From d52b2e1f3f1cde1fded517d578feb143c3982670 Mon Sep 17 00:00:00 2001 From: Supereg Date: Sat, 6 Nov 2021 21:47:54 +0100 Subject: [PATCH] Move to the reusable GitHub Actions setup --- .../{workflows => }/node-persist-ignore.js | 0 .github/workflows/beta-release.yml | 31 ++++++++ .github/workflows/build.yml | 18 +++++ .github/workflows/codeql-analysis.yml | 49 +----------- .github/workflows/nodejs-beta.yml | 58 -------------- .github/workflows/nodejs.yml | 76 ------------------- .github/workflows/prerelease.js | 35 --------- .github/workflows/stale.yml | 23 +----- CONTRIBUTING.md | 3 +- SECURITY.md | 2 +- package.json | 2 +- 11 files changed, 59 insertions(+), 238 deletions(-) rename .github/{workflows => }/node-persist-ignore.js (100%) create mode 100644 .github/workflows/beta-release.yml create mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/nodejs-beta.yml delete mode 100644 .github/workflows/nodejs.yml delete mode 100644 .github/workflows/prerelease.js diff --git a/.github/workflows/node-persist-ignore.js b/.github/node-persist-ignore.js similarity index 100% rename from .github/workflows/node-persist-ignore.js rename to .github/node-persist-ignore.js diff --git a/.github/workflows/beta-release.yml b/.github/workflows/beta-release.yml new file mode 100644 index 000000000..535b96922 --- /dev/null +++ b/.github/workflows/beta-release.yml @@ -0,0 +1,31 @@ +name: Node-CI Beta + +on: + push: + branches: [beta-*.*.*, beta] + workflow_dispatch: + +jobs: + build_and_test: + uses: homebridge/.github/.github/workflows/nodejs-build-and-test.yml@main + with: + enable_coverage: true + secrets: + token: ${{ secrets.GITHUB_TOKEN }} + lint: + needs: build_and_test + uses: homebridge/.github/.github/workflows/eslint.yml@main + + publish: + needs: lint + + if: ${{ secrests.npm_token != null }} + + uses: homebridge/.github/.github/workflows/npm-publish.yml@main + with: + tag: 'beta' + dynamically_adjust_version: true + npm_version_command: 'pre' + pre_id: 'beta' + secrets: + npm_auth_token: ${{ secrets.npm_token }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..477256ab2 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,18 @@ +name: Node Build + +on: + push: + branches: [master] + pull_request: + workflow_dispatch: + +jobs: + build_and_test: + uses: homebridge/.github/.github/workflows/nodejs-build-and-test.yml@main + with: + enable_coverage: true + secrets: + token: ${{ secrets.GITHUB_TOKEN }} + lint: + needs: build_and_test + uses: homebridge/.github/.github/workflows/eslint.yml@main diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7eca5811e..602a49db0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,55 +2,12 @@ name: "CodeQL" on: push: - branches: [ master, beta ] + branches: [ master, beta* ] pull_request: - # The branches below must be a subset of the branches above - branches: [ master, beta ] + branches: [ master, beta* ] schedule: - cron: '44 16 * * 5' jobs: analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'javascript' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: homebridge/.github/.github/workflows/codeql-analysis.yml@main diff --git a/.github/workflows/nodejs-beta.yml b/.github/workflows/nodejs-beta.yml deleted file mode 100644 index 6a8c7ce1a..000000000 --- a/.github/workflows/nodejs-beta.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Node-CI Beta - -on: - push: - branches: - - beta* - -jobs: - build: - - strategy: - matrix: - node-version: [10.x, 12.x, 14.x] - os: [ubuntu-latest] - - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v2 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - uses: actions/cache@v2 - with: - path: ~/.npm - key: ${{ matrix.os }}-node-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} - - name: npm install, build and test - run: | - npm ci - npm run build --if-present - npm test - env: - CI: true - - publish-npm: - if: github.repository == 'homebridge/HAP-NodeJS' - - needs: build - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 - with: - node-version: 10 - registry-url: https://registry.npmjs.org/ - - uses: actions/cache@v2 - with: - path: ~/.npm - key: ${{ matrix.os }}-node-10-${{ hashFiles('**/package-lock.json') }} - - run: npm ci - - run: node .github/workflows/prerelease.js - - run: npm --no-git-tag-version version pre --preid=beta - - run: npm publish --tag=beta - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml deleted file mode 100644 index 37ce9cb93..000000000 --- a/.github/workflows/nodejs.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: Node-CI - -on: - push: - branches: master - pull_request: - create: # Run when tag is created - -jobs: - build: - - strategy: - matrix: - node-version: [10.x, 12.x, 14.x] - os: [ubuntu-latest] - - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v2 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - uses: actions/cache@v2 - with: - path: ~/.npm - key: ${{ matrix.os }}-node-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} - - name: npm install, build and test - run: | - npm ci - npm run build --if-present - npm run test-coverage - env: - CI: true - - name: Coveralls Parallel - uses: coverallsapp/github-action@master - with: - github-token: ${{ secrets.github_token }} - flag-name: run-${{ matrix.node-version }} - parallel: true - - finish: - needs: build - - runs-on: ubuntu-latest - - steps: - - name: Coveralls Finished - uses: coverallsapp/github-action@master - with: - github-token: ${{ secrets.github_token }} - parallel-finished: true - - publish-npm: - # publish only if we are on our own repo, event was 'create' (a tag was created) and the tag starts with "v" (aka version tag) - if: github.repository == 'homebridge/HAP-NodeJS' && github.event_name == 'create' && startsWith(github.ref, 'refs/tags/v') - - needs: build # only run if build succeeds - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 - with: - node-version: 10 # use the minimum required version - registry-url: https://registry.npmjs.org/ - - uses: actions/cache@v2 - with: - path: ~/.npm - key: ubuntu-latest-node-10-${{ hashFiles('**/package-lock.json') }} - - run: npm ci - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.npm_token }} diff --git a/.github/workflows/prerelease.js b/.github/workflows/prerelease.js deleted file mode 100644 index 3dee6e428..000000000 --- a/.github/workflows/prerelease.js +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/env node - -const fs = require("fs"); -const semver = require("semver"); -const child_process = require("child_process"); - -const packageJSON = JSON.parse(fs.readFileSync("package.json", "utf8")); - -function getTagVersionFromNpm(tag) { - try { - return child_process.execSync(`npm info ${packageJSON.name} version --tag="${tag}"`).toString("utf8").trim(); - } catch (e) { - throw e; - } -} - -// betaVersion is a custom property we put into the package.json to indicate which release we want to tag -const projectBetaVersion = packageJSON.betaVersion; -if (!projectBetaVersion) { - throw new Error("Unable to calculate the next prerelease version. 'betaVersion' was not set in the package.json") -} - -const latestReleaseBeta = getTagVersionFromNpm("beta"); // like 0.7.0-beta.12 -const betaAsRelease = semver.inc(latestReleaseBeta, "patch"); // will produce 0.7.0 (needed for the equality check below) - -let publishTag; -if (semver.eq(projectBetaVersion, betaAsRelease)) { // check if we are releasing another version for the latest beta - publishTag = latestReleaseBeta; // set the current latest beta to be incremented -} else { - publishTag = projectBetaVersion; // start of with a new beta version -} - -// save the package.json -packageJSON.version = publishTag; -fs.writeFileSync("package.json", JSON.stringify(packageJSON, null, 2)); diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 484e7350b..3a333183b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,23 +7,6 @@ on: jobs: stale: - - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - - steps: - - uses: actions/stale@v3 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-label: 'stale' - exempt-issue-labels: pinned,security,long running,discussion,vision - stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.' - close-issue-message: 'This issue has been closed as no further activity has occurred.' - days-before-issue-stale: 30 - days-before-issue-close: 5 - - # disabling stale bot for PRs - days-before-pr-close: -1 - days-before-pr-stale: -1 + uses: homebridge/.github/.github/workflows/stale.yml@main + secrets: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 80836851a..0904f99ce 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,8 @@ * **Node 10 LTS:** `HAP-NodeJS` has a minimum Node version requirement of 10.17.0. Pull requests MUST NOT require a Node version greater than that unless the feature is - enabled/backported via [TypeScript][link-typescript]. + enabled/backported via [TypeScript][link-typescript]. If a higher version requirement may be justified + you SHALL include your reasoning in the pull request discussion. * **Add tests:** All pull requests SHOULD include unit tests to ensure the change works as expected and to prevent regressions. diff --git a/SECURITY.md b/SECURITY.md index 91a4ce4a8..f031e73c9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ We want to ensure that `HAP-NodeJS` is secure for everyone. If you've discovered we appreciate your help in disclosing it to us in a [responsible manner][link-responsible-disclosure]. Publicly disclosing a vulnerability can put the entire community at risk. If you've discovered a security concern, -please email us at [mail@anderl-bauer.de](mailto:mail@anderl-bauer.de) with [SECURITY] in the subject line. +please email us at [homebridge-security@andi-bauer.com](mailto:homebridge-security@andi-bauer.com) with [SECURITY] in the subject line. We'll work with you to make sure we understand the scope of the issue, and that we fully address your concern. We consider correspondence sent to this email address our highest priority, and work to address any issues that arise as quickly as possible. diff --git a/package.json b/package.json index b8d77fe96..d99107e46 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "license": "Apache-2.0", "scripts": { "clean": "rimraf dist && rimraf coverage", - "build": "rimraf dist && tsc && node .github/workflows/node-persist-ignore.js", + "build": "rimraf dist && tsc && node .github/node-persist-ignore.js", "prepublishOnly": "npm run build", "postpublish": "npm run clean", "test": "jest",