diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..7e1413b --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,38 @@ +--- +pull_request_rules: + - name: Automatically merge security pull requests + conditions: + - author=dependabot[bot] + - label!=wontfix + - check-success=๐Ÿ”จ Build + - check-success=๐Ÿงช Test + - check-success=๐Ÿ‘ฉโ€๐ŸŽค Playwright Tests + - check-success=๐Ÿงน Lint + - check-success=SonarCloud Code Analysis + actions: + review: + type: APPROVE + message: Automatically approving dependabot + merge: + method: merge + - name: Automatically merge when all checks pass and the PR has been approved + conditions: + - check-success=๐Ÿ”จ Build + - check-success=๐Ÿงช Test + - check-success=๐Ÿงน Lint + - check-success=SonarCloud Code Analysis + - "#review-requested=0" + - "#approved-reviews-by>=1" + actions: + merge: + method: merge + - name: Ask for reviews + conditions: + - -closed + - -draft + - -author=dependabot[bot] + actions: + request_reviews: + teams: + - devs + random_count: 1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 172acf1..a631e8a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,19 +1,51 @@ -name: CI - +--- +name: ๐Ÿ‘ฎ CI on: - push: pull_request: - + branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +permissions: read-all jobs: build: + name: ๐Ÿ”จ Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Setup node - uses: actions/setup-node@v3 - with: - node-version: 16.18.1 - cache: 'npm' - - run: npm ci --no-audit --prefer-offline - - run: npm run build - - run: npm test + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: npm + - run: npm ci + - run: npm run build + test: + name: ๐Ÿงช Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: npm + - run: npm ci + - run: npm test + lint: + name: ๐Ÿงน Lint + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-node@v4 + with: + node-version-file: .nvmrc + cache: npm + - run: npm ci + - uses: oxsecurity/megalinter/flavors/javascript@v7 + env: + VALIDATE_ALL_CODEBASE: false + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.megalinter.yml b/.megalinter.yml new file mode 100644 index 0000000..9d57fde --- /dev/null +++ b/.megalinter.yml @@ -0,0 +1,41 @@ +# Configuration file for MegaLinter +# +# See all available variables at https://megalinter.io/latest/config-file/ and in +# linters documentation +--- +APPLY_FIXES: none + +DISABLE: + - COPYPASTE + - SPELL + +DISABLE_LINTERS: + # We use stylelint for CSS and SCSS linting + - CSS_SCSS_LINT + # Disable in favour of eslint + - JAVASCRIPT_STANDARD + # We use dependabot for vulnerability monitoring and patching + - REPOSITORY_GRYPE + # Not needed in this repository + - REPOSITORY_TRIVY + # Disable in favour of eslint + - TYPESCRIPT_STANDARD + # Link check flags localhost links in the contributing docs + - MARKDOWN_MARKDOWN_LINK_CHECK + # V8R keeps giving false positives + - YAML_V8R + +SHOW_ELAPSED_TIME: true + +FILEIO_REPORTER: false + +# Config paths +CSS_STYLELINT_CONFIG_FILE: stylelint.config.js +JAVASCRIPT_ES_CONFIG_FILE: .eslintrc +TYPESCRIPT_ES_CONFIG_FILE: .eslintrc + +# Executable overrides +CSS_STYLELINT_CLI_EXECUTABLE: ['./node_modules/.bin/stylelint'] + +# Linters configuration +REPOSITORY_GITLEAKS_DISABLE_ERRORS: true diff --git a/.mergify.yml b/.mergify.yml deleted file mode 100644 index 2c04215..0000000 --- a/.mergify.yml +++ /dev/null @@ -1,30 +0,0 @@ -pull_request_rules: - - name: Auto request reviews - conditions: - - author~=!^dependabot(|-preview)\[bot\]$ - actions: - request_reviews: - users: - - DanWebb - - gavmck - random_count: 1 - - name: Autosquash when checks pass and reviews are approved - conditions: - - and: - - author~=!^dependabot(|-preview)\[bot\]$ - - label!=wontfix - - check-success=build - - check-success=SonarCloud Code Analysis - - "#approved-reviews-by>=1" - actions: - merge: - method: squash - - name: Autosquash security updates when checks pass - conditions: - - author~=^dependabot(|-preview)\[bot\]$ - - label!=wontfix - - check-success=build - - check-success=SonarCloud Code Analysis - actions: - merge: - method: squash diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..f16eabe --- /dev/null +++ b/.npmrc @@ -0,0 +1,3 @@ +audit=false +noFund=true +preferOffline=true diff --git a/package.json b/package.json index 80b217c..48fbb36 100644 --- a/package.json +++ b/package.json @@ -15,9 +15,7 @@ "build": "microbundle-crl --no-compress --format modern,cjs", "start": "microbundle-crl watch --no-compress --format modern,cjs", "prepare": "run-s build", - "test": "run-s test:types test:unit test:lint test:build", - "test:build": "run-s build", - "test:lint": "eslint .", + "test": "run-s test:types test:unit", "test:unit": "cross-env CI=1 react-scripts test --env=jsdom", "test:watch": "react-scripts test --env=jsdom", "test:types": "tsc",