chore: add .env.example for clearer environment setup

.gitignore

@@ -44,4 +44,9 @@ JsonStorage.json
 *.crt
 *.pem
 *.key
-*.cnf
+*.cnf
+
+# Azurite local storage files
+__azurite_db_*
+__blobstorage__
+__queuestorage__

api/.env.example

@@ -0,0 +1,71 @@
+##########################################
+# Environment Variables for CodePush Server
+##########################################
+
+# ==============================
+# Storage Configuration (REQUIRED - choose one)
+# ==============================
+EMULATED=false # Set to 'true' to use the local emulator
+
+# --- Azure Storage Configuration ---
+AZURE_STORAGE_ACCOUNT=    # Azure storage account name
+AZURE_STORAGE_ACCESS_KEY= # Azure storage access key (if KeyVault not used)
+
+# ==============================
+# Server Configuration (REQUIRED)
+# ==============================
+SERVER_URL=http://localhost:3000 # The URL of your server
+
+# ==============================
+# Authentication (REQUIRED - at least one provider)
+# ==============================
+
+# --- GitHub OAuth ---
+GITHUB_CLIENT_ID=     # GitHub OAuth client ID
+GITHUB_CLIENT_SECRET= # GitHub OAuth client secret
+
+# --- Microsoft OAuth ---
+MICROSOFT_CLIENT_ID=     # Microsoft OAuth client ID
+MICROSOFT_CLIENT_SECRET= # Microsoft OAuth client secret
+
+# ==============================
+# Optional Configuration
+# ==============================
+
+# --- HTTPS Configuration ---
+HTTPS= # Set to 'true' to enable HTTPS for local deployment
+
+# --- Debugging Configuration ---
+LOGGING=false            # Enable CodePush-specific logging
+DEBUG_DISABLE_AUTH=false # Disable OAuth authentication route
+DEBUG_USER_ID=           # Backend user ID for debugging session
+
+# ==============================
+# Redis Configuration
+# ==============================
+REDIS_HOST=     # Redis server IP address
+REDIS_PORT=6379 # Redis port (default: 6379)
+REDIS_KEY=      # Redis authentication key
+
+# ==============================
+# Unit Testing Configuration
+# ==============================
+TEST_AZURE_STORAGE=false # Run API unit tests against Azure storage
+AZURE_ACQUISITION_URL=   # URL for acquisition tests
+
+# ==============================
+# Other Configuration
+# ==============================
+DISABLE_ACQUISITION=false        # Disable acquisition routes
+DISABLE_MANAGEMENT=false         # Disable management routes
+ENABLE_ACCOUNT_REGISTRATION=true # Enable account registration
+UPLOAD_SIZE_LIMIT_MB=200         # Max file upload size (in MB)
+ENABLE_PACKAGE_DIFFING=false     # Enable generating diffs for releases
+
+# ==============================
+# Azure KeyVault Configuration (Optional)
+# ==============================
+AZURE_KEYVAULT_ACCOUNT=               # Azure KeyVault account name
+CLIENT_ID=                            # Active Directory app client ID
+CERTIFICATE_THUMBPRINT=               # AD app certificate thumbprint
+REFRESH_CREDENTIALS_INTERVAL=86400000 # Credential refresh interval (in ms, default: 1 day)

api/ENVIRONMENT.md

@@ -2,7 +2,7 @@
 
 The CodePush Server is configured using environment variables.
 
-Currently, the following environment variables are available. For convenience, we will also load the server environment from any '.env' file in the api directory, and the test environment from any '.test.env' file in the root directory.
+For convenience, we will also load the server environment from any '.env' file in the api directory, and the test environment from any '.test.env' file in the root directory. Use the `.env.example` file as a template for setting up your environment variables.
 
 ## Mandatory parameters
 

api/README.md

@@ -16,11 +16,26 @@ Additionally, you need to specify [EMULATED](ENVIRONMENT.md#emulated) flag equal
 
 #### Steps
 To run the CodePush Server locally, follow these steps:
-1. Clone the CodePush Service repository.
-1. Create a `.env` file and configure the mandatory variables as outlined in the `ENVIRONMENT.md` file.
-1. Install dependencies by running `npm install`.
-1. Build the server by running `npm run build`.
-1. Start the server by running `npm run start:env`.
+
+1. Clone the CodePush Service repository to your local machine.
+
+2. Copy the `.env.example` file to a new file named `.env` in the root directory:
+   ````bash
+   cp .env.example .env
+   ````
+   Fill in the values for each environment variable in the `.env` file according to your development or production setup.
+3. Install all necessary dependencies:
+   ````bash
+   npm install
+   ````
+4. Compile the server code:
+   ````bash
+   npm run build
+   ````
+5. Launch the server with the environment-specific start command:
+   ````bash
+   npm run start:env
+   ````
 
 By default, local CodePush server runs on HTTP. To run CodePush Server on HTTPS:
 
@@ -115,3 +130,15 @@ Both work and personal accounts use the same application for authentication. The
 
 1. Only letters are allowed.
 1. Maximum 15 characters.
+
+## Metrics
+
+Installation metrics allow monitoring release activity via the CLI. For detailed usage instructions, please refer to the [CLI documentation](../cli/README.md#development-parameter).
+
+Redis is required for Metrics to work.
+
+### Steps
+
+1. Install Redis by following [official installation guide](https://redis.io/docs/latest/operate/oss_and_stack/install/install-redis/).
+1. TLS is required. Follow [official Redis TLS run guide](https://redis.io/docs/latest/operate/oss_and_stack/management/security/encryption/#running-manually).
+1. Set the necessary environment variables for [Redis](./ENVIRONMENT.md#redis).

api/SECURITY.md

@@ -19,4 +19,4 @@ All secrets used in the system should be handled with the utmost care. They must
 It is essential to review and apply security best practices for all system components. As this setup is minimal, it is the customer’s responsibility to harden the system for production use.
 
 - [Azure Storage Security Recommendations](https://learn.microsoft.com/en-us/azure/storage/blobs/security-recommendations)
-- [Azure WebApp Security Best Practices](https://learn.microsoft.com/en-us/azure/app-service/overview-security)
+- [Azure WebApp Security Best Practices](https://learn.microsoft.com/en-us/azure/app-service/overview-security)

api/package.json

@@ -32,7 +32,7 @@
     "cookie-session": "^2.0.0",
     "ejs": "^3.1.10",
     "email-validator": "1.0.3",
-    "express": "^4.19.2",
+    "express": "^4.21.1",
     "express-domain-middleware": "0.1.0",
     "express-rate-limit": "^7.4.0",
     "multer": "^1.4.5-lts.1",

api/script/routes/passport-authentication.ts

@@ -167,17 +167,17 @@ export class PassportAuthentication {
 
     router.get("/auth/login", this._cookieSessionMiddleware, (req: Request, res: Response): any => {
       req.session["hostname"] = req.query.hostname;
-      res.render("authenticate", { action: "login" });
+      res.render("authenticate", { action: "login", isGitHubAuthenticationEnabled, isMicrosoftAuthenticationEnabled });
     });
 
     router.get("/auth/link", this._cookieSessionMiddleware, (req: Request, res: Response): any => {
       req.session["authorization"] = req.query.access_token;
-      res.render("authenticate", { action: "link" });
+      res.render("authenticate", { action: "link", isGitHubAuthenticationEnabled, isMicrosoftAuthenticationEnabled });
     });
 
     router.get("/auth/register", this._cookieSessionMiddleware, (req: Request, res: Response): any => {
       req.session["hostname"] = req.query.hostname;
-      res.render("authenticate", { action: "register" });
+      res.render("authenticate", { action: "register", isGitHubAuthenticationEnabled, isMicrosoftAuthenticationEnabled });
     });
 
     return router;

api/script/views/authenticate.ejs

@@ -85,11 +85,15 @@
     <div class="container">
         Please select an authentication provider for your CodePush account:<br />
         <br />
-        <a href="/auth/<%=action%>/github"><img class="github" src="images/GitHub.png"> GitHub</a>
-        <span class="spacer"/>
-        <a href="/auth/<%=action%>/microsoft"><img class="microsoft" src="images/windows10.png"> Microsoft (Personal)</a>
-        <span class="spacer"/>
-        <a href="/auth/<%=action%>/azure-ad"><img class="microsoft" src="images/windows10.png"> Microsoft (Work)</a><br />
+        <% if (isGitHubAuthenticationEnabled) { %>
+            <a href="/auth/<%=action%>/github"><img class="github" src="images/GitHub.png"> GitHub</a>
+            <span class="spacer"/>
+        <% } %>
+        <% if (isMicrosoftAuthenticationEnabled) { %>
+            <a href="/auth/<%=action%>/microsoft"><img class="microsoft" src="images/windows10.png"> Microsoft (Personal)</a>
+            <span class="spacer"/>
+            <a href="/auth/<%=action%>/azure-ad"><img class="microsoft" src="images/windows10.png"> Microsoft (Work)</a><br />
+        <% } %>
     </div>
 </body>
 </html>

cli/README.md

@@ -392,6 +392,13 @@ code-push-standalone release-react <appName> <platform>
 [--sourcemapOutput <sourcemapOutput>]
 [--targetBinaryVersion <targetBinaryVersion>]
 [--rollout <rolloutPercentage>]
+[--useHermes <useHermes>]
+[--podFile <podFile>]
+[--extraHermesFlags <extraHermesFlags>]
+[--privateKeyPath <privateKeyPath>]
+[--xcodeProjectFile <xcodeProjectFile>]
+[--xcodeTargetName <xcodeTargetName>]
+[--buildConfigurationName <buildConfigurationName>]
 ```
 
 The `release-react` command is a React Native-specific version of the "vanilla" [`release`](#releasing-app-updates) command, which supports all of the same parameters (e.g. `--mandatory`, `--description`), yet simplifies the process of releasing updates by performing the following additional behavior:
@@ -521,6 +528,48 @@ This specifies the relative path to where the assets, JS bundle and sourcemap fi
 
 _NOTE: This parameter can be set using either --outputDir or -o_
 
+#### Use Hermes parameter
+
+This parameter enforces the use of the Hermes compiler. If not specified, the automatic checks will be performed, inspecting the `build.gradle` and `Podfile` for the Hermes flag.
+
+_NOTE: This parameter can be set using either --hermesEnabled or -h_
+
+#### Podfile parameter (iOS only)
+
+The Podfile path will be used for Hermes automatic check. Not used if `--useHermes` is specified.
+
+_NOTE: This parameter can be set using either --podfile or -pod_
+
+#### Extra hermes flags parameter
+
+Hermes flags which will be passed to Hermes compiler.
+
+_NOTE: This parameter can be set using either --extraHermesFlags or -hf_
+
+#### Private key path parameter
+
+Private key path which is used for code signing.
+
+_NOTE: This parameter can be set using either --privateKeyPath or -k_
+
+#### Xcode project file parameter
+
+Path to the Xcode project or project.pbxproj file.
+
+_NOTE: This parameter can be set using either --xcodeProjectFile or -xp_
+
+#### Xcode target name parameter
+
+Name of target (PBXNativeTarget) which specifies the binary version you want to target this release at (iOS only).
+
+_NOTE: This parameter can be set using either --xcodeTargetName or -xt_
+
+#### Build configuration name parameter
+
+Name of build configuration which specifies the binary version you want to target this release at. For example, 'Debug' or 'Release' (iOS only).
+
+_NOTE: This parameter can be set using either --buildConfigurationName or -c_
+
 ## Debugging CodePush Integration
 
 Once you've released an update, React Native plugin has been integrated into your app, it can be helpful to diagnose how the plugin is behaving, especially if you run into an issue and want to understand why. In order to debug the CodePush update discovery experience, you can run the following command in order to easily view the diagnostic logs produced by the CodePush plugin within your app: