Merge pull request #1731 from forcedotcom/release-5.0.0-beta.1

RELEASE @W-17615470@: Conducting v5.0.0 beta.1 release

Author: stephen-carter-at-sf

.eslintrc.json

@@ -12,7 +12,10 @@
 		"project": "./tsconfig.json"
 	},
 	"rules": {
-		"@typescript-eslint/no-unused-vars": ["error", {"argsIgnorePattern": "^_"}],
+		"@typescript-eslint/no-unused-vars": ["error", {
+			"argsIgnorePattern": "^_",
+			"varsIgnorePattern": "^_",
+			"caughtErrorsIgnorePattern": "^_"}],
 		"@typescript-eslint/unbound-method": ["error", {"ignoreStatic":  true}]
 	},
 	"plugins": [

.github/ISSUE_TEMPLATE/0-code_analyzer_bug.yml

@@ -0,0 +1,128 @@
+name: Report a Bug with a code-analyzer command
+description: Report an issue with a code-analyzer command.
+title: "[BUG][code-analyzer] <YOUR_TITLE_HERE>"
+labels: []
+body:
+  - type: dropdown
+    attributes:
+      label: Have you tried to resolve this issue yourself first?
+      description: |
+        Oftentimes, you can resolve `code-analyzer` issues on your own. Follow these steps:
+        1. Read the error message.
+        2. Read [Salesforce Code Analyzer](https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/code-analyzer.html) documentation.
+        3. Double-check the command that you ran. Ensure that items like file names, method names, and category names are correctly spelled and cased.
+        4. Verify that your code is syntactically valid.
+        5. Verify that the error is reproducible on another machine.
+        6. Check open and closed [issues](https://github.com/forcedotcom/sfdx-scanner/issues) to see if your issue is already logged.
+
+        **I confirm that I have gone through these steps and still have an issue to report.**
+        <sup>(You must select "Yes" to create an issue.)</sup>
+      options:
+        - ''
+        - "Yes"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Bug Description
+      description: Provide a clear and concise description of what the bug is and include the exact command that you ran.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Output / Logs
+      description: Attach any output or logs here
+      placeholder: |
+        Add log output here or drag files here.
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: List out the steps that you used to reproduce the bug behavior. Be as specific and clear as possible.
+      placeholder: |
+        1. I first do ...
+        2. Then I do ...
+        3. Lastly, I do ...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: Provide a clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Operating System
+      description: |
+        What is your machine's operating system?
+      placeholder: |
+        Example: MacOS Sonoma 14.4.1
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Salesforce CLI Version
+      description: |
+        What do you get from the command "sf --version"?
+      placeholder: |
+        Example: @salesforce/cli/2.40.7 darwin-arm64 node-v20.12.2
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Code Analyzer Plugin (code-analyzer) Version
+      description: |
+        What do you get from the command "sf plugins"?
+      placeholder: |
+        Example: code-analyzer 5.0.0-beta.0
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Node Version
+      description: |
+        What do you get from the command "node --version"?
+      placeholder: |
+        Example: v23.4.0
+    validations:
+      required: false
+  - type: input
+    attributes:
+      label: Java Version
+      description: |
+        What do you get from the command "java -version"?
+      placeholder: |
+        Example: openjdk version "11.0.17.0.1" 2022-10-18 LTS
+    validations:
+      required: false
+  - type: input
+    attributes:
+      label: Python Version
+      description: |
+        What do you get from the command "python --version"?
+      placeholder: |
+        Example: Python 3.11.8
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Additional Context (Screenshots, Files, etc)
+      description: Add any other context about the problem.
+      placeholder: |
+        Drag any files or screenshots you have here.
+  - type: textarea
+    attributes:
+      label: Workaround
+      description: What ways have you found to sidestep the problem? If you haven't found a workaround, what have you tried so far?
+  - type: dropdown
+    attributes:
+      label: Urgency
+      description: What is the severity of the problem?
+      options:
+        - Low
+        - Moderate
+        - High
+        - Critical
+      default: 0
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/0-scanner_run_bug.yml renamed to .github/ISSUE_TEMPLATE/1-scanner_run_bug.yml

@@ -1,6 +1,6 @@
 name: Report a Bug with scanner run
 description: Report an issue with the scanner run command.
-title: "[BUG] <YOUR_TITLE_HERE>"
+title: "[BUG][scanner run] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: dropdown

.github/ISSUE_TEMPLATE/1-scanner_run_dfa_bug.yml renamed to .github/ISSUE_TEMPLATE/2-scanner_run_dfa_bug.yml

@@ -1,6 +1,6 @@
 name: Report a Bug with scanner run dfa
 description: Report an issue with the scanner run dfa command.
-title: "[BUG] <YOUR_TITLE_HERE>"
+title: "[BUG][scanner run dfa] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: dropdown

.github/ISSUE_TEMPLATE/2-scanner_run_false_result.yml renamed to .github/ISSUE_TEMPLATE/3-scanner_run_false_result.yml

@@ -1,6 +1,6 @@
 name: Report a False Result with scanner run
 description: Report false results in scanner run scan reports. If you're submitting your managed package for AppExchange security review, include documentation of your false results with your submission.
-title: "[False Result] <YOUR_TITLE_HERE>"
+title: "[False Result][scanner run] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: dropdown

.github/ISSUE_TEMPLATE/3-scanner_run_dfa_false_result.yml renamed to .github/ISSUE_TEMPLATE/4-scanner_run_dfa_false_result.yml

@@ -1,6 +1,6 @@
 name: Report a False Result with scanner run dfa
 description: Report false results returned in scanner run dfa scan reports. If you're submitting for AppExchange security review, include documentation of your false results with your submission.
-title: "[False Result] <YOUR_TITLE_HERE>"
+title: "[False Result][scanner run dfa] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: textarea

.github/ISSUE_TEMPLATE/4-feature_request.yml renamed to .github/ISSUE_TEMPLATE/5-feature_request.yml

@@ -0,0 +1,54 @@
+name: apply-npm-tag-to-version
+on:
+  workflow_dispatch:
+    inputs:
+      package_name:
+        description: 'Select Package Name:'
+        required: true
+        type: choice
+        options:
+          - '@salesforce/plugin-code-analyzer'
+          - '@salesforce/sfdx-scanner'
+      tag_name:
+        description: 'Tag Name (ex: latest):'
+        required: true
+        type: string
+      version:
+        description: 'Version (ex: 4.8.0):'
+        required: true
+        type: string
+      confirm:
+        description: 'Check this box to confirm that you understand that applying a tag using this action is only recommended for emergency rollback situations and that you understand the consequences.'
+        required: true
+        type: boolean
+
+jobs:
+  publish_package:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+
+      - name: Fail if not confirmed
+        if: ${{ github.event.inputs.confirm != 'true' }}
+        run: |
+          echo "::error::You did not confirm, so dist-tag not called."
+          exit 1
+
+      - name: Validate package name (sanity check)
+        if: ${{ github.event.inputs.package_name != '@salesforce/plugin-code-analyzer' && github.event.inputs.package_name != '@salesforce/sfdx-scanner' }}
+        run: |
+          echo "Invalid package name. Please choose one of the allowed package names."
+          exit 1
+
+      - name: Prepare NPM Credentials
+        run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
+
+      - name: Apply tag
+        run: |
+          echo "You have confirmed that using this action is only recommended for emergency rollback situations and that you are responsible for manually applying the ${{ github.event.inputs.tag_name }} tag to ${{ github.event.inputs.package_name }}@${{ github.event.inputs.version }}."
+          echo "Applying tag..."
+          npm dist-tag add ${{ github.event.inputs.package_name }}@${{ github.event.inputs.version }} ${{ github.event.inputs.tag_name }}

.github/workflows/apply-npm-tag-to-version.yml

@@ -37,9 +37,6 @@ jobs:
           git checkout -b $INTERIM_BRANCH_NAME
           # Immediately push the interim branch with no changes, so GraphQL can push to it later.
           git push --set-upstream origin $INTERIM_BRANCH_NAME
-      # Update our dependencies.
-      - run: |
-          yarn upgrade
       # Use the GraphQL API to create a signed commit with the various changes.
       - name: Commit to interim branch
         run: |
@@ -50,11 +47,10 @@ jobs:
           MESSAGE="Preparing for v$NEW_VERSION release."
           # GraphQL needs the latest versions of the files we changed, as Base64 encoded strings.
           NEW_PACKAGE="$(cat package.json | base64)"
-          NEW_YARN_LOCK="$(cat yarn.lock | base64)"
           gh api graphql -F message="$MESSAGE" -F oldOid=`git rev-parse HEAD` -F branch="$BRANCH" \
-          -F newPackage="$NEW_PACKAGE" -F newYarnLock="$NEW_YARN_LOCK" \
+          -F newPackage="$NEW_PACKAGE" \
           -f query='
-            mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!, $newYarnLock: Base64String!) {
+            mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!) {
               createCommitOnBranch(input: {
                 branch: {
                   repositoryNameWithOwner: "forcedotcom/sfdx-scanner",
@@ -68,9 +64,6 @@ jobs:
                     {
                       path: "package.json",
                       contents: $newPackage
-                    }, {
-                      path: "yarn.lock",
-                      contents: $newYarnLock
                     }
                   ]
                 },

.github/workflows/create-release-branch.yml

@@ -79,6 +79,9 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: '11' # For now, Java version is hardcoded.
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '>=3.10'
       # Install SF, and the release candidate version.
       - run: npm install -g @salesforce/cli
       - run: sf plugins install @salesforce/plugin-code-analyzer@latest-beta-rc