a/.kokoro/publish.sh +++ b/.kokoro/publish.sh @@ -27,4 +27,16 @@ NPM_TOKEN=$(cat $KOKORO_KEYSTORE_DIR/73713_google-cloud-npm-token-1) echo "//wombat-dressing-room.appspot.com/:_authToken=${NPM_TOKEN}" > ~/.npmrc npm install -npm publish --access=public --registry=https://wombat-dressing-room.appspot.com +npm pack . +# npm provides no way to specify, observe, or predict the name of the tarball +# file it generates. We have to look in the current directory for the freshest +# .tgz file. +TARBALL=$(ls -1 -t *.tgz | head -1) + +npm publish --access=public --registry=https://wombat-dressing-room.appspot.com "$TARBALL" + +# Kokoro collects *.tgz and package-lock.json files and stores them in Placer +# so we can generate SBOMs and attestations. +# However, we *don't* want Kokoro to collect package-lock.json and *.tgz files +# that happened to be installed with dependencies. +find node_modules -name package-lock.json -o -name "*.tgz" | xargs rm -f \ No newline at end of file diff --git a/.kokoro/release/publish.cfg b/.kokoro/release/publish.cfg index c5496ac0..0c4204f1 100644 --- a/.kokoro/release/publish.cfg +++ b/.kokoro/release/publish.cfg @@ -37,3 +37,15 @@ env_vars: { key: "TRAMPOLINE_BUILD_FILE" value: "github/github-repo-automation/.kokoro/publish.sh" } + +# Store the packages we uploaded to npmjs.org and their corresponding +# package-lock.jsons in Placer. That way, we have a record of exactly +# what we published, and which version of which tools we used to publish +# it, which we can use to generate SBOMs and attestations. +action { + define_artifacts { + regex: "github/**/*.tgz" + regex: "github/**/package-lock.json" + strip_prefix: "github" + } +} diff --git a/CHANGELOG.md b/CHANGELOG.md index a6f7e614..f1b4b8ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ [1]: https://www.npmjs.com/package/@google/repo?activeTab=versions +## [6.2.0](https://github.com/googleapis/github-repo-automation/compare/v6.1.3...v6.2.0) (2023-03-29) + + +### Features + +* Make possible to read custom baseUrl from config.yaml ([#631](https://github.com/googleapis/github-repo-automation/issues/631)) ([9862fe5](https://github.com/googleapis/github-repo-automation/commit/9862fe5e38645d930e68d469588d07b19d317f62)) + ## [6.1.3](https://github.com/googleapis/github-repo-automation/compare/v6.1.2...v6.1.3) (2023-03-07) diff --git a/README.md b/README.md index fe6257f8..99c276a7 100644 --- a/README.md +++ b/README.md @@ -32,8 +32,9 @@ $ npm install -g @google/repo You need to make your own [`config.yaml`](https://github.com/googleapis/github-repo-automation/blob/main/config.yaml.default) and put your GitHub token there. Example: ``` +baseUrl: https://git.mycompany.com/api/v3 # optional, if you are using GitHub Enterprise githubToken: your-github-token -clonePath: /User/beckwith/.repo # optional +clonePath: /User/my-user/.repo # optional repoSearch: org:googleapis language:typescript language:javascript is:public archived:false ``` diff --git a/package.json b/package.json index 168b9268..ac2ca7a6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@google/repo", - "version": "6.1.3", + "version": "6.2.0", "repository": "googleapis/github-repo-automation", "description": "A tool for automating multiple GitHub repositories.", "engines": { diff --git a/samples/package.json b/samples/package.json index 86a5e0ed..0e9e4a87 100644 --- a/samples/package.json +++ b/samples/package.json @@ -14,7 +14,7 @@ "test": "mocha system-test" }, "dependencies": { - "@google/repo": "^6.1.3" + "@google/repo": "^6.2.0" }, "devDependencies": { "mocha": "^8.0.0" diff --git a/src/lib/config.ts b/src/lib/config.ts index c00c0dc7..f7433446 100644 --- a/src/lib/config.ts +++ b/src/lib/config.ts @@ -58,6 +58,7 @@ export class GetConfig { export interface Config { githubToken: string; clonePath: string; + baseUrl?: string; repos?: [ { org: string; diff --git a/src/lib/github.ts b/src/lib/github.ts index 10f80484..1cd7f76d 100644 --- a/src/lib/github.ts +++ b/src/lib/github.ts @@ -23,7 +23,7 @@ const debug = debuglog('repo'); export function getClient(config: Config) { const client = new Gaxios({ - baseURL: 'https://api.github.com', + baseURL: config.baseUrl || 'https://api.github.com', headers: {Authorization: `token ${config.githubToken}`}, }); // Report rate limit information if NODE_DEBUG=repo set.