Merge pull request #768 from kuzzleio/beta

rolljee · web-flow · commit 27b39660ddfb · 2025-12-16T18:07:34.000+01:00
Release
diff --git a/.github/actions/install-packages/action.yml b/.github/actions/install-packages/action.yml
@@ -0,0 +1,8 @@
+name: Install Packages
+description: Install necessary packages inside the CI
+
+runs:
+  using: "composite"
+  steps:
+    - run: sudo apt update && sudo apt install libunwind-dev libunwind8 -y
+      shell: bash
diff --git a/.github/workflows/dtrack-sbom.workflow.yaml b/.github/workflows/dtrack-sbom.workflow.yaml
@@ -0,0 +1,45 @@
+name: Dtrack SBOM publish
+
+env:
+  NODE_VERSION: "24"
+
+on:
+  release:
+    types:
+      - released
+      - prereleased
+
+jobs:
+  publish-sbom-to-dtrack:
+    name: Publish SBOM to Dependency-Track
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v6
+
+      - name: Install additional libraries
+        uses: ./.github/actions/install-packages
+
+      - name: Node version ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - run: npm install
+      - name: Create SBOM with CycloneDX
+        run: npx @cyclonedx/cyclonedx-npm -o bom.xml --of=XML
+      
+      - name: Get the current project version from package.json
+        id: get-version
+        run: |
+          echo "version=$(jq -r .version package.json)" >> $GITHUB_OUTPUT
+
+      - name: Publish SBOM to Dependency-Track
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          projectname: 'Kuzzle SDK JavaScript'
+          projectversion: '${{ steps.get-version.outputs.version }}'
+          bomfilename: "./bom.xml"
+          autocreate: true
diff --git a/.github/workflows/push_branches.workflow.yaml b/.github/workflows/push_branches.workflow.yaml
@@ -33,7 +33,7 @@ jobs:
 
       - name: Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GHP }}
           SEMANTIC_RELEASE_NPM_PUBLISH: "true"
           SEMANTIC_RELEASE_SLACK_WEBHOOK: ${{ secrets.SEMANTIC_RELEASE_SLACK_WEBHOOK }}
         run: npx semantic-release
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,15 @@
+## [7.17.0-beta.2](https://github.com/kuzzleio/sdk-javascript/compare/v7.17.0-beta.1...v7.17.0-beta.2) (2025-12-16)
+
+### Bug Fixes
+
+* use custom github token to allow sequantial workflow creation ([b3109fe](https://github.com/kuzzleio/sdk-javascript/commit/b3109fe04e9315535e990dbe4b89187a9ed0f867))
+
+## [7.17.0-beta.1](https://github.com/kuzzleio/sdk-javascript/compare/v7.16.0...v7.17.0-beta.1) (2025-12-16)
+
+### Features
+
+* publish sbom to dtrack ([09d874a](https://github.com/kuzzleio/sdk-javascript/commit/09d874a9d9415afca61a192467a59ba56e558c56))
+
 ## [7.16.0](https://github.com/kuzzleio/sdk-javascript/compare/v7.15.1...v7.16.0) (2025-12-16)
 
 ### Features
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "kuzzle-sdk",
-  "version": "7.16.0",
+  "version": "7.17.0-beta.2",
   "description": "Official Javascript SDK for Kuzzle",
   "author": "The Kuzzle Team <support@kuzzle.io>",
   "repository": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "kuzzle-sdk",`
`3`		`- "version": "7.16.0",`
	`3`	`+ "version": "7.17.0-beta.2",`
`4`	`4`	`"description": "Official Javascript SDK for Kuzzle",`
`5`	`5`	`"author": "The Kuzzle Team <[email protected]>",`
`6`	`6`	`"repository": {`