other/sync-wrapper

.github/workflows/ast-scan.yml

@@ -0,0 +1,25 @@
+name: Checkmarx One Scan
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '00 7 * * *' # Every day at 07:00
+
+jobs:
+  cx-scan:
+    name: Checkmarx One Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkmarx One CLI Action
+        uses: checkmarx/ast-github-action@03a90e7253dadd7e2fff55f5dfbce647b39040a1 # v.2.0.37
+        with:
+          base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
+          cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
+          cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
+          additional_params: --tags phoenix --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1"

.github/workflows/ci.yml

@@ -6,43 +6,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-        with:
-          lfs: true
-
-      - name: Install Git LFS
-        run: |
-          sudo apt-get update
-          sudo apt-get install git-lfs
-          git lfs install
 
-      - name: Use Node.js 14
+      - name: Use Node.js 22.11.0
         uses: actions/[email protected]
         with:
-          node-version: 14
+          node-version: 22.11.0
           registry-url: https://npm.pkg.github.com/
       - run: npm ci
       - name: Code Linting
         run: npm run lint
       - run: npm run build --if-present
 
-      - name: Check existence of cx-linux binary
-        run: |
-          if [ ! -f "src/main/wrapper/resources/cx-linux" ]; then
-            echo "cx-linux binary does not exist"; exit 1;
-          fi
-
-      - name: Check existence of cx.exe binary
-        run: |
-          if [ ! -f "src/main/wrapper/resources/cx.exe" ]; then
-            echo "cx.exe binary does not exist"; exit 1;
-          fi
-
-      - name: Check existence of cx-mac binary
-        run: |
-          if [ ! -f "src/main/wrapper/resources/cx-mac" ]; then
-            echo "cx-mac binary does not exist"; exit 1;
-          fi
-
       - name: Run tests
         env:
           CX_CLIENT_ID: ${{ secrets.CX_CLIENT_ID}}

.github/workflows/delete-packages-and-releases.yml

@@ -30,12 +30,12 @@ jobs:
 
           echo "Deleting all npm packages whose name ends with '-${{inputs.tag}}.0'"
 
-          VERSION_IDS=($(curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.PERSONAL_ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/orgs/CheckmarxDev/packages/npm/ast-cli-javascript-wrapper/versions | jq '.[]|select(.name | contains("-${{inputs.tag}}.0"))|.id'))
+          VERSION_IDS=($(curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.PERSONAL_ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/orgs/CheckmarxDev/packages/npm/ast-cli-javascript-wrapper-runtime-cli/versions | jq '.[]|select(.name | contains("-${{inputs.tag}}.0"))|.id'))
 
           for versionId in "${VERSION_IDS[@]}"
           do
              echo "Deleting version $versionId..."
-             curl -L -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.PERSONAL_ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/orgs/CheckmarxDev/packages/npm/ast-cli-javascript-wrapper/versions/$versionId"
+             curl -L -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.PERSONAL_ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/orgs/CheckmarxDev/packages/npm/ast-cli-javascript-wrapper-runtime-cli/versions/$versionId"
              echo "Version $versionId deleted successfully!"
           done
 

.github/workflows/nightly.yml

@@ -12,5 +12,5 @@ on:
 
 jobs:
   nightly:
-    uses: CheckmarxDev/ast-cli-javascript-wrapper/.github/workflows/release.yml@main
+    uses: CheckmarxDev/ast-cli-javascript-wrapper-runtime-cli/.github/workflows/release.yml@main
     secrets: inherit

.github/workflows/release.yml

@@ -42,7 +42,7 @@ permissions:
 
 jobs:
   delete:
-    uses: CheckmarxDev/ast-cli-javascript-wrapper/.github/workflows/delete-packages-and-releases.yml@main
+    uses: CheckmarxDev/ast-cli-javascript-wrapper-runtime-cli/.github/workflows/delete-packages-and-releases.yml@main
     with:
       tag: ${{ inputs.jsTag }}
     secrets: inherit
@@ -58,7 +58,6 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          lfs: true  # Ensure LFS files are checked out
 
       # GIT CONFIGURATION
       - run: |
@@ -68,7 +67,7 @@ jobs:
       # SETUP NODE
       - uses: actions/[email protected]
         with:
-          node-version: 14
+          node-version: 22.11.0
           registry-url: https://npm.pkg.github.com/
 
       # GET TAG NAME
@@ -80,14 +79,6 @@ jobs:
             echo "TAG_NAME=$(npm version patch --no-git-tag-version)" >> $GITHUB_ENV
           fi
 
-      # DOWNLOAD CLI IF IT IS A DEV VERSION AND A CLI TAG WAS PROVIDED
-      - name: Download cli with tag ${{ inputs.cliTag }}
-        if: inputs.dev == true && inputs.cliTag != ''
-        run: |
-          # Update binaries
-          chmod +x ./.github/scripts/update_cli.sh
-          ./.github/scripts/update_cli.sh ${{ inputs.cliTag }}
-
       # RUN NPM INSTALL AND BUILD
       - name: NPM ci and build
         run: |

.github/workflows/update-cli.yml

@@ -1,59 +1,53 @@
-name: Update checkmarx ast cli
+name: Update Checkmarx AST CLI
+
 on:
   workflow_dispatch:
+    inputs:
+      new_cli_version:
+        description: 'New CLI version (optional)'
+        required: false
   schedule:
     - cron: '0 0 * * *'
 
 jobs:
   update-checkmarx-cli:
     runs-on: ubuntu-latest
+
     steps:
       - uses: actions/checkout@v4
-        with:
-          lfs: true
-
-      - name: Install Git LFS
-        run: |
-          sudo apt-get update
-          sudo apt-get install git-lfs
-          git lfs install
-
-      - name: Configure Git user
-        run: |
-          git config --global user.name github-actions
-          git config --global user.email [email protected]
 
+      # Fetch the latest Checkmarx AST CLI version
       - name: Get Latest Checkmarx API version
         id: checkmarx-ast-cli
         run: |
-          echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
-          echo ::set-output name=current_tag::$(<checkmarx-ast-cli.version)
+          if [ "${{ github.event.inputs.new_cli_version }}" ]; then
+            LATEST_VERSION=${{ github.event.inputs.new_cli_version }}
+          else
+            LATEST_VERSION=$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
+          fi
+          CURRENT_VERSION=$(<checkmarx-ast-cli.version)
+          echo ::set-output name=release_tag::$LATEST_VERSION
+          echo ::set-output name=current_tag::$CURRENT_VERSION
 
-      - name: Update Checkmarx cli version
+      # Update the version file if the latest version differs
+      - name: Update Checkmarx CLI version in version file
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
         env:
           RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
         run: |
-          # Update current release
           echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version
 
-      - name: Download latest cli and update branch
-        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
-        run: |
-          # Update binaries
-          chmod +x ./.github/scripts/update_cli.sh
-          ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
-
-      - name: Track large files with Git LFS
+      # Update the TypeScript file's cliDefaultVersion field
+      - name: Update cliDefaultVersion in CxInstaller.ts
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+        env:
+          NEW_CLI_VERSION: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
         run: |
-          git lfs track "src/main/wrapper/resources/cx-linux"
-          git lfs track "src/main/wrapper/resources/cx.exe"
-          git lfs track "src/main/wrapper/resources/cx-mac"
-          git add .gitattributes
-          git add src/main/wrapper/resources/cx-linux src/main/wrapper/resources/cx.exe src/main/wrapper/resources/cx-mac
-          git commit -m "Track Checkmarx CLI binaries with Git LFS"
+          FILE_PATH="src/main/osinstaller/CxInstaller.ts"
+          # Ensure that 'cliDefaultVersion' is updated correctly
+          sed -i "s/\(cliDefaultVersion = '\)[^']*\(';\)/\1${NEW_CLI_VERSION}\2/" $FILE_PATH
 
+      # Create a Pull Request with the version changes
       - name: Create Pull Request
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
         uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6

README.md

@@ -5,7 +5,7 @@
     <img src="./logo.png" alt="Logo" width="80" height="80">
   </a>
 
-<h3 align="center">AST-CLI-JAVASCRIPT-WRAPPER</h3>
+<h3 align="center">AST-CLI-JAVASCRIPT-WRAPPER-RUNTIME-CLI</h3>
 
 <!-- TABLE OF CONTENTS -->
 <details open="open">
@@ -40,7 +40,7 @@ Add the following dependency:
 
 ```     
 "dependencies": {
-    "@checkmarxdev/ast-cli-javascript-wrapper": "{version}"
+    "@checkmarxdev/ast-cli-javascript-wrapper-runtime-cli": "{version}"
 }
 ```
 
@@ -86,7 +86,7 @@ setx PATH_TO_EXECUTABLE {value}
 
 Checkmarx - AST Integrations Team
 
-CxProject Link: [https://github.com/CheckmarxDev/ast-cli-javascript-wrapper](https://github.com/CheckmarxDev/ast-cli-javascript-wrapper)
+CxProject Link: [https://github.com/CheckmarxDev/ast-cli-javascript-wrapper-runtime-cli](https://github.com/CheckmarxDev/ast-cli-javascript-wrapper-runtime-cli)
 
 
 © 2021 Checkmarx Ltd. All Rights Reserved.

checkmarx-ast-cli.version

@@ -1 +1 @@
-2.2.6
+2.3.5

jest.config.js

@@ -44,7 +44,7 @@ module.exports = {
   collectCoverageFrom: ['**/*.{ts,tsx}', '!**/*.d.ts', '!**/node_modules/**'],
   coverageThreshold: {
     "global": {
-      "branches": 65,
+      "branches": 60,
       "functions": 80,
       "lines": 80,
       "statements": 80