Merge branch 'develop' into fix.ms-clarity-load-ident-promise

.coderabbit/config.yml

@@ -0,0 +1,7 @@
+# .coderabbit/config.yml
+reviews:
+  instructions:
+    - pattern: '**/*'
+      instruction: |
+        # Ignore code coverage issues
+        Do not mention code coverage warnings or code coverage reports in the review.

.eslintignore

@@ -16,3 +16,4 @@ tsconfig.build.tsbuildinfo
 nativeSdkLoader.js
 nativeSdkLoader.ts
 assets/
+package.json

.github/workflows/deploy-beta.yml

@@ -8,7 +8,7 @@ permissions:
   contents: read # This is required for actions/checkout
 
 env:
-  NODE_OPTIONS: "--no-warnings"
+  NODE_OPTIONS: '--no-warnings'
 
 jobs:
   get-deploy-inputs:

.github/workflows/deploy-sanity-suite.yml

@@ -50,7 +50,7 @@ permissions:
 
 env:
   NODE_OPTIONS: '--no-warnings'
-  CACHE_CONTROL: "\"max-age=3600\""
+  CACHE_CONTROL: '"max-age=3600"'
 
 jobs:
   deploy:
@@ -69,7 +69,7 @@ jobs:
           current_version=$(jq -r .version packages/sanity-suite/package.json)
           echo "CURRENT_VERSION_VALUE=$current_version" >> $GITHUB_ENV
           echo "DATE=$(date)" >> $GITHUB_ENV
-          
+
           if [ "${{ inputs.environment }}" == "staging" ]; then
             echo "AWS_ACCOUNT_ID=${{ secrets.AWS_STAGING_ACCOUNT_ID }}" >> $GITHUB_ENV
             echo "AWS_S3_SYNC_ROLE=${{ secrets.AWS_STAGING_S3_SYNC_ROLE }}" >> $GITHUB_ENV
@@ -102,7 +102,7 @@ jobs:
 
       - name: Install AWS CLI
         uses: unfor19/install-aws-cli-action@master
-        
+
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:

.github/workflows/draft-new-release.yml

@@ -11,10 +11,17 @@ env:
   NODE_OPTIONS: '--no-warnings'
 
 jobs:
+  validate-actor:
+    # Only allow to draft a new release from develop and hotfix branches
+    if: github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/hotfix/')
+    uses: ./.github/workflows/validate-actor.yml
+    secrets:
+      PAT: ${{ secrets.PAT }}
+
   draft-new-release:
+    needs: validate-actor
     name: Draft a new release
     runs-on: [self-hosted, Linux, X64]
-    if: github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/hotfix/')
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -106,9 +113,9 @@ jobs:
           pr_title: 'chore(release): pull ${{ steps.create-release.outputs.branch_name }} into main'
           pr_body: |
             :crown: *An automated PR*
-            
+
             This PR is created automatically by the GitHub Actions workflow to merge the release branch into the main branch.
-            
+
             Linear Ticket: 
             https://linear.app/rudderstack/issue/${{ github.event.inputs.release_ticket_id }}
 
@@ -134,4 +141,3 @@ jobs:
               console.error(`Error deleting branch ${branchToDelete}:`, error);
               process.exit(1); // Fail the workflow if branch deletion fails
             }
-

.github/workflows/rollback.yml

@@ -4,9 +4,16 @@ on:
   workflow_dispatch:
 
 jobs:
+  validate-actor:
+    # Only allow to be deployed from tags and main branch
+    if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/validate-actor.yml
+    secrets:
+      PAT: ${{ secrets.PAT }}
+
   deploy:
+    needs: validate-actor
     name: Rollback production deployment
-    if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main'
     uses: ./.github/workflows/deploy.yml
     with:
       environment: 'production'

.github/workflows/security-code-quality-and-bundle-size-checks.yml

@@ -6,7 +6,7 @@ on:
     types: ['opened', 'reopened', 'synchronize']
 
 env:
-  NODE_OPTIONS: "--no-warnings"
+  NODE_OPTIONS: '--no-warnings'
   BASE_REF: ${{ github.event.pull_request.base.sha || 'HEAD' }}
 
 jobs:

.github/workflows/unit-tests-and-lint.yml

@@ -9,7 +9,7 @@ on:
     types: ['opened', 'reopened', 'synchronize']
 
 env:
-  NODE_OPTIONS: "--no-warnings"
+  NODE_OPTIONS: '--no-warnings'
   BASE_REF: ${{ github.event.pull_request.base.sha || 'HEAD' }}
 
 jobs:

.github/workflows/update-cache-policy.yml

@@ -0,0 +1,68 @@
+name: Update cache control policy
+
+on:
+  workflow_dispatch:
+    inputs:
+      policy_type:
+        type: choice
+        description: Select the cache control policy type
+        required: true
+        options:
+          - no-store
+          - max-age=3600
+
+permissions:
+  id-token: write # allows the JWT to be requested from GitHub's OIDC provider
+  contents: read # This is required for actions/checkout
+
+jobs:
+  validate-actor:
+    # Only allow to be deployed from tags and main branch
+    if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/validate-actor.yml
+    secrets:
+      PAT: ${{ secrets.PAT }}
+
+  update-cache-policy:
+    needs: validate-actor
+    name: Update cache control policy for SDK artifacts
+    runs-on: [self-hosted, Linux, X64]
+
+    steps:
+      - name: Install AWS CLI
+        uses: unfor19/install-aws-cli-action@master
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_PROD_ACCOUNT_ID }}:role/${{ secrets.AWS_PROD_S3_SYNC_ROLE }}
+          aws-region: us-east-1
+
+      - name: Determine the cache control policy
+        id: determine_policy
+        run: |
+          echo "cache_control_policy=${{ github.event.inputs.policy_type || inputs.policy_type }}" >> $GITHUB_ENV
+
+      - name: Update cache control policy
+        run: |
+          # Get the number of CPU cores in the runner and leave one core free
+          num_cores=$(nproc --ignore=1 || echo 1) # Default to 1 if nproc is unavailable
+          # Use a factor to set the parallel jobs (e.g., number of cores or slightly lower)
+          parallel_jobs=$((num_cores * 2))
+          echo "Detected $num_cores cores. Using $parallel_jobs parallel jobs."
+
+          prefixes=("adobe-analytics-js" "v3" "v1.1")
+          
+          for prefix in "${prefixes[@]}"; do
+            echo "Processing prefix: $prefix"
+            
+            aws s3api list-objects --bucket ${{ secrets.AWS_PROD_S3_BUCKET_NAME }} --prefix "$prefix" --query "Contents[].Key" --output text | tr '\t' '\n' | \
+            parallel --retries 10 -j "$parallel_jobs" "aws s3api copy-object \
+                --bucket ${{ secrets.AWS_PROD_S3_BUCKET_NAME }} \
+                --copy-source ${{ secrets.AWS_PROD_S3_BUCKET_NAME }}/{} \
+                --key {} \
+                --metadata-directive REPLACE \
+                --cache-control '${{ env.cache_control_policy }}'"
+          done
+
+

.github/workflows/validate-actor.yml

@@ -0,0 +1,30 @@
+name: Validate Actor
+
+on:
+  workflow_call:
+    secrets:
+      PAT:
+        required: true
+
+jobs:
+  validate-actor:
+    runs-on: [self-hosted, Linux, X64]
+    steps:
+      - name: Validate if actor is allowed to trigger the workflow
+        env:
+          ORG_NAME: rudderlabs
+          TEAM_NAME: js-sdk
+        run: |
+          actor=${{ github.actor || github.triggering_actor }}
+          response=$(curl -L \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/orgs/${{ env.ORG_NAME }}/teams/${{ env.TEAM_NAME }}/memberships/$actor)
+          
+          if echo "$response" | grep -q '"state": "active"'; then
+            echo "$actor is a member of $TEAM_NAME team"
+          else
+            echo "$actor is NOT a member of $TEAM_NAME team"
+            exit 1
+          fi

.gitignore

@@ -85,3 +85,7 @@ tsconfig.build.tsbuildinfo
 
 .nx/cache
 .nx/workspace-data
+
+.angular/
+build/
+vendor/

.prettierignore

@@ -1,18 +1,15 @@
-dist/
-node_modules/
-reports/
-stats/
+# Include patterns from .gitignore
+# .gitignore
+
+# Additional Prettier-specific ignore patterns
 assets/
-cdnSDK.js
-cdnSDKv3.js
 CHANGELOG.md
 CHANGELOG_LATEST.md
 CONTRIBUTING.md
-
 examples/chrome-extension/**/rudderAnalytics.js
 examples/chrome-extension/**/foreground.js
 examples/**/index.html
-**/public/index.html
-
-/.nx/cache
-/.nx/workspace-data
+examples/gatsby/sample-gatsby-site/public/
+examples/gatsby/sample-gatsby-plugin-usage/public/
+**/nativeSdkLoader.js
+composer.lock

LICENSE.md

@@ -40,14 +40,14 @@ As far as the law allows, the software comes as is, without any warranty or cond
 
 ## Definitions
 
-The *licensor* is the entity offering these terms, and the *software* is the software the licensor makes available under these terms, including any portion of it.
+The _licensor_ is the entity offering these terms, and the _software_ is the software the licensor makes available under these terms, including any portion of it.
 
-*you* refers to the individual or entity agreeing to these terms.
+_you_ refers to the individual or entity agreeing to these terms.
 
-*your company* is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all organizations that have control over, are under the control of, or are under common control with that organization. *control* means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise. Control can be direct or indirect.
+_your company_ is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all organizations that have control over, are under the control of, or are under common control with that organization. _control_ means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise. Control can be direct or indirect.
 
-*your licenses* are all the licenses granted to you for the software under these terms.
+_your licenses_ are all the licenses granted to you for the software under these terms.
 
-*use* means anything you do with the software requiring one of your licenses.
+_use_ means anything you do with the software requiring one of your licenses.
 
-*trademark* means trademarks, service marks, and similar rights.
+_trademark_ means trademarks, service marks, and similar rights.