feat(security): remove support for pre-compiled packages

This commit drops the support of pre-compiled packages in favor of providing a Node executable binary, which is also compatible with pre-commit hooks. This change also addresses CVE-2024-24828.
tomtom-international · Apr 3, 2024 · 4a59b89 · 4a59b89
1 parent 73c0639
commit 4a59b89
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 845 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -36,35 +36,6 @@ jobs:
           create-release: true
           token: ${{ github.token }}
           version-prefix: v
-
-  release-packages:
-    name: Release Packages
-    runs-on: ubuntu-latest
-    needs: github-release
-    if: needs.github-release.outputs.next-version != ''
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Node.js 20.x
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20.x
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the dist/ directory
-        run: npm run build
-
-      - name: Package the CLI
-        run: npm run package
-
-      - uses: AButler/upload-release-assets@v2.0
-        with:
-          files: 'bin/*'
-          repo-token: ${{ github.token }}
-          release-tag: ${{ needs.github-release.outputs.next-version }}
 
   release-action:
     runs-on: ubuntu-latest

diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
@@ -0,0 +1,6 @@
+- id: commisery
+  name: Commisery - Conventional Commit message validation
+  description: Validates your commits agains the Conventional Commits specification
+  entry: commisery
+  language: node
+  stages: [commit-msg]
diff --git a/README.md b/README.md
@@ -1,5 +1,4 @@
 # Conventional Commit Messages
-[![Download](https://img.shields.io/badge/Download-Linux%20x64-blue)](https://github.com/tomtom-international/commisery-action/releases/latest/download/commisery-linux-x64) [![Download](https://img.shields.io/badge/Download-MacOS%20arm64-blue)](https://github.com/tomtom-international/commisery-action/releases/latest/download/commisery-macos-arm64) [![Download](https://img.shields.io/badge/Download-MacOS%20x64-blue)](https://github.com/tomtom-international/commisery-action/releases/latest/download/commisery-macos-x64)
 
 This GitHub Action consists of two major components:
 

diff --git a/bin/commisery b/bin/commisery
@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+
+require('../dist/cli/index.js');
diff --git a/docs/cli.md b/docs/cli.md
@@ -2,25 +2,6 @@
 
 A stand-alone CLI tool is provided as part of the `commisery-action` package.
 
-## Installation
-
-You can download the latest version directly from GitHub.
-We currently support the following architectures:
-
-- [MacOS x86](https://github.com/tomtom-international/commisery-action/releases/latest/download/commisery-macos-x64)
-- [MacOS ARM64](https://github.com/tomtom-international/commisery-action/releases/latest/download/commisery-macos-arm64)
-- [Linux x86](https://github.com/tomtom-international/commisery-action/releases/latest/download/commisery-linux-x64)
-
-We recommend renaming the binary to `commisery`...
-```sh
-$ mv commisery-[linux-x64|macos-x64|macos-arm64] commisery
-```
-
-...and ensure that you provide execution rights;
-```sh
-$ chmod +x commisery
-```
-
 ## Compliance Check
 
 You can use the `check` command to validate your commit messages for compliance with [Conventional Commits]: