diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index b913a8b..4451dab 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -35,6 +35,10 @@ jobs: publish: runs-on: ubuntu-latest environment: release + outputs: + version: ${{ steps.version.outputs.version }} + is_prerelease: ${{ steps.version.outputs.is_prerelease }} + branch: ${{ steps.context.outputs.branch }} env: NX_DAEMON: "false" @@ -433,3 +437,172 @@ jobs: echo "| Pre-release | ${{ steps.version.outputs.is_prerelease }} |" >> "$GITHUB_STEP_SUMMARY" echo "| Branch | \`${{ steps.context.outputs.branch }}\` |" >> "$GITHUB_STEP_SUMMARY" echo "| Packages | All libs/* |" >> "$GITHUB_STEP_SUMMARY" + + cherry-pick-version-to-main: + needs: publish + if: > + inputs.dry_run != true && + needs.publish.outputs.is_prerelease == 'false' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + issues: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check if latest semver + id: check + run: | + set -euo pipefail + VERSION="${{ needs.publish.outputs.version }}" + + git fetch --tags + + # Get all stable version tags, sort by semver, pick highest + LATEST=$(git tag --list 'v*' \ + | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ + | sort -V \ + | tail -1 \ + | sed 's/^v//') + + echo "Released version: $VERSION" + echo "Latest stable tag: $LATEST" + + if [ "$VERSION" = "$LATEST" ]; then + echo "is_latest=true" >> "$GITHUB_OUTPUT" + echo "This is the latest version — will cherry-pick to main" + else + echo "is_latest=false" >> "$GITHUB_OUTPUT" + echo "Skipping: v$VERSION is not the latest (v$LATEST is newer)" + fi + + - name: Configure git + if: steps.check.outputs.is_latest == 'true' + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Cherry-pick version bump to main + if: steps.check.outputs.is_latest == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -euo pipefail + + VERSION="${{ needs.publish.outputs.version }}" + RELEASE_BRANCH="${{ needs.publish.outputs.branch }}" + DEFAULT_BRANCH="${{ github.event.repository.default_branch }}" + + # Find the version bump commit on the release branch + VERSION_COMMIT=$(git log "origin/$RELEASE_BRANCH" \ + --grep="chore(release): v${VERSION}" \ + --format="%H" -1) + + if [ -z "$VERSION_COMMIT" ]; then + echo "::warning::Could not find version bump commit for v${VERSION}" + exit 0 + fi + + echo "Found version bump commit: $VERSION_COMMIT" + + git fetch origin "$DEFAULT_BRANCH" + + # Skip if the version bump is already on the default branch + if git merge-base --is-ancestor "$VERSION_COMMIT" "origin/$DEFAULT_BRANCH"; then + echo "Version bump commit $VERSION_COMMIT is already on $DEFAULT_BRANCH — skipping cherry-pick" + exit 0 + fi + + # Prepare cherry-pick branch + CHERRY_BRANCH="cherry-pick/v${VERSION}-version-to-main" + + git checkout "$DEFAULT_BRANCH" + git pull origin "$DEFAULT_BRANCH" + + # Clean up existing remote branch if any + git push origin --delete "$CHERRY_BRANCH" 2>/dev/null || true + git checkout -b "$CHERRY_BRANCH" + + # Attempt cherry-pick + if git cherry-pick "$VERSION_COMMIT" --no-commit; then + # Check if cherry-pick produced any changes (may be empty if already applied via a different commit) + if [ -z "$(git diff --cached --name-only)" ]; then + echo "Cherry-pick produced no changes — version bump already applied on $DEFAULT_BRANCH" + git reset HEAD 2>/dev/null || true + exit 0 + fi + + git commit -m "$(cat </dev/null || true + exit 0 + fi + + git cherry-pick --abort || true + echo "::warning::Cherry-pick had conflicts. Creating issue for manual resolution." + + gh issue create \ + --title "Manual version sync needed: v${VERSION} to main" \ + --label "cherry-pick" \ + --label "conflict" \ + --label "needs-attention" \ + --body "$(cat <", "homepage": "https://github.com/agentfront/enclave/tree/main/libs/ast-guard", diff --git a/libs/broker/package.json b/libs/broker/package.json index 18b2ea0..65563ee 100644 --- a/libs/broker/package.json +++ b/libs/broker/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/broker", - "version": "2.10.0", + "version": "2.11.0", "description": "Tool broker and session management for the EnclaveJS streaming runtime", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", @@ -35,9 +35,9 @@ } }, "dependencies": { - "@enclave-vm/types": "2.10.0", - "@enclave-vm/stream": "2.10.0", - "@enclave-vm/core": "2.10.0", + "@enclave-vm/types": "2.11.0", + "@enclave-vm/stream": "2.11.0", + "@enclave-vm/core": "2.11.0", "minimatch": "^10.1.1", "zod": "^4.3.6" } diff --git a/libs/client/package.json b/libs/client/package.json index 48bdb6f..5f1ebaf 100644 --- a/libs/client/package.json +++ b/libs/client/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/client", - "version": "2.10.0", + "version": "2.11.0", "description": "Browser and Node.js client SDK for the EnclaveJS streaming runtime", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", @@ -34,7 +34,7 @@ } }, "dependencies": { - "@enclave-vm/types": "2.10.0", - "@enclave-vm/stream": "2.10.0" + "@enclave-vm/types": "2.11.0", + "@enclave-vm/stream": "2.11.0" } } diff --git a/libs/core/package.json b/libs/core/package.json index 86f88b4..21155a0 100644 --- a/libs/core/package.json +++ b/libs/core/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/core", - "version": "2.10.0", + "version": "2.11.0", "description": "Sandbox runtime for secure JavaScript code execution", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", @@ -39,8 +39,8 @@ }, "dependencies": { "@babel/standalone": "^7.29.0", - "@enclave-vm/types": "2.10.0", - "@enclave-vm/ast": "2.10.0", + "@enclave-vm/types": "2.11.0", + "@enclave-vm/ast": "2.11.0", "acorn": "8.15.0", "acorn-walk": "8.3.4", "astring": "1.9.0", diff --git a/libs/react/package.json b/libs/react/package.json index 5b6450e..eaf9388 100644 --- a/libs/react/package.json +++ b/libs/react/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/react", - "version": "2.10.0", + "version": "2.11.0", "description": "React hooks and components for the EnclaveJS streaming runtime", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", @@ -34,7 +34,7 @@ } }, "dependencies": { - "@enclave-vm/client": "2.10.0" + "@enclave-vm/client": "2.11.0" }, "peerDependencies": { "react": ">=18.0.0" diff --git a/libs/runtime/package.json b/libs/runtime/package.json index b2d236f..fb0d6f9 100644 --- a/libs/runtime/package.json +++ b/libs/runtime/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/runtime", - "version": "2.10.0", + "version": "2.11.0", "description": "Standalone runtime worker for EnclaveJS - deployable execution environment", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", @@ -37,9 +37,9 @@ "enclave-runtime": "./dist/cli.js" }, "dependencies": { - "@enclave-vm/types": "2.10.0", - "@enclave-vm/stream": "2.10.0", - "@enclave-vm/core": "2.10.0" + "@enclave-vm/types": "2.11.0", + "@enclave-vm/stream": "2.11.0", + "@enclave-vm/core": "2.11.0" }, "devDependencies": { "ws": "^8.19.0" diff --git a/libs/stream/package.json b/libs/stream/package.json index db2bad5..8e740a3 100644 --- a/libs/stream/package.json +++ b/libs/stream/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/stream", - "version": "2.10.0", + "version": "2.11.0", "description": "Streaming protocol implementation for EnclaveJS runtime (NDJSON, encryption, reconnection)", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", @@ -35,6 +35,6 @@ } }, "dependencies": { - "@enclave-vm/types": "2.10.0" + "@enclave-vm/types": "2.11.0" } } diff --git a/libs/types/package.json b/libs/types/package.json index 9537713..f152ad8 100644 --- a/libs/types/package.json +++ b/libs/types/package.json @@ -1,6 +1,6 @@ { "name": "@enclave-vm/types", - "version": "2.10.0", + "version": "2.11.0", "description": "Type definitions and Zod schemas for the EnclaveJS streaming runtime protocol", "author": "AgentFront ", "homepage": "https://github.com/agentfront/enclave", diff --git a/yarn.lock b/yarn.lock index 4c34da0..e42cd56 100644 --- a/yarn.lock +++ b/yarn.lock @@ -937,6 +937,11 @@ resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.28.6.tgz#d267a43cb1836dc4d182cce93ae75ba954ef6d2b" integrity sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA== +"@babel/standalone@^7.28.6": + version "7.29.1" + resolved "https://registry.yarnpkg.com/@babel/standalone/-/standalone-7.29.1.tgz#0e4e6d9c8994f404d38c1d5e27d040601e8aa5b4" + integrity sha512-z42abD0C6fiHfgLyCWw8PYv6FCJ0IGVtSCxXk/NPykWO5LNIEGfdLDJ3HdYqlPcAhwtQ3oKH1PvNj2JGpTxQKg== + "@babel/standalone@^7.29.0": version "7.29.0" resolved "https://registry.yarnpkg.com/@babel/standalone/-/standalone-7.29.0.tgz#910b5ddbab5a3b1ea0b9f1853b1c928c7519f5c5" @@ -1039,6 +1044,62 @@ dependencies: tslib "^2.4.0" +"@enclave-vm/ast@2.10.0": + version "2.10.0" + resolved "https://registry.yarnpkg.com/@enclave-vm/ast/-/ast-2.10.0.tgz#0fe20a63975e580e84189fa79cc4130b1983d5e3" + integrity sha512-V42hgyU3bbvKA610R1El7oEq8zeMZfyRbzq92lzQhwqFiAsDBf1g9p+SD6X/OEpHXLvbON62GD1p4zhUsv6Mcw== + dependencies: + "@types/estree" "1.0.8" + acorn "8.15.0" + acorn-walk "8.3.4" + astring "1.9.0" + +"@enclave-vm/broker@2.10.0": + version "2.10.0" + resolved "https://registry.yarnpkg.com/@enclave-vm/broker/-/broker-2.10.0.tgz#a0d268602a1e19f32c75bf6f856ce61a5a7e3112" + integrity sha512-mPJ8scoDVr9t939RYZuxqr6C3lh6IKtmiWUFsphYBsTQB4EvdxMjBwlzsilbYFrwxNyzqMN3jBEg5/cfanhIow== + dependencies: + "@enclave-vm/core" "2.10.0" + "@enclave-vm/stream" "2.10.0" + "@enclave-vm/types" "2.10.0" + minimatch "^10.0.1" + zod "^4.1.13" + +"@enclave-vm/client@2.10.0": + version "2.10.0" + resolved "https://registry.yarnpkg.com/@enclave-vm/client/-/client-2.10.0.tgz#0b26cf23803aae81b40bf5f897b204ad3ba3cdbf" + integrity sha512-QJ0YL+p3Svlqfr1O9Bc28QDhIyIW2lQCUJVxRcVxj/dRYrOHqTilrDv9h5GhQ09RmK8qaspf/qQ93MMDiyNtzA== + dependencies: + "@enclave-vm/stream" "2.10.0" + "@enclave-vm/types" "2.10.0" + +"@enclave-vm/core@2.10.0": + version "2.10.0" + resolved "https://registry.yarnpkg.com/@enclave-vm/core/-/core-2.10.0.tgz#8c85e7be814900755b2da82ee84c00b0e81bd276" + integrity sha512-RAqR9RznHC9okSMpIqLChMA1M0iezT7ZYxUO9WJY1fFra3e4ZZtAJyHbBMT62GcKCmdAKy3OynsrO9iE5nG7sA== + dependencies: + "@babel/standalone" "^7.28.6" + "@enclave-vm/ast" "2.10.0" + "@enclave-vm/types" "2.10.0" + acorn "8.15.0" + acorn-walk "8.3.4" + astring "1.9.0" + zod "^4.1.13" + +"@enclave-vm/stream@2.10.0": + version "2.10.0" + resolved "https://registry.yarnpkg.com/@enclave-vm/stream/-/stream-2.10.0.tgz#6ae78c315b5941bbd1d06885b47d3a1b1d909495" + integrity sha512-U5xzHBW2mPn796g0BlT8sBhPgFOmN0iGMhko6OF2HE5yTgeMgmdCAmWmKUAF1cZsjV9bMXY5jlbjrkMgLRxPUA== + dependencies: + "@enclave-vm/types" "2.10.0" + +"@enclave-vm/types@2.10.0": + version "2.10.0" + resolved "https://registry.yarnpkg.com/@enclave-vm/types/-/types-2.10.0.tgz#c6ada3271892c478f13973243e63f0b9aaff7949" + integrity sha512-rFuT3krh9xOyo0obgDWrsDuQDHsNlVAj8Kd5y46wCvviocNsTCFSy4uiyL1KEi1IZIQkJQXEK/w7R3IKc1kQog== + dependencies: + zod "^4.1.13" + "@esbuild/aix-ppc64@0.27.2": version "0.27.2" resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz#521cbd968dcf362094034947f76fa1b18d2d403c" @@ -3689,6 +3750,11 @@ balanced-match@^1.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== +balanced-match@^4.0.2: + version "4.0.3" + resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-4.0.3.tgz#6337a2f23e0604a30481423432f99eac603599f9" + integrity sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g== + base64-js@^1.3.1: version "1.5.1" resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" @@ -3769,6 +3835,13 @@ brace-expansion@^2.0.1: dependencies: balanced-match "^1.0.0" +brace-expansion@^5.0.2: + version "5.0.2" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-5.0.2.tgz#b6c16d0791087af6c2bc463f52a8142046c06b6f" + integrity sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw== + dependencies: + balanced-match "^4.0.2" + braces@^3.0.3, braces@~3.0.2: version "3.0.3" resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" @@ -6726,6 +6799,13 @@ minimatch@10.1.1, minimatch@^10.1.1: dependencies: "@isaacs/brace-expansion" "^5.0.0" +minimatch@^10.0.1: + version "10.2.2" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.2.2.tgz#361603ee323cfb83496fea2ae17cc44ea4e1f99f" + integrity sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw== + dependencies: + brace-expansion "^5.0.2" + minimatch@^3.0.4, minimatch@^3.1.2: version "3.1.2" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" @@ -9283,7 +9363,7 @@ zod@^3.24.0: resolved "https://registry.yarnpkg.com/zod/-/zod-3.25.76.tgz#26841c3f6fd22a6a2760e7ccb719179768471e34" integrity sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ== -zod@^4.3.6: +zod@^4.1.13, zod@^4.3.6: version "4.3.6" resolved "https://registry.yarnpkg.com/zod/-/zod-4.3.6.tgz#89c56e0aa7d2b05107d894412227087885ab112a" integrity sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg==