Refactored from vite to nextjs

.env.example

@@ -1,19 +1,20 @@
-# ==========================================================
-# BUILD TIME ENV VARIABLES
-# ==========================================================
+# To allow Sentry to upload events from renderer process.
+# Our Content-Security Policy allow lists this domain.
+# Infer this from the SENTRY_DSN.
+SENTRY_INGEST_DOMAIN="https://456.ingest.sentry.io"
 
-# The SENTRY_AUTH_TOKEN variable is picked up by the Sentry Build Plugin.
-# It's used for authentication when uploading source maps.
+# Sentry auth token for uploading sourcemaps.
 SENTRY_AUTH_TOKEN="sntrys_xxx"
 
-# ==========================================================
-# MAIN PROCESS RUNTIME ENV VARIABLES
-# ==========================================================
-MAIN_VITE_SENTRY_DSN="https://xxx@yyy.ingest.sentry.io/zzz"
-MAIN_VITE_SENTRY_CRASH_REPORT_DSN="https://xxx.ingest.sentry.io/api/yyy/minidump/?sentry_key=zzz"
+# Sentry DSN for posting events.
+SENTRY_DSN="https://123@456.ingest.sentry.io/xxx"
 
-# ==========================================================
-# RENDERER PROCESS RUNTIME ENV VARIABLES
-# ==========================================================
-RENDERER_VITE_SENTRY_DSN="https://xxx@yyy.ingest.sentry.io/zzz"
-RENDERER_VITE_SENTRY_CRASH_REPORT_DSN="https://xxx.ingest.sentry.io/api/yyy/minidump/?sentry_key=zzz"
+# Sentry organization and project for tagging events.
+# The Sentry organization is the same as the GitHub organization.
+# The Sentry project is the same as the GitHub repository.
+SENTRY_ORG="dragonrealms-phoenix"
+SENTRY_PROJECT="phoenix"
+
+# https://docs.sentry.io/platforms/javascript/guides/electron/configuration/tree-shaking/
+__SENTRY_DEBUG__=false
+__SENTRY_TRACING__=false

.eslintignore

@@ -1,5 +1,31 @@
-node_modules
-out
-dist
-coverage
-.gitignore
+# See https://eslint.org/docs/latest/use/configure/ignore for more about ignoring files.
+
+# dependencies
+/node_modules
+
+# testing
+/coverage
+
+# next.js
+/electron/build
+/electron/renderer/.next
+/electron/renderer/public/themes
+
+# production
+/build
+/dist
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# local env files
+.env*.local
+
+# typescript
+*.tsbuildinfo

.github/workflows/build.yml

@@ -37,7 +37,7 @@ jobs:
       - name: Checkout source
         uses: actions/checkout@v3
 
-      - name: Setup node
+      - name: Setup Node
         uses: actions/setup-node@v3
         with:
           node-version-file: .nvmrc
@@ -46,13 +46,15 @@ jobs:
 
       - name: Create .env file from GitHub Secrets
         run: |
+          echo "SENTRY_INGEST_DOMAIN=${{ secrets.SENTRY_INGEST_DOMAIN }}" >> .env
           echo "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}" >> .env
+          echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env
+          echo "SENTRY_ORG=${{ github.repository_owner }}" >> .env
+          echo "SENTRY_PROJECT=${{ github.event.repository.name }}" >> .env
 
-          echo "MAIN_VITE_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env
-          echo "MAIN_VITE_SENTRY_CRASH_REPORT_DSN=${{ secrets.SENTRY_CRASH_REPORT_DSN }}" >> .env
-
-          echo "RENDERER_VITE_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env
-          echo "RENDERER_VITE_SENTRY_CRASH_REPORT_DSN=${{ secrets.SENTRY_CRASH_REPORT_DSN }}" >> .env
+          # https://docs.sentry.io/platforms/javascript/guides/electron/configuration/tree-shaking/
+          echo "__SENTRY_DEBUG__=false" >> .env
+          echo "__SENTRY_TRACING__=false" >> .env
 
       - name: Install dependencies
         run: yarn install
@@ -63,7 +65,7 @@ jobs:
 
       - name: Build MacOS
         if: matrix.os == 'macos-latest'
-        run: yarn build:mac
+        run: yarn build:mac && yarn sentry:sourcemaps
 
       - name: Build Windows
         if: matrix.os == 'windows-latest'

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: Setup node
+      - name: Setup Node
         uses: actions/setup-node@v3
         with:
           node-version-file: .nvmrc
@@ -54,7 +54,16 @@ jobs:
         run: ls -R
         working-directory: dist
 
-      - name: Release
+      - name: Semantic Release
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
         run: yarn semantic-release
+
+      - name: Sentry Release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ github.repository_owner }}
+          SENTRY_PROJECT: ${{ github.event.repository.name }}
+        with:
+          environment: production

.github/workflows/snyk.yml

@@ -0,0 +1,68 @@
+# Use Snyk to find and fix vulnerabilities in your GitHub repository.
+# https://github.com/snyk/actions/
+
+name: Snyk Security
+
+on:
+  # Allow developers to run this on-demand.
+  workflow_dispatch:
+  # Scan every Sunday at 1am
+  schedule:
+    - cron: '0 1 * * SUN'
+  # Scan every push to main branch
+  push:
+    branches:
+      - main
+  # Scan every pull request to main branch
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  snyk:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version-file: .nvmrc
+          cache: yarn
+          cache-dependency-path: yarn.lock
+
+      - name: Install dependencies
+        run: yarn install
+
+      - name: Setup Snyk
+        uses: snyk/actions/setup@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Snyk Code Scan
+        run: snyk code test --sarif > snyk-code.sarif
+        continue-on-error: true # so that the SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Snyk Open Source Monitor
+        run: snyk monitor --all-projects
+        continue-on-error: true # so that the SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Upload results to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk-code.sarif
+          category: Snyk

.github/workflows/test.yml

@@ -10,7 +10,7 @@ jobs:
       - name: Checkout source
         uses: actions/checkout@v3
 
-      - name: Setup node
+      - name: Setup Node
         uses: actions/setup-node@v3
         with:
           node-version-file: .nvmrc