Merge pull request #1313 from forcedotcom/dev

RELEASE: @W-14750116@: Merging dev to release for v3.20.0 release.

.eslintrc.json

@@ -3,7 +3,8 @@
 	"extends": [
 		"eslint:recommended",
 		"plugin:@typescript-eslint/recommended",
-		"plugin:@typescript-eslint/recommended-requiring-type-checking"
+		"plugin:@typescript-eslint/recommended-requiring-type-checking",
+		"plugin:sf-plugin/migration"
 	],
 	"parserOptions": {
 		"sourceType": "module",

.github/ISSUE_TEMPLATE/0scanner_run_bug.md

@@ -1,14 +1,14 @@
 ---
-name: Report a Bug with scanner:run
-about: Report an issue with the scanner:run command.
+name: Report a Bug with scanner run
+about: Report an issue with the scanner run command.
 title: "[BUG]"
 labels: ''
 assignees: ''
 ---
 <!--
-### Try These Steps to Resolve Issues with `scanner:run`
+### Try These Steps to Resolve Issues with `scanner run`
 
-Oftentimes, you can resolve `scanner:run` issues on your own. Follow these steps.
+Oftentimes, you can resolve `scanner run` issues on your own. Follow these steps.
 
 1. Read the error message.
 2. Read [Salesforce Code Analyzer](https://forcedotcom.github.io/sfdx-scanner/) documentation.
@@ -22,15 +22,15 @@ Oftentimes, you can resolve `scanner:run` issues on your own. Follow these steps
 
 If you're listing a managed package on AppExchange, prepare for the security review by following the instructions in the [Scan Your Solution with Salesforce Code Analyzer](https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_code_analyzer_scan.htm) section of the ISVforce Guide.
 
-### Log a `scanner:run` Issue
-If you're still having trouble after following the troubleshooting steps and checking that there's no existing issue that covers your situation, log a new `scanner:run` issue.
+### Log a `scanner run` Issue
+If you're still having trouble after following the troubleshooting steps and checking that there's no existing issue that covers your situation, log a new `scanner run` issue.
 
-1. Fill out the `scanner:run` Issue Template.
+1. Fill out the `scanner run` Issue Template.
 2. Attach your code with your issue.
 3. If you can't publicly share the code that causes the issue, reproduce it in code that you can publicly share. Attach this substitute code to your issue.
 4. Give your issue a clear and specific title. Example: "InternalExecutionError when scanning XYZ code".
 -->
-### `scanner:run` Issue Template
+### `scanner run` Issue Template
 
 Fill out this template to submit your Code Analyzer issue.
 

.github/ISSUE_TEMPLATE/1scanner_run_dfa_bug.md

@@ -1,14 +1,14 @@
 ---
-name: Report a Bug with scanner:run:dfa
-about: Report an issue with the scanner:run:dfa command.
+name: Report a Bug with scanner run dfa
+about: Report an issue with the scanner run dfa command.
 title: "[BUG]"
 labels: ''
 assignees: ''
 ---
 <!--
-### Try These Steps to Resolve Issues with `scanner:run:dfa`
+### Try These Steps to Resolve Issues with `scanner run dfa`
 
-Oftentimes, you can resolve `scanner:run:dfa` issues on your own. Follow these steps.
+Oftentimes, you can resolve `scanner run dfa` issues on your own. Follow these steps.
 
 1. Read the error message.
 2. Read [Salesforce Graph Engine](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/introduction/) documentation.
@@ -27,15 +27,15 @@ If you're listing a managed package on AppExchange, prepare for the security rev
 
 **Note: In your scan report, if you see an InternalExecutionError or a LimitReached error, you can still submit for AppExchange security review. These errors aren't blockers.**
 
-### Log a `scanner:run:dfa` Issue
-If you're still having trouble after following the troubleshooting steps and checking that there's no existing issue that covers your situation, log a new `scanner:run:dfa` issue.
+### Log a `scanner run dfa` Issue
+If you're still having trouble after following the troubleshooting steps and checking that there's no existing issue that covers your situation, log a new `scanner run dfa` issue.
 
-1. Fill out the `scanner:run:dfa` Issue Template.
+1. Fill out the `scanner run dfa` Issue Template.
 2. Attach your code with your issue.
 3. If you can't publicly share the code that causes the issue, reproduce it in code that you can publicly share. Attach this substitute code to your issue.
 4. Give your issue a clear and specific title. Example: InternalExecutionError when scanning XYZ code.
 -->
-### `scanner:run:dfa` Issue Template
+### `scanner run dfa` Issue Template
 
 Fill out this template to submit your Code Analyzer issue.
 

.github/ISSUE_TEMPLATE/2scanner_run_false_result.md

@@ -1,6 +1,6 @@
 ---
-name: Report a scanner:run False Result
-about: Report false results in scanner:run scan reports. If you’re submitting your managed package for AppExchange security review, include documentation of your false results with your submission.
+name: Report a scanner run False Result
+about: Report false results in scanner run scan reports. If you’re submitting your managed package for AppExchange security review, include documentation of your false results with your submission.
 title: "[False Result]"
 labels: ''
 assignees: ''

.github/ISSUE_TEMPLATE/3scanner_run_dfa_false_result.md

@@ -1,11 +1,11 @@
 ---
-name: Report a scanner:run:dfa False Result
-about: Report false results returned in scanner:run:dfa scan reports. If you’re submitting for AppExchange security review, include documentation of your false results with your submission.
+name: Report a scanner run dfa False Result
+about: Report false results returned in scanner run dfa scan reports. If you’re submitting for AppExchange security review, include documentation of your false results with your submission.
 title: "[False Result]"
 labels: ''
 assignees: ''
 ---
-### `scanner:run:dfa` False Positives Template
+### `scanner run dfa` False Positives Template
 
 **Description:**
 <!--Provide a clear and concise description of what the bug is.-->

.github/ISSUE_TEMPLATE/4feature_request.md

@@ -7,7 +7,7 @@ assignees: ''
 ---
 
 **Is your feature request related to an issue that you encountered with Salesforce Code Analyzer?**
-<!--Provide a clear and concise description of what the problem is. Example: When I run `scanner:run:describe`, I want to see a sorted list of commands.-->
+<!--Provide a clear and concise description of what the problem is. Example: When I run `scanner run describe`, I want to see a sorted list of commands.-->
 
 **Describe the solution that you want:**
 <!--Describe the clear and concise description of the result that you expect from your feature request.-->

.github/workflows/production-heartbeat.yml

@@ -37,7 +37,7 @@ jobs:
           # In the following script, the use of the `echo "name=value" >> $GITHUB_ENV` structure is used to set/update
           # environment variables. Such updates are visible to all subsequent steps.
           #
-          # If the CLI_VERSION repo secret is set, we want to install that version of sfdx-cli, so we set an environment
+          # If the CLI_VERSION repo secret is set, we want to install that version ofsf-cli, so we set an environment
           # variable. Otherwise, we leave the environment variable unset, so it implicitly defaults to `latest`.
           # Note: This can be used to intentionally fail the GHA by providing an invalid version number.
           if [[ -n "${{ secrets.CLI_VERSION }}" ]]; then
@@ -58,34 +58,34 @@ jobs:
           fi
 
 
-      # === Make three attempts to install sfdx through npm ===
-      - name: Install SFDX
-        id: sfdx_install
+      # === Make three attempts to install SF through npm ===
+      - name: Install SF
+        id: sf_install
         # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up.
         # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made.
         run: |
-          (echo "::set-output name=retry_count::0" && npm install -g sfdx-cli${{ env.CLI_VERSION }}) ||
-          (echo "::set-output name=retry_count::1" && sleep 60 && npm install -g sfdx-cli${{ env.CLI_VERSION }}) ||
-          (echo "::set-output name=retry_count::2" && sleep 300 && npm install -g sfdx-cli${{ env.CLI_VERSION }})
+          (echo "::set-output name=retry_count::0" && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) ||
+          (echo "::set-output name=retry_count::1" && sleep 60 && npm install -g @salesforce/cli${{ env.CLI_VERSION }}) ||
+          (echo "::set-output name=retry_count::2" && sleep 300 && npm install -g @salesforce/cli${{ env.CLI_VERSION }})
 
-      # === Make three attempts to install the scanner plugin through sfdx ===
+      # === Make three attempts to install the scanner plugin through sf ===
       - name: Install Scanner Plugin
         id: scanner_install
         # If the first attempt fails, wait a minute and try again. After a second failure, wait 5 minutes then try again. Then give up.
         # Set an output parameter, `retry_count`, indicating the number of retry attempts that were made.
         run: |
-          (echo "::set-output name=retry_count::0" && sfdx plugins:install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
-          (echo "::set-output name=retry_count::1" && sleep 60 && sfdx plugins:install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
-          (echo "::set-output name=retry_count::2" && sleep 300 && sfdx plugins:install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }})
+          (echo "::set-output name=retry_count::0" && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
+          (echo "::set-output name=retry_count::1" && sleep 60 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }}) ||
+          (echo "::set-output name=retry_count::2" && sleep 300 && sf plugins install @salesforce/sfdx-scanner${{ env.SCANNER_VERSION }})
 
       # === Log the installed plugins for easier debugging ===
       - name: Log plugins
-        run: sfdx plugins
+        run: sf plugins
 
       # === Attempt to execute the smoke tests ===
       - name: Run smoke tests
         id: smoke_tests
-        run: smoke-tests/smoke-test${{ matrix.os.exe }} sfdx
+        run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
 
       # === Upload the smoke-test-results folder as an artifact ===
       - name: Upload smoke-test-results folder as artifact
@@ -109,7 +109,7 @@ jobs:
           IS_CRITICAL: ${{ contains(join(steps.*.outcome), 'failure') || contains(join(steps.*.outcome), 'skipped') }}
           # Build the status strings for each step as environment variables to save space later. Null retry_count values
           # will be replaced with `n/a` to maintain readability in the alert.
-          CLI_INSTALL_STATUS: ${{ steps.sfdx_install.outcome }} after ${{ steps.sfdx_install.outputs.retry_count || 'n/a' }} retries
+          CLI_INSTALL_STATUS: ${{ steps.sf_install.outcome }} after ${{ steps.sf_install.outputs.retry_count || 'n/a' }} retries
           SCANNER_INSTALL_STATUS: ${{ steps.scanner_install.outcome }} after ${{ steps.scanner_install.outputs.retry_count || 'n/a' }} retries
           SMOKE_TESTS_STATUS: ${{ steps.smoke_tests.outcome }}
           # A link to this run, so the PagerDuty assignee can quickly get here.
@@ -126,13 +126,13 @@ jobs:
           # Define a helper function to create our POST request's data, to sidestep issues with nested quotations.
           generate_post_data() {
           # This is known as a HereDoc, and it lets us declare multi-line input ending when the specified limit string,
-          # in this case EOF, is encoutered.
+          # in this case EOF, is encountered.
           cat <<EOF
           {"payload": {
             "summary": "${ALERT_SUMMARY}",
             "source": "Github Actions",
             "severity": "${ALERT_SEV}",
-            "custom_details": "SFDX install: ${{ env.CLI_INSTALL_STATUS }}. Scanner install: ${{ env.SCANNER_INSTALL_STATUS }}. Smoke tests: ${{ env.SMOKE_TESTS_STATUS }}."
+            "custom_details": "SF install: ${{ env.CLI_INSTALL_STATUS }}. Scanner install: ${{ env.SCANNER_INSTALL_STATUS }}. Smoke tests: ${{ env.SMOKE_TESTS_STATUS }}."
           },
           "links": [{
             "href": "${{ env.RUN_LINK }}",

.github/workflows/publish-to-npm.yml

@@ -73,13 +73,13 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: '11' # For now, Java version is hardcoded.
-      # Install SFDX, and the release candidate version.
-      - run: npm install -g sfdx-cli
-      - run: sfdx plugins:install @salesforce/sfdx-scanner@latest-rc
+      # Install SF, and the release candidate version.
+      - run: npm install -g @salesforce/cli
+      - run: sf plugins install @salesforce/sfdx-scanner@latest-rc
       # Log the installed plugins for easier debugging.
-      - run: sfdx plugins
+      - run: sf plugins
       # Attempt to run the smoke tests.
-      - run: smoke-tests/smoke-test${{ matrix.os.exe }} sfdx
+      - run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
       # Upload the smoke test result as an artifact, so it's visible for later.
       - uses: actions/upload-artifact@v3
         if: ${{ always() }}

.github/workflows/run-tests.yml

@@ -72,7 +72,7 @@ jobs:
       # NOTE: We're choosing not to cache Node dependencies, because it seems to be more
       #       trouble than it's worth. If we see serious performance problems, we can
       #       reconsider that assessment.
-      - run: yarn
+      - run: yarn --network-timeout 600000
       # Download the dist artifact, to save ourselves the trouble of rebuilding our
       # Java dependencies from scratch.
       - uses: actions/download-artifact@v3
@@ -196,7 +196,7 @@ jobs:
           distribution: 'temurin'
           java-version: ${{ matrix.java }} # Java version is a matrix.
       # Install Salesforce CLI via NPM
-      - run: npm install -g sfdx-cli
+      - run: npm install -g @salesforce/cli
       # Download and install the tarball artifact built during setup.
       - uses: actions/download-artifact@v3
         id: download
@@ -217,11 +217,11 @@ jobs:
           # If the path starts with C:, we need to rip that off (needed for Windows).
           ADJUSTED_TARBALL_PATH=`[[ $RAW_TARBALL_PATH = C* ]] && echo $RAW_TARBALL_PATH | cut -d':' -f 2 || echo $RAW_TARBALL_PATH`
           # Pipe in a `y` to simulate agreeing to install an unsigned package. Use a URI of the file's full path.
-          echo y | sfdx plugins:install "file://${ADJUSTED_TARBALL_PATH}/${TARBALL_NAME}"
+          echo y | sf plugins install "file://${ADJUSTED_TARBALL_PATH}/${TARBALL_NAME}"
       # The results directory needs to exist.
       - run: mkdir smoke-test-results
       # Attempt to execute the smoke tests against the plugin, using the specified script.
-      - run: smoke-tests/smoke-test${{ matrix.os.exe }} sfdx
+      - run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
       - uses: actions/upload-artifact@v3
         if: ${{ always() }}
         with:
@@ -257,7 +257,7 @@ jobs:
       - run: mkdir test-results
       - name: Self-evaluation
         id: self-eval
-        run: bin/run.js scanner:run --target ./src --format junit --outfile ./test-results/src.xml --severity-threshold 3
+        run: bin/dev.js scanner run --target ./src --format junit --outfile ./test-results/src.xml --severity-threshold 3
       # TODO: In the future, we could replace this step with a JS-based one that uses `core.setFailed()` to set a failure
       #       message in the annotations.
       - name: Log results

.gitignore

@@ -24,6 +24,10 @@ yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 
+# Temporary test logs
+stderr*.txt
+stdout*.txt
+
 # Ignore jekyll cache and _site for doc
 docs/.jekyll-cache/
 docs/_site/

.mocharc.json

@@ -2,7 +2,7 @@
   "require": "ts-node/register",
   "extension": ["ts"],
   "recursive": true,
-  "timeout": 5000,
+  "timeout": 60000,
   "forbidOnly": true,
   "reporter": ["spec"]
 }

CONTRIBUTING.md

@@ -14,9 +14,9 @@ yarn --ignore-scripts && yarn build
 ```
 
 ### Running
-Run any sfdx scanner command by replacing `sfdx` with `bin/run.js` or `bin/run.cmd` from sfdx-scanner directory. For example, you can invoke `list` command with:
+Run any sf scanner command by replacing `sf` with `bin/dev.js` or `bin/dev.cmd` from sfdx-scanner directory. For example, you can invoke `list` command with:
 ```
-bin/run.js scanner:rule:list
+bin/dev.js scanner rule list
 ```
 
 ### Making changes
@@ -35,17 +35,17 @@ yarn --ignore-scripts && yarn build && yarn test && yarn lint
 ### Debugging your plugin
 We recommend using the Visual Studio Code (VS Code) IDE for your plugin development. Included in the `.vscode` directory of this plugin is a `launch.json` config file, which allows you to attach a debugger to the node process when running your commands.
 
-To debug the `scanner:rule:list` command: 
+To debug the `scanner rule list` command: 
 1. Start the inspector
 
-If you linked your plugin to the sfdx cli, call your command with the `dev-suspend` switch: 
+If you linked your plugin to the sf cli, call your command with the `dev-suspend` switch: 
 ```sh-session
-$ sfdx scanner:rule:list --dev-suspend
+$ sf scanner rule list --dev-suspend
 ```
 
-Alternatively, to call your command using the `bin/run.js` or `bin/run.cmd` script, set the `NODE_OPTIONS` environment variable to `--inspect-brk` when starting the debugger:
+Alternatively, to call your command using the `bin/dev.js` or `bin/dev.cmd` script, set the `NODE_OPTIONS` environment variable to `--inspect-brk` when starting the debugger:
 ```sh-session
-$ NODE_OPTIONS=--inspect-brk bin/run.js scanner:rule:list
+$ NODE_OPTIONS=--inspect-brk bin/dev.js scanner rule list
 ```
 
 2. Set some breakpoints in your command code
@@ -58,7 +58,7 @@ Congrats, you are debugging!
 
 ### Pushing your changes
 Create PR with work item name in the title - this would look like:
-`@W-1234567@ Descriptive title of work`
+`@W-1234567@ Descriptive title of work``
 
 Also, add helpful information about your changes so that reviewers can navigate easily and know what to look for.
 

bin/dev.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env ts-node
+#!/usr/bin/env node_modules/.bin/ts-node
 // eslint-disable-next-line node/shebang, unicorn/prefer-top-level-await
 (async () => {
 	const oclif = await import('@oclif/core')

bin/run.js

@@ -3,5 +3,5 @@
 // eslint-disable-next-line unicorn/prefer-top-level-await
 (async () => {
 	const oclif = await import('@oclif/core')
-	await oclif.execute({development: true, dir: __dirname})
+	await oclif.execute({dir: __dirname})
 })()

cli-messaging/build.gradle.kts

@@ -1,5 +1,8 @@
+import java.awt.Desktop
+
 plugins {
   java
+  jacoco
 }
 
 version = "1.0"
@@ -16,16 +19,45 @@ dependencies {
   }
   implementation("com.google.code.gson:gson:2.10.1")
   implementation("com.google.guava:guava:31.1-jre")
+
   testImplementation("org.hamcrest:hamcrest:2.2")
   testImplementation("org.junit.jupiter:junit-jupiter-api:5.9.2")
   testImplementation("org.junit.jupiter:junit-jupiter-engine:5.9.2")
   testImplementation("org.junit.jupiter:junit-jupiter-params:5.9.2")
 }
 
-tasks.getByName<Test>("test") {
+tasks.test {
+  // Use JUnit 5
   useJUnitPlatform()
 
   testLogging {
     events("passed", "skipped", "failed")
   }
+  // Run tests in multiple threads
+  maxParallelForks = Runtime.getRuntime().availableProcessors()/2 + 1
+
+  // Report is always generated after test runs
+  finalizedBy(tasks.jacocoTestReport)
+}
+
+tasks.jacocoTestReport {
+  dependsOn(tasks.test)
+}
+
+tasks.register("showCoverageReport") {
+  group = "verification"
+  dependsOn(tasks.jacocoTestReport)
+  doLast {
+    Desktop.getDesktop().browse(File("$buildDir/reports/jacoco/test/html/index.html").toURI())
+  }
+}
+
+tasks.jacocoTestCoverageVerification {
+  violationRules {
+    rule {
+      limit {
+        minimum = BigDecimal("0.70") // TODO: We should aim to increase this
+      }
+    }
+  }
 }