Merge branch 'main' into fix/next-js-13-host

.github/actions/setup-and-build/action.yml

@@ -5,6 +5,10 @@ inputs:
     description: 'The directory to run the action in.'
     required: false
     default: '.'
+  install-dependencies:
+    description: 'Whether dependencies should be installed.'
+    required: false
+    default: true
   build:
     description: 'Whether the build step should be run.'
     required: false
@@ -27,6 +31,7 @@ runs:
       shell: bash
 
     - name: Install dependencies
+      if: ${{ inputs.install-dependencies == 'true' }}
       run: pnpm install
       shell: bash
       working-directory: ${{ inputs.working-directory }}/packages/inngest

.github/workflows/label-prs.yml

@@ -0,0 +1,24 @@
+name: Label PR based on changed package
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - uses: ./.github/actions/setup-and-build
+      with:
+        install-dependencies: false
+        build: false
+
+    - run: pnpm install
+
+    - name: Label PR
+      run: node scripts/labelPrs.js
+      env:
+        GITHUB_TOKEN: ${{ secrets.CHANGESET_GITHUB_TOKEN }} # inngest-release-bot

.github/workflows/pr.yml

@@ -16,8 +16,8 @@ env:
   NODE_AUTH_TOKEN: nothing
 
 jobs:
-  test:
-    name: Runtime
+  inngest_test:
+    name: "inngest: Runtime tests"
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -39,8 +39,8 @@ jobs:
       # Uses npm as pnpm doesn't support Node < 16
       - run: node --version && npm --version && npm run test
 
-  types:
-    name: Types
+  inngest_types:
+    name: "inngest: Type tests"
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -62,8 +62,8 @@ jobs:
       - run: pnpm add -D typescript@${{ matrix.tsVersion }}
       - run: pnpm run test:types
 
-  api_diff:
-    name: Local API diff
+  inngest_api_diff:
+    name: "inngest: Local API diff"
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -73,8 +73,8 @@ jobs:
       - uses: ./.github/actions/setup-and-build
       - run: pnpm run api-extractor run
 
-  lint:
-    name: Lint
+  inngest_lint:
+    name: "inngest: Lint"
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -84,8 +84,23 @@ jobs:
       - uses: ./.github/actions/setup-and-build
       - run: pnpm run lint
 
-  package:
-    name: Package
+  "eslint-plugin_test":
+    name: "eslint-plugin: Test"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: packages/eslint-plugin
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup-and-build
+        with:
+          install-dependencies: false
+          build: false
+      - run: pnpm install
+      - run: pnpm test
+
+  package_inngest:
+    name: "inngest: Package"
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -112,15 +127,15 @@ jobs:
       - id: matrix
         run: |
           blocklist=$(grep -v '^#' examples/.inngestignore | jq -R . | jq -s .)
-          echo "matrix=$(find examples -mindepth 1 -maxdepth 1 -type d | grep -v -f <(echo $blocklist | jq -r '.[]') | xargs -n 1 basename | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
+          echo "matrix=$(find examples -mindepth 1 -maxdepth 1 -type d -name 'framework-*' | grep -v -f <(echo $blocklist | jq -r '.[]') | xargs -n 1 basename | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
 
   examples:
     name: Test examples
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: packages/inngest
-    needs: [examples-matrix, package]
+    needs: [examples-matrix, package_inngest]
     strategy:
       fail-fast: false
       matrix:

.github/workflows/prerelease.yml

@@ -10,11 +10,14 @@ env:
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
 jobs:
-  prelease:
+  prelease_inngest:
     runs-on: ubuntu-latest
     permissions:
       contents: write
       id-token: write
+    defaults:
+      run:
+        working-directory: packages/inngest
     if: contains(github.event.pull_request.labels.*.name, 'prerelease/inngest')
     steps:
       - uses: actions/checkout@v3
@@ -24,22 +27,22 @@ jobs:
       - uses: ./.github/actions/setup-and-build
 
       - name: Prerelease PR
-        run: node scripts/prerelease.js
-        working-directory: packages/inngest
+        run: node ../../scripts/release/prerelease.js
         env:
           TAG: pr-${{ github.event.pull_request.number }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           NODE_ENV: test # disable npm access checks; they don't work in CI
+          DIST_DIR: dist
 
       - name: Update PR with latest prerelease
         uses: edumserrano/find-create-or-update-comment@v1
         with:
           token: ${{ secrets.CHANGESET_GITHUB_TOKEN }}
           issue-number: ${{ github.event.pull_request.number }}
-          body-includes: '<!-- pr-prerelease-comment -->'
+          body-includes: '<!-- pr-prerelease-comment-inngest -->'
           comment-author: 'inngest-release-bot'
           body: | # can be a single value or you can compose text with multi-line values
-            <!-- pr-prerelease-comment -->
+            <!-- pr-prerelease-comment-inngest -->
             A user has added the <kbd>[prerelease/inngest](https://github.com/inngest/inngest-js/labels/prerelease%2Finngest)</kbd> label, so this PR will be published to npm with the tag `pr-${{ github.event.pull_request.number }}`. It will be updated with the latest changes as you push commits to this PR.
 
             You can install this prerelease version with:
@@ -50,3 +53,54 @@ jobs:
 
             The last release was built and published from ${{ github.event.pull_request.head.sha }}.
           edit-mode: replace
+
+  prerelease_eslint-plugin:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    defaults:
+      run:
+        working-directory: packages/eslint-plugin
+    if: contains(github.event.pull_request.labels.*.name, 'prerelease/eslint-plugin')
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
+      - uses: ./.github/actions/setup-and-build
+        with:
+          install-dependencies: false
+          build: false
+
+      - run: pnpm install
+
+      - run: pnpm build
+
+      - name: Prerelease PR
+        run: node ../../scripts/release/prerelease.js
+        env:
+          TAG: pr-${{ github.event.pull_request.number }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_ENV: test # disable npm access checks; they don't work in CI
+
+      - name: Update PR with latest prerelease
+        uses: edumserrano/find-create-or-update-comment@v1
+        with:
+          token: ${{ secrets.CHANGESET_GITHUB_TOKEN }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body-includes: '<!-- pr-prerelease-comment-eslint-plugin -->'
+          comment-author: 'inngest-release-bot'
+          body: | # can be a single value or you can compose text with multi-line values
+            <!-- pr-prerelease-comment-eslint-plugin -->
+            A user has added the <kbd>[prerelease/eslint-plugin](https://github.com/inngest/inngest-js/labels/prerelease%2Feslint-plugin)</kbd> label, so this PR will be published to npm with the tag `pr-${{ github.event.pull_request.number }}`. It will be updated with the latest changes as you push commits to this PR.
+
+            You can install this prerelease version with:
+
+            ```sh
+            npm install @inngest/eslint-plugin@pr-${{ github.event.pull_request.number }}
+            ```
+
+            The last release was built and published from ${{ github.event.pull_request.head.sha }}.
+          edit-mode: replace
+

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
       - uses: changesets/action@v1
         id: changesets
         with:
-          publish: pnpm run --if-present --recursive release
+          publish: pnpm run release:all
           title: ${{ github.ref_name == 'main' && 'Release @latest' || format('Release {0}', github.ref_name) }}
         env:
           GITHUB_TOKEN: ${{ secrets.CHANGESET_GITHUB_TOKEN }}

examples/middleware-e2e-encryption/README.md

@@ -0,0 +1,37 @@
+# E2E Encryption
+
+We can use middleware to encrypt data before it's shipped to Inngest and decrypt it as it comes back in to functions.
+
+In [`stepEncryptionMiddleware.ts`](./stepEncryptionMiddleware.ts), we provide an example of encrypting and decrypting all step state as it is passed to and from Inngest. This example's "encryption" is just stringifying and reversing the value - in practice you'll want to replace this with your own method using something like [`node:crypto`](https://nodejs.org/api/crypto.html).
+
+> [!WARNING]
+> If you encrypt your step data and lose your encryption key, you'll lose access to all encrypted state. Be careful! In addition, seeing step results in the Inngest dashboard will no longer be possible.
+
+```ts
+const inngest = new Inngest({
+  id: "my-app",
+  middleware: [stepEncryptionMiddleware()],
+});
+
+inngest.createFunction(
+  { id: "example-function" },
+  { event: "app/user.created" },
+  async ({ event, step }) => {
+    /**
+     * The return value of `db.get()` - and therefore the value of `user` is now
+     * silently encrypted and decrypted by the middleware; no plain-text step
+     * data leaves your server or is stored in Inngest Cloud.
+     */
+    const user = await step.run("get-user", () =>
+      db.get("user", event.data.userId)
+    );
+  }
+);
+```
+
+It's also easily possible to also encrypt all event data, too, with [`fullEncryptionMiddleware.ts`](./fullEncryptionMiddlware.ts).
+
+> [!WARNING]
+> Encrypting event data means that using features of Inngest such as `step.waitForEvent()` with expressions and browsing event data in the dashboard are no longer possible.
+
+Be aware that, unlike step data, event data is much more commonly shared between systems; think about if you need to also encrypt your event data before doing so.

examples/middleware-e2e-encryption/fullEncryptionMiddlware.ts

@@ -0,0 +1,86 @@
+import { InngestMiddleware } from "inngest";
+
+const encryptionMarker = "__ENCRYPTED__";
+type EncryptedValue = { [encryptionMarker]: true; data: string };
+
+export const encryptionMiddleware = (
+  key: string = process.env.INNGEST_ENCRYPTION_KEY as string
+) => {
+  if (!key) {
+    throw new Error("Missing INNGEST_ENCRYPTION_KEY environment variable");
+  }
+
+  // Some internal functions that we'll use to encrypt and decrypt values.
+  // In practice, you'll want to use the `key` passed in to handle encryption
+  // properly.
+  const isEncryptedValue = (value: unknown): value is EncryptedValue => {
+    return (
+      typeof value === "object" &&
+      value !== null &&
+      encryptionMarker in value &&
+      value[encryptionMarker] === true &&
+      "data" in value &&
+      typeof value["data"] === "string"
+    );
+  };
+
+  const encrypt = (value: unknown): EncryptedValue => {
+    return {
+      [encryptionMarker]: true,
+      data: JSON.stringify(value).split("").reverse().join(""),
+    };
+  };
+
+  const decrypt = <T>(value: T): T => {
+    if (isEncryptedValue(value)) {
+      return JSON.parse(value.data.split("").reverse().join("")) as T;
+    }
+
+    return value;
+  };
+
+  return new InngestMiddleware({
+    name: "Full Encryption Middleware",
+    init: () => ({
+      onSendEvent: () => ({
+        transformInput: ({ payloads }) => ({
+          payloads: payloads.map((payload) => ({
+            ...payload,
+            data: payload.data && encrypt(payload.data),
+          })),
+        }),
+      }),
+      onFunctionRun: () => ({
+        transformInput: ({ ctx, steps }) => ({
+          steps: steps.map((step) => ({
+            ...step,
+            data: step.data && decrypt(step.data),
+          })),
+          ctx: {
+            event: ctx.event && {
+              ...ctx.event,
+              data: ctx.event.data && decrypt(ctx.event.data),
+            },
+            events:
+              ctx.events &&
+              ctx.events?.map((event) => ({
+                ...event,
+                data: event.data && decrypt(event.data),
+              })),
+          } as {},
+        }),
+        transformOutput: (ctx) => {
+          if (!ctx.step) {
+            return;
+          }
+
+          return {
+            result: {
+              data: ctx.result.data && encrypt(ctx.result.data),
+            },
+          };
+        },
+      }),
+    }),
+  });
+};

examples/middleware-e2e-encryption/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "middleware-e2e-encryption",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "inngest": "^3.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.9.1"
+  }
+}