Refactoring

myrotvorets · Oct 6, 2023 · 0b49417 · 0b49417
1 parent efaa26f
commit 0b49417
Show file tree

Hide file tree

Showing 12 changed files with 117 additions and 133 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -30,7 +30,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            nodejs.org:443
+            registry.npmjs.org:443
 
       - name: Check out the code
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
@@ -55,5 +61,23 @@ jobs:
 
       - name: Run tests
         run: npm test
-        env:
-          COLLECT_COVERAGE: "0"
+
+  lint:
+    name: Check Code Style
+    runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.head_commit.message, '[ci skip]') || github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: Run cose style check
+        uses: myrotvorets/composite-actions/node-run-script@master
+        with:
+          script: lint
+
+  typecheck:
+    name: Check Types
+    runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.head_commit.message, '[ci skip]') || github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: Run type check
+        uses: myrotvorets/composite-actions/node-run-script@master
+        with:
+          script: typecheck
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -4,33 +4,40 @@ on:
   push:
     branches:
       - master
-    paths:
-      - "lib/**.ts"
-      - ".github/workflows/codeql-analysis.yml"
   pull_request:
     branches:
       - master
-    paths:
-      - "lib/**.ts"
-      - ".github/workflows/codeql-analysis.yml"
   schedule:
     - cron: '15 3 * * 5'
 
 permissions:
-  actions: read
   contents: read
-  security-events: write
 
 jobs:
   analyze:
     name: Static Code Analysis with CodeQL
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         language:
           - javascript
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            uploads.github.com:443
+            objects.githubusercontent.com:443
+
       - name: Checkout repository
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -20,41 +20,15 @@ permissions:
 
 jobs:
   prepare:
-    name: Prepare the source code
+    name: Prepare source code
     runs-on: ubuntu-latest
     if: github.event_name == 'release' || github.event.inputs.npm == 'yes' || github.event.inputs.gpr == 'yes'
     steps:
-      - name: Checkout source
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
-        with:
-          ref: ${{ github.event.release.tag_name }}
-
-      - name: Set up Node.js environment
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
-        with:
-          node-version: lts/*
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci --ignore-scripts
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run postinstall scripts
-        run: npm rebuild && npm run prepare --if-present
-
-      - name: Create tarball
-        run: npm pack
-
-      - name: Save tarball
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
-        with:
-          name: package
-          path: "*.tgz"
-          retention-days: 1
+      - name: Prepare source
+        uses: myrotvorets/composite-actions/node-prepublish@master
 
   publish:
-    name: Publish package
+    name: Publish package (${{ matrix.registry }})
     runs-on: ubuntu-latest
     needs: prepare
     permissions:
@@ -74,38 +48,9 @@ jobs:
             secret: GITHUB_TOKEN
             registry_url: https://npm.pkg.github.com/
     steps:
-      - name: Set commit status to PENDING
-        uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          status: pending
-          context: Publish to ${{ matrix.registry }}
-          sha: ${{ github.sha }}
-        if: github.event.inputs[matrix.registry] == 'yes' || github.event_name == 'release'
-
-      - name: Set up Node.js environment
-        if: github.event.inputs[matrix.registry] == 'yes' || github.event_name == 'release'
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+      - name: Publish package
+        uses: myrotvorets/composite-actions/node-publish@master
         with:
+          node-auth-token: ${{ secrets[matrix.secret] }}
           registry-url: ${{ matrix.registry_url }}
-
-      - name: Download tarball
-        if: github.event.inputs[matrix.registry] == 'yes' || github.event_name == 'release'
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
-        with:
-          name: package
-
-      - name: Publish package
         if: github.event.inputs[matrix.registry] == 'yes' || github.event_name == 'release'
-        run: npm publish *.tgz
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets[matrix.secret] }}
-
-      - name: Set final commit status
-        uses: myrotvorets/set-commit-status-action@38f3f27c7d52fb381273e95542f07f0fba301307 # v2.0.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          status: ${{ job.status }}
-          context: Publish to ${{ matrix.registry }}
-          sha: ${{ github.sha }}
-        if: always() && (github.event.inputs[matrix.registry] == 'yes' || github.event_name == 'release')
diff --git a/.github/workflows/package-audit.yml b/.github/workflows/package-audit.yml
@@ -3,6 +3,7 @@ name: Package Audit
 on:
   push:
     branches:
+      - '**'
     paths:
       - package.json
       - package-lock.json

diff --git a/.github/workflows/push-tag.yml b/.github/workflows/push-tag.yml
@@ -13,26 +13,8 @@ jobs:
     name: Build and test
     runs-on: ubuntu-latest
     steps:
-      - name: Check out the code
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
-
-      - name: Set up Node.js environment
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
-        with:
-          node-version: lts/*
-
-      - name: Install dependencies
-        run: npm ci --ignore-scripts
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run postinstall scripts
-        run: npm rebuild && npm run prepare --if-present
-
-      - name: Run tests
-        run: npm test
-        env:
-          COLLECT_COVERAGE: "0"
+      - name: Build and test
+        uses: myrotvorets/composite-actions/build-test-nodejs@master
 
   release:
     name: Prepare the release
@@ -41,19 +23,12 @@ jobs:
     permissions:
       contents: write
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@02adcd6bfd77320f112a89e3f2692a83928cc1f4
-        with:
-          egress-policy: audit
-
-      - name: Build and test
-        uses: myrotvorets/composite-actions/build-test-nodejs@85c640fcc951d6a5fd6c9660f8334e22ceaf2959
-        with:
-          node-version: lts/*
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: Create a release
-        uses: softprops/action-gh-release@c9b46fe7aad9f02afd89b12450b780f52dacfb2d
-        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
         with:
           generate_release_notes: true
-          token: ${{ secrets.REPOSITORY_ACCESS_TOKEN }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.REPOSITORY_ACCESS_TOKEN }}
diff --git a/.github/workflows/sonarscan.yml b/.github/workflows/sonarscan.yml
@@ -30,3 +30,4 @@ jobs:
         uses: myrotvorets/composite-actions/node-sonarscan@85c640fcc951d6a5fd6c9660f8334e22ceaf2959
         with:
           sonar-token: ${{ secrets.SONAR_TOKEN }}
+          test-script: test:coverage
diff --git a/.mocharc.js b/.mocharc.js
@@ -1,8 +1,13 @@
 'use strict';
 
 module.exports = {
-    extension: ['ts'],
-    spec: 'test/**/*.spec.ts',
-    reporter: process.env.GITHUB_ACTIONS === 'true' ? 'mocha-reporter-gha' : 'spec',
+    recursive: true,
+    extension: ['.spec.ts'],
     require: 'ts-node/register',
+    reporter: 'mocha-multi',
+    'reporter-option': [
+        'spec=-',
+        process.env.GITHUB_ACTIONS === 'true' ? 'mocha-reporter-gha=-' : null,
+        process.env.SONARSCANNER === 'true' ? 'mocha-reporter-sonarqube=test-report.xml' : null,
+    ].filter(Boolean),
 };
diff --git a/lib/knex.ts b/lib/knex.ts
@@ -1,9 +1,8 @@
-/* eslint-disable promise/no-return-wrap */
-import { Span, SpanKind, SpanStatusCode, context, diag, trace } from '@opentelemetry/api';
+import { type Span, SpanKind, SpanStatusCode, context, diag, trace } from '@opentelemetry/api';
 import {
     InstrumentationBase,
-    InstrumentationConfig,
-    InstrumentationModuleDefinition,
+    type InstrumentationConfig,
+    type InstrumentationModuleDefinition,
     InstrumentationNodeModuleDefinition,
     InstrumentationNodeModuleFile,
     isWrapped,
@@ -86,7 +85,7 @@ export class KnexInstrumentation extends InstrumentationBase<Knex> {
 
     // eslint-disable-next-line @typescript-eslint/no-explicit-any, class-methods-use-this
     private readonly patchAddParentSpan = (original: (...params: unknown[]) => any): typeof original => {
-        return function (this: unknown, ...params: unknown[]): unknown /* NOSONAR */ {
+        return function (this: unknown, ...params: unknown[]): unknown {
             KnexInstrumentation.ensureParentSpan(this);
             return original.apply(this, params);
         };
@@ -96,20 +95,17 @@ export class KnexInstrumentation extends InstrumentationBase<Knex> {
         original: (connection: unknown, obj: unknown) => Promise<unknown>,
     ): ((connection: unknown, obj: KnexQuery | string) => Promise<unknown>) => {
         const self = this;
-        return function (
-            this: Knex.Client /* NOSONAR */,
-            connection: unknown,
-            query: KnexQuery | string,
-        ): Promise<unknown> {
+        return function (this: Knex.Client, connection: unknown, query: KnexQuery | string): Promise<unknown> {
             const span = self.createSpan(this, query);
             return original.call(this, connection, query).then(
                 (result: unknown) => {
                     span.setStatus({ code: SpanStatusCode.OK }).end();
-                    return Promise.resolve(result);
+                    return result;
                 },
                 (e: Error) => {
-                    span.setStatus({ code: SpanStatusCode.ERROR, message: e.message }).end();
-                    return Promise.reject(e);
+                    span.recordException(e);
+                    span.setStatus({ code: SpanStatusCode.ERROR }).end();
+                    throw e;
                 },
             );
         };

diff --git a/package-lock.json b/package-lock.json
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,7 @@ name: Package Audit @@
     on:
       push:
         branches:
+          - '**'
         paths:
           - package.json
           - package-lock.json
@@ Expand Down @@