RELEASE @W-19156628@ Preparing for Release 1.10.0

.git2gus/config.json

@@ -1,6 +1,6 @@
 {
     "productTag": "a1aEE000000ZZanYAG",
-    "defaultBuild": "scanner 2.0",
+    "defaultBuild": "[SFCA] Code Analyzer 5.x",
     "hideWorkItemUrl": true,
     "issueTypeLabels": {
         "type:feature": "USER STORY",

.github/workflows/build-tarball.yml

@@ -32,13 +32,8 @@ jobs:
           git clone -b ${{ inputs.target-branch }} https://github.com/forcedotcom/code-analyzer.git code-analyzer
           cd code-analyzer
           # Install and build dependencies.
-          if [[ "${{ inputs.target-branch}}" == "dev-4" ]]; then
-            yarn
-            yarn build
-          else
-            npm install
-            npm run build
-          fi
+          npm install
+          npm run build
           # Create the tarball.
           npm pack
       # Upload the tarball as an artifact so it's usable elsewhere.

.github/workflows/create-release-branch.yml

@@ -91,10 +91,11 @@ jobs:
           MESSAGE="Preparing for v$NEW_VERSION release."
           # GraphQL needs the latest versions of the files we changed, as Base64 encoded strings.
           NEW_PACKAGE="$(cat package.json | base64)"
+          NEW_LOCKFILE="$(cat package-lock.json | base64)"
           gh api graphql -F message="$MESSAGE" -F oldOid=`git rev-parse HEAD` -F branch="$BRANCH" \
-          -F newPackage="$NEW_PACKAGE" \
+          -F newPackage="$NEW_PACKAGE" -F newLockfile="$NEW_LOCKFILE" \
           -f query='
-            mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!) {
+            mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!, $newLockfile: Base64String!) {
               createCommitOnBranch(input: {
                 branch: {
                   repositoryNameWithOwner: "forcedotcom/sfdx-code-analyzer-vscode",
@@ -108,6 +109,9 @@ jobs:
                     {
                       path: "package.json",
                       contents: $newPackage
+                    }, {
+                      path: "package-lock.json",
+                      contents: $newLockfile
                     }
                   ]
                 },
@@ -133,19 +137,9 @@ jobs:
           git push -d origin ${NEW_VERSION}-interim
           # Output the release branch name so we can use it in later jobs.
           echo "branch_name=release-$NEW_VERSION" >> "$GITHUB_OUTPUT"
-  # Build the tarballs so they can be installed locally when we run tests.
-  build-v4-scanner-tarball:
-    name: 'Build v4 scanner tarball'
-    needs: verify-should-run
-    uses: ./.github/workflows/build-tarball.yml
-    with:
-      # Note: Using `dev-4` here is technically incorrect. For full completeness's sake, we should probably be
-      # using the branch corresponding to the upcoming scanner release. However, identifying that branch is
-      # non-trivial, and there are unlikely to be major differences between the two that appear in the few days
-      # between creating the branch and releasing it, so it _should_ be fine.
-      target-branch: 'dev-4'
-  build-v5-code-analyzer-tarball:
-    name: 'Build v5 code-analyzer tarball'
+  # Build the tarball so it can be installed locally when we run tests.
+  build-code-analyzer-tarball:
+    name: 'Build code-analyzer tarball'
     needs: verify-should-run
     uses: ./.github/workflows/build-tarball.yml
     with:
@@ -157,12 +151,11 @@ jobs:
   # Run all the various tests against the newly created branch.
   test-release-branch:
     name: 'Run unit tests'
-    needs: [build-v4-scanner-tarball, build-v5-code-analyzer-tarball, create-release-branch]
+    needs: [build-code-analyzer-tarball, create-release-branch]
     uses: ./.github/workflows/run-tests.yml
     with:
       # We want to validate the extension against whatever version of code analyzer we *plan* to publish,
       # not what's *already* published.
       use-tarballs: true
-      v4-tarball-suffix: 'dev-4'
-      v5-tarball-suffix: 'dev'
+      tarball-suffix: 'dev'
       target-branch: ${{ needs.create-release-branch.outputs.branch-name }}

.github/workflows/daily-smoke-test.yml

@@ -10,45 +10,52 @@ on:
 
 jobs:
   # Step 1: Build the tarballs so they can be installed locally.
-  build-v4-tarball:
-    name: 'Build v4 scanner tarball'
-    uses: ./.github/workflows/build-tarball.yml
-    with:
-      target-branch: 'dev-4'
-  build-v5-tarball:
-    name: 'Build v5 code analyzer tarball'
+  build-code-analyzer-tarball:
+    name: Build code analyzer tarball
     uses: ./.github/workflows/build-tarball.yml
     with:
       target-branch: 'dev'
   # Step 2: Actually run the tests.
   smoke-test:
-    name: 'Run smoke tests'
-    needs: [build-v4-tarball, build-v5-tarball]
+    name: Run smoke tests
+    needs: [build-code-analyzer-tarball]
     uses: ./.github/workflows/run-tests.yml
     with:
       use-tarballs: true
-      v4-tarball-suffix: 'dev-4'
-      v5-tarball-suffix: 'dev'
+      tarball-suffix: 'dev'
     secrets: inherit
-  # Step 3: Build a VSIX artifact for use if needed.
+  # Step 3: Retry on failure after install timeout or flaky tests
+  retry-on-failure:
+    name: Retry on failure
+    runs-on: ubuntu-latest
+    needs: [build-code-analyzer-tarball, smoke-test]
+    if: failure() && fromJSON(github.run_attempt) < 3
+    steps:
+      - name: Trigger retry workflow
+        env:
+          GH_REPO: ${{ github.repository }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh workflow run retry.yml -F github_run_id=${{ github.run_id }}
+  # Step 4: Build a VSIX artifact for use if needed.
   create-vsix-artifact:
     name: 'Upload VSIX as artifact'
     uses: ./.github/workflows/create-vsix-artifact.yml
     secrets: inherit
-  # Step 4: Report any problems
+  # Step 5: Report any problems
   report-problems:
-    name: 'Report problems'
+    name: Report problems
     runs-on: ubuntu-latest
-    needs: [build-v4-tarball, build-v5-tarball, smoke-test, create-vsix-artifact]
-    if: ${{ failure() || cancelled() }}
+    needs: [build-code-analyzer-tarball, smoke-test, create-vsix-artifact]
+    if: failure() && fromJSON(github.run_attempt) >= 3
     steps:
       - name: Report problems
         shell: bash
         env:
           RUN_LINK: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
         run: |
           ALERT_SEV="info"
-          ALERT_SUMMARY="Daily smoke test failed on ${{ runner.os }}"
+          ALERT_SUMMARY="Daily smoke test failed after 3 attempts on ${{ runner.os }}"
 
           generate_post_data() {
             cat <<EOF

.github/workflows/production-heartbeat.yml

@@ -91,7 +91,7 @@ jobs:
           fi
         shell: bash
 
-      # 3 Install VS Code and Extension on macOS
+      # 3 Install and Verify VS Code and Extension on macOS
       - name: Install VS Code on macOS
         if: runner.os == 'macOS'
         run: |
@@ -111,21 +111,35 @@ jobs:
             echo "::error Extension installation failed" && exit 1
           fi
 
-      # === Report any problems ===
+  # Retry on failure after matrix is complete
+  retry-on-failure:
+    name: Retry on failure
+    runs-on: ubuntu-latest
+    needs: [production-heartbeat]
+    if: failure() && fromJSON(github.run_attempt) < 3
+    steps:
+      - name: Trigger retry workflow
+        env:
+          GH_REPO: ${{ github.repository }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh workflow run retry.yml -F github_run_id=${{ github.run_id }}
+
+  # Report problems after retry mechanism is complete
+  report-problems:
+    name: Report problems
+    runs-on: ubuntu-latest
+    needs: [production-heartbeat, retry-on-failure]
+    if: failure() && fromJSON(github.run_attempt) >= 3
+    steps:
       - name: Report problems
-        # There are problems if any step failed or was skipped.
-        # Note that the `join()` call omits null values, so if any steps were skipped, they won't have a corresponding
-        # value in the string.
-        if: ${{ failure() || cancelled() }}
         shell: bash
         env:
           # A link to this run, so the PagerDuty assignee can quickly get here.
           RUN_LINK: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
-
         run: |
-
           ALERT_SEV="info"
-          ALERT_SUMMARY="Production heartbeat script failed on ${{ runner.os }}"
+          ALERT_SUMMARY="Production heartbeat script failed after 3 attempts on ${{ runner.os }}"
           # Define a helper function to create our POST request's data, to sidestep issues with nested quotations.
           generate_post_data() {
           # This is known as a HereDoc, and it lets us declare multi-line input ending when the specified limit string,

.github/workflows/retry.yml

@@ -0,0 +1,20 @@
+# This workflow is used in order to retry a failed workflow run.
+name: Retry workflow
+on:
+  workflow_dispatch:
+    inputs:
+      github_run_id:
+        required: true
+        description: "The ID of the workflow run to retry"
+jobs:
+  Retry:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Retry Github Action ${{ inputs.github_run_id }}
+        env:
+          GH_REPO: ${{ github.repository }}
+          GH_TOKEN: ${{ github.token }}
+          GH_DEBUG: api # Used for verbose output
+        run: |
+          gh run watch ${{ inputs.github_run_id }} > /dev/null 2>&1
+          gh run rerun ${{ inputs.github_run_id }} --failed

.github/workflows/run-tests.yml

@@ -7,13 +7,8 @@ on:
         required: false
         type: boolean
         default: false
-      v4-tarball-suffix:
-        description: 'The suffix attached to the name of the v4 tarball'
-        required: false
-        type: string
-        default: 'dev-4'
-      v5-tarball-suffix:
-        description: 'The suffix attached to the name of the v5 tarball'
+      tarball-suffix:
+        description: 'The suffix attached to the name of the code-analyzer tarball'
         required: false
         type: string
         default: 'dev'
@@ -57,60 +52,32 @@ jobs:
       # of the tests are integration tests.
       # NOTE: SFCA can come from a tarball built in a previous step,
       #       or be installed as the currently-latest version.
-      - name: Download v4 Scanner Tarball
+      - name: Download Code Analyzer Tarball
         if: ${{ inputs.use-tarballs == true }}
-        id: download-v4
+        id: download-tarball
         uses: actions/download-artifact@v4
         with:
-          name: tarball-${{ inputs.v4-tarball-suffix}}
+          name: tarball-${{ inputs.tarball-suffix }}
           # Download the tarball to a subdirectory of HOME, so it's guaranteed
           # to be somewhere the installation command can see.
-          path: ~/downloads/tarball-v4
-      - name: Install v4 Scanner Tarball
+          path: ~/downloads/tarball
+      - name: Install Code Analyzer Tarball
         if: ${{ inputs.use-tarballs == true }}
         shell: bash
         run: |
           # Determine the tarball's name.
-          TARBALL_NAME=$(ls ~/downloads/tarball-v4/code-analyzer | grep salesforce-.*\\.tgz)
+          TARBALL_NAME=$(ls ~/downloads/tarball/code-analyzer | grep salesforce-.*\\.tgz)
           echo $TARBALL_NAME
           # Figure out where the tarball was downloaded to.
           # To allow compatibility with Windows, replace backslashes with forward slashes
           # and rip off a leading `C:` if present.
-          DOWNLOAD_PATH=`echo '${{ steps.download-v4.outputs.download-path }}' | tr '\\' '/'`
+          DOWNLOAD_PATH=`echo '${{ steps.download-tarball.outputs.download-path }}' | tr '\\' '/'`
           echo $DOWNLOAD_PATH
           DOWNLOAD_PATH=`[[ $DOWNLOAD_PATH = C* ]] && echo $DOWNLOAD_PATH | cut -d':' -f 2 || echo $DOWNLOAD_PATH`
           echo $DOWNLOAD_PATH
           # Pipe in a `y` to simulate agreeing to install an unsigned package. Use a URI of the file's full path.
           echo y | sf plugins install "file://${DOWNLOAD_PATH}/code-analyzer/${TARBALL_NAME}"
-      - name: Download v5 Code Analyzer Tarball
-        if: ${{ inputs.use-tarballs == true }}
-        id: download-v5
-        uses: actions/download-artifact@v4
-        with:
-          name: tarball-${{ inputs.v5-tarball-suffix }}
-          # Download the tarball to a subdirectory of HOME, so it's guaranteed
-          # to be somewhere the installation command can see.
-          path: ~/downloads/tarball-v5
-      - name: Install v5 Code Analyzer Tarball
-        if: ${{ inputs.use-tarballs == true }}
-        shell: bash
-        run: |
-          # Determine the tarball's name.
-          TARBALL_NAME=$(ls ~/downloads/tarball-v5/code-analyzer | grep salesforce-.*\\.tgz)
-          echo $TARBALL_NAME
-          # Figure out where the tarball was downloaded to.
-          # To allow compatibility with Windows, replace backslashes with forward slashes
-          # and rip off a leading `C:` if present.
-          DOWNLOAD_PATH=`echo '${{ steps.download-v5.outputs.download-path }}' | tr '\\' '/'`
-          echo $DOWNLOAD_PATH
-          DOWNLOAD_PATH=`[[ $DOWNLOAD_PATH = C* ]] && echo $DOWNLOAD_PATH | cut -d':' -f 2 || echo $DOWNLOAD_PATH`
-          echo $DOWNLOAD_PATH
-          # Pipe in a `y` to simulate agreeing to install an unsigned package. Use a URI of the file's full path.
-          echo y | sf plugins install "file://${DOWNLOAD_PATH}/code-analyzer/${TARBALL_NAME}"
-      - name: Install Production scanner v4
-        if: ${{ inputs.use-tarballs == false }}
-        run: sf plugins install @salesforce/sfdx-scanner
-      - name: Install Production code-analyzer v5
+      - name: Install Production code-analyzer
         if: ${{ inputs.use-tarballs == false }}
         run: sf plugins install code-analyzer
       # Run the tests. (Linux and non-Linux need slightly different commands.)

.github/workflows/validate-pr.yml

@@ -47,27 +47,21 @@ jobs:
           echo "Valid PR title: '$title'"
   # RUN TESTS
   # Step 1: Build the tarball so it can be installed locally.
-  build_v4_scanner_tarball:
-    name: 'Build v4 scanner tarball'
-    uses: ./.github/workflows/build-tarball.yml
-    with:
-      target-branch: 'dev-4'
-  build_v5_code_analyzer_tarball:
-    name: 'Build v5 code analyzer tarball'
+  build_code_analyzer_tarball:
+    name: 'Build code analyzer tarball'
     uses: ./.github/workflows/build-tarball.yml
     with:
       target-branch: 'dev'
   # Step 2: Actually run the tests.
   run_tests:
     name: 'Run unit tests'
-    needs: [build_v4_scanner_tarball, build_v5_code_analyzer_tarball]
+    needs: [build_code_analyzer_tarball]
     uses: ./.github/workflows/run-tests.yml
     with:
       # We want to validate the extension against whatever version of code analyzer we
       # *plan* to publish, not what's *already* published.
       use-tarballs: true
-      v4-tarball-suffix: 'dev-4'
-      v5-tarball-suffix: 'dev'
+      tarball-suffix: 'dev'
   # BUILD A VSIX ARTIFACT
   # Additionally, build a VSIX that can be downloaded by the user if needed.
   create-vsix-artifact:

SHA256.md

@@ -15,7 +15,7 @@ make sure that their SHA values match the values in the list below.
 shasum -a 256 <location_of_the_downloaded_file>
 
 3. Confirm that the SHA in your output matches the value in this list of SHAs.
-   112139aa0cd29e64729aceaea9fc1c19c072b95af7eda751ca9ad92a346a9783  ./extensions/sfdx-code-analyzer-vscode-1.8.0.vsix
+   a26fa56962cc53dfd3deeb0a32f184218e71b0110eb96b1a56966d363538fee6  ./extensions/sfdx-code-analyzer-vscode-1.9.0.vsix
 4. Change the filename extension for the file that you downloaded from .zip to
    .vsix.
 

jest.config.mjs

@@ -5,7 +5,7 @@ const config = {
     testMatch: ['**/*.test.ts'],
     collectCoverage: true,
     collectCoverageFrom: [
-      'src/**/*.ts',
+      './src/**/*.ts',
     ],
     coveragePathIgnorePatterns: [
         '/src/test/',