[WIP] Separate commands implementation from specific CLI args parser.

[rinatkhaziev]

Description

This is the first step of the first step of removal of yargs in favor of commander.

The general idea is to decouple commands from the specific arguments parser.

The implementation consists of two pieces:

1. BaseCommand - it's the base class from which the rest commands are derived from.
2. CommandRegistry - a simple singleton that stores all registered commands and invokes them.

Missing pieces

• Argument validation - where do we do it? How do we handle positional vs named
• Missing the allowed arguments definition. How does data shape look for it?
• Proper TS definitions

Pull request checklist

• Update SETUP.md with any new environmental variables.
• Update the documentation.
• Manually test the relevant changes.
• Follow the pull request checklist
• Add/update automated tests as needed.

New release checklist

• Automated tests pass.
• The Preparing for release checklist is completed.

Steps to Test

Outline the steps to test and verify the PR here.

Example:

1. Check out PR.
2. Run npm run build
3. Run ./dist/lib/command.js
4. Verify example output is printed.

[mjangda]

This looks pretty cool. I'm not totally sold on the childCommands as a property; feels like it's a bit hidden and could get a bit unwieldy. But I'd be interested to hear from others.

When you feel like this is a good enough shape / structure, can you P2 it (maybe just a follow-up comment to @sjinks discovery post) so we can get perspectives from the team?

[rinatkhaziev]

@mjangda

I'm not totally sold on the childCommands as a property; feels like it's a bit hidden and could get a bit unwieldy. But I'd be interested to hear from others.

I get your concern, the flip side is that we get a nice tree structure that's easy to recursively iterate on.

From the structure standpoint I think @sjinks's idea (at least my interpretation of it) is something like this:

import { OneChildCommand } from '../commands/one-child-command';
import { TwoChildCommand } from '../commands/two-child-command';

class ParentCommand {
 childCommands: [
    OneChildCommand,
   TwoChildCommand
]

So the unwieldiness part might be mitigated.

But that's foremost on my mind too, we'll see how it goes. Re: p2 - absolutely, once we have something more palatable to show.

[sonarcloud]

Quality Gate failed

Failed conditions

25.0% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

[sonarcloud]

Quality Gate failed

Failed conditions
22.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud

[github-actions]

This pull request has been marked stale because it has been open for 60 days with no activity. If there is no activity within 7 days, it will be closed.

This is an automation to keep pull requests manageable and actionable and is not a comment on the quality of this pull request nor on the work done so far. Closed PRs are still valuable to the project and their branches are preserved.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/commander	^11.1.0	🟢 7.3	Details Check Score Reason Code-Review 🟢 9 Found 9/10 approved changesets -- score normalized to 9 Maintained 🟢 10 5 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

package.json

• commander@^11.1.0
• ts-node@^10.9.1

[sonarcloud]

Quality Gate failed

Failed conditions
22.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud