[PR #644] [MERGED] fix(workflow): enterprise hardening for run JSON #677

New issue

Closed

opened 2026-02-26 22:32:04 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 22:32:04 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/644
Author: @rudrankriyam
Created: 2/18/2026
Status: ✅ Merged
Merged: 2/18/2026
Merged by: @rudrankriyam

Base: main ← Head: fix/workflow-enterprise-hardening

---

📝 Commits (10+)

• 6c2c41f fix(workflow): include error + hooks in run JSON
• 54a2801 fix(workflow): harden shell selection and step parsing
• 2d42797 docs(workflow): add full example to help and README
• 59a27e4 docs(workflow): fix jq quoting example
• ab8d2cb refactor(workflow): centralize error hook recording
• 489484e docs(workflow): document trust model and conditional env fallback
• 83044ca docs(workflow): add trust model note to help
• 4871da5 docs(workflow): surface trust model in run help
• 4b34c3a docs(workflow): strengthen trust model warnings
• 7aa615d docs(workflow): remove lane-style wording

📊 Changes

10 files changed (+734 additions, -40 deletions)

View changed files

📝 README.md (+30 -1)
➕ docs/WORKFLOWS.md (+140 -0)
📝 internal/auth/doctor_test.go (+1 -1)
📝 internal/cli/cmdtest/workflow_test.go (+241 -14)
📝 internal/cli/workflow/workflow.go (+90 -2)
📝 internal/workflow/env.go (+10 -2)
📝 internal/workflow/env_test.go (+36 -2)
📝 internal/workflow/execute.go (+95 -16)
📝 internal/workflow/execute_test.go (+89 -1)
📝 internal/workflow/workflow.go (+2 -1)

📄 Description

Why

asc workflow run keeps stdout JSON-only and returns a ReportedError on failures.
That meant failures in before_all / after_all hooks could produce status=error with no actionable detail in the JSON payload.

Enterprises migrating lane-style automation need day-1 debuggability and deterministic structured output.

What changed

• Add error to workflow run JSON on failures.
• Add hooks results to workflow run JSON (before_all, after_all, error) with status/duration/error.
• Keep step/hook command output on stderr; stdout remains JSON-only.
• Harden shell selection: require bash or sh in PATH with a clear error when neither exists.
• Make null step element detection whitespace-safe.
• Deduplicate error-hook recording to reduce drift risk.
• Add/extend tests:
  • after_all does not run on step failure
  • dry-run records before_all/after_all hook results
• Expand asc workflow --help to include a full .asc/workflow.json example (agent-friendly).
• Add docs/WORKFLOWS.md and a README section with usage guidance.
• Document workflow trust model and conditional env fallback.

Tests

• make format
• make lint
• ASC_BYPASS_KEYCHAIN=1 make test

Notes

• JSON changes are additive (error, hooks) to avoid breaking existing consumers.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/644 **Author:** [@rudrankriyam](https://github.com/rudrankriyam) **Created:** 2/18/2026 **Status:** ✅ Merged **Merged:** 2/18/2026 **Merged by:** [@rudrankriyam](https://github.com/rudrankriyam) **Base:** `main` ← **Head:** `fix/workflow-enterprise-hardening` --- ### 📝 Commits (10+) - [`6c2c41f`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/6c2c41ff038294a5e32d135c2e79060f572885a3) fix(workflow): include error + hooks in run JSON - [`54a2801`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/54a2801cd133f4b20865df30eaad815265e735f7) fix(workflow): harden shell selection and step parsing - [`2d42797`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/2d4279799d265898f8fae0f11af2c550e68995f9) docs(workflow): add full example to help and README - [`59a27e4`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/59a27e45d9272388fed340b355154390aa56ae86) docs(workflow): fix jq quoting example - [`ab8d2cb`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/ab8d2cbd32b0ef9bcc2e52b8b6f1b1a432f91f6c) refactor(workflow): centralize error hook recording - [`489484e`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/489484ef2527c3c87683ed77623919715854b6fe) docs(workflow): document trust model and conditional env fallback - [`83044ca`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/83044cad5471e418727c37437b84170bb42a1b5f) docs(workflow): add trust model note to help - [`4871da5`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/4871da5c7cd49fe9a243ea3836f4427195ae37ce) docs(workflow): surface trust model in run help - [`4b34c3a`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/4b34c3a0921db05a835a33dab4f8e9e4fdf6d3b6) docs(workflow): strengthen trust model warnings - [`7aa615d`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/7aa615d0ba1330bb735de23095afd1ee323f82d5) docs(workflow): remove lane-style wording ### 📊 Changes **10 files changed** (+734 additions, -40 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+30 -1) ➕ `docs/WORKFLOWS.md` (+140 -0) 📝 `internal/auth/doctor_test.go` (+1 -1) 📝 `internal/cli/cmdtest/workflow_test.go` (+241 -14) 📝 `internal/cli/workflow/workflow.go` (+90 -2) 📝 `internal/workflow/env.go` (+10 -2) 📝 `internal/workflow/env_test.go` (+36 -2) 📝 `internal/workflow/execute.go` (+95 -16) 📝 `internal/workflow/execute_test.go` (+89 -1) 📝 `internal/workflow/workflow.go` (+2 -1) </details> ### 📄 Description ## Why `asc workflow run` keeps stdout JSON-only and returns a ReportedError on failures. That meant failures in `before_all` / `after_all` hooks could produce `status=error` with no actionable detail in the JSON payload. Enterprises migrating lane-style automation need day-1 debuggability and deterministic structured output. ## What changed - Add `error` to workflow run JSON on failures. - Add `hooks` results to workflow run JSON (`before_all`, `after_all`, `error`) with status/duration/error. - Keep step/hook command output on stderr; stdout remains JSON-only. - Harden shell selection: require `bash` or `sh` in PATH with a clear error when neither exists. - Make `null` step element detection whitespace-safe. - Deduplicate error-hook recording to reduce drift risk. - Add/extend tests: - after_all does not run on step failure - dry-run records before_all/after_all hook results - Expand `asc workflow --help` to include a full `.asc/workflow.json` example (agent-friendly). - Add `docs/WORKFLOWS.md` and a README section with usage guidance. - Document workflow trust model and conditional env fallback. ## Tests - `make format` - `make lint` - `ASC_BYPASS_KEYCHAIN=1 make test` ## Notes - JSON changes are additive (`error`, `hooks`) to avoid breaking existing consumers. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 22:32:04 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 22:32:11 +03:00

[PR #677] [MERGED] feat: add account status and weekly insights commands #704

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#677

No description provided.