Skip to content

chore: CI + npm publish workflow, drop Datadog CI/e2e, v0.1.0 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Fiona2016 wants to merge 1 commit into
base: publish
Choose a base branch
from
Open

chore: CI + npm publish workflow, drop Datadog CI/e2e, v0.1.0 #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .github/CODEOWNERS
View file
Open in desktop

This file was deleted.

39 changes: 39 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: CI

on:
pull_request:
push:
branches: [main, publish]

permissions:
contents: read

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '24'

- name: Enable Corepack
run: corepack enable

- name: Install dependencies
run: yarn install --immutable

- name: Format check
run: yarn format:check

- name: Typecheck
run: yarn typecheck

- name: Build
run: yarn build

- name: Unit tests
run: yarn test:unit
86 changes: 25 additions & 61 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
name: Publish

# Release flow:
# 1. Merge the release into `publish` (package.json version is the source of truth).
# 2. Tag the merge commit `vX.Y.Z` (must match package.json version).
# 3. Run this workflow from that tag (Actions → Publish → select the tag).
# Use the `dry_run` input first to validate auth/build without publishing.

on:
workflow_dispatch:
inputs:
Expand All @@ -10,14 +16,13 @@ on:

permissions:
contents: write # create GitHub release
id-token: write # npm Trusted Publishers OIDC

jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@v4

- name: Read version from package.json
id: version
Expand All @@ -44,82 +49,41 @@ jobs:
echo "✅ Release tag validated: $TAG"

- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
uses: actions/setup-node@v4
with:
node-version: '25'
node-version: '24'
registry-url: 'https://registry.npmjs.org/'

- name: Enable Corepack
run: corepack enable

- name: Install dependencies
run: yarn install --immutable

- name: Verify npm OIDC auth — dry run
if: ${{ inputs.dry_run }}
run: |
FAILED=0
ESCAPED_PACKAGE="@datadog%2felectron-sdk"

# Check 1: ACTIONS_ID_TOKEN_REQUEST_URL is set (pre-condition for GitHub OIDC)
if [ -z "$ACTIONS_ID_TOKEN_REQUEST_URL" ] || [ -z "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ]; then
echo "❌ ACTIONS_ID_TOKEN_REQUEST_URL or TOKEN not set — id-token: write permission may be missing"
FAILED=1
else
echo "✅ GitHub OIDC pre-conditions met (ACTIONS_ID_TOKEN_REQUEST_URL is set)"
fi
# Quality gate — fail the release before publishing if anything is broken.
- name: Typecheck
run: yarn typecheck

# Check 2: OIDC token exchange with npm registry (proves Trusted Publishers is configured)
OIDC_TOKEN=$(curl -sf -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=npm:registry.npmjs.org" | jq -r '.value')
if [ -z "$OIDC_TOKEN" ] || [ "$OIDC_TOKEN" = "null" ]; then
echo "❌ Failed to obtain GitHub OIDC token"
FAILED=1
else
# Decode JWT claims to help diagnose Trusted Publishers mismatches
echo "--- OIDC token claims ---"
echo "$OIDC_TOKEN" | cut -d. -f2 | base64 -d 2>/dev/null | jq '{sub, iss, repository, repository_owner, workflow, job_workflow_ref, ref}'
EXCHANGE_URL="https://registry.npmjs.org/-/npm/v1/oidc/token/exchange/package/${ESCAPED_PACKAGE}"
echo "Exchanging with: $EXCHANGE_URL"
RESPONSE=$(curl -s -X POST "$EXCHANGE_URL" \
-H "Authorization: Bearer $OIDC_TOKEN" \
-H "Content-Type: application/json" \
-d '{}')
NPM_TOKEN=$(echo "$RESPONSE" | jq -r '.token // empty')
if [ -z "$NPM_TOKEN" ]; then
echo "❌ npm OIDC exchange failed — check Trusted Publishers config on npmjs.com"
echo "Response: $RESPONSE"
FAILED=1
else
echo "✅ npm OIDC token obtained — Trusted Publishers auth is working"
fi
fi
- name: Build
run: yarn build

# Check 3: dry-run pack to verify build artifacts
# --tag dry-run avoids "latest" tag conflict when testing with a lower version
if npm publish --dry-run --access public --tag dry-run; then
echo "✅ dry-run pack succeeded"
else
echo "❌ dry-run pack failed"
FAILED=1
fi
- name: Unit tests
run: yarn test:unit

exit $FAILED

- name: Verify GitHub token — dry run
- name: Publish to npm (dry run)
if: ${{ inputs.dry_run }}
run: |
echo "--- gh auth status ---"
gh auth status
echo "--- repo permissions ---"
gh api "repos/$GITHUB_REPOSITORY" --jq '.permissions'
run: npm publish --access public --dry-run
env:
GH_TOKEN: ${{ github.token }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Publish to npm (OIDC Trusted Publishers)
- name: Publish to npm
if: ${{ !inputs.dry_run }}
run: npm publish --access public --provenance
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Extract release notes from CHANGELOG.md
if: ${{ !inputs.dry_run }}
run: |
VERSION="${{ steps.version.outputs.version }}"
awk "/^## \[${VERSION}\]/{found=1} found && /^## / && !/^## \[${VERSION}\]/{exit} found{print}" CHANGELOG.md > release-notes.md
Expand Down
129 changes: 0 additions & 129 deletions .gitlab-ci.yml
View file
Open in desktop

This file was deleted.

20 changes: 18 additions & 2 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,24 @@
# Changelog

All notable changes to `@datadog/electron-sdk` are documented here.
All notable changes to `@flashcatcloud/electron-sdk` are documented here.

## [0.3.0] - 2026-05-27
## [0.1.0]

First FlashCat release. Forked from `@datadog/electron-sdk` v0.3.0 and rebranded to report to the FlashCat platform.

### ✨ Features

- Report RUM events to the FlashCat intake. `site` is now the intake host directly (`browser.flashcat.cloud` for production, `jira.flashcat.cloud` for staging); the intake URL is `https://${site}/api/v2/${track}`.
- Renderer integration uses the `@flashcatcloud/browser-rum` fork; the SDK's build-time core utilities come from `@flashcatcloud/browser-core`.

### ⚠️ Breaking Changes / Notes

- Package renamed to `@flashcatcloud/electron-sdk` (internal `dd-`/`Datadog` names and the `DatadogEventBridge` global are kept per the fork convention).
- `site` only accepts FlashCat hosts (`browser.flashcat.cloud`, `jira.flashcat.cloud`).
- The main-process transport now sends `Content-Type: text/plain;charset=UTF-8` with a newline-delimited-JSON body, as required by the FlashCat intake.
- APM/trace (`spans`) is not uploaded — FlashCat has no `/api/v2/spans` ingest. Main-process HTTP activity is still reported as RUM `resource` events. Native APM tracing is pending product support.

## [0.3.0] - 2026-05-27 (upstream Datadog)

### ✨ Features

Expand Down
17 changes: 0 additions & 17 deletions Dockerfile
View file
Open in desktop

This file was deleted.

26 changes: 13 additions & 13 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,16 +208,16 @@ interface FeatureOperationOptions {

### Configuration Options

| Option | Type | Required | Default | Description |
| --------------------- | ---------------------------------------- | -------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| `clientToken` | `string` | Yes | — | FlashCat client token |
| `applicationId` | `string` | Yes | — | RUM application ID |
| `site` | `string` | Yes | — | FlashCat site — the intake host, used verbatim. One of `browser.flashcat.cloud` (production) or `jira.flashcat.cloud` (staging) |
| `service` | `string` | Yes | — | Service name |
| `env` | `string` | No | — | Application environment |
| `version` | `string` | No | — | Application version |
| `telemetrySampleRate` | `number` | No | `20` | Telemetry sample rate (0–100) |
| `batchSize` | `'SMALL' \| 'MEDIUM' \| 'LARGE'` | No | — | Batch size for event uploads |
| `uploadFrequency` | `'RARE' \| 'NORMAL' \| 'FREQUENT'` | No | — | Upload frequency for event batches |
| `defaultPrivacyLevel` | `'mask' \| 'allow' \| 'mask-user-input'` | No | `'mask'` | Default privacy level for renderer session replay |
| `allowedWebViewHosts` | `string[]` | No | `[]` | Hostnames allowed for the renderer bridge |
| Option | Type | Required | Default | Description |
| --------------------- | ---------------------------------------- | -------- | -------- | ------------------------------------------------------------------------------------------------------------------------------- |
| `clientToken` | `string` | Yes | — | FlashCat client token |
| `applicationId` | `string` | Yes | — | RUM application ID |
| `site` | `string` | Yes | — | FlashCat site — the intake host, used verbatim. One of `browser.flashcat.cloud` (production) or `jira.flashcat.cloud` (staging) |
| `service` | `string` | Yes | — | Service name |
| `env` | `string` | No | — | Application environment |
| `version` | `string` | No | — | Application version |
| `telemetrySampleRate` | `number` | No | `20` | Telemetry sample rate (0–100) |
| `batchSize` | `'SMALL' \| 'MEDIUM' \| 'LARGE'` | No | — | Batch size for event uploads |
| `uploadFrequency` | `'RARE' \| 'NORMAL' \| 'FREQUENT'` | No | — | Upload frequency for event batches |
| `defaultPrivacyLevel` | `'mask' \| 'allow' \| 'mask-user-input'` | No | `'mask'` | Default privacy level for renderer session replay |
| `allowedWebViewHosts` | `string[]` | No | `[]` | Hostnames allowed for the renderer bridge |
Loading
Loading