Merge branch 'development' into feat/nested-global-fields

Author: sunil-lakshman

.github/workflows/issues-jira.yml

@@ -0,0 +1,31 @@
+name: Create Jira Ticket for Github Issue
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  issue-jira:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Login to Jira
+        uses: atlassian/gajira-login@master
+        env:
+          JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+
+      - name: Create Jira Issue
+        id: create_jira
+        uses: atlassian/gajira-create@master
+        with:
+          project: ${{ secrets.JIRA_PROJECT }}
+          issuetype: ${{ secrets.JIRA_ISSUE_TYPE }}
+          summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }}
+          description: |
+            *GitHub Issue:* ${{ github.event.issue.html_url }}
+            
+            *Description:*
+            ${{ github.event.issue.body }}
+          fields: "${{ secrets.ISSUES_JIRA_FIELDS }}"

.github/workflows/jira.yml

@@ -0,0 +1,46 @@
+name: Checks the security policy and configurations
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-policy:
+    if: github.event.repository.visibility == 'public'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@master
+      - name: Checks for SECURITY.md policy file
+        run: |
+          if ! [[ -f "SECURITY.md" || -f ".github/SECURITY.md" ]]; then exit 1; fi
+  security-license:
+    if: github.event.repository.visibility == 'public'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@master
+      - name: Checks for License file
+        run: |
+          expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt")
+          license_file_found=false
+          current_year=$(date +"%Y")
+
+          for license_file in "${expected_license_files[@]}"; do
+              if  [ -f "$license_file" ]; then
+                 license_file_found=true
+                 # check the license file for the current year, if not exists, exit with error
+                  if  ! grep -q "$current_year" "$license_file"; then
+                      echo "License file $license_file does not contain the current year."
+                      exit 2
+                  fi
+                  break
+              fi        
+          done
+
+          if [ "$license_file_found" = false ]; then
+              echo "No license file found. Please add a license file to the repository."
+              exit 1
+          fi

.github/workflows/policy-scan.yml

@@ -15,7 +15,16 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: '22.x'
-          cache: 'pnpm'
+      
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Install pnpm
+        run: corepack prepare pnpm@7 --activate
+
+      - name: Install root dependencies
+        run: pnpm install
+        
       - name: Reading Configuration
         id: release_config
         uses: rgarcia-phi/json-to-variables@v1.1.0

.github/workflows/release.yml

@@ -0,0 +1,29 @@
+name: Secrets Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '2'
+          ref: '${{ github.event.pull_request.head.ref }}'
+      - run: |
+          git reset --soft HEAD~1
+      - name: Install Talisman
+        run: |
+          # Download Talisman
+          wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman
+
+          # Checksum verification
+          checksum=$(sha256sum ./talisman | awk '{print $1}')
+          if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi  
+
+          # Make it executable
+          chmod +x talisman
+      - name: Run talisman
+        run: |
+          # Run Talisman with the pre-commit hook
+          ./talisman --githook pre-commit

.github/workflows/sast-scan.yml

@@ -27,6 +27,14 @@ jobs:
       - name: Run tests for Contentstack Config
         working-directory: ./packages/contentstack-config
         run: npm run test
+
+      - name: Run tests for Contentstack Migrate RTE
+        working-directory: ./packages/contentstack-migrate-rte
+        run: npm run test
+
+      - name: Run tests for Contentstack Migration
+        working-directory: ./packages/contentstack-migration
+        run: npm run test
       # - name: Fetch latest references
       #   run: |
       #     git fetch --prune

.github/workflows/secrets-scan.yml

@@ -18,4 +18,5 @@ packages/**/package-lock.json
 yarn.lock
 contents-*
 *.http
-*.todo
+*.todo
+talisman_output.log

.github/workflows/unit-test.yml

@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+# Pre-commit hook to run Talisman and Snyk scans, completing both before deciding to commit
+
+# Function to check if a command exists
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if Talisman is installed
+if ! command_exists talisman; then
+  echo "Error: Talisman is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Check if Snyk is installed
+if ! command_exists snyk; then
+  echo "Error: Snyk is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Allow bypassing the hook with an environment variable
+if [ "$SKIP_HOOK" = "1" ]; then
+  echo "Skipping Talisman and Snyk scans (SKIP_HOOK=1)."
+  exit 0
+fi
+
+# Initialize variables to track scan results
+talisman_failed=false
+snyk_failed=false
+
+# Run Talisman secret scan
+echo "Running Talisman secret scan..."
+talisman --githook pre-commit > talisman_output.log 2>&1
+talisman_exit_code=$?
+
+if [ $talisman_exit_code -eq 0 ]; then
+  echo "Talisman scan passed: No secrets found."
+else
+  echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details."
+  talisman_failed=true
+fi
+
+# Run Snyk vulnerability scan (continues even if Talisman failed)
+echo "Running Snyk vulnerability scan..."
+snyk test --all-projects --fail-on=all > snyk_output.log 2>&1
+snyk_exit_code=$?
+
+if [ $snyk_exit_code -eq 0 ]; then
+  echo "Snyk scan passed: No vulnerabilities found."
+elif [ $snyk_exit_code -eq 1 ]; then
+  echo "Snyk found vulnerabilities. See snyk_output.log for details."
+  snyk_failed=true
+else
+  echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details."
+  snyk_failed=true
+fi
+
+# Evaluate results after both scans
+if [ "$talisman_failed" = true ] || [ "$snyk_failed" = true ]; then
+  echo "Commit aborted due to issues found in one or both scans."
+  [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log"
+  [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log"
+  exit 1
+fi
+
+# If both scans pass, allow the commit
+echo "All scans passed. Proceeding with commit."
+rm -f talisman_output.log snyk_output.log
+exit 0

.gitignore

@@ -1,4 +1,7 @@
 fileignoreconfig:
+- filename: .github/workflows/secrets-scan.yml
+  ignore_detectors:
+    - filecontent
 - filename: packages/contentstack-export/.env
   checksum: b057ae11234ac9411fe5dfa54ac3b029a71db51b4c334dce8677ab6fc1e41ecf
 - filename: packages/contentstack-export/test/integration/environments.test.js
@@ -85,10 +88,6 @@ fileignoreconfig:
   checksum: 1c1f05989f22d06b600fba7456c1935a385997292c770d573165b9a07e1a3b8a
 - filename: packages/contentstack-import/test/integration/auth-token-modules/webhooks.test.js
   checksum: f41c4c354482293e4d6e52923d451266b150ba675e61681e21ba83ebf5dd8382
-- filename: pnpm-lock.yaml
-  checksum: 8bc914084e311432154f0e3bd05e2bbb60516460e09b9f8a6356c69d335b38b2
-- filename: package-lock.json
-  checksum: 64cca4648257efc253c34babd3d857eadc2e4a42c8e84959f2005ec4dae0ed8a
 - filename: packages/contentstack-launch/src/commands/launch/environments.ts
   checksum: a9f5fc3fad1915ca8812f1159c4019b957db59f7b4c8e2da0d214e45b8835ef7
 - filename: packages/contentstack-launch/tsconfig.tsbuildinfo
@@ -109,4 +108,12 @@ fileignoreconfig:
   checksum: e345a745f027c76081df71e4fe9872c1f4adac076689b036e195b84041807b59
 - filename: packages/contentstack-launch/src/util/create-git-meta.ts
   checksum: 8cbd32dbbd2989c7c082f8a0b7615916125d211bce25531e9a882b8ebd5674af
-version: ""
+- filename: .husky/pre-commit
+  checksum: b7cfe41015e9a2e2acb3a374389beddcd812d93bfceec90ce06dce54b0ed9e2b
+- filename: packages/contentstack/package.json
+  checksum: 9b0fdd100effcdbb5ee3809f7f102bfd11c88dd76e49db5103434f3aa29473dd
+- filename: pnpm-lock.yaml
+  checksum: fc379207a835de8d851caa256837e2a50e0278c43e0251372f2a5292bee41fac
+- filename: package-lock.json
+  checksum: cb3fe940f63d80f600b479a3fc0fbf25201356628acf018119d6a8ba9c53e3c7
+version: ""