Skip to content

Feat/template based project creation #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cxalem wants to merge 27 commits into
base: main
Choose a base branch
from
Open

Feat/template based project creation #3

cxalem wants to merge 27 commits into from

Conversation

@cxalem
Copy link
Contributor

@cxalem cxalem commented Apr 22, 2025

Refactor: Use degit for Template Cloning and Add Tests

Context:

The previous CLI implementation manually created project files and injected dependencies after running create-next-app or create-vite. This approach was brittle, hard to maintain, and diverged from using standardized templates.

The goal is to leverage official example templates directly. The primary target template, the Next.js quickstart example, resides as a subdirectory within the MetaMask/metamask-sdk-examples monorepo. Standard git clone is unsuitable as it would download the entire monorepo.

Changes:

This PR refactors the core project creation logic to use templates, specifically integrating degit for fetching subdirectories from Git repositories.

  1. Template Cloning Refactor:
    • Removed the legacy manual file generation logic (legacy_code/next.helpers.ts, legacy_code/vite.helpers.ts).
    • Updated src/utils/index.ts (cloneTemplate function) to handle template fetching.
  2. Degit Integration:
    • Added degit as a dependency.
    • Updated src/constants/templates.ts to support a degitSource property alongside the existing repo_url. The Next.js Quickstart template now uses degitSource: "MetaMask/metamask-sdk-examples/examples/quickstart".
    • Modified cloneTemplate to check if a template uses degitSource or repo_url and uses the appropriate tool (degit or git clone via execAsync).
    • Added type guards (isDegitTemplate, isGitTemplate) for clarity.
  3. Testing:
    • Introduced unit/integration tests for core utilities (promptForOptions, cloneTemplate, initializeMonorepo, createProject) using vitest in src/utils/index.test.ts.
    • Implemented mocking for fs, inquirer, execAsync, and degit using vi.mock.
    • Refined mocking strategy to address ESM hoisting issues, ensuring mocks are correctly initialized and reset using beforeEach.
    • Tests cover both the degit and git clone paths within cloneTemplate, as well as standalone vs. monorepo project creation flows in createProject (Not working by now, but will work on testing in following iterations).

How to Test:

  1. Build the CLI: npm run build (or yarn build)
  2. Link the CLI locally: npm run link-cli (or yarn link-cli)
  3. Run the tool: create-web3-app my-degit-test
  4. Select the "Next.js Quickstart (MetaMask SDK Example)" template and desired package manager/tooling.
  5. Verify the created project (my-degit-test or my-degit-test/packages/site) structure and contents match the quickstart example from the metamask-sdk-examples repo.
  6. Run the automated tests: npm test (or yarn test). All tests should pass.

Notes:

  • The "React Web3 Starter" template definition currently still uses the old repo_url and will be cloned using git clone. This can be updated to use degit if/when a suitable React example is available in the examples monorepo.
  • The legacy helper files remain in src/legacy_code for reference but are no longer used.

cxalem added 2 commits April 22, 2025 15:36
@cxalem
Add degit and template support for project creation
c069809 
- Updated package.json to include 'degit' and its types.
- Modified tsconfig.json to exclude legacy code directories.
- Enhanced template handling in constants and utils, allowing for both degit and git templates.
- Introduced new project creation helpers for React and Next.js with improved structure.
- Added tests for utility functions to ensure proper functionality and error handling.
- Created legacy code files for future reference and potential migration.
@cxalem
Remove blockchain subproject from forge-std directory
117ec77
@cxalem cxalem requested a review from chakra-guy April 22, 2025 14:27
@andreolf
Copy link
Member

andreolf commented Apr 22, 2025

👀👀

@cxalem
Update project configuration and add Dynamic Environment ID support
f0a7c52 
- Changed package name from @metamask/create-web3-app to @consensys/create-web3-app.
- Updated version in package.json from 1.0.0 to 1.0.3.
- Introduced a new optional field for Dynamic Environment ID in ProjectOptions.
- Enhanced template handling to include a new MetaMask dynamic template.
- Updated utility functions to support the new options and improved error handling.
- Added spinner feedback for better user experience during project setup.
@socket-security
Copy link

socket-security bot commented Apr 28, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​degit@​2.8.6881006876100
Addeddegit@​2.8.49810010079100
Addedora@​8.2.09910010079100
Addeddotenv@​16.5.010010010083100
Addeduuid@​11.1.010010010084100
Added@​segment/​analytics-node@​2.2.110010010086100

View full report

@socket-security
Copy link

socket-security bot commented Apr 28, 2025
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Block Medium
@segment/analytics-node@2.2.1 has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: package.jsonnpm/@segment/analytics-node@2.2.1

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@segment/analytics-node@2.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
degit@2.8.4 has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: package.jsonnpm/degit@2.8.4

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/degit@2.8.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
degit@2.8.4 has Shell access.

Module: child_process

Location: Package overview

From: package.jsonnpm/degit@2.8.4

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/degit@2.8.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
jose@5.10.0 has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: ?npm/@segment/analytics-node@2.2.1npm/jose@5.10.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jose@5.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
node-fetch@2.7.0 has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: ?npm/@segment/analytics-node@2.2.1npm/node-fetch@2.7.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-fetch@2.7.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

cxalem and others added 11 commits April 28, 2025 12:03
@cxalem
Comment out the React Web3 Starter template in templates.ts for futur…
4bc5818 
…e reference.
@cxalem
Update version in package.json from 1.0.3 to 1.0.6
efdc996
@cxalem
Refactor package.json to manage 'degit' dependency
ba4ba7a 
- Removed 'degit' from dependencies and added it back to devDependencies for better organization.
@cxalem
Comment out GitTemplate usage in cloneTemplate tests for future refer…
d5ef896 
…ence
@cxalem
Enhance project name validation in promptForProjectDetails function
de6d2f9 
- Updated the validation logic to ensure project names are not only non-empty but also conform to kebab-case format (e.g., my-awesome-project).
@cxalem
Add GitHub Actions workflow for publishing releases
0dd90fc 
- Created a new workflow to automate the release publishing process on pushes to the main branch.
- Includes jobs for building the project, uploading artifacts, performing a dry run of the npm publish, and executing the actual publish.
- Added steps to retrieve the release version from package.json.
- Commented out documentation publishing jobs for future implementation.
@cxalem
Update package.json for project rebranding and configuration changes
8763647 
- Changed package name from @consensys/create-web3-app to @metamask/create-web3-app.
- Updated version from 1.0.6 to 1.0.0.
- Added build script to the scripts section.
- Introduced publishConfig for npm registry settings.
@cxalem
Remove package-lock.json to streamline dependency management
865344f
@cxalem
Update package.json to include 'degit' in dependencies and maintain e…
b5482f7 
…xisting versions for other packages
fixes
31a9c30
@cxalem
Remove 'degit' and '@types/degit' from dependencies in package.json t…
16ff67e 
…o streamline project dependencies.
cxalem added 4 commits May 20, 2025 01:26
@cxalem
analytics enabled
e27692a
@cxalem
Update version to 1.1.2 and enhance analytics tracking
3877e70 
- Bump version in package.json from 1.1.0 to 1.1.2.
- Introduce new event types for analytics tracking: project_created, cli_started, project_creation_failed, foundry_not_installed, and cwd_not_writable.
- Update template names and IDs for better clarity and consistency.
- Improve error handling and user prompts in project creation process.
@cxalem
Remove logging of user Git email in project creation process to strea…
7877ad9 
…mline output.
@cxalem
Add note for Web3Auth client ID requirement in template selection
0b76545 
- Inform users that the 'metamask-web3auth' template requires a Web3Auth client ID.
- Provide instructions on obtaining the client ID and adding it to the .env file.
@cxalem cxalem requested a review from shahbaz17 June 5, 2025 09:20
cxalem added 5 commits June 5, 2025 12:30
@cxalem
Add pnpm installation prompt if not found in PATH
5059e70 
- Implement a check for pnpm availability during package manager selection.
- Prompt the user to install pnpm globally via npm if it is not installed.
- Provide error handling for installation failures and user decline scenarios.
@cxalem
Update version to 1.1.3 in package.json and constants
1b2473b 
- Bump CLI version from 1.1.2 to 1.1.3 in package.json and src/constants/index.ts.
@cxalem
Update README to reflect new package name for Web3 app creation commands
4170d86 
- Change references from @metamask/create-web3-app to @consensys/create-web3-app for consistency with the updated CLI.
@cxalem
Rename tooling prompt function for clarity and update project initial…
0b7f9d3 
…ization command to avoid git commits.
@cxalem
Update version to 1.1.5 in package.json and constants
313badc 
- Bump CLI version from 1.1.3 to 1.1.5 in package.json and src/constants/index.ts.
cxalem added 4 commits June 12, 2025 12:01
@cxalem
Update project initialization command to include 'foundryup' for envi…
f7a529c 
…ronment setup
@cxalem
Add git availability check and new analytics event for missing Git in…
1eb5bb5 
…stallation

- Introduce a function to check if Git is installed and available in the user's PATH.
- Update the template cloning process to track an analytics event if Git is not found, providing a user-friendly error message and guidance for installation.
@cxalem
Enhance project creation output with frontend development server inst…
56526bd 
…ructions

- Update console logs in the createProject function to provide clearer guidance on running the frontend development server.
- Modify the command output to reflect the project name dynamically instead of a static path.
@cxalem
Fix typo in PACKAGE_MANAGER_CHOICES constant and update references in…
76903a4 
… utils

- Correct the spelling of 'PACAKGE_MANAGER_CHOICES' to 'PACKAGE_MANAGER_CHOICES' in src/constants/index.ts.
- Update all references to the corrected constant in src/utils/index.ts and src/utils/index.test.ts to ensure consistency.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chakra-guy chakra-guy Awaiting requested review from chakra-guy

1 more reviewer

@shahbaz17 shahbaz17 shahbaz17 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cxalem @andreolf @shahbaz17