Bump version: 2.4.0 → 2.5.0

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.4.0
+current_version = 2.5.0
 commit = True
 tag = False
 

CLAUDE.md

@@ -25,13 +25,23 @@ Use the version in `.nvmrc` (currently v24). Run `nvm use` before any npm comman
 
 ## Release Process
 
-See `.github/CONTRIBUTING.md` for full details. Summary:
+**Every PR that should result in a new release MUST include a version bump.** Without it, the CI "Create Release" step will be skipped on merge because `scripts/version-check.sh` sees the existing tag and produces no output.
 
-1. Use `./scripts/release-pr.sh -b <major|minor|patch>` to create a release PR (requires `bump2version` and `gh`)
-2. The script bumps versions, runs `npm run all`, rebuilds dist/, commits, pushes, and creates a PR
-3. On merge to `main`, CI auto-creates a GitHub Release with tag `v{version}`
-4. Manually edit the release to publish to GitHub Marketplace
-5. Manually run the "Update Main Version" workflow dispatch to move the `v2` tag to the new release
+Bump the version using `bump2version`:
+
+```bash
+bump2version <major|minor|patch>   # updates .bumpversion.cfg, package.json, README.md and creates a commit
+```
+
+Alternatively, use the release PR script which handles the full flow:
+
+```bash
+./scripts/release-pr.sh -b <major|minor|patch>   # requires bump2version and gh CLI
+```
+
+See `.github/CONTRIBUTING.md` for full release details. On merge to `main`, CI auto-creates a GitHub Release with tag `v{version}`. After that:
+1. Manually edit the release to publish to GitHub Marketplace
+2. Manually run the "Update Main Version" workflow dispatch to move the `v2` tag to the new release
 
 ## Project Structure
 

README.md

@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
       with:
         apiKey: ${{ secrets.HAWK_API_KEY }}
 ```
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
       with:
         args: |
           --hawk-mem 1g
@@ -62,7 +62,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
       with:
         command: rescan
 ```
@@ -78,7 +78,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
       with:
         apiKey: ${{ secrets.HAWK_API_KEY }}
         dryRun: true
@@ -95,7 +95,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
       with:
         apiKey: ${{ secrets.HAWK_API_KEY }}
         configurationFiles: stackhawk.yml stackhawk-extra.yml
@@ -112,7 +112,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
     with:
       installCLIOnly: true
     - name: Run CLI Scan
@@ -132,7 +132,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: stackhawk/hawkscan-action@v2.4.0
+    - uses: stackhawk/hawkscan-action@v2.5.0
       with:
         apiKey: ${{ secrets.HAWK_API_KEY }}
         codeScanningAlerts: true
@@ -155,7 +155,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: stackhawk/hawkscan-action@v2.4.0
+      - uses: stackhawk/hawkscan-action@v2.5.0
         with:
           apiKey: ${{ secrets.HAWK_API_KEY }}
           verbose: true
@@ -172,7 +172,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: stackhawk/hawkscan-action@v2.4.0
+      - uses: stackhawk/hawkscan-action@v2.5.0
         with:
           workspace: ./app/config/
 ```
@@ -187,7 +187,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: stackhawk/hawkscan-action@v2.4.0
+      - uses: stackhawk/hawkscan-action@v2.5.0
         with:
           version: 2.7.0
 ```
@@ -209,7 +209,7 @@ jobs:
         pip3 install -r requirements.txt
         nohup python3 app.py &
     - name: Scan my app
-      uses: stackhawk/hawkscan-action@v2.4.0
+      uses: stackhawk/hawkscan-action@v2.5.0
       with:
         apiKey: ${{ secrets.HAWK_API_KEY }}
 ```
@@ -233,7 +233,7 @@ jobs:
         APP_HOST: 'http://localhost:5000'
         APP_ID: AE624DB7-11FC-4561-B8F2-2C8ECF77C2C7
         APP_ENV: Development
-      uses: stackhawk/hawkscan-action@v2.4.0
+      uses: stackhawk/hawkscan-action@v2.5.0
       with:
         apiKey: ${{ secrets.HAWK_API_KEY }}
         dryRun: true

__tests__/config_parser.test.js

@@ -0,0 +1,79 @@
+import { parseApplicationId } from '../src/config_parser.js';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+describe('parseApplicationId', () => {
+  let tmpDir;
+
+  beforeEach(() => {
+    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'hawkscan-test-'));
+  });
+
+  afterEach(() => {
+    fs.rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  test('parses applicationId from standard stackhawk.yml', () => {
+    const configContent = `
+app:
+  applicationId: 3b96390e-4c87-410e-bba3-460c9b2177cf
+  host: https://localhost:9000
+  env: Development
+`;
+    fs.writeFileSync(path.join(tmpDir, 'stackhawk.yml'), configContent);
+    const result = parseApplicationId(tmpDir, ['stackhawk.yml']);
+    expect(result).toBe('3b96390e-4c87-410e-bba3-460c9b2177cf');
+  });
+
+  test('parses applicationId from first config file in list', () => {
+    const configContent = `
+app:
+  applicationId: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
+  host: https://example.com
+`;
+    fs.writeFileSync(path.join(tmpDir, 'custom.yml'), configContent);
+    const result = parseApplicationId(tmpDir, ['custom.yml']);
+    expect(result).toBe('aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee');
+  });
+
+  test('returns null when config file does not exist', () => {
+    const result = parseApplicationId(tmpDir, ['nonexistent.yml']);
+    expect(result).toBeNull();
+  });
+
+  test('returns null when applicationId is missing from config', () => {
+    const configContent = `
+app:
+  host: https://localhost:9000
+`;
+    fs.writeFileSync(path.join(tmpDir, 'stackhawk.yml'), configContent);
+    const result = parseApplicationId(tmpDir, ['stackhawk.yml']);
+    expect(result).toBeNull();
+  });
+
+  test('returns null when app section is missing', () => {
+    const configContent = `
+host: https://localhost:9000
+`;
+    fs.writeFileSync(path.join(tmpDir, 'stackhawk.yml'), configContent);
+    const result = parseApplicationId(tmpDir, ['stackhawk.yml']);
+    expect(result).toBeNull();
+  });
+
+  test('tries second config file if first has no applicationId', () => {
+    const config1 = `
+app:
+  host: https://localhost:9000
+`;
+    const config2 = `
+app:
+  applicationId: 11111111-2222-3333-4444-555555555555
+  host: https://example.com
+`;
+    fs.writeFileSync(path.join(tmpDir, 'base.yml'), config1);
+    fs.writeFileSync(path.join(tmpDir, 'override.yml'), config2);
+    const result = parseApplicationId(tmpDir, ['base.yml', 'override.yml']);
+    expect(result).toBe('11111111-2222-3333-4444-555555555555');
+  });
+});

__tests__/index.js

@@ -27,6 +27,7 @@ beforeEach(() => {
   delete process.env.INPUT_DEBUG;
   delete process.env.INPUT_COMMAND;
   delete process.env.INPUT_ARGS;
+  delete process.env.INPUT_COMMITSHACHECK;
 });
 
 test('gather minimal inputs', () => {
@@ -40,6 +41,7 @@ test('gather minimal inputs', () => {
     dryRun: 'false',
     installCLIOnly : 'false',
     codeScanningAlerts: 'false',
+    commitShaCheck: 'false',
     workspace : workspace,
     sourceURL : 'https://download.stackhawk.com/hawk/cli',
     verbose: 'false',
@@ -58,6 +60,7 @@ test('gather max inputs', () => {
     dryRun: 'true',
     codeScanningAlerts: 'true',
     installCLIOnly : 'true',
+    commitShaCheck: 'true',
     sourceURL : 'https://download.stackhawk.com/hawk/cli',
     verbose: 'false',
     debug: 'false'
@@ -74,6 +77,7 @@ test('gather max inputs', () => {
     dryRun: 'true',
     codeScanningAlerts: 'true',
     installCLIOnly : 'true',
+    commitShaCheck: 'true',
     sourceURL : 'https://download.stackhawk.com/hawk/cli',
     verbose: 'false',
     debug: 'false'