[ACS-10100][Security] Remove npx usage from CI/CD and shell scripts to mitigate supply chain risks. [ACS-10117] Deprecate ADF Storybook and custom Docker builds (#11197)

2025-10-08 14:51:32 +00:00 · 2025-09-16 10:12:21 +02:00
parent 196b60a7d9
commit 10afe75e94
16 changed files with 47 additions and 236 deletions
--- a/scripts/github/affected-contains.sh
+++ b/scripts/github/affected-contains.sh
@@ -11,7 +11,7 @@ if [ "${GITHUB_EVENT_NAME}" == "schedule" ]; then
  exit 0
 fi
 isAffected=false
-AFFECTED_LIBS=$(npx nx show projects --affected ${NX_CALCULATION_FLAGS} --plain)
+AFFECTED_LIBS=$(nx show projects --affected ${NX_CALCULATION_FLAGS} --plain)
 #echo "Verify if affected build contains $1"
 #echo "Affected libs:$AFFECTED_LIBS"
 if [[  $AFFECTED_LIBS =~ $verifyLib ]]; then
--- a/scripts/github/release/docker-tag.sh
+++ b/scripts/github/release/docker-tag.sh
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-cd $DIR/../../../
-BRANCH=${GITHUB_REF##*/}
-if [[ $BRANCH =~ ^master(-patch.*)?$ ]]; then
-    export TAGS=$(grep -m1 version package.json | awk '{ print $2 }' | sed 's/[", ]//g')
-else
-    if [[ "${GITHUB_BASE_REF}" != "" ]];
-    then
-        export TAGS="${GITHUB_BASE_REF}-$GH_BUILD_NUMBER"
-    else
-        export TAGS="$GITHUB_BASE_REF-$GH_BUILD_NUMBER,$GITHUB_BASE_REF"
-    fi;
-fi;
-
-if [[ -n "$GITHUB_ACTIONS" ]]; then
-    echo "TAGS=$TAGS" >> $GITHUB_ENV;
-fi
-echo "$TAGS"
--- a/scripts/github/release/release-storybook-docker.sh
+++ b/scripts/github/release/release-storybook-docker.sh
@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-cd $DIR/../../../
-
-echo "ℹ️ storybook-shell: Running the docker with tag" $TAGS
-
-DOCKER_PROJECT_ARGS="PROJECT_NAME=storybook/stories"
-
-echo "{}" > $DIR/../../../dist/storybook/stories/app.config.json
-
-# Publish Image to docker
-./node_modules/@alfresco/adf-cli/bin/adf-cli docker \
-    --loginCheck \
-    --loginUsername "$DOCKER_REPOSITORY_USER" \
-    --loginPassword "$DOCKER_REPOSITORY_PASSWORD" \
-    --loginRepo "$DOCKER_REPOSITORY_DOMAIN" \
-    --dockerRepo "$DOCKER_REPOSITORY_STORYBOOK" \
-    --buildArgs "$DOCKER_PROJECT_ARGS" \
-    --dockerTags "$TAGS" \
-    --pathProject "$(pwd)" \
-    "$@"
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -39,7 +39,7 @@ LICENSE_GREP_RESULT=`grep "$LICENSE_GREP" "$LICENSE_README"`;
 if [ -z "$LICENSE_GREP_RESULT" ];
 then
    echo -e "\e[33mAdding third party license info for version: $VERSION\e[0m"
-    npx @alfresco/adf-cli licenses
+    adf-cli licenses
    mv "$ROOTDIR/license-info-$VERSION.md" "$ROOTDIR/docs/license-info/license-info-$VERSION.md"
    echo $LICENSE_ROW >> $LICENSE_README
 else
@@ -54,7 +54,7 @@ VULNERABILITY_GREP_RESULT=`grep "$VULNERABILITY_GREP" "$VULNERABILITY_README"`;
 if [ -z "$VULNERABILITY_GREP_RESULT" ];
 then
    echo -e "\e[33mAdding vulnerability info for version: $VERSION\e[0m"
-    npx @alfresco/adf-cli@alpha audit
+    adf-cli audit
    mv "$ROOTDIR/audit-info-$VERSION.md" "$ROOTDIR/docs/vulnerability/audit-info-$VERSION.md"
    echo $VULNERABILITY_ROW >> $VULNERABILITY_README
 else