Release 2.0.0

.github/workflows/release.yml

@@ -0,0 +1,74 @@
+name: Release Workflow
+
+on:
+  push:
+    tags:
+      - "v*"
+    branches:
+      - release
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Verify Package Version
+        run: |
+          tag_version=$(echo "${{ github.ref }}" | sed 's/refs\/tags\///')
+          package_version=$(node -p "require('./package.json').version")
+          if [ "$tag_version" != "$package_version" ]; then
+            echo "Error: package.json version ($package_version) does not match tag version ($tag_version)"
+            exit 1
+          fi
+
+      - name: Verify Package Lock Version
+        run: |
+          tag_version=$(echo "${{ github.ref }}" | sed 's/refs\/tags\///')
+          lockfile_version=$(node -p "require('./package-lock.json').version")
+          if [ "$tag_version" != "$lockfile_version" ]; then
+            echo "Error: package-lock.json version ($lockfile_version) does not match tag version ($tag_version)"
+            exit 1
+          fi
+
+      - name: Build
+        run: npm run build
+
+      - name: Get Previous Release Tag
+        id: get_previous_release_tag
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const { data: releases } = await github.repos.listReleases({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              per_page: 1,
+            });
+            return releases[0].tag_name;
+
+      - name: Create Release
+        id: create_release
+        uses: ncipollo/release-action@v1
+        with:
+          name: Release ${{ github.ref }}
+          body: |
+            Changes in this Release:
+            $(git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 ${{ steps.get_previous_release_tag.outputs.result }})..HEAD)
+          draft: false
+          prerelease: false
+
+      - name: Publish to NPM
+        uses: js-actions/npm-publish@v2
+        with:
+          token: ${{ secrets.NPM_TOKEN }}
+          access: "public"

.github/workflows/unit-tests.yml

@@ -0,0 +1,32 @@
+name: Run Tests on PR to release
+
+on:
+  pull_request:
+    branches:
+      - release
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Check compilation and linting errors
+        run: npx tsc --noEmit && npm run lint
+
+      - name: Run Tests with Coverage
+        run: npm run test:coverage
+
+      - name: Upload Coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+Dmitry Nourell <[email protected]>.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Dmitry Nourell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,119 @@
+[![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://stand-with-ukraine.pp.ua)
+
+# envienc
+
+Envienc is a command-line tool for encrypting dotenv and YAML files, while keeping keys,
+comments, and overall structure untouched.
+
+It encrypts only the values, leaving the rest of the file intact.
+
+## Installation
+
+You need to have Node.js installed on your system. Then, run the following commands:
+
+```bash
+# Install envienc globally
+npm install -g envienc
+
+# ... or use npx to run it without installing
+npx envienc
+
+# ... or install it to your project and run it from there
+cd your-project
+npm install --save-dev envienc
+npx envienc
+```
+
+## Quick start
+
+```bash
+# First, let's init a new project.
+# This will create a .enviencrc file in your project root.
+# Using "-g" flag, you can specify globs for dotenv and YAML files.
+npx envienc init -g ".env" -g ".env.*" -g "deployments/*.yml"
+
+# Then, add unencrypted files to .gitignore if applicable.
+# This will prevent you from accidentally committing unencrypted files.
+# Make sure that globs in .gitignore wouldn't match encrypted files with ".envienc" suffix
+
+# Now you can encrypt your files.
+npx envienc encrypt
+
+# When you need to decrypt your files, run
+npx envienc decrypt
+
+# Help is here anytime you need it
+npx envienc --help
+```
+
+## Exceptions
+
+You can skip specific configuration entries from being encrypted.
+
+Use `@envienc no-encrypt` comment:
+
+## For dotenv
+
+```dotenv
+# @envienc no-encrypt
+PUBLIC_INFO=This variable wouldn't be encrypted
+
+# But this one would
+MY_SECRET=hellokitty
+```
+
+## For YAML
+
+```yaml
+nested:
+  - item1:
+      # Flag below would prevent encryption of entire "item1" entry
+      # @envienc no-encrypt
+      key1: value1
+      key2: value2
+      subitems:
+        - subitem1
+        - subitem2
+  # "item2" will be encrypted as expected
+  - item2:
+      keyA: valueA
+      keyB: valueB
+
+colors:
+  red: "#FF0000"
+  green: "#00FF00"
+  # Flag below would prevent encryption only of "blue" entry
+  blue: "#0000FF" # @envienc no-encrypt
+  random:
+    rgb: [
+        128,
+        # Flag below would prevent encryption only of "255" value
+        255, # @envienc no-encrypt
+        64,
+      ]
+    hex: "#FFFFFF"
+
+# Entire "branding" entry will be kept unencrypted
+# @envienc no-encrypt
+branding:
+  logo_uri: "https://example.com/logo.png"
+  name: "My App"
+  description: "My App is a great app"
+```
+
+## Encryption
+
+Under the hood, envienc uses the AES-256-GCM algorithm to encrypt the values.
+
+- To produce the encryption key, it uses the PBKDF2 algorithm with 600,000 iterations.
+- Salt for PBKDF2 is generated using Node's built-in CSPRNG via the `crypto.randomBytes()` method.
+  Salt is unique per project and stored in `.enviencrc` configuration file.
+- Each encrypted value has its own unique IV and auth tag stored with ciphertext.
+
+## Password input
+
+You can provide the password in several ways. The order of precedence is as follows:
+
+1. Using the `--password` option. Please, don't ever do this in production.
+2. Using the `ENVIENC_PWD` environment variable.
+3. Using the interactive prompt when encrypting or decrypting.