Merge pull request #105 from etchteam/feat/improve-ci

CI improvements
etchteam · Jul 4, 2024 · cf2d2fd · cf2d2fd
2 parents bd2e6e7 + eca7d96
commit cf2d2fd
Show file tree

Hide file tree

Showing 7 changed files with 135 additions and 46 deletions.
diff --git a/.github/mergify.yml b/.github/mergify.yml
@@ -0,0 +1,38 @@
+---
+pull_request_rules:
+  - name: Automatically merge security pull requests
+    conditions:
+      - author=dependabot[bot]
+      - label!=wontfix
+      - check-success=🔨 Build
+      - check-success=🧪 Test
+      - check-success=👩‍🎤 Playwright Tests
+      - check-success=🧹 Lint
+      - check-success=SonarCloud Code Analysis
+    actions:
+      review:
+        type: APPROVE
+        message: Automatically approving dependabot
+      merge:
+        method: merge
+  - name: Automatically merge when all checks pass and the PR has been approved
+    conditions:
+      - check-success=🔨 Build
+      - check-success=🧪 Test
+      - check-success=🧹 Lint
+      - check-success=SonarCloud Code Analysis
+      - "#review-requested=0"
+      - "#approved-reviews-by>=1"
+    actions:
+      merge:
+        method: merge
+  - name: Ask for reviews
+    conditions:
+      - -closed
+      - -draft
+      - -author=dependabot[bot]
+    actions:
+      request_reviews:
+        teams:
+          - devs
+        random_count: 1
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,19 +1,51 @@
-name: CI
-
+---
+name: 👮 CI
 on:
-  push:
   pull_request:
-
+    branches: [main]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+permissions: read-all
 jobs:
   build:
+    name: 🔨 Build
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - name: Setup node
-      uses: actions/setup-node@v3
-      with:
-        node-version: 16.18.1
-        cache: 'npm'
-    - run: npm ci --no-audit --prefer-offline
-    - run: npm run build
-    - run: npm test
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+          cache: npm
+      - run: npm ci
+      - run: npm run build
+  test:
+    name: 🧪 Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+          cache: npm
+      - run: npm ci
+      - run: npm test
+  lint:
+    name: 🧹 Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+          cache: npm
+      - run: npm ci
+      - uses: oxsecurity/megalinter/flavors/javascript@v7
+        env:
+          VALIDATE_ALL_CODEBASE: false
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.megalinter.yml b/.megalinter.yml
@@ -0,0 +1,42 @@
+# Configuration file for MegaLinter
+#
+# See all available variables at https://megalinter.io/latest/config-file/ and in
+# linters documentation
+---
+APPLY_FIXES: none
+
+DISABLE:
+  - COPYPASTE
+  - SPELL
+
+DISABLE_LINTERS:
+  # We use stylelint for CSS and SCSS linting
+  - CSS_SCSS_LINT
+  # Disable in favour of eslint
+  - JAVASCRIPT_STANDARD
+  # We use dependabot for vulnerability monitoring and patching
+  - REPOSITORY_GRYPE
+  # Not needed in this repository
+  - REPOSITORY_TRIVY
+  # Disable in favour of eslint
+  - TYPESCRIPT_STANDARD
+  # Link check flags localhost links in the contributing docs
+  - MARKDOWN_MARKDOWN_LINK_CHECK
+  # V8R keeps giving false positives
+  - YAML_V8R
+
+SHOW_ELAPSED_TIME: true
+
+FILEIO_REPORTER: false
+
+# Config paths
+CSS_STYLELINT_CONFIG_FILE: stylelint.config.js
+JAVASCRIPT_ES_CONFIG_FILE: .eslintrc
+TYPESCRIPT_ES_CONFIG_FILE: .eslintrc
+
+# Executable overrides
+CSS_STYLELINT_CLI_EXECUTABLE: ['./node_modules/.bin/stylelint']
+
+# Linters configuration
+REPOSITORY_GITLEAKS_DISABLE_ERRORS: true
+REPOSITORY_TRUFFLEHOG_ARGUMENTS: --exclude_paths .trufflehog-ignore
diff --git a/.mergify.yml b/.mergify.yml
diff --git a/.npmrc b/.npmrc
@@ -0,0 +1,3 @@
+audit=false
+noFund=true
+preferOffline=true
diff --git a/.trufflehog-ignore b/.trufflehog-ignore
@@ -0,0 +1,6 @@
+node_modules
+.git
+dist
+example/.next
+example/node_modules
+example/next-env.d.ts
diff --git a/package.json b/package.json
@@ -15,9 +15,7 @@
     "build": "microbundle-crl --no-compress --format modern,cjs",
     "start": "microbundle-crl watch --no-compress --format modern,cjs",
     "prepare": "run-s build",
-    "test": "run-s test:types test:unit test:lint test:build",
-    "test:build": "run-s build",
-    "test:lint": "eslint .",
+    "test": "run-s test:types test:unit",
     "test:unit": "cross-env CI=1 react-scripts test --env=jsdom",
     "test:watch": "react-scripts test --env=jsdom",
     "test:types": "tsc",