Merge pull request #66 from adobe/auth-token-next

Use @adobe/auth-token beta. Fix tests. Switch to jest.

.github/workflows/manual-notify.yaml

@@ -0,0 +1,46 @@
+name: Manual notify
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'The tag to publish to: latest | next'
+        required: true
+        default: 'latest'
+
+jobs:
+  notify-on-success:
+    runs-on: ubuntu-latest
+    if: ${{ inputs.tag == 'latest' }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get latest tag
+        uses: oprypin/find-latest-tag@v1
+        with:
+          repository: "${{ github.repository }}"  # The repository to scan.
+          releases-only: true  # We know that all relevant tags have a GitHub release for them.
+        id: repoTag  # The step ID to refer to later.
+      - name: Notify Slack of Release
+        uses: tokorom/action-slack-incoming-webhook@main
+        env:
+          INCOMING_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        with:
+         text: "A new version of ${{ github.event.repository.full_name }}[${{ steps.repoTag.outputs.tag }}] has been released"
+         attachments: |
+          [
+            {
+              "color": "good",
+              "author_name": "${{ github.actor }}",
+              "author_icon": "${{ github.event.sender.avatar_url }}",
+              "fields": [
+                {
+                  "title": "Repo URL",
+                  "value": "${{ github.event.repository.html_url }}"
+                },
+                {
+                  "title": "See Releases",
+                  "value": "${{ github.event.repository.html_url }}/releases"
+                }
+             ]
+            }
+          ]

.github/workflows/node.js.yml

@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 'lts/hydrogen'
+          node-version: 'lts/iron'
           registry-url: https://registry.npmjs.org/
       - uses: actions/cache@v4
         id: npm-cache

.github/workflows/npm-publish.yml

@@ -8,7 +8,7 @@ on:
     inputs:
       tag:
         description: 'The tag to publish to: latest | next'
-        required: false
+        required: true
         default: 'latest'
   release:
     types: [created]
@@ -43,9 +43,3 @@ jobs:
           token: ${{ secrets.ADOBE_BOT_NPM_TOKEN }}
           tag: ${{ github.event.inputs.tag || 'latest' }}
           access: 'public'
-
-  ci-notify:
-    needs: publish-npm
-    uses: adobe/reactor-uploader/.github/workflows/notify.yaml@master
-    with:
-      tag: ${{github.event.inputs.tag}}

.gitignore

@@ -1 +1,2 @@
 node_modules
+github-workflows-backup

README.md

@@ -9,6 +9,11 @@ The uploader tool allows extension developers to easily upload their Platform Ta
 
 For more information about developing an extension for Tags, please visit our [extension development guide](https://experienceleague.adobe.com/docs/experience-platform/tags/extension-dev/overview.html?lang=en).
 
+> [!WARNING]  
+> The uploader tool now uses Adobe's [Oauth Server-to-Server credential format](https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-22080) by default.
+> 
+> Legacy support for `jwt-auth` credentials will end completely by Adobe in January 2025. You may download and run the [legacy version of the uploader here](https://github.com/adobe/reactor-uploader/releases/tag/legacy-jwt-uploader-v5.2.0).
+
 ## Usage
 
 Before running the uploader tool, you must first have [Node.js](https://nodejs.org/en/) installed on your computer.
@@ -34,56 +39,68 @@ The uploader tool will ask for any information necessary to upload the zip file.
 To skip any of the questions the uploader would typically ask, you can pass the respective information as command line arguments. An example is as follows:
 
 ```
-npx @adobe/reactor-uploader package-myextension-1.0.0.zip --private-key=/Users/jane/platform-tags-keys/reactor_integration_private.key --org-id=01C20D883A7D42080A494212@AdobeOrg --[email protected] --api-key=192ce541b1144160941a83vb74e0e74d --client-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+npx @adobe/reactor-uploader package-myextension-1.0.0.zip --auth.client-id=abcdefghijklmnopqrstuvwxyz12345 --auth.client-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 ```
 
 The first positional parameter is the path (relative or absolute) to the zip file you wish to upload. In the example, `package-myextension-1.0.0.zip` is passed as an argument for this parameter.
 
 The named parameters are as follows:
 
-##### --private-key (for authentication using an Adobe I/O integration)
+##### --auth.client-id (for authentication using an Adobe I/O integration)
 
-The local path (relative or absolute) to the RSA private key. Instructions on how to generate this key can be found in the [Access Tokens documentation](https://developer.adobelaunch.com/api/guides/access_tokens/) and should have been used when creating your integration through the Adobe I/O console.
+Your Client ID. You can find this on the overview screen for the integration you have created within the [Adobe I/O console](https://console.adobe.io).
 
-Optionally, rather than passing the private key path as a command line argument, it can instead be provided by setting an environment variable. The environment variable should be named `REACTOR_IO_INTEGRATION_PRIVATE_KEY`.
+Client ID can also be provided by setting an environment variable. The environment variable should be named one of the following, depending on which Experience Platform Tags environment will be receiving the extension package:
 
-##### --org-id (for authentication using an Adobe I/O integration)
+* `REACTOR_IO_INTEGRATION_CLIENT_ID_DEVELOPMENT`
+* `REACTOR_IO_INTEGRATION_CLIENT_ID_STAGE`
+* `REACTOR_IO_INTEGRATION_CLIENT_ID` (this is the default, and is used for production environment)
 
-Your organization ID. You can find this on the overview screen for the integration you have created within the [Adobe I/O console](https://console.adobe.io).
+##### --auth.client-secret (for authentication using an Adobe I/O integration)
 
-##### --tech-account-id (for authentication using an Adobe I/O integration)
+Your Client Secret. You can find this on the overview screen for the integration you have created within the [Adobe I/O console](https://console.adobe.io).
 
-Your technical account ID. You can find this on the overview screen for the integration you have created within the [Adobe I/O console](https://console.adobe.io).
+Client Secret can also be provided by setting an environment variable. The environment variable should be named one of the following, depending on which Experience Platform Tags environment will be receiving the extension package:
 
-##### --api-key (for authentication using an Adobe I/O integration)
+* `REACTOR_IO_INTEGRATION_CLIENT_SECRET_DEVELOPMENT`
+* `REACTOR_IO_INTEGRATION_CLIENT_SECRET_STAGE`
+* `REACTOR_IO_INTEGRATION_CLIENT_SECRET` (this is the default, and is used for production environment)
 
-Your API key/Client ID. You can find this on the overview screen for the integration you have created within the [Adobe I/O console](https://console.adobe.io).
+##### --environment (for Adobe internal use only)
 
-##### --client-secret (for authentication using an Adobe I/O integration)
+The environment to which the extension package should be uploaded. Valid options are `development`, `stage`, `production`. Users outside of Adobe don't need to use this flag.
 
-Your client secret. You can find this on the overview screen for the integration you have created within the [Adobe I/O console](https://console.adobe.io).
+##### -- auth.scope (for authentication using an Adobe I/O integration)
 
-Optionally, rather than passing the client secret as a command line argument, it can instead be provided by setting an environment variable. The environment variable should be named `REACTOR_IO_INTEGRATION_CLIENT_SECRET`.
+The scopes to bind to the Access Token that is returned. Sane defaults are provided on your behalf within this repository, but you may override them if it is necessary.
 
-##### --environment (for Adobe internal use only)
+##### --auth.scheme (for authentication using an Adobe I/O integration)
 
-The environment to which the extension package should be uploaded. Valid options are `development`, `qe`, `integration`. Users outside of Adobe don't need to use this flag.
+The type of authentication method when calling Adobe IO. This defaults to `oauth-server-to-server` and is used in conjunction with your Client ID & Client Secret.
 
-Private key path can also be provided by setting an environment variable. The environment variable should be named one of the following, depending on which Experience Platform Tags environment will be receiving the extension package:
+##### --auth.access-token
 
-* `REACTOR_IO_INTEGRATION_PRIVATE_KEY_DEVELOPMENT`
-* `REACTOR_IO_INTEGRATION_PRIVATE_KEY_STAGE`
-* `REACTOR_IO_INTEGRATION_PRIVATE_KEY_QE` (Deprecated. Please favor `REACTOR_IO_INTEGRATION_PRIVATE_KEY_STAGE`)
+Bypass the call to gain an Access Token if you already have the ability to supply it to the command line or through an environment variable. This is useful if you are running this tool in a CI/CD environment.
+We highly encourage only using an environment variable within a CI/CD environment, as it is more secure than passing it through the command line.
 
-Client secret can also be provided by setting an environment variable. The environment variable should be named one of the following, depending on which Experience Platform Tags environment will be receiving the extension package:
+The environment variable should be named one of the following, depending on which Experience Platform Tags environment will be receiving the extension package:
 
-* `REACTOR_IO_INTEGRATION_CLIENT_SECRET_DEVELOPMENT`
-* `REACTOR_IO_INTEGRATION_CLIENT_SECRET_STAGE`
-* `REACTOR_IO_INTEGRATION_CLIENT_SECRET_QE` (Deprecated. Please favor `REACTOR_IO_INTEGRATION_CLIENT_SECRET_STAGE`)
+* `REACTOR_IO_INTEGRATION_ACCESS_TOKEN_DEVELOPMENT`
+* `REACTOR_IO_INTEGRATION_ACCESS_TOKEN_STAGE`
+* `REACTOR_IO_INTEGRATION_ACCESS_TOKEN` (this is the default, and is used for production environment)
+
+Bypass the call to gain an Access Token if you already have the ability to supply it to the command line or through an environment variable. This is useful if you are running this tool in a CI/CD environment.
+We highly encourage only using an environment variable within a CI/CD environment, as it is more secure than passing it through the command line.
+
+The environment variable should be named one of the following, depending on which Experience Platform Tags environment will be receiving the extension package:
+
+* `REACTOR_IO_INTEGRATION_ACCESS_TOKEN_DEVELOPMENT`
+* `REACTOR_IO_INTEGRATION_ACCESS_TOKEN_STAGE`
+* `REACTOR_IO_INTEGRATION_ACCESS_TOKEN` (this is the default, and is used for production environment)
 
-##### --upload-timeout
+##### --uploadTimeout
 
-The maximum time in seconds to wait for the extension package to be uploaded. If the extension package has not been uploaded within this time, the command will exit with an error. The default value is 50 seconds.
+The maximum time in seconds to wait for the extension package to be uploaded. If the extension package has not been uploaded within this time, the command will exit with an error. Defaults to 50s.
 
 ##### --verbose
 

__mocks__/@adobe/auth-token/index.js

@@ -0,0 +1,3 @@
+module.exports = {
+  auth: jest.fn().mockImplementation(() => Promise.resolve({ 'access_token': 'auto mocked access token' }))
+}

bin/__tests__/checkOldProductionEnvironmentVariables.test.js

@@ -10,7 +10,6 @@
  * governing permissions and limitations under the License.
  ****************************************************************************************/
 
-const proxyquire = require('proxyquire');
 let checkOldProductionEnvironmentVariables;
 let errorMessage;
 
@@ -25,7 +24,7 @@ describe('checkOldProductionEnvironmentVariables', () => {
       errorMessage = e.message;
     }
     delete process.env.REACTOR_UPLOADER_PRIVATE_KEY_PRODUCTION;
-    expect(errorMessage).toStartWith('The environment variables ');
+    expect(errorMessage).toMatch(new RegExp('^The environment variables '))
   });
 
   it('throws an error when REACTOR_UPLOADER_CLIENT_SECRET_PRODUCTION environment variable is defined', () => {
@@ -38,7 +37,7 @@ describe('checkOldProductionEnvironmentVariables', () => {
       errorMessage = e.message;
     }
     delete process.env.REACTOR_UPLOADER_CLIENT_SECRET_PRODUCTION;
-    expect(errorMessage).toStartWith('The environment variables ');
+    expect(errorMessage).toMatch(new RegExp('^The environment variables '))
   });
 
   it('throws an error when REACTOR_UPLOADER_PRIVATE_KEY environment variable is defined', () => {
@@ -51,7 +50,7 @@ describe('checkOldProductionEnvironmentVariables', () => {
       errorMessage = e.message;
     }
     delete process.env.REACTOR_UPLOADER_PRIVATE_KEY;
-    expect(errorMessage).toStartWith('The environment variables ');
+    expect(errorMessage).toMatch(new RegExp('^The environment variables '))
   });
 
   it('throws an error when REACTOR_UPLOADER_CLIENT_SECRET environment variable is defined', () => {
@@ -64,6 +63,6 @@ describe('checkOldProductionEnvironmentVariables', () => {
       errorMessage = e.message;
     }
     delete process.env.REACTOR_UPLOADER_CLIENT_SECRET;
-    expect(errorMessage).toStartWith('The environment variables ');
+    expect(errorMessage).toMatch(new RegExp('^The environment variables '))
   });
 });

bin/__tests__/getEnvironment.test.js

@@ -10,17 +10,15 @@
  * governing permissions and limitations under the License.
  ****************************************************************************************/
 
-const proxyquire = require('proxyquire');
-
 describe('getEnvironment', () => {
-  let getEnvironment = require('../getEnvironment');
+  let getEnvironment;
   let mockInquirer;
 
   beforeEach(() => {
     mockInquirer = {};
-    getEnvironment = proxyquire('../getEnvironment', {
-      inquirer: mockInquirer
-    });
+    jest.mock('inquirer', () => mockInquirer);
+    jest.resetModules();
+    getEnvironment = require('../getEnvironment');
   });
 
   it('returns environment argument', () => {