Merge pull request #53 from contentstack/development

harshithad0703 · web-flow · commit 7e6d60a5ca4b · 2025-06-30T10:38:58.000+05:30
Staging 30-06-2025 | Release
diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml
@@ -3,7 +3,7 @@ on:
   pull_request:
     types: [opened]
 jobs:
-  security:
+  security-jira:
     if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-')  || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}}
     runs-on: ubuntu-latest
     steps:
@@ -21,8 +21,13 @@ jobs:
           project: ${{ secrets.JIRA_PROJECT }}
           issuetype: ${{ secrets.JIRA_ISSUE_TYPE }}
           summary: |
-            ${{ github.event.pull_request.title }}
+            Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }}
           description: |
             PR: ${{ github.event.pull_request.html_url }}
 
           fields: "${{ secrets.JIRA_FIELDS }}"
+      - name: Transition issue
+        uses: atlassian/gajira-transition@v3
+        with:
+          issue: ${{ steps.create.outputs.issue }}
+          transition: ${{ secrets.JIRA_TRANSITION }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,10 +8,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: "18.x"
+          node-version: "22.x"
       - run: npm install
 
       - name: get-package-details
@@ -28,7 +28,7 @@ jobs:
           tag_prefix: "v"
       - name: Create Release
         if: steps.update_tag.outputs.tagname
-        uses: actions/create-release@v1
+        uses: actions/create-release@v4
         id: create_release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
@@ -40,7 +40,7 @@ jobs:
       - name: Upload Release Asset
         if: steps.update_tag.outputs.tagname
         id: upload-release-asset
-        uses: actions/upload-release-asset@v1
+        uses: actions/upload-release-asset@v4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
@@ -0,0 +1,11 @@
+name: SAST Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-sast:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Semgrep Scan
+        run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto
diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
@@ -3,7 +3,7 @@ on:
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
-  security:
+  security-sca:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1 +1 @@
-* @contentstack/security-admin
+* @contentstack/security-admin
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Contentstack
+Copyright (c) 2025 Contentstack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ This boilerplate is a code skeleton that will help you get up and running with C
 
 ### Prerequisite
 
-- Node.js 8 or above
+- Node.js 20 or above
 - ngrok for running it on the local system
 - A webhook already set up as follows:
     - Make your contentstack-webhook-listener server available publicly (For local environment, use ngrok)
diff --git a/clean.js b/clean.js
@@ -0,0 +1,35 @@
+// scripts/clean.js
+const fs = require("fs");
+const path = require("path");
+const rimraf = require("rimraf");
+const config = require("./config/all");
+const { merge } = require("lodash");
+
+// Set application's environment
+const env = process.env.NODE_ENV || config.environment || "development";
+
+let envConfig;
+if (fs.existsSync(path.join(__dirname, "config", env + ".js"))) {
+  envConfig = require(path.join(__dirname, "config", env));
+} else {
+  envConfig = require(path.join(__dirname, "config", "development"));
+}
+
+const appConfig = merge(config, envConfig);
+
+const pathsToDelete = [".ledger", ".token", "unprocessible"];
+
+// Preserve .checkpoint only if explicitly set in the configuration
+if (!appConfig.checkpoint?.preserve) {
+  pathsToDelete.push(".checkpoint");
+}
+
+pathsToDelete.forEach((fileOrDir) => {
+  const fullPath = path.join(__dirname, fileOrDir);
+  if (fs.existsSync(fullPath)) {
+    rimraf.sync(fullPath);
+    console.log("Deleted:", fileOrDir);
+  } else {
+    console.log("Not found (skipped):", fileOrDir);
+  }
+});
diff --git a/config/all.js b/config/all.js
@@ -12,6 +12,7 @@ const config = {
        //(For NA Region) host: 'cdn.contentstack.io',
        //(For EU Region) host: 'eu-cdn.contentstack.com',
        //(For AZURE NA Region) host: 'azure-na-cdn.contentstack.com',
+       //(For GCP NA Region) host: 'gcp-na-cdn.contentstack.com',
        host:'',
   },
   plugins: [
@@ -68,6 +69,11 @@ const config = {
       },
     },
   ],
+  checkpoint: {
+    enabled: false, // Set to true if you want to enable checkpoint
+    filePath: ".checkpoint",
+    preserve: false // Set to true if you want to preserve the checkpoint file during clean operation
+  },
 }
 
 module.exports = config
diff --git a/index.js b/index.js
@@ -32,6 +32,17 @@ if (fs.existsSync(path.join(__dirname, "config", env + ".js"))) {
 
 const appConfig = _.merge(config, envConfig);
 
+// Optional checkpoint reading
+if (appConfig.checkpoint?.enabled) {
+  const checkpointPath = path.join(__dirname, appConfig.checkpoint.filePath || ".checkpoint");
+  const checkPoint = readHiddenFile(checkpointPath);
+  if (checkPoint) {
+    console.log("Found sync token in checkpoint file:", checkPoint);
+    appConfig.contentstack.sync_token = checkPoint.token;
+    console.log("Using sync token:", appConfig.contentstack.sync_token);
+  }
+}
+
 datasyncManager.setConfig(appConfig);
 datasyncManager.setAssetStore(assetStore);
 datasyncManager.setContentStore(contentStore);
@@ -45,3 +56,16 @@ datasyncManager
   .catch((error) => {
     console.error(error);
   });
+
+function readHiddenFile(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) {
+      console.error("File does not exist:", filePath);
+      return;
+    }
+    const data = fs.readFileSync(filePath, "utf8"); 
+    return JSON.parse(data); 
+  } catch (err) {
+    console.error("Error reading file:", err?.message);
+  }
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-* @contentstack/security-admin`
	`1`	`+* @contentstack/security-admin`