fix: replace sfdx with bundled plugin-trust

command-snapshot.json

@@ -70,6 +70,11 @@
     "plugin": "@salesforce/plugin-release-management",
     "flags": ["json", "loglevel", "verbose"]
   },
+  {
+    "command": "plugins:trust:verify",
+    "plugin": "@salesforce/plugin-trust",
+    "flags": ["json", "loglevel", "npm", "registry"]
+  },
   {
     "command": "repositories",
     "plugin": "@salesforce/plugin-release-management",

package.json

@@ -13,6 +13,7 @@
     "@salesforce/command": "^3.0.5",
     "@salesforce/core": "^2.23.2",
     "@salesforce/kit": "^1.3.3",
+    "@salesforce/plugin-trust": "^1.0.6",
     "@salesforce/ts-types": "^1.4.3",
     "@types/semver": "^7.3.6",
     "@types/sinon": "10.0.2",
@@ -100,6 +101,9 @@
     "commands": "./lib/commands",
     "node": "14.15.4",
     "bin": "sfdx",
+    "plugins": [
+      "@salesforce/plugin-trust"
+    ],
     "devPlugins": [
       "@oclif/plugin-help",
       "@oclif/plugin-command-snapshot",

src/commands/npm/lerna/release.ts

@@ -6,8 +6,10 @@
  */
 
 import * as os from 'os';
+import * as chalk from 'chalk';
 import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
 import { Messages, SfdxError } from '@salesforce/core';
+import { PackageInfo } from '../../../repository';
 import { verifyDependencies } from '../../../dependencies';
 import { Access, isMonoRepo, LernaRepo } from '../../../repository';
 import { SigningResponse } from '../../../codeSigning/SimplifiedSigning';
@@ -135,7 +137,11 @@ export default class Release extends SfdxCommand {
 
     if (this.flags.sign && this.flags.verify && !this.flags.dryrun) {
       lernaRepo.printStage('Verify Signed Packaged');
-      lernaRepo.verifySignature(this.flags.sign);
+      const pkgs = lernaRepo.getPkgInfo(this.flags.sign);
+
+      for (const pkg of pkgs) {
+        await this.verifySign(pkg);
+      }
     }
 
     this.ux.log(lernaRepo.getSuccessMessage());
@@ -144,4 +150,16 @@ export default class Release extends SfdxCommand {
       return { name: pkg.name, version: pkg.getNextVersion() };
     });
   }
+
+  protected async verifySign(pkgInfo: PackageInfo): Promise<void> {
+    const cmd = 'trust:plugins:verify';
+    const argv = `--npm ${pkgInfo.name}@${pkgInfo.nextVersion} ${pkgInfo.registryParam}`;
+
+    this.ux.log(chalk.dim(`sf-release ${cmd} ${argv}`) + os.EOL);
+    try {
+      await this.config.runCommand(cmd, argv.split(' '));
+    } catch (err) {
+      throw new SfdxError(err, 'FailedCommandExecution');
+    }
+  }
 }

src/commands/npm/package/release.ts

@@ -5,8 +5,11 @@
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 
+import * as os from 'os';
+import * as chalk from 'chalk';
 import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
 import { Messages, SfdxError } from '@salesforce/core';
+import { PackageInfo } from '../../../repository';
 import { verifyDependencies } from '../../../dependencies';
 import { Access, isMonoRepo, SinglePackageRepo } from '../../../repository';
 import { SigningResponse } from '../../../codeSigning/SimplifiedSigning';
@@ -124,7 +127,7 @@ export default class Release extends SfdxCommand {
     try {
       if (this.flags.sign && this.flags.verify && !this.flags.dryrun) {
         pkg.printStage('Verify Signed Packaged');
-        pkg.verifySignature();
+        await this.verifySign(pkg.getPkgInfo());
       }
     } finally {
       if (!this.flags.dryrun) {
@@ -140,4 +143,16 @@ export default class Release extends SfdxCommand {
       name: pkg.name,
     };
   }
+
+  protected async verifySign(pkgInfo: PackageInfo): Promise<void> {
+    const cmd = 'trust:plugins:verify';
+    const argv = `--npm ${pkgInfo.name}@${pkgInfo.nextVersion} ${pkgInfo.registryParam}`;
+
+    this.ux.log(chalk.dim(`sf-release ${cmd} ${argv}`) + os.EOL);
+    try {
+      await this.config.runCommand(cmd, argv.split(' '));
+    } catch (err) {
+      throw new SfdxError(err, 'FailedCommandExecution');
+    }
+  }
 }

src/dependencies.ts

@@ -4,14 +4,13 @@
  * Licensed under the BSD 3-Clause license.
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
-import { which } from 'shelljs';
 import { Env } from '@salesforce/kit';
 import { OutputFlags } from '@oclif/parser';
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 type Flags = OutputFlags<any>;
 type ConditionFn = (flags: Flags) => boolean;
-type DependencyType = 'bin' | 'env';
+type DependencyType = 'env';
 
 interface Dependency {
   name: string;
@@ -27,11 +26,6 @@ interface Result {
 }
 
 const DEPENDENCIES: Dependency[] = [
-  {
-    name: 'sfdx',
-    type: 'bin',
-    condition: (flags): boolean => !!flags.sign,
-  },
   {
     name: 'AWS_ACCESS_KEY_ID',
     type: 'env',
@@ -64,21 +58,9 @@ export function verifyDependencies(args: Flags): { failures: number; results: Re
       passed: true,
     };
     if (dep.condition(args)) {
-      switch (dep.type) {
-        case 'bin':
-          result.passed = !!which(dep.name);
-          if (!result.passed) {
-            result.message = `Install ${dep.name}`;
-          }
-          break;
-        case 'env':
-          result.passed = !!env.getString(dep.name);
-          if (!result.passed) {
-            result.message = `Set ${dep.name} environment variable`;
-          }
-          break;
-        default:
-          break;
+      result.passed = !!env.getString(dep.name);
+      if (!result.passed) {
+        result.message = `Set ${dep.name} environment variable`;
       }
     }
     results.push(result);

src/repository.ts

@@ -46,6 +46,12 @@ interface VersionsByPackage {
   };
 }
 
+export interface PackageInfo {
+  name: string;
+  nextVersion: string;
+  registryParam: string;
+}
+
 type PollFunction = () => boolean;
 
 export async function isMonoRepo(): Promise<boolean> {
@@ -183,7 +189,7 @@ abstract class Repository extends AsyncOptionalCreatable<RepositoryOptions> {
   public abstract getSuccessMessage(): string;
   public abstract validate(): VersionValidation | VersionValidation[];
   public abstract prepare(options: PrepareOpts): void;
-  public abstract verifySignature(packageNames?: string[]): void;
+  public abstract getPkgInfo(packageNames?: string[]): PackageInfo | PackageInfo[];
   public abstract publish(options: PublishOpts): Promise<void>;
   public abstract sign(packageNames?: string[]): Promise<SigningResponse | SigningResponse[]>;
   public abstract waitForAvailability(): Promise<boolean>;
@@ -282,14 +288,19 @@ export class LernaRepo extends Repository {
     });
   }
 
-  public verifySignature(packageNames: string[]): void {
+  public getPkgInfo(packageNames: string[]): PackageInfo[] {
     const packages = this.packages.filter((pkg) => packageNames.includes(pkg.name));
+    let pkgsInfo: PackageInfo[];
+
     for (const pkg of packages) {
-      const cmd = `sfdx plugins:trust:verify --npm ${
-        pkg.name
-      }@${pkg.getNextVersion()}  ${this.registry.getRegistryParameter()}`;
-      this.execCommand(cmd);
+      pkgsInfo.push({
+        name: pkg.name,
+        nextVersion: pkg.getNextVersion(),
+        registryParam: this.registry.getRegistryParameter(),
+      });
     }
+
+    return pkgsInfo;
   }
 
   public getSuccessMessage(): string {
@@ -388,11 +399,12 @@ export class SinglePackageRepo extends Repository {
     return packAndSignApi.revertPackageJsonIfExists();
   }
 
-  public verifySignature(): void {
-    const cmd = `sfdx plugins:trust:verify --npm ${this.name}@${
-      this.nextVersion
-    } ${this.registry.getRegistryParameter()}`;
-    this.execCommand(cmd);
+  public getPkgInfo(): PackageInfo {
+    return {
+      name: this.name,
+      nextVersion: this.nextVersion,
+      registryParam: this.registry.getRegistryParameter(),
+    };
   }
 
   public async publish(opts: PublishOpts = {}): Promise<void> {

test/dependencies.test.ts

@@ -8,19 +8,16 @@
 import { expect } from 'chai';
 import { testSetup } from '@salesforce/core/lib/testSetup';
 import { Env } from '@salesforce/kit';
-import * as shelljs from 'shelljs';
 import { verifyDependencies } from '../src/dependencies';
 
 const $$ = testSetup();
 
 describe('Dependencies', () => {
-  it('should pass when all required env variables and bin scripts exist', () => {
+  it('should pass when all required env variables exist', () => {
     $$.SANDBOX.stub(Env.prototype, 'getString').returns('foobar');
-    $$.SANDBOX.stub(shelljs, 'which').returns('foobar' as shelljs.ShellString);
     const validation = verifyDependencies({ sign: true });
     expect(validation.failures).to.equal(0);
     expect(validation.results).to.deep.equal([
-      { name: 'sfdx', type: 'bin', passed: true },
       { name: 'AWS_ACCESS_KEY_ID', type: 'env', passed: true },
       { name: 'AWS_SECRET_ACCESS_KEY', type: 'env', passed: true },
       { name: 'NPM_TOKEN', type: 'env', passed: true },
@@ -30,11 +27,9 @@ describe('Dependencies', () => {
 
   it('should pass when required env variables are NOT set', () => {
     $$.SANDBOX.stub(Env.prototype, 'getString').returns(null);
-    $$.SANDBOX.stub(shelljs, 'which').returns('foobar' as shelljs.ShellString);
     const validation = verifyDependencies({ sign: true });
     expect(validation.failures).to.equal(3);
     expect(validation.results).to.deep.equal([
-      { name: 'sfdx', type: 'bin', passed: true },
       {
         name: 'AWS_ACCESS_KEY_ID',
         type: 'env',
@@ -56,23 +51,4 @@ describe('Dependencies', () => {
       { name: 'GH_TOKEN', type: 'env', passed: true },
     ]);
   });
-
-  it('should pass when required bin scripts do not exist', () => {
-    $$.SANDBOX.stub(Env.prototype, 'getString').returns('foobar');
-    $$.SANDBOX.stub(shelljs, 'which').returns(null as shelljs.ShellString);
-    const validation = verifyDependencies({ sign: true });
-    expect(validation.failures).to.equal(1);
-    expect(validation.results).to.deep.equal([
-      {
-        message: 'Install sfdx',
-        name: 'sfdx',
-        type: 'bin',
-        passed: false,
-      },
-      { name: 'AWS_ACCESS_KEY_ID', type: 'env', passed: true },
-      { name: 'AWS_SECRET_ACCESS_KEY', type: 'env', passed: true },
-      { name: 'NPM_TOKEN', type: 'env', passed: true },
-      { name: 'GH_TOKEN', type: 'env', passed: true },
-    ]);
-  });
 });

test/repository.test.ts

@@ -271,27 +271,6 @@ describe('SinglePackageRepo', () => {
     });
   });
 
-  describe('verifySignature', () => {
-    beforeEach(async () => {
-      stubMethod($$.SANDBOX, Package.prototype, 'readPackageJson').returns(
-        Promise.resolve({ name: pkgName, version: '1.1.0' })
-      );
-      stubMethod($$.SANDBOX, Package.prototype, 'retrieveNpmPackage').returns({
-        name: pkgName,
-        version: '1.0.0',
-        versions: ['1.0.0'],
-      });
-      execStub = stubMethod($$.SANDBOX, SinglePackageRepo.prototype, 'execCommand').returns('success');
-    });
-
-    it('should use plugin-trust to verify that the package was signed', async () => {
-      const repo = await SinglePackageRepo.create({ ux: uxStub });
-      repo.verifySignature();
-      expect(execStub.callCount).to.equal(1);
-      expect(execStub.firstCall.args[0]).to.include('sfdx plugins:trust:verify');
-    });
-  });
-
   describe('publish', () => {
     let repo: SinglePackageRepo;
 
@@ -465,20 +444,6 @@ describe('LernaRepo', () => {
     });
   });
 
-  describe('verifySignature', () => {
-    beforeEach(async () => {
-      stubMethod($$.SANDBOX, Package.prototype, 'readPackageJson').returns(
-        Promise.resolve({ name: pkgName, version: '1.1.0' })
-      );
-    });
-
-    it('should use plugin-trust to verify that the packages were signed', async () => {
-      const repo = await LernaRepo.create({ ux: uxStub });
-      repo.verifySignature([pkgName]);
-      expect(execStub.lastCall.args[0]).to.include('sfdx plugins:trust:verify');
-    });
-  });
-
   describe('publish', () => {
     let repo: LernaRepo;