From 2a64addaf1e3cc3bb54dd80accea3e83f2eae790 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20M=C3=BClbert?= Date: Sun, 27 Oct 2024 09:51:02 +0100 Subject: [PATCH] Synch changes with a neer repo. --- .checkov.yml | 4 + .codespellrc | 2 +- .devskim.json | 3 + .eslintignore | 5 + .eslintrc.json | 17 + .../CODE_OF_CONDUCT.md | 0 .../CODE_OF_CONDUCT_de-DE.md | 0 CONTRIBUTING.md => .github/CONTRIBUTING.md | 0 .../CONTRIBUTING_de-DE.md | 0 .github/DISCUSSION_TEMPLATE/ideas.yml | 38 ++ .github/DISCUSSION_TEMPLATE/q-a.yml | 108 ++++ .github/dependabot.yml | 63 +- .github/labeler.yml | 26 + .github/labels.yml | 69 -- .github/main.workflow | 4 - .github/pr-labeler.yml | 41 -- .github/release-drafter.yml | 34 +- .github/workflows/add-comment-to-issue.yml | 66 ++ .github/workflows/add-issue-header.yml | 60 ++ .github/workflows/add-label-to-issue.yml | 26 + .github/workflows/assigned-pulls-todo.yml | 39 -- .github/workflows/commitlint.yml | 12 +- .github/workflows/defender-for-devops.yml | 79 --- .github/workflows/dependabot-merge.yml | 25 +- .github/workflows/dependency-review.yml | 35 +- .github/workflows/devskim-analysis.yml | 30 +- .github/workflows/issues.yml | 27 - .github/workflows/labeler.yml | 105 ++- .github/workflows/lock.yml | 23 + .github/workflows/mega-linter.yml | 314 ++++----- .github/workflows/misspell-fixer.yml | 51 -- .github/workflows/opened-issues-triage.yml | 4 +- .github/workflows/ossar-analysis.yml | 70 -- .github/workflows/pages-astro.yml | 43 +- .github/workflows/pr-labeler.yml | 34 - .github/workflows/pr-lint.yaml | 4 +- .github/workflows/pre-commit.yml | 22 - .github/workflows/release-drafter.yml | 7 +- .github/workflows/reuse-check.yml | 15 +- .github/workflows/scorecard.yml | 38 +- .github/workflows/semgrep.yml | 55 -- .github/workflows/size-limit.yml | 16 - .github/workflows/spelling.yml | 51 +- .github/workflows/stale.yml | 40 ++ .github/workflows/triage-issues.yml | 91 --- .github/workflows/write-good.yml | 38 -- .gitleaks.toml | 20 + .gitlint | 30 + .grype.yaml | 150 +++++ .hadolint.yml | 6 + .markdown-link-check.json | 5 + .markdownlint.json | 167 +++++ .markdownlint.yml | 145 ----- .mega-linter.yml | 16 +- .npmpackagejsonlintrc.json | 3 + .npmrc | 3 + .prettierignore | 5 +- .pylintrc | 597 ++++++++++++++++++ .secretlintrc.json | 7 + .stylelintignore | 1 + .stylelintrc.json | 2 +- .yamllint.yaml => .yamllint.yml | 0 REUSE.toml | 53 ++ biome.json | 21 +- cspell.config.yaml | 27 +- eslint.config.js | 55 ++ goodcheck.yml | 5 +- tsconfig.eslint.json | 4 + tsconfig.json | 11 + 69 files changed, 1974 insertions(+), 1193 deletions(-) create mode 100644 .checkov.yml create mode 100644 .devskim.json create mode 100644 .eslintignore create mode 100644 .eslintrc.json rename CODE_OF_CONDUCT.md => .github/CODE_OF_CONDUCT.md (100%) rename CODE_OF_CONDUCT_de-DE.md => .github/CODE_OF_CONDUCT_de-DE.md (100%) rename CONTRIBUTING.md => .github/CONTRIBUTING.md (100%) rename CONTRIBUTING_de-DE.md => .github/CONTRIBUTING_de-DE.md (100%) create mode 100644 .github/DISCUSSION_TEMPLATE/ideas.yml create mode 100644 .github/DISCUSSION_TEMPLATE/q-a.yml create mode 100644 .github/labeler.yml delete mode 100644 .github/labels.yml delete mode 100644 .github/main.workflow delete mode 100644 .github/pr-labeler.yml create mode 100644 .github/workflows/add-comment-to-issue.yml create mode 100644 .github/workflows/add-issue-header.yml create mode 100644 .github/workflows/add-label-to-issue.yml delete mode 100644 .github/workflows/assigned-pulls-todo.yml delete mode 100644 .github/workflows/defender-for-devops.yml delete mode 100644 .github/workflows/issues.yml create mode 100644 .github/workflows/lock.yml delete mode 100644 .github/workflows/misspell-fixer.yml delete mode 100644 .github/workflows/ossar-analysis.yml delete mode 100644 .github/workflows/pr-labeler.yml delete mode 100644 .github/workflows/pre-commit.yml delete mode 100644 .github/workflows/semgrep.yml delete mode 100644 .github/workflows/size-limit.yml create mode 100644 .github/workflows/stale.yml delete mode 100644 .github/workflows/triage-issues.yml delete mode 100644 .github/workflows/write-good.yml create mode 100644 .gitleaks.toml create mode 100644 .gitlint create mode 100644 .grype.yaml create mode 100644 .hadolint.yml create mode 100644 .markdown-link-check.json create mode 100644 .markdownlint.json delete mode 100644 .markdownlint.yml create mode 100644 .npmpackagejsonlintrc.json create mode 100644 .pylintrc create mode 100644 .secretlintrc.json create mode 100644 .stylelintignore rename .yamllint.yaml => .yamllint.yml (100%) create mode 100644 REUSE.toml create mode 100644 eslint.config.js create mode 100644 tsconfig.eslint.json create mode 100644 tsconfig.json diff --git a/.checkov.yml b/.checkov.yml new file mode 100644 index 000000000..97cda231b --- /dev/null +++ b/.checkov.yml @@ -0,0 +1,4 @@ +# You can see all available properties here: https://github.com/bridgecrewio/checkov#configuration-using-a-config-file +quiet: true +skip-check: + - CKV_DOCKER_2 diff --git a/.codespellrc b/.codespellrc index 4226bf254..e5c4ceebd 100644 --- a/.codespellrc +++ b/.codespellrc @@ -1,4 +1,4 @@ [codespell] -skip = build,*.yuv,components/fatfs/src/*,alice.txt,*.rgb,components/wpa_supplicant/*,components/esp_wifi/* +skip = build,*.yuv,components/fatfs/src/*,alice.txt,*.rgb,components/wpa_supplicant/*,components/esp_wifi/*,.github/styles/vale/* ignore-words-list = ser,dout,rsource,fram,inout,shs,ans,aci,unstall,unstalling,hart,wheight,wel write-changes = false diff --git a/.devskim.json b/.devskim.json new file mode 100644 index 000000000..5124f89f9 --- /dev/null +++ b/.devskim.json @@ -0,0 +1,3 @@ +{ + "Globs": ["**/.git/**", "**/megalinter-reports/**"] +} diff --git a/.eslintignore b/.eslintignore new file mode 100644 index 000000000..0073ecf07 --- /dev/null +++ b/.eslintignore @@ -0,0 +1,5 @@ +node_modules +docs/node_modules +coverage +app/templates +**/templates diff --git a/.eslintrc.json b/.eslintrc.json new file mode 100644 index 000000000..3e5d2cf7a --- /dev/null +++ b/.eslintrc.json @@ -0,0 +1,17 @@ +{ + "root": true, + "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"], + "parser": "@typescript-eslint/parser", + "parserOptions": {"project": ["./docs/tsconfig.json"]}, + "plugins": ["@typescript-eslint"], + "rules": { + "@typescript-eslint/strict-boolean-expressions": [ + 2, + { + "allowString": false, + "allowNumber": false + } + ] + }, + "ignorePatterns": ["src/**/*.test.ts", "docs/**/*.test.ts"] +} diff --git a/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md similarity index 100% rename from CODE_OF_CONDUCT.md rename to .github/CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT_de-DE.md b/.github/CODE_OF_CONDUCT_de-DE.md similarity index 100% rename from CODE_OF_CONDUCT_de-DE.md rename to .github/CODE_OF_CONDUCT_de-DE.md diff --git a/CONTRIBUTING.md b/.github/CONTRIBUTING.md similarity index 100% rename from CONTRIBUTING.md rename to .github/CONTRIBUTING.md diff --git a/CONTRIBUTING_de-DE.md b/.github/CONTRIBUTING_de-DE.md similarity index 100% rename from CONTRIBUTING_de-DE.md rename to .github/CONTRIBUTING_de-DE.md diff --git a/.github/DISCUSSION_TEMPLATE/ideas.yml b/.github/DISCUSSION_TEMPLATE/ideas.yml new file mode 100644 index 000000000..b8c885174 --- /dev/null +++ b/.github/DISCUSSION_TEMPLATE/ideas.yml @@ -0,0 +1,38 @@ +labels: [idea] +body: + - type: checkboxes + id: checks + attributes: + label: Checked + description: Please confirm and check all the following options. + options: + - label: I searched existing ideas and did not find a similar one + required: true + - label: I added a very descriptive title + required: true + - label: I've clearly described the feature request and motivation for it + required: true + - type: textarea + id: feature-request + validations: + required: true + attributes: + label: Feature request + description: | + A clear and concise description of the feature proposal. Please provide links to any relevant GitHub repos, papers, or other resources if relevant. + - type: textarea + id: motivation + validations: + required: true + attributes: + label: Motivation + description: | + Please outline the motivation for the proposal. Is your feature request related to a problem? e.g., I'm always frustrated when [...]. If this is related to another GitHub issue, please link here too. + - type: textarea + id: proposal + validations: + required: false + attributes: + label: Proposal (If applicable) + description: | + If you would like to propose a solution, please describe it here. diff --git a/.github/DISCUSSION_TEMPLATE/q-a.yml b/.github/DISCUSSION_TEMPLATE/q-a.yml new file mode 100644 index 000000000..4f04023fd --- /dev/null +++ b/.github/DISCUSSION_TEMPLATE/q-a.yml @@ -0,0 +1,108 @@ +labels: [Question] +body: + - type: markdown + attributes: + value: | + Thanks for your interest in jmbde-QT 🦜️🔗! + + Please follow these instructions, fill every question, and do every step. 🙏 + + We're asking for this because answering questions and solving problems in GitHub takes a lot of time -- + this is time that we cannot spend on adding new features, fixing bugs, writing documentation or reviewing pull requests. + + By asking questions in a structured way (following this) it will be much easier for us to help you. + + There's a high chance that by following this process, you'll find the solution on your own, eliminating the need to submit a question and wait for an answer. 😎 + + As there are many questions submitted every day, we will **DISCARD** and close the incomplete ones. + + That will allow us (and others) to focus on helping people like you that follow the whole process. 🤓 + + Relevant links to check before opening a question to see if your question has already been answered, fixed or + if there's another way to solve your problem: + + [jmbde-QT documentation with the integrated search](https://jmuelbert.github.io/jmbde-QT/), + [API Reference](https://jmuelbert.github.io/jmbde-QT/developerapi/), + [GitHub search](https://github.com/jmuelbert/jmbde-QT], + [jmbde-java Github Discussions](https://github.com/jmuelbert/jmbde-QT/discussions), + [jmbde-java Github Issues](https://github.com/jmuelbert/jmbde-QT/issues?q=is%3Aissue), + - type: checkboxes + id: checks + attributes: + label: Checked other resources + description: Please confirm and check all the following options. + options: + - label: I added a very descriptive title to this question. + required: true + - label: I searched the jmbde-QT documentation with the integrated search. + required: true + - label: I used the GitHub search to find a similar question and didn't find it. + required: true + - type: checkboxes + id: help + attributes: + label: Commit to Help + description: | + After submitting this, I commit to one of: + + * Read open questions until I find 2 where I can help someone and add a comment to help there. + * I already hit the "watch" button in this repository to receive notifications and I commit to help at least 2 people that ask questions in the future. + * Once my question is answered, I will mark the answer as "accepted". + options: + - label: I commit to help with one of those options 👆 + required: true + - type: textarea + id: example + attributes: + label: Example Code + description: | + Please add a self-contained, [minimal, reproducible, example](https://stackoverflow.com/help/minimal-reproducible-example) with your use case. + + If a maintainer can copy it, run it, and see it right away, there's a much higher chance that you'll be able to get help. + + **Important!** + + * Use code tags (e.g., ```python ... ```) to correctly [format your code](https://help.github.com/en/github/writing-on-github/creating-and-highlighting-code-blocks#syntax-highlighting). + * INCLUDE the language label (e.g. `python`) after the first three backticks to enable syntax highlighting. (e.g., ```python rather than ```). + * Reduce your code to the minimum required to reproduce the issue if possible. This makes it much easier for others to help you. + * Avoid screenshots when possible, as they are hard to read and (more importantly) don't allow others to copy-and-paste your code. + + placeholder: | + ** + + render: c++ + validations: + required: true + - type: textarea + id: description + attributes: + label: Description + description: | + What is the problem, question, or error? + + Write a short description explaining what you are doing, what you expect to happen, and what is currently happening. + placeholder: | + * I'm trying to use the `jmbde-java` library to do X. + * I expect to see Y. + * Instead, it does Z. + validations: + required: true + - type: textarea + id: system-info + attributes: + label: System Info + description: | + Please share your system info with us. + + "mvn --version" - Get the Java Version, the maven version and the OS version + platform (windows / linux / mac) + + OR if you're on a recent version of jmbde-QT you can paste the output of: + + placeholder: | + "mvn -v" + platform + Qt version + + validations: + required: true diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a90d8d4f1..fbd5a49ee 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,41 +2,62 @@ # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates version: 2 updates: - - package-ecosystem: "github-actions" - directory: "/" + # Maintain dependencies for GitHub Actions + - package-ecosystem: github-actions + directory: / schedule: - interval: "daily" + interval: monthly + groups: + github-actions: + patterns: + - '*' + open-pull-requests-limit: 10 commit-message: - prefix: ":rocket: gha" + include: scope + prefix: fix(gha) - - package-ecosystem: "docker" - directory: "/" + # Enable version updates for Docker + - package-ecosystem: docker + # Look for a `Dockerfile` in the `root` directory + directory: / + # Check for updates once a week schedule: - interval: "daily" + interval: monthly commit-message: - prefix: ":rocket: docker" + prefix: fix(docker) - - package-ecosystem: "bundler" - directory: "/" + # Maintain dependencies for nuget + - package-ecosystem: nuget # See documentation for possible values + directory: / # Location of package manifests schedule: - interval: "daily" + interval: monthly commit-message: - prefix: ":rocket: bundler" + prefix: fix(nuget) - - package-ecosystem: "npm" - directory: "/" + # Maintain dependencies for pip + - package-ecosystem: pip # See documentation for possible values + directory: / # Location of package manifests schedule: - interval: "daily" + interval: monthly commit-message: - prefix: ":rocket: npm" + prefix: fix(pip) - - package-ecosystem: "pip" - directory: "/" + # Maintain dependencies for npm + - package-ecosystem: npm + directory: / schedule: - interval: "daily" + interval: monthly commit-message: - prefix: ":rocket: pip" \ No newline at end of file + prefix: fix(npm) + + # Maintain dependencies for npm + - package-ecosystem: npm + directory: /docs + schedule: + interval: monthly + commit-message: + prefix: fix(npm for astrodoc) diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 000000000..eebad629f --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,26 @@ +# Add 'root' label to any root file changes +# Quotation marks are required for the leading asterisk +'project': + - changed-files: + - any-glob-to-any-file: '*' + - all-globs-to-all-files: '!*.md' +# Add 'Documentation' label to any change to .md files within the entire repository +documentation: + - changed-files: + - any-glob-to-any-file: docs/** +# Add 'source' label to any change to src files within the source dir EXCEPT for the docs sub-folder +'source': + - changed-files: + - any-glob-to-any-file: src/**/* + - all-globs-to-all-files: '!src/docs/**' +'github_actions': + - changed-files: + - any-glob-to-any-file: + - .github/actions/** + - .github/workflows/** +# Add 'feature' label to any PR where the head branch name starts with `feature` or has a `feature` section in the name +'feature': + - head-branch: [^feature, feature] +# Add 'release' label to any PR that is opened against the `main` branch +release: + - base-branch: release diff --git a/.github/labels.yml b/.github/labels.yml deleted file mode 100644 index c59db6dea..000000000 --- a/.github/labels.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Labels names are important as they are used by Release Drafter to decide -# regarding where to record them in changelog or if to skip them. -# -# The repository labels will be automatically configured using this file and -# the GitHub Action https://github.com/marketplace/actions/github-labeler. -- name: breaking - description: Breaking Changes - color: bfd4f2 -- name: bug - description: Something isn't working - color: d73a4a -- name: build - description: Build System and Dependencies - color: bfdadc -- name: ci - description: Continuous Integration - color: 4a97d6 -- name: dependencies - description: Pull requests that update a dependency file - color: 0366d6 -- name: documentation - description: Improvements or additions to documentation - color: 0075ca -- name: duplicate - description: This issue or pull request already exists - color: cfd3d7 -- name: enhancement - description: New feature or request - color: a2eeef -- name: github_actions - description: Pull requests that update Github_actions code - color: '000000' -- name: good first issue - description: Good for newcomers - color: 7057ff -- name: help wanted - description: Extra attention is needed - color: 008672 -- name: invalid - description: This doesn't seem right - color: e4e669 -- name: performance - description: Performance - color: '016175' -- name: production - description: Production - color: '0015d6' -- name: python - description: Pull requests that update Python code - color: 2b67c6 -- name: question - description: Further information is requested - color: d876e3 -- name: refactoring - description: Refactoring - color: ef67c4 -- name: removal - description: Removals and Deprecations - color: 9ae7ea -- name: style - description: Style - color: c120e5 -- name: testing - description: Testing - color: b1fc6f -- name: wontfix - description: This will not be worked on - color: ffffff diff --git a/.github/main.workflow b/.github/main.workflow deleted file mode 100644 index 48809d193..000000000 --- a/.github/main.workflow +++ /dev/null @@ -1,4 +0,0 @@ -action "Danger" { - uses = "danger/danger" - # secrets = ["GITHUB_TOKEN"] -} diff --git a/.github/pr-labeler.yml b/.github/pr-labeler.yml deleted file mode 100644 index 5fccf746b..000000000 --- a/.github/pr-labeler.yml +++ /dev/null @@ -1,41 +0,0 @@ -# Add 'root' label to any root file changes -# Quotation marks are required for the leading asterisk -root: -- changed-files: - - any-glob-to-any-file: '*' - -# Add 'AnyChange' label to any changes within the entire repository -AnyChange: -- changed-files: - - any-glob-to-any-file: '**' - -# Add 'Documentation' label to any change to .md files within the entire repository -Documentation: -- changed-files: - - any-glob-to-any-file: '**/*.md' - - any-glob-to-any-file: 'docs/**/*.mdx' - - any-glob-to-any-file: 'docs/**/*.mjs' - - any-glob-to-any-file: 'docs/**/*.ts' - -# Add 'source' label to any change to src files within the source dir EXCEPT for the docs sub-folder -source: -- all: - - changed-files: - - any-glob-to-any-file: 'src/**/*' - - any-glob-to-any-file: 'JMBeData/**/*.swift' - - any-glob-to-any-file: 'JMBeDataTests/**/*.swift' - - any-glob-to-any-file: 'JMBeDataUITests/**/.swift' - - all-globs-to-all-files: '!src/docs/*' - -# Add 'feature' label to any PR where the head branch name starts with `feature` or has a `feature` section in the name -feature: - - head-branch: ['^feature', 'feature'] - -GithubActions: -- all: - - changed-files: - - any-glob-to-any-file: '.github/workflows/**' - - # Add 'release' label to any PR that is opened against the `main` branch -release: - - base-branch: 'main' \ No newline at end of file diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 78424affa..939815eee 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -1,32 +1,30 @@ ---- -name-template: 'v$RESOLVED_VERSION 🌈' -tag-template: 'v$RESOLVED_VERSION' +name-template: v$RESOLVED_VERSION 🌈 +tag-template: v$RESOLVED_VERSION categories: - title: ':boom: Breaking Changes' - label: 'breaking' + label: breaking - title: ':package: Build System' - label: 'build' + label: build - title: ':construction_worker: Continuous Integration' - label: 'ci' + label: ci - title: ':books: Documentation' - label: 'documentation' + label: documentation - title: ':rocket: Features' - label: 'enhancement' + label: enhancement - title: ':beetle: Fixes' - label: 'bug' + label: bug - title: ':racehorse: Performance' - label: 'performance' + label: performance - title: ':hammer: Refactoring' - label: 'refactoring' + label: refactoring - title: ':fire: Removals and Deprecations' - label: 'removal' + label: removal - title: ':lipstick: Style' - label: 'style' + label: style - title: ':rotating_light: Testing' - label: 'testing' + label: testing change-template: '- $TITLE @$AUTHOR (#$NUMBER)' -change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. - +change-title-escapes: \<*_& # You can add # and @ to disable mentions, and add ` to disable code blocks. version-resolver: major: labels: @@ -41,10 +39,8 @@ version-resolver: - 'type: docs' - 'type: dependencies' - 'type: security' - exclude-labels: - - 'skip-changelog' - + - skip-changelog template: | ## Changes diff --git a/.github/workflows/add-comment-to-issue.yml b/.github/workflows/add-comment-to-issue.yml new file mode 100644 index 000000000..7559fffd6 --- /dev/null +++ b/.github/workflows/add-comment-to-issue.yml @@ -0,0 +1,66 @@ +--- +# SPDX-FileCopyrightText: GitHub, Inc. and contributors +# SPDX-License-Identifier: MIT +# +name: "Add Comment to Issue" + +on: # yamllint disable-line rule:truth + issues: + types: + - labeled + +permissions: + contents: read + +jobs: + add-comment-to-help-wanted: + if: github.event.label.name == 'help wanted' + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Add comment + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + issue-number: ${{ github.event.issue.number }} + body: | + This issue is available for anyone to work on. + + - Read our [Contributing Guidelines](https://github.com/jmuelbert/checkconnect/.github/blob/main/.github/CONTRIBUTING.md) + - Make sure to **reference** this issue in your pull request + + **:sparkles: Thank you for your contribution! :sparkles:** + + add-comment-to-good-first-issue: + if: github.event.label.name == 'good first issue' + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Add comment + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + issue-number: ${{ github.event.issue.number }} + body: | + This issue is a great way to kick-start your journey with our project, or to make a positive impact on open-source development. Jump in! + + - Check out our [Contributing Guidelines](https://github.com/jmuelbet/checkconnect/.github/blob/main/.github/CONTRIBUTING.md) for a smooth experience + - Remember to **[link](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)** your pull request to this issue + + **:sparkles: Thank you for your contribution! :sparkles:** + + # https://github.com/marketplace/actions/alls-green#why + release-all-green: # This job does nothing and is only used for the branch protection + if: always() + needs: + - add-comment-to-help-wanted + - add-comment-to-good-first-issue + + runs-on: ubuntu-latest + + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@223e4bb7a751b91f43eda76992bcfbf23b8b0302 # v1.2.2 + with: + allowed-skips: add-comment-to-help-wanted, add-comment-to-good-first-issue + jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/add-issue-header.yml b/.github/workflows/add-issue-header.yml new file mode 100644 index 000000000..3b7d6b813 --- /dev/null +++ b/.github/workflows/add-issue-header.yml @@ -0,0 +1,60 @@ +--- +# SPDX-FileCopyrightText: GitHub, Inc. and contributors +# SPDX-License-Identifier: MIT +# +# Automatically edits an issue's descriptions with a header, +# one of: +# +# - Bug report +# - Crash report +# - Feature or enhancement + +name: Add issue header + +on: # yamllint disable-line rule:truthy + issues: + types: + # Only ever run once + - opened + +permissions: + contents: read + +jobs: + add-header: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # V7.0.1 + with: + # language=JavaScript + script: | + // https://devguide.python.org/triage/labels/#type-labels + const HEADERS = new Map([ + ['type-bug', 'Bug report'], + ['type-crash', 'Crash report'], + ['type-feature', 'Feature or enhancement'], + ]); + let issue_data = await github.rest.issues.get({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo + }).then(issue => issue.data); + let header = ''; + for (const label_data of issue_data.labels) { + const label_name = (typeof label_data === 'string') ? label_data : label_data.name; + if (HEADERS.has(label_name)) { + header = HEADERS.get(label_name); + break; + } + } + if (header !== '') { + console.log(`Setting new header: ${header}`); + await github.rest.issues.update({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `# ${header}\n\n${issue_data.body.replaceAll('\r', '')}` + }); + } diff --git a/.github/workflows/add-label-to-issue.yml b/.github/workflows/add-label-to-issue.yml new file mode 100644 index 000000000..161236a75 --- /dev/null +++ b/.github/workflows/add-label-to-issue.yml @@ -0,0 +1,26 @@ +# SPDX-FileCopyrightText: GitHub, Inc. and contributors +# SPDX-License-Identifier: MIT +# +name: Add Label to Issue +on: # yamllint disable-line rule:truthy + issues: + types: + - reopened + - opened +permissions: + contents: read +jobs: + label_issues: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ["need triage"] + }) diff --git a/.github/workflows/assigned-pulls-todo.yml b/.github/workflows/assigned-pulls-todo.yml deleted file mode 100644 index 185698bc8..000000000 --- a/.github/workflows/assigned-pulls-todo.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# SPDX-FileCopyrightText: Jürgen Mülbert -# -# SPDX-License-Identifier: MIT - -# This script assigns pull requests to projects -# based on their status and labels - -name: "Auto Assign to Project(s)" - -on: # yamllint disable-line rule:truthy - pull_request_target: - types: [opened, labeled] - -on: - pull_request_target: - types: [opened, labeled] - -permissions: - pull-requests: write - -jobs: - assign_one_project: - runs-on: ubuntu-latest - name: Assign to One Project - - steps: - - name: Assign NEW issues and NEW pull requests to project 11 - uses: srggrs/assign-one-project-github-action@65a8ddab497df42ef268001e67bbf976f8fd39e1 # v1.3.1 - if: github.event.action == 'opened' - with: - project: "11" - - - name: Assign issues and pull requests with `bug` label to project 11 - uses: srggrs/assign-one-project-github-action@65a8ddab497df42ef268001e67bbf976f8fd39e1 # v1.3.1 - if: contains(github.event.pull_request.labels.*.name, 'bug') - with: - project: "11" - column_name: "Labeled" diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index d32a66b3e..512ebf5d5 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -16,13 +16,13 @@ concurrency: jobs: commitlint: - runs-on: ubuntu-latest - + # Skip any PR created by dependabot to avoid permission issues: if: (github.actor != 'dependabot[bot]') + runs-on: ubuntu-latest steps: - - name: "🧰 Checkout" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: 🧰 Checkout Source Code + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - name: "Check the commits" - uses: wagoid/commitlint-github-action@0d749a1a91d4770e983a7b8f83d4a3f0e7e0874e # v5.4.4 + - name: Check the commits + uses: wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6.0.1 diff --git a/.github/workflows/defender-for-devops.yml b/.github/workflows/defender-for-devops.yml deleted file mode 100644 index 0b72cd7dc..000000000 --- a/.github/workflows/defender-for-devops.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. -# -# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle. -# MSDO installs, configures and runs the latest versions of static analysis tools -# (including, but not limited to, SDL/security and compliance tools). -# -# The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue, -# as well as Windows self hosted agents. ubuntu-latest support coming soon. -# -# For more information about the action , check out https://github.com/microsoft/security-devops-action -# -# Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration -# and provide permission before this can report data back to azure. -# Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github - -name: 'Microsoft Defender For Devops' - -on: - push: - branches: [main, develop, release, improve_build-workflow] - - pull_request: - types: [opened, synchronize, reopened] - - schedule: - - cron: '32 6 * * 5' - -permissions: - contents: read - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - MSDO: - # Skip any PR created by dependabot to avoid permission issues: - if: (github.actor != 'dependabot[bot]') - runs-on: windows-latest - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - # currently only windows latest is supported - - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: "⚙️ Setup dotnet" - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 - with: - dotnet-version: | - 6.0.x - 7.0.x - cache: true - - - name: Cache NuGet packages - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 - with: - path: ~/.nuget/packages - key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }} - restore-keys: | - ${{ runner.os }}-nuget- - - - name: Run Microsoft Security DevOps - uses: microsoft/security-devops-action@7e3060ae1e6a9347dd7de6b28195099f39852fe2 # v1.10.0 - id: msdo - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac # v2.2.4 - with: - sarif_file: ${{ steps.msdo.outputs.sarifFile }} - \ No newline at end of file diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml index ede7ad50f..0931e14e5 100644 --- a/.github/workflows/dependabot-merge.yml +++ b/.github/workflows/dependabot-merge.yml @@ -1,23 +1,31 @@ --- -name: Dependabot auto-merge +# SPDX-FileCopyrightText: GitHub, Inc. and contributors +# SPDX-License-Identifier: MIT +name: Dependabot auto-merge on: pull_request # yamllint disable-line rule:truthy permissions: - pull-requests: write - issues: write - repository-projects: write + contents: read + +defaults: + run: + shell: bash jobs: dependabot: - runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} + runs-on: ubuntu-latest + permissions: + pull-requests: write + issues: write + repository-projects: write steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # v1.6.0 + uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0 with: - github-token: "${{ secrets.GITHUB_TOKEN }}" + github-token: ${{ secrets.GITHUB_TOKEN }} - name: Add a label for all production dependencies if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }} @@ -32,7 +40,8 @@ jobs: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Enable auto-merge for Dependabot PRs - if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && + if: + ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}} run: gh pr merge --auto --merge "$PR_URL" env: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5e09282c8..3862c3213 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,8 +1,7 @@ ---- # SPDX-FileCopyrightText: GitHub, Inc. and contributors -# SPDX-License-Identifier: "MIT License" +# SPDX-License-Identifier: MIT # -# Copyright (c) 2022GitHub, Inc. and contributors +# Copyright (c) 2022 GitHub, Inc. and contributors # Dependency Review Action # @@ -15,20 +14,28 @@ # Source repository: https://github.com/actions/dependency-review-action # Public documentation: # https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement - -name: "Dependency Review" - -on: [pull_request] # yamllint disable-line rule:truthy - +name: Dependency Review +on: pull_request # yamllint disable-line rule:truthy +# +# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api permissions: contents: read - jobs: dependency-review: runs-on: ubuntu-latest + permissions: + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option + pull-requests: write + # If using a dependency submission action in this workflow this permission will need to be set to: + contents: write steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: "Dependency Review" - uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4 + - name: 🧰 Checkout Source Code + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - name: Dependency Review Action + uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2 + # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. + with: + comment-summary-in-pr: always + # fail-on-severity: moderate + # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later + # retry-on-snapshot-warnings: true diff --git a/.github/workflows/devskim-analysis.yml b/.github/workflows/devskim-analysis.yml index 5f942dcec..abfe0e701 100644 --- a/.github/workflows/devskim-analysis.yml +++ b/.github/workflows/devskim-analysis.yml @@ -1,4 +1,3 @@ ---- # SPDX-FileCopyrightText: Microsoft Corporation # # SPDX-License-Identifier: MIT @@ -7,28 +6,23 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. - -name: DevSkim - +name: DevSkim Analysis on: # yamllint disable-line rule:truthy push: - branches: [main, develop, release, improve_build-workflow] - + branches: [main, develop, release] pull_request: types: [opened, synchronize, reopened] - schedule: - - cron: "36 22 * * 3" - + - cron: 36 22 * * 3 permissions: contents: read - concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true - jobs: - lint: + devSkim: + # Skip any PR created by dependabot to avoid permission issues: + if: (github.actor != 'dependabot[bot]') name: DevSkim runs-on: ubuntu-latest permissions: @@ -36,14 +30,12 @@ jobs: contents: read security-events: write steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - + - name: 🧰 Checkout Source Code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run DevSkim scanner - uses: microsoft/DevSkim-Action@b41921d947434b27f90b8949f8bfbe056e706bf6 # v1.0.11 - + uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac # v2.2.4 + - name: Upload to code-scanning + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml deleted file mode 100644 index 3d77e59c2..000000000 --- a/.github/workflows/issues.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# SPDX-FileCopyrightText: Jürgen Mülbert -# -# SPDX-License-Identifier: EUPL-1.2 -# - -name: Issue Processing Reminder - -on: - issues: - types: [opened, edited] # Trigger the workflow when an issue is opened or edited - -permissions: - contents: read - -jobs: - issue-reminder: - name: Issue Processing Reminder - runs-on: ubuntu-latest - steps: - - name: '🧰 Check out code' - uses: actions/checkout@v4 - - - name: Send Issue Processing Reminder - uses: fastlane/github-actions/fastlane-env-reminder@latest - with: - repo-token: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index e2f714f06..43ba50d97 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -1,34 +1,91 @@ ---- -name: "GitHub Labeler" - +# SPDX-FileCopyrightText: GitHub, Inc. and contributors +# +# SPDX-License-Identifier: MIT +# +# This workflow will triage pull requests and apply a label based on the +# paths that are modified in the pull request. +# +# To use this workflow, you will need to set up a .github/labeler.yml +# file with configuration. For more information, see: +# https://github.com/actions/labeler +name: Pull Request auto-label on: # yamllint disable-line rule:truthy push: - branches: [main, develop, release, improve_build-workflow] - paths: - - ".github/labels.yml" - - ".github/workflows/labels.yml" - + branches: [main, develop, release] pull_request: - # The branches below must be a subset of the branches above - types: [opened, synchronize, reopened] - -# Set permissions for contents + types: + - opened + - edited + - synchronize permissions: contents: read - +concurrency: + group: ${{ format('pr-label-{0}', github.event.pull_request.number || github.sha) }} + cancel-in-progress: true jobs: - labeler: + conflicts: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Update PRs with conflict labels + uses: eps1lon/actions-label-merge-conflict@6d74047dcef155976a15e4a124dde2c7fe0c5522 # v3.0.1 + with: + dirtyLabel: conflicts + # removeOnDirtyLabel: "PR: ready to ship" + repoToken: "${{ secrets.GITHUB_TOKEN }}" + commentOnDirty: This pull request has conflicts with the base branch, please resolve those so we can evaluate the pull request. + commentOnClean: Conflicts have been resolved! 🎉 A maintainer will review the pull request shortly. + size: + if: ${{ github.event_name == 'pull_request_target' }} + permissions: + issues: write + pull-requests: write runs-on: ubuntu-latest steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: codelytv/pr-size-labeler@56f6f0fc35c7cc0f72963b8467729e1120cb4bed # v1.10.0 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + xs_label: size/xs + xs_max_size: "10" + s_label: size/s + s_max_size: "100" + m_label: size/m + m_max_size: "500" + l_label: size/l + l_max_size: "1000" + xl_label: size/xl + fail_if_xl: "false" + message_if_xl: > + This PR exceeds the recommended size of 1000 lines. Please make sure you are NOT addressing multiple issues with one PR. Note this PR might be rejected due to its size. - - name: Run Labeler - if: success() - uses: crazy-max/ghaction-github-labeler@de749cf181958193cb7debf1a9c5bb28922f3e1b # v5.0 + github_api_url: https://api.github.com + files_to_ignore: "" + scope: + if: ${{ github.event_name == 'pull_request_target' }} + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Use PR Labeler Action + uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/labeler.yml + sync-labels: true + # https://github.com/marketplace/actions/alls-green#why + release-all-green: # This job does nothing and is only used for the branch protection + if: always() + needs: + - conflicts + - size + - scope + runs-on: ubuntu-latest + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@223e4bb7a751b91f43eda76992bcfbf23b8b0302 # v1.2.2 with: - github-token: ${{ secrets.GITHUB_TOKEN }} - yaml-file: .github/labels.yml - exclude: | - help* - *issue + allowed-skips: size, scope + jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml new file mode 100644 index 000000000..f21ba4fd8 --- /dev/null +++ b/.github/workflows/lock.yml @@ -0,0 +1,23 @@ +# SPDX-FileCopyrightText: Armin Sebastian +# SPDX-License-Identifier: MIT +name: Lock Threads +on: # yamllint disable-line rule:truthy + schedule: + - cron: 0 0 * * 1 +permissions: + issues: write +concurrency: + group: lock +jobs: + action: + runs-on: ubuntu-latest + steps: + - name: Lock threads + uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1 + with: + issue-inactive-days: "182" + issue-comment: > + This issue has been automatically locked since there has not been any recent activity (i.e. last half year) after it was closed. It helps our maintainers focus on the active issues. If you have found a problem that seems similar, please open a new issue, complete the issue template with all the details necessary to reproduce, and mention this issue as reference. + + process-only: issues + exclude-any-issue-labels: keep_unlocked diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 606563e0b..5ff46b834 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -1,191 +1,141 @@ ---- - # MegaLinter GitHub Action configuration file - # More info at https://megalinter.io - - # Trigger mega-linter at every push. Action will also be visible from - name: MegaLinter - - on: # yamllint disable-line rule:truthy - # Comment this line to trigger action only on pull-requests - # (not recommended if you don't pay for GH Actions) - push: - branches: ["main", "develop", "release", "improve_workflows"] - - pull_request: - types: [opened, labeled] - - # Uncomment env block if you do not want to apply fixes - env: - # Apply linter fixes configuration - # - # When active, APPLY_FIXES must also be defined as environment variable - # (in github/workflows/mega-linter.yml or other CI tool) - APPLY_FIXES: all - - # Decide which event triggers application of fixes in a commit or a PR - # (pull_request, push, all) - APPLY_FIXES_EVENT: pull_request - - # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) - # or posted in a PR (pull_request) - APPLY_FIXES_MODE: commit - - # Set permissions for contents - permissions: - contents: read - - # Set concurrency options - concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - - jobs: - megalinter: - name: MegaLinter - runs-on: ubuntu-latest - - # Give the default GITHUB_TOKEN write permission to commit and push, comment - # issues, and post new Pull Requests; remove the ones you do not need - permissions: - contents: write - issues: write - pull-requests: write - - # Skip any PR created by dependabot to avoid permission issues: - if: (github.actor != 'dependabot[bot]') - - steps: - # Git Checkout - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to - # improve performance - fetch-depth: 0 - - # MegaLinter - - name: MegaLinter - - # You can override MegaLinter flavor used to have faster performances - # More info at https://megalinter.io/flavors/ - uses: oxsecurity/megalinter@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0 - - id: ml - - # All available variables are described in documentation - # https://megalinter.io/configuration/ - env: - # Validates all source when push on main, else just the git diff with - # main. Override with true if you always want to lint all sources - # - # To validate the entire codebase, set to: - # VALIDATE_ALL_CODEBASE: true - # - # To validate only diff with main, set to: - # VALIDATE_ALL_CODEBASE: >- - # ${{ - # github.event_name == 'push' && - # github.ref == 'refs/heads/main' - # }} - VALIDATE_ALL_CODEBASE: true - - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF - # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY - - # Upload MegaLinter artifacts - - name: Archive production artifacts - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 - if: success() || failure() - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log - - # Create pull request if applicable - # (for now works only on PR from same repository, not from forks) - - name: Create Pull Request with applied fixes - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 - id: cpr - if: >- +# SPDX-FileCopyrightText: oxsecurity +# +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# MegaLinter GitHub Action configuration file +# More info at https://megalinter.io + +# Trigger mega-linter at every push. Action will also be visible from +name: MegaLinter +on: # yamllint disable-line rule:truthy + # Comment this line to trigger action only on pull-requests + # (not recommended if you don't pay for GH Actions) + # push: + # branches: [main, develop, release, Update-GitHub-Actions] + pull_request: + types: [opened, labeled] + workflow_dispatch: +# Uncomment env block if you do not want to apply fixes +env: # Comment env block if you don't want to apply fixes + # Apply linter fixes configuration + APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) + APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) + APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) +# Set permissions for contents +permissions: + contents: read +# Set concurrency options +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true +jobs: + megalinter: + # Skip any PR created by dependabot to avoid permission issues: + if: (github.actor != 'dependabot[bot]') + name: MegaLinter + runs-on: ubuntu-latest + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR + # Remove the ones you do not need + contents: write + issues: write + pull-requests: write + env: + APPLY_FIXES_IF_PR: false + APPLY_FIXES_IF_COMMIT: false + APPLY_FIXES_IF: false + steps: + # Git Checkout + - name: 🧰 Checkout Source Code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances + # MegaLinter + - name: MegaLinter + id: ml + # You can override MegaLinter flavor used to have faster performances + # More info at https://megalinter.io/flavors/ + uses: oxsecurity/megalinter@bacb5f8674e3730b904ca4d20c8bd477bc51b1a7 # v7.13.0 + # All available variables are described in documentation + # https://megalinter.io/configuration/ + env: + # Validates all source when push on main, else just the git diff with + # main. Override with true if you always want to lint all sources + # + # To validate the entire codebase, set to: + # VALIDATE_ALL_CODEBASE: true + # + # To validate only diff with main, set to: + # VALIDATE_ALL_CODEBASE: >- + # ${{ + # github.event_name == 'push' && + # github.ref == 'refs/heads/main' + # }} + VALIDATE_ALL_CODEBASE: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF + # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY + # Upload MegaLinter artifacts + - name: Archive production artifacts + if: success() || failure() + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + # Set APPLY_FIXES_IF var for use in future steps + - name: Set APPLY_FIXES_IF var + run: | + printf 'APPLY_FIXES_IF=%s\n' "${{ steps.ml.outputs.has_updated_sources == 1 && ( env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name ) && - env.APPLY_FIXES_MODE == 'pull_request' && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository - ) && - !contains(github.event.head_commit.message, 'skip fix') - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "[MegaLinter] Apply linters automatic fixes" - title: "[MegaLinter] Apply linters automatic fixes" - labels: bot - - - name: Create PR output - if: >- - steps.ml.outputs.has_updated_sources == 1 && - ( - env.APPLY_FIXES_EVENT == 'all' || - env.APPLY_FIXES_EVENT == github.event_name - ) && - env.APPLY_FIXES_MODE == 'pull_request' && - ( - github.event_name == 'push' || - github.event.pull_request.head.repo.full_name == github.repository - ) && - !contains(github.event.head_commit.message, 'skip fix') - run: | - echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}" - - # Push new commit if applicable - # (for now works only on PR from same repository, not from forks) - - name: Prepare commit - if: >- - steps.ml.outputs.has_updated_sources == 1 && - ( - env.APPLY_FIXES_EVENT == 'all' || - env.APPLY_FIXES_EVENT == github.event_name - ) && + ) + }}" >> "${GITHUB_ENV}" + # Set APPLY_FIXES_IF_* vars for use in future steps + - name: Set APPLY_FIXES_IF_* vars + run: | + printf 'APPLY_FIXES_IF_PR=%s\n' "${{ + env.APPLY_FIXES_IF == 'true' && + env.APPLY_FIXES_MODE == 'pull_request' + }}" >> "${GITHUB_ENV}" + printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{ + env.APPLY_FIXES_IF == 'true' && env.APPLY_FIXES_MODE == 'commit' && - github.ref != 'refs/heads/main' && - ( - github.event_name == 'push' || - github.event.pull_request.head.repo.full_name == github.repository - ) && - !contains(github.event.head_commit.message, 'skip fix') - run: sudo chown -Rc $UID .git/ - - - name: Commit and push applied linter fixes - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 - if: >- - steps.ml.outputs.has_updated_sources == 1 && - ( - env.APPLY_FIXES_EVENT == 'all' || - env.APPLY_FIXES_EVENT == github.event_name - ) && - env.APPLY_FIXES_MODE == 'commit' && - github.ref != 'refs/heads/main' && - ( - github.event_name == 'push' || - github.event.pull_request.head.repo.full_name == github.repository - ) && - !contains(github.event.head_commit.message, 'skip fix') - with: - branch: >- - ${{ - github.event.pull_request.head.ref || - github.head_ref || - github.ref - }} - commit_message: "[MegaLinter] Apply linters fixes" - commit_user_name: megalinter-bot - commit_user_email: nicolas.vuillamy@ox.security \ No newline at end of file + (!contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)) + }}" >> "${GITHUB_ENV}" + # Create pull request if applicable (for now works only on PR from same repository, not from forks) + - name: Create Pull Request with applied fixes + id: cpr + if: env.APPLY_FIXES_IF_PR == 'true' + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "[MegaLinter] Apply linters automatic fixes" + title: "[MegaLinter] Apply linters automatic fixes" + labels: bot + - name: Create PR output + if: env.APPLY_FIXES_IF_PR == 'true' + run: | + echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}" + # Push new commit if applicable + # (for now works only on PR from same repository, not from forks) + - name: Prepare commit + if: env.APPLY_FIXES_IF_COMMIT == 'true' + run: sudo chown -Rc $UID .git/ + - name: Commit and push applied linter fixes + if: env.APPLY_FIXES_IF_COMMIT == 'true' + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 + with: + branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} + commit_message: "[MegaLinter] Apply linters fixes" + commit_user_name: megalinter-bot + commit_user_email: nicolas.vuillamy@ox.security diff --git a/.github/workflows/misspell-fixer.yml b/.github/workflows/misspell-fixer.yml deleted file mode 100644 index 7c17a010e..000000000 --- a/.github/workflows/misspell-fixer.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# SPDX-FileCopyrightText: Jürgen Mülbert -# -# SPDX-License-Identifier: MIT - -name: "Misspell fixer" - -on: # yamllint disable-line rule:truthy - push: - branches: [main, develop, release, improve_workflows] - - pull_request: - # The branches below must be a subset of the branches above - types: [opened, synchronize, reopened] - -permissions: - contents: read - -jobs: - misspell-fixer: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - - # Skip any PR created by dependabot to avoid permission issues: - if: (github.actor != 'dependabot[bot]') - - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - # Full git history is needed to get a proper list of changed - # files within `super-linter` - fetch-depth: 0 - - - name: Run Misspell Fixer - uses: sobolevn/misspell-fixer-action@8842a5615f83fed75e8a87015e9300a54d049961 # master - - - name: Check for changes - run: git diff --exit-code ${{ github.sha }} - - - name: Create Pull Request for typos - if: failure() - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 - with: - commit-message: "Fix typos by misspell-fixer" - title: "Fix typos by misspell-fixer for ${{ github.ref }}" - assignees: ${{ github.actor }} - reviewers: ${{ github.actor }} - branch: "auto-pr/misspell-fixer/${{ github.ref }}" diff --git a/.github/workflows/opened-issues-triage.yml b/.github/workflows/opened-issues-triage.yml index 18e4427d2..e022e8c6b 100644 --- a/.github/workflows/opened-issues-triage.yml +++ b/.github/workflows/opened-issues-triage.yml @@ -17,8 +17,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Move Issue to Triage Column - uses: alex-page/github-project-automation-plus@7ffb872c64bd809d23563a130a0a97d01dfa8f43 # main + uses: alex-page/github-project-automation-plus@303f24a24c67ce7adf565a07e96720faf126fe36 # main with: - project: jmbde-QT + project: jmbde-java column: Triage repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml deleted file mode 100644 index a84825a3d..000000000 --- a/.github/workflows/ossar-analysis.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# SPDX-FileCopyrightText: Microsoft Corporation -# -# SPDX-License-Identifier: MIT -# -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow integrates a collection of open source static analysis tools -# with GitHub code scanning. For documentation, or to provide feedback, visit -# https://github.com/github/ossar-action - -name: OSSAR - -on: - push: - branches: [main, develop, release, improve_build-workflow] - paths: - - "**.{cpp,h,hpp,qml,ts,py}" - - cmake/** - - apps/** - - CMakeLists.txt - - ".github/workflows/ossar-analysis.yml" - - pull_request: - # The branches below must be a subset of the branches above - types: [opened, synchronize, reopened] - paths: - - "**.{cpp,h,hpp,qml,ts,py}" - - cmake/** - - apps/** - - CMakeLists.txt - - ".github/workflows/ossar-analysis.yml" - - schedule: - - cron: "22 15 * * 3" - -jobs: - OSSAR-Scan: - # Skip any PR created by dependabot to avoid permission issues: - if: (github.actor != 'dependabot[bot]') - # OSSAR runs on windows-latest. - # ubuntu-latest and macos-latest support coming soon - runs-on: windows-latest - - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. - # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. - # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. - # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: - # - name: Install .NET - # uses: actions/setup-dotnet@v1 - # with: - # dotnet-version: '3.1.x' - # Run open source static analysis tools - - name: Run OSSAR - uses: github/ossar-action@fae13e456b9973657a670eef6bccc3a4c2b5153d # main - id: ossar - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac # v2.2.4 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/pages-astro.yml b/.github/workflows/pages-astro.yml index 727f817ca..3db6e925c 100644 --- a/.github/workflows/pages-astro.yml +++ b/.github/workflows/pages-astro.yml @@ -1,4 +1,3 @@ ---- # SPDX-FileCopyrightText: Jürgen Mülbert # # SPDX-License-Identifier: MIT @@ -8,47 +7,37 @@ # To get started with Astro see: https://docs.astro.build/en/getting-started/ # name: Deploy Astro site to Pages - # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages permissions: contents: read pages: write id-token: write - on: # yamllint disable-line rule:truthy push: - branches: [main, develop, release, improve_workflows] - + branches: [main, develop, release] pull_request: # The branches below must be a subset of the branches above types: [opened, synchronize, reopened] - workflow_dispatch: - # Allow one concurrent deployment concurrency: - group: "pages" + group: pages cancel-in-progress: true - jobs: build: runs-on: ubuntu-latest - # Skip any PR created by dependabot to avoid permission issues: if: (github.actor != 'dependabot[bot]') - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - + - name: 🧰 Checkout Source Code + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Build and Upload Site - uses: withastro/action@9a7959a16949e620a22e74f81c10cb7ce3b76924 # v1.0.6 + uses: withastro/action@acfe56dffc635abfb9506c77d51ce097030360d1 # v2.0.0 with: - path: - ./pages - # The root location of your Astro project inside the - # repository. (optional) - # node-version: 16 # The specific version of Node that should be used to build your site. Defaults to 16. (optional) + path: ./docs + # The root location of your Astro project inside the + # repository. (optional) + # node-version: 16 # The specific version of Node that should be used to build your site. Defaults to 16. (optional) package-manager: pnpm@latest deploy: environment: @@ -60,4 +49,16 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v2 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + # https://github.com/marketplace/actions/alls-green#wh + release-all-green: # This job does nothing and is only used for the branch protection + if: always() + needs: + - build + - deploy + runs-on: ubuntu-latest + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@223e4bb7a751b91f43eda76992bcfbf23b8b0302 # v1.2.2 + with: + jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml deleted file mode 100644 index 78b42f13d..000000000 --- a/.github/workflows/pr-labeler.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# SPDX-FileCopyrightText: Jürgen Mülbert -# -# SPDX-License-Identifier: MIT -# -# This workflow will triage pull requests and apply a label based on the -# paths that are modified in the pull request. -# -# To use this workflow, you will need to set up a .github/labeler.yml -# file with configuration. For more information, see: -# https://github.com/actions/labeler - -name: Labeler - -on: # yamllint disable-line rule:truthy - pull_request: - -permissions: - contents: read - -jobs: - label: - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - - steps: - - name: Use PR Labeler Action - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" - configuration-path: .github/pr-labeler.yml - sync-labels: false diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 81865b4bf..ddcade8cf 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -27,8 +27,8 @@ jobs: pull-requests: write steps: - - name: '🧰 Checkout Source Code' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: 🧰 Checkout Source Code‚ + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Lint pull request title uses: matthiashermsen/lint-pull-request-title@49458c35f9eeaaad64abfb7b1def719350b6a755 # v1.0.0 diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml deleted file mode 100644 index ab0ac9413..000000000 --- a/.github/workflows/pre-commit.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: pre-commit - -on: - push: - branches: [main, develop, release, improve_build-workflow] - pull_request: - types: [opened, synchronize, reopened] - -jobs: - pre-commit: - runs-on: ubuntu-latest - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: "🐍 Set up Python" - uses: actions/setup-python@v5 - with: - python-version: 3.11.x - - - name: "Perform Pre-Commit" - uses: pre-commit/action@v3.0.0 diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 81f5529d1..eee1f4b13 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -1,7 +1,7 @@ --- -# SPDX-FileCopyrightText: Jürgen Mülbert +# SPDX-FileCopyrightText: Time Lucas # -# SPDX-License-Identifier: MIT +# SPDX-License-Identifier: ISC # name: Release Drafter @@ -40,7 +40,8 @@ jobs: # Drafts your next Release notes as Pull Requests are merged # into "master" - - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 + - name: Release Drafter + uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0 # (Optional) specify config name to use, relative to .github/. # Default: release-drafter.yml # with: diff --git a/.github/workflows/reuse-check.yml b/.github/workflows/reuse-check.yml index f8068891f..624c34721 100644 --- a/.github/workflows/reuse-check.yml +++ b/.github/workflows/reuse-check.yml @@ -1,7 +1,7 @@ --- -# SPDX-FileCopyrightText: Jürgen Mülbert +# SPDX-FileCopyrightText: Free Software Foundation Europe # -# SPDX-License-Identifier: EUPL-1.2 +# SPDX-License-Identifier: GPL-3.0-or-later name: REUSE Compliance Check @@ -23,19 +23,18 @@ permissions: jobs: ReuseCheck: + # Skip any PR created by dependabot to avoid permission issues: + if: (github.actor != 'dependabot[bot]') runs-on: ubuntu-latest permissions: contents: read - # Skip any PR created by dependabot to avoid permission issues: - if: (github.actor != 'dependabot[bot]') - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: 🧰 Checkout Source Code + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 - name: REUSE Compliance Check - uses: fsfe/reuse-action@4f2804894b54004c8ed4b8a62b7c649e54a3aa4b # v2.0.0 + uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 # v3.0.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d12cb478b..08a57f937 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,19 +1,23 @@ --- +# SPDX-FileCopyrightText: Open Source Security Foundation (OpenSSF) +# +# SPDX-License-Identifier: Apache-2.0 +# + # This workflow uses actions that are not certified by GitHub. They are provided # by a third-party and are governed by separate terms of service, privacy # policy, and support documentation. name: Scorecard supply-chain security -on: - branch_protection_rule: - # Schedule the workflow to run every Tuesday at 4:24 AM +on: # yamllint disable-line rule:truthy + branch_protection_rule: # Schedule the workflow to run every Tuesday at 4:24 AM schedule: - - cron: "24 4 * * 2" + - cron: 34 4 * * 2 push: - branches: [main, develop, release, improve_build-workflow] + branches: [main, develop, release] pull_request: # The branches below must be a subset of the branches above @@ -33,25 +37,25 @@ jobs: id-token: write steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: 🧰 Checkout Source Code + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + - name: Run analysis + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: - results_file: results.sarif + results_file: scorecard_results.sarif results_format: sarif publish_results: true - - name: "Upload artifact" - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + - name: Upload artifact + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file - path: results.sarif - retention-days: 5 + path: scorecard_results.sarif + retention-days: 6 # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + - name: Upload to code-scanning + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: - sarif_file: results.sarif + sarif_file: scorecard_results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml deleted file mode 100644 index e1d15eaa7..000000000 --- a/.github/workflows/semgrep.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Name of this GitHub Actions workflow. -name: Semgrep - -on: # yamllint disable-line rule:truthy - push: - branches: [main, develop, release, improve_build-workflow] - - pull_request: - # The branches below must be a subset of the branches above - types: [opened, synchronize, reopened] - - workflow_dispatch: - - schedule: - - cron: "20 17 * * 4" - -permissions: - contents: read - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - semgrep: - if: (github.actor != 'dependabot[bot]') - name: semgrep/ci - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - actions: read - - container: - image: returntocorp/semgrep - - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - # Skip any PR created by dependabot to avoid permission issues; - if: (github.actor != 'dependabot[bot]') - - - name: Run semgrep ci - run: semgrep ci --sarif --output=semgrep.sarif - env: - SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac # v2.2.4 - with: - sarif_file: semgrep.sarif - if: always() diff --git a/.github/workflows/size-limit.yml b/.github/workflows/size-limit.yml deleted file mode 100644 index 7adee0910..000000000 --- a/.github/workflows/size-limit.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -name: "size-limit" -on: - pull_request: - types: [opened, synchronize, reopened] - -jobs: - size: - runs-on: ubuntu-latest - env: - CI_JOB_NUMBER: 1 - steps: - - uses: actions/checkout@v1 - - uses: andresz1/size-limit-action@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index de82a5b09..a7167aaa9 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -1,10 +1,7 @@ ---- # SPDX-FileCopyrightText: Jürgen Mülbert # # SPDX-License-Identifier: MIT - name: Check Spelling - # Comment management is handled through a secondary job, for details see: # https://github.com/check-spelling/check-spelling/wiki/Feature%3A-Restricted-Permissions # @@ -70,22 +67,18 @@ name: Check Spelling # # remove `security-events: write` and `use_sarif: 1` # # remove `experimental_apply_changes_via_bot: 1` # ... otherwise adjust the `with:` as you wish - on: # yamllint disable-line rule:truthy push: - branches: [main, develop, release, improve_build-workflow] + branches: [main, develop, release] tags-ignore: - "**" pull_request_target: types: [opened, reopened, synchronize] - issue_comment: types: - - "created" - + - created permissions: contents: read - jobs: spelling: name: Check Spelling @@ -116,22 +109,9 @@ jobs: report-timing: 1 warnings: bad-regex,binary-file,deprecated-feature,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check experimental_apply_changes_via_bot: 1 - use_sarif: - ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == - github.repository)) && 1 }} + use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }} extra_dictionary_limit: 20 - extra_dictionaries: cspell:bash/bash-words.txt - cspell:companies/companies.txt - cspell:csharp/csharp.txt - cspell:css/css.txt - cspell:dotnet/dotnet.txt - cspell:filetypes/filetypes.txt - cspell:fonts/fonts.txt - cspell:html/html.txt - cspell:node/node.txt - cspell:npm/npm.txt - cspell:software-terms/dict/softwareTerms.txt - + extra_dictionaries: cspell:bash/bash-words.txt cspell:companies/companies.txt cspell:csharp/csharp.txt cspell:css/css.txt cspell:dotnet/dotnet.txt cspell:filetypes/filetypes.txt cspell:fonts/fonts.txt cspell:html/html.txt cspell:node/node.txt cspell:npm/npm.txt cspell:software-terms/dict/softwareTerms.txt comment-push: name: Report (Push) # If your workflow isn't running on push, you can remove this job @@ -147,7 +127,6 @@ jobs: checkout: true spell_check_this: check-spelling/spell-check-this@prerelease task: ${{ needs.spelling.outputs.followup }} - comment-pr: name: Report (PR) # If you workflow isn't running on pull_request*, you can remove this job @@ -156,8 +135,7 @@ jobs: permissions: contents: read pull-requests: write - if: (success() || failure()) && needs.spelling.outputs.followup && contains(github.event_name, - 'pull_request') + if: (success() || failure()) && needs.spelling.outputs.followup && contains(github.event_name, 'pull_request') steps: - name: comment uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 # v0.0.22 @@ -166,7 +144,6 @@ jobs: spell_check_this: check-spelling/spell-check-this@prerelease task: ${{ needs.spelling.outputs.followup }} experimental_apply_changes_via_bot: 1 - update: name: Update PR permissions: @@ -174,8 +151,7 @@ jobs: pull-requests: write actions: read runs-on: ubuntu-latest - if: ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request && - contains(github.event.comment.body, '@check-spelling-bot apply') }} + if: ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '@check-spelling-bot apply') }} concurrency: group: spelling-update-${{ github.event.issue.number }} cancel-in-progress: false @@ -186,3 +162,18 @@ jobs: experimental_apply_changes_via_bot: 1 checkout: true ssh_key: "${{ secrets.CHECK_SPELLING }}" + # https://github.com/marketplace/actions/alls-green#why + release-all-green: # This job does nothing and is only used for the branch protection + if: always() + needs: + - spelling + - comment-push + - comment-pr + - update + runs-on: ubuntu-latest + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@223e4bb7a751b91f43eda76992bcfbf23b8b0302 # v1.2.2 + with: + allowed-skips: comment-push, comment-pr, update + jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 000000000..ebd3952d1 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,40 @@ +--- +# SPDX-FileCopyrightText: GitHub, Inc. and contributors +# +# SPDX-License-Identifier: MIT +# + +name: Close stale issues and PRs + +on: # yamllint disable-line rule:truthy + schedule: + - cron: 45 1 * * * + +permissions: + checks: read + +jobs: + stale: + runs-on: ubuntu-latest + permissions: + contents: write # only for delete-branch option + issues: write + pull-requests: write + steps: + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + with: + stale-issue-message: This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. + stale-pr-message: This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days. + stale-issue-label: no-issue-activity + stale-pr-label: no-pr-activity + exempt-issue-labels: awaiting-approval,work-in-progress + exempt-pr-labels: awaiting-approval,work-in-progress + exempt-issue-milestones: future,alpha,beta + exempt-pr-milestones: bugfix,improvement + only-labels: awaiting-feedback,awaiting-answers + close-issue-message: This issue was closed because it has been stalled for 5 days with no activity. + close-pr-message: This PR was closed because it has been stalled for 10 days with no activity. + days-before-issue-stale: 30 + days-before-pr-stale: 45 + days-before-issue-close: 5 + days-before-pr-close: 10 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml deleted file mode 100644 index cb7b131a3..000000000 --- a/.github/workflows/triage-issues.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# SPDX-FileCopyrightText: Jürgen Mülbert -# -# SPDX-License-Identifier: EUPL-1.2 -# - -name: Triage Issues - -on: # yamllint disable-line rule:truthy - push: - branches-ignore: - - dependabot/** - issue_comment: - types: - - created - - edited - - schedule: - - cron: "0 0 * * *" - -permissions: - issues: write - pull-requests: write - -concurrency: - group: triage-issues - cancel-in-progress: ${{ github.event_name != 'issue_comment' }} - -jobs: - stale: - if: | - startsWith(github.repository, 'jmuelbert/') && - ( - !startsWith(github.event.repository.name, 'dependabot/') || - (github.event_name == 'schedule') || - ( - contains(github.event.issue.labels.*.name, 'stale') || - contains(github.event.pull_request.labels.*.name, 'stale') - ) - ) - runs-on: ubuntu-latest - steps: - - name: Mark or Close Stale Issues and Pull Requests - uses: actions/stale@v8 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - days-before-stale: 365 - days-before-close: 30 - stale-issue-message: | - This issue was automatically marked as deprecated because there has been no activity for quite some time. It will be closed if there is no further activity. - stale-pr-message: | - This pull request was automatically marked as deprecated because it hasn't had any activity in quite some time. It will be closed if there is no further activity. - exempt-issue-labels: "gsoc-outreachy, help wanted, in progress" - exempt-pr-labels: "gsoc-outreachy, help wanted, in progress" - - bump-pr-stale: - if: | - startsWith(github.repository, 'jmuelbert/') && - ( - !startsWith(github.event.repository.name, 'dependabot/') || - (github.event_name == 'schedule') || - ( - contains(github.event.issue.labels.*.name, 'stale') || - contains(github.event.pull_request.labels.*.name, 'stale') - ) - ) - runs-on: ubuntu-latest - steps: - - name: Mark or Close Stale `bump-pr` Pull Requests - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - days-before-stale: 365 - days-before-close: 30 - stale-pr-message: | - This pull request was automatically marked as deprecated because it hasn't had any activity in quite some time. It will be closed if there is no further activity. To keep this pull request open, add a 'help wanted' or 'in progress' label. exempt-pr-labels: "help wanted, in progress" - any-of-labels: "bump-pr" - - lock-threads: - if: startsWith(github.repository, 'jmuelbert/') && github.event_name != 'issue_comment' - runs-on: ubuntu-latest - - steps: - - name: Lock Outdated Threads - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - issue-inactive-days: 30 - add-issue-labels: outdated - pr-inactive-days: 30 - add-pr-labels: outdated diff --git a/.github/workflows/write-good.yml b/.github/workflows/write-good.yml deleted file mode 100644 index dec057469..000000000 --- a/.github/workflows/write-good.yml +++ /dev/null @@ -1,38 +0,0 @@ -# SPDX-FileCopyrightText: Tom Ross -# -# SPDX-License-Identifier: MIT -# -name: "Write good" -on: - push: - branches: [main, develop, release, improve_build-workflow] - pull_request: - # The branches below must be a subset of the branches above - types: [opened, synchronize, reopened] - -permissions: - contents: read -jobs: - write_good_job: - runs-on: ubuntu-latest - name: A job to lint Markdown files - permissions: - contents: read - pull-requests: write - steps: - - name: "🧰 Checkout Source Code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: write-good action step - id: write-good - uses: tomwhross/write-good-action@5897a4ff597390bd521c5c3a6c062bf96147a341 # v1.6 - # Use the output from the `write-good` step - - name: Get the write-good output - run: echo "${{ steps.write-good.outputs.result }}" - - name: Post comment - uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1 - if: ${{ steps.write-good.outputs.result }} - with: - message: | - ${{ steps.write-good.outputs.result }} - repo-token: ${{ secrets.GITHUB_TOKEN }} - allow-repeats: false # This is the default diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 000000000..cb084cd6a --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,20 @@ + +title = "gitleaks config" + +[extend] +# useDefault will extend the base configuration with the default gitleaks config: +# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml +useDefault = true + +[allowlist] +description = "Allowlisted files" +paths = [ + '''.automation/test''', + '''megalinter-reports''', + '''.github/linters''', + '''node_modules''', + '''.mypy_cache''', + '''(.*?)gitleaks\.toml$''', + '''(?i)(.*?)(png|jpeg|jpg|gif|doc|docx|pdf|bin|xls|xlsx|pyc|zip)$''', + '''(go.mod|go.sum)$''', +] diff --git a/.gitlint b/.gitlint new file mode 100644 index 000000000..cf98b6c08 --- /dev/null +++ b/.gitlint @@ -0,0 +1,30 @@ +[general] +verbosity=2 +ignore-merge-commits=true +ignore-revert-commits=true +ignore-squash-commits=true +ignore-fixup-commits=true +ignore-stdin=true +ignore=body-is-missing + +[title-max-length] +line-length=80 +[title-min-length] +min-length=10 + +[title-must-not-contain-word] +words= + +[title-match-regex] +regex=^\[(wip|dev|test|doc|fix|feat|style|refact|error)\]\s[A-Z].*$ + +[ignore-by-title] +regex=^Release(.*) + +[body-max-line-length] +line-length=512 +[body-min-length] +min-length=10 + +[author-valid-email] +regex=[^@]+@gmail.com diff --git a/.grype.yaml b/.grype.yaml new file mode 100644 index 000000000..60c9f8ebe --- /dev/null +++ b/.grype.yaml @@ -0,0 +1,150 @@ +# enable/disable checking for application updates on startup +# same as GRYPE_CHECK_FOR_APP_UPDATE env var +# check-for-app-update: true + +# allows users to specify which image source should be used to generate the sbom +# valid values are: registry, docker, podman +# same as GRYPE_DEFAULT_IMAGE_PULL_SOURCE env var +# default-image-pull-source: "" + +# same as --name; set the name of the target being analyzed +# name: "" + +# upon scanning, if a severity is found at or above the given severity then the return code will be 1 +# default is unset which will skip this validation (options: negligible, low, medium, high, critical) +# same as --fail-on ; GRYPE_FAIL_ON_SEVERITY env var +fail-on-severity: high + +# the output format of the vulnerability report (options: table, json, cyclonedx) +# same as -o ; GRYPE_OUTPUT env var +# output: "table" + +# suppress all output (except for the vulnerability list) +# same as -q ; GRYPE_QUIET env var +# quiet: false + +# write output report to a file (default is to write to stdout) +# same as --file; GRYPE_FILE env var +# file: "" + +# a list of globs to exclude from scanning, for example: +# exclude: +# - '/etc/**' +# - './out/**/*.json' +# same as --exclude ; GRYPE_EXCLUDE env var +# exclude: [] + +# os and/or architecture to use when referencing container images (e.g. "windows/armv6" or "arm64") +# same as --platform; GRYPE_PLATFORM env var +# platform: "" + +# If using SBOM input, automatically generate CPEs when packages have none +# add-cpes-if-none: false + +# Explicitly specify a linux distribution to use as : like alpine:3.10 +# distro: + +# external-sources: +# enable: false +# maven: +# search-upstream-by-sha1: true +# base-url: https://search.maven.org/solrsearch/select + +# db: +# check for database updates on execution +# same as GRYPE_DB_AUTO_UPDATE env var +# auto-update: true + +# location to write the vulnerability database cache +# same as GRYPE_DB_CACHE_DIR env var +# cache-dir: "$XDG_CACHE_HOME/grype/db" + +# URL of the vulnerability database +# same as GRYPE_DB_UPDATE_URL env var +# update-url: "https://toolbox-data.anchore.io/grype/databases/listing.json" + +# it ensures db build is no older than the max-allowed-built-age +# set to false to disable check +# validate-age: true + +# Max allowed age for vulnerability database, +# age being the time since it was built +# Default max age is 120h (or five days) +# max-allowed-built-age: "120h" + +# search: +# the search space to look for packages (options: all-layers, squashed) +# same as -s ; GRYPE_SEARCH_SCOPE env var +# scope: "squashed" + +# search within archives that do contain a file index to search against (zip) +# note: for now this only applies to the java package cataloger +# same as GRYPE_PACKAGE_SEARCH_INDEXED_ARCHIVES env var +# indexed-archives: true + +# search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) +# note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed +# note: for now this only applies to the java package cataloger +# same as GRYPE_PACKAGE_SEARCH_UNINDEXED_ARCHIVES env var +# unindexed-archives: false + +# options when pulling directly from a registry via the "registry:" scheme +# registry: +# skip TLS verification when communicating with the registry +# same as GRYPE_REGISTRY_INSECURE_SKIP_TLS_VERIFY env var +# insecure-skip-tls-verify: false +# use http instead of https when connecting to the registry +# same as GRYPE_REGISTRY_INSECURE_USE_HTTP env var +# insecure-use-http: false + +# credentials for specific registries +# auth: +# - # the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) +# same as GRYPE_REGISTRY_AUTH_AUTHORITY env var +# authority: "" +# same as GRYPE_REGISTRY_AUTH_USERNAME env var +# username: "" +# same as GRYPE_REGISTRY_AUTH_PASSWORD env var +# password: "" +# note: token and username/password are mutually exclusive +# same as GRYPE_REGISTRY_AUTH_TOKEN env var +# token: "" +# - ... # note, more credentials can be provided via config file only + +# log: +# use structured logging +# same as GRYPE_LOG_STRUCTURED env var +# structured: false + +# the log level; note: detailed logging suppress the ETUI +# same as GRYPE_LOG_LEVEL env var +# Uses logrus logging levels: https://github.com/sirupsen/logrus#level-logging +# level: "error" + +# location to write the log file (default is not to have a log file) +# same as GRYPE_LOG_FILE env var +# file: "" + +# match: +# sets the matchers below to use cpes when trying to find +# vulnerability matches. The stock matcher is the default +# when no primary matcher can be identified +# java: +# using-cpes: true +# python: +# using-cpes: true +# javascript: +# using-cpes: true +# ruby: +# using-cpes: true +# dotnet: +# using-cpes: true +# golang: +# using-cpes: true +# stock: +# using-cpes: true + +ignore: + # Ignored by default; disputed and unwarranted CVE that causes Megalinter to fail + # @link https://nvd.nist.gov/vuln/detail/CVE-2018-20225 + - vulnerability: CVE-2018-20225 diff --git a/.hadolint.yml b/.hadolint.yml new file mode 100644 index 000000000..4c6227775 --- /dev/null +++ b/.hadolint.yml @@ -0,0 +1,6 @@ +--- +########################## +## Hadolint config file ## +########################## +ignored: + - DL3018 diff --git a/.markdown-link-check.json b/.markdown-link-check.json new file mode 100644 index 000000000..00bcdf48a --- /dev/null +++ b/.markdown-link-check.json @@ -0,0 +1,5 @@ +{ + "retryOn429": true, + "retryCount": 5, + "aliveStatusCodes": [ 200, 203 ] +} diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 000000000..7a4539646 --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,167 @@ +{ + "default": true, + "first-header-h1": true, + "header-style": { + "style": "atx" + }, + "ul-style": { + "style": "dash" + }, + "ul-indent": { + "indent": 4 + }, + "list-marker-space": { + "ul-single": 3, + "ul-multi": 3 + }, + "no-trailing-spaces": false, + "line-length": false, + "no-duplicate-header": { + "allow_different_nesting": true + }, + "no-trailing-punctuation": { + "punctuation": ".,;:!。,;:!?" + }, + "ol-prefix": { + "style": "one" + }, + "no-inline-html": false, + "hr-style": { + "style": "---" + }, + "no-emphasis-as-heading": false, + "first-line-h1": false, + "code-block-style": { + "style": "fenced" + }, + "code-fence-style": { + "style": "backtick" + }, + "fenced-code-language": { + "allowed_languages": [ + "bash", + "html", + "javascript", + "json", + "markdown", + "text" + ], + "language_only": true + }, + "proper-names": { + "names": [ + "Alertmanager", + "API", + "Astro", + "Auth0", + "Azure", + "Bamboo", + "Bash", + "Bitbucket", + "Bugzilla", + "CAS", + "CentOS", + "Consul", + "Debian", + "DevOps", + "Docker", + "DockerSlim", + "Elasticsearch", + "fastlane", + "GDK", + "Geo", + "Git LFS", + "git-annex", + "Git", + "GitHub", + "GitLab Geo", + "GitLab Monitor", + "GitLab Operator", + "GitLab Pages", + "GitLab Rails", + "GitLab Runner", + "GitLab Shell", + "GitLab Workhorse", + "GitLab", + "Gitleaks", + "Gmail", + "Google", + "Grafana", + "Gzip", + "Helm", + "HipChat", + "ID", + "Ingress", + "jasmine-jquery", + "JavaScript", + "Jaeger", + "Jenkins", + "Jira", + "Jira Cloud", + "Jira Server", + "jQuery", + "JSON", + "JupyterHub", + "Karma", + "Kerberos", + "Kubernetes", + "LDAP", + "Let's Encrypt", + "Markdown", + "markdown-link-check", + "markdownlint", + "Mattermost", + "Microsoft", + "Minikube", + "MinIO", + "ModSecurity", + "NGINX Ingress", + "NGINX", + "OAuth", + "OAuth 2", + "OmniAuth", + "Omnibus GitLab", + "OpenID", + "OpenShift", + "PgBouncer", + "PostgreSQL", + "PowerShell", + "Praefect", + "Prometheus", + "Puma", + "puma-worker-killer", + "Python", + "Rake", + "Redis", + "Redmine", + "reCAPTCHA", + "Ruby", + "runit", + "Salesforce", + "SAML", + "Sentry", + "Shibboleth", + "Slack", + "SMTP", + "SpotBugs", + "SSH", + "Tiller", + "TOML", + "Trello", + "Trello Power-Ups", + "TypeScript", + "Twitter", + "Ubuntu", + "Ultra Auth", + "Unicorn", + "unicorn-worker-killer", + "URL", + "WebdriverIO", + "Xcode", + "YAML", + "YouTrack", + "ZSH" + ] + }, + "code_blocks": false +} diff --git a/.markdownlint.yml b/.markdownlint.yml deleted file mode 100644 index 8dcc58d81..000000000 --- a/.markdownlint.yml +++ /dev/null @@ -1,145 +0,0 @@ ---- -# Base Markdownlint configuration -# Extended Markdownlint configuration in doc/.markdownlint/ -'default': true -'first-header-h1': true -'header-style': - 'style': atx -'ul-style': - 'style': dash -'no-trailing-spaces': false -'line-length': false -'no-duplicate-header': - 'allow_different_nesting': true -'no-trailing-punctuation': - 'punctuation': .,;:!。,;:!? -'ol-prefix': - 'style': one -'no-inline-html': false -'hr-style': - 'style': --- -'no-emphasis-as-heading': false -'first-line-h1': false -'code-block-style': - 'style': fenced -'code-fence-style': - 'style': backtick -'fenced-code-language': - 'allowed_languages': [bash, html, javascript, json, markdown, text] - 'language_only': true -'proper-names': - 'names': - [ - Alertmanager, - API, - Astro, - Auth0, - Azure, - Bamboo, - Bash, - Bitbucket, - Bugzilla, - CAS, - CentOS, - Consul, - Debian, - DevOps, - Docker, - DockerSlim, - Elasticsearch, - fastlane, - GDK, - Geo, - Git LFS, - git-annex, - Git, - GitHub, - GitLab Geo, - GitLab Monitor, - GitLab Operator, - GitLab Pages, - GitLab Rails, - GitLab Runner, - GitLab Shell, - GitLab Workhorse, - GitLab, - Gitleaks, - Gmail, - Google, - Grafana, - Gzip, - Helm, - HipChat, - ID, - Ingress, - jasmine-jquery, - JavaScript, - Jaeger, - Jenkins, - Jira, - Jira Cloud, - Jira Server, - jQuery, - JSON, - JupyterHub, - Karma, - Kerberos, - Kubernetes, - LDAP, - Let's Encrypt, - Markdown, - markdown-link-check, - markdownlint, - Mattermost, - Microsoft, - Minikube, - MinIO, - ModSecurity, - NGINX Ingress, - NGINX, - OAuth, - OAuth 2, - OmniAuth, - Omnibus GitLab, - OpenID, - OpenShift, - PgBouncer, - PostgreSQL, - PowerShell, - Praefect, - Prometheus, - Puma, - puma-worker-killer, - Python, - Rake, - Redis, - Redmine, - reCAPTCHA, - Ruby, - runit, - Salesforce, - SAML, - Sentry, - Shibboleth, - Slack, - SMTP, - SpotBugs, - SSH, - Tiller, - TOML, - Trello, - Trello Power-Ups, - TypeScript, - Twitter, - Ubuntu, - Ultra Auth, - Unicorn, - unicorn-worker-killer, - URL, - WebdriverIO, - Xcode, - YAML, - YouTrack, - ZSH - ] - 'code_blocks': false diff --git a/.mega-linter.yml b/.mega-linter.yml index 99e3c6664..c7d937a00 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -1,4 +1,3 @@ ---- # Configuration file for MegaLinter # # See all available variables at https://megalinter.io/latest/configuration/ and in @@ -6,7 +5,6 @@ # all, none, or list of linter keys APPLY_FIXES: all - # If you use ENABLE variable, all other languages/formats/tooling-formats will # be disabled by default # ENABLE: @@ -16,20 +14,20 @@ APPLY_FIXES: all # ENABLE_LINTERS: DISABLE_LINTERS: - CSHARP_DOTNET_FORMAT - + - GHERKIN_GHERKIN_LINT + - REPOSITORY_SYFT # DISABLE: # - COPYPASTE # Uncomment to disable checks of excessive copy-pastes # - SPELL # Uncomment to disable checks of spelling mistakes - EDITORCONFIG_FILTER_REGEX_EXCLUDE: (LICENSE|LICENSES/|AUTHORS|\.github/PULL_REQUEST_TEMPLATE.md|\.github/actions/spelling/advice.md) +JSON_JSONLINT_FILTER_REGEX_EXCLUDE: (\.vscode/|\.devcontainer/devcontainer.json) JSON_V8R_FILTER_REGEX_EXCLUDE: (\.devcontainer/devcontainer.json|\.vscode/) -SPELL_CSPELL_FILTER_REGEX_EXCLUDE: (docs/de|docs/es|docs/it) -SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: (\.github/workflows/|\.github/actions/|docs/yarn.lock) +SPELL_CSPELL_FILTER_REGEX_EXCLUDE: (docs/de|docs/es|docs/it|LICENSE) +SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: (\.github/workflows/|\.github/actions/|docs/pnpm-lock.yaml) +SPELL_VALE_FILTER_REGEX_INCLUDE: (README.md|docs/astro.config.mjs|docs/src/content) MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (\.github/actions/spelling) -YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: (docs/yarn.lock) - +YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: (docs/pnpm-lock.yaml) SHOW_ELAPSED_TIME: true - FILEIO_REPORTER: false # Uncomment if you want MegaLinter to detect errors but not block CI to pass # DISABLE_ERRORS: true diff --git a/.npmpackagejsonlintrc.json b/.npmpackagejsonlintrc.json new file mode 100644 index 000000000..878d3def1 --- /dev/null +++ b/.npmpackagejsonlintrc.json @@ -0,0 +1,3 @@ +{ + "extends": "npm-package-json-lint-config-default" +} diff --git a/.npmrc b/.npmrc index 901b4e86a..b65c6b351 100644 --- a/.npmrc +++ b/.npmrc @@ -1,3 +1,6 @@ +# Important! Never install `astro` even when new version is in registry prefer-workspace-packages=true link-workspace-packages=true +save-workspace-protocol=false # This prevents the examples to have the `workspace:` prefix +auto-install-peers=false shell-emulator=true diff --git a/.prettierignore b/.prettierignore index 3fe514f12..31e537355 100644 --- a/.prettierignore +++ b/.prettierignore @@ -15,8 +15,10 @@ benchmark/results/ !packages/db/test/fixtures # Directories +.venv .github .changeset +megalinter-reports # Files pnpm-lock.yaml @@ -30,8 +32,5 @@ pnpm-lock.yaml **/*.mjs **/*.cjs -# Formatted by taplo -**/*.toml - # vale configs .github/styles/vale/** diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 000000000..c759a6cfc --- /dev/null +++ b/.pylintrc @@ -0,0 +1,597 @@ +[MASTER] + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +extension-pkg-whitelist= + +# Specify a score threshold to be exceeded before program exits with error. +fail-under=10.0 + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the blacklist. The +# regex matches against base names, not paths. +ignore-patterns=conanfile.py + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use. +jobs=1 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# List of plugins (as comma separated values of python module names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED. +confidence= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable=print-statement, + parameter-unpacking, + unpacking-in-except, + old-raise-syntax, + backtick, + long-suffix, + old-ne-operator, + old-octal-literal, + import-star-module-level, + non-ascii-bytes-literal, + raw-checker-failed, + bad-inline-option, + locally-disabled, + file-ignored, + suppressed-message, + useless-suppression, + deprecated-pragma, + use-symbolic-message-instead, + apply-builtin, + basestring-builtin, + buffer-builtin, + cmp-builtin, + coerce-builtin, + execfile-builtin, + file-builtin, + long-builtin, + raw_input-builtin, + reduce-builtin, + standarderror-builtin, + unicode-builtin, + xrange-builtin, + coerce-method, + delslice-method, + getslice-method, + setslice-method, + no-absolute-import, + old-division, + dict-iter-method, + dict-view-method, + next-method-called, + metaclass-assignment, + indexing-exception, + raising-string, + reload-builtin, + oct-method, + hex-method, + nonzero-method, + cmp-method, + input-builtin, + round-builtin, + intern-builtin, + unichr-builtin, + map-builtin-not-iterating, + zip-builtin-not-iterating, + range-builtin-not-iterating, + filter-builtin-not-iterating, + using-cmp-argument, + eq-without-hash, + div-method, + idiv-method, + rdiv-method, + exception-message-attribute, + invalid-str-codec, + sys-max-int, + bad-python3-import, + deprecated-string-function, + deprecated-str-translate-call, + deprecated-itertools-function, + deprecated-types-field, + next-method-defined, + dict-items-not-iterating, + dict-keys-not-iterating, + dict-values-not-iterating, + deprecated-operator-function, + deprecated-urllib-function, + xreadlines-attribute, + deprecated-sys-function, + exception-escape, + comprehension-escape, + consider-using-f-string, + useless-option-value, + unknown-option-value, + R0801,I1101,E0401 + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member= + + +[REPORTS] + +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'error', 'warning', 'refactor', and 'convention' +# which contain the number of messages in each category, as well as 'statement' +# which is the total number of statements analyzed. This score is used by the +# global evaluation report (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +#msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=6 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=camelCase + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=camelCase + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. +#class-attribute-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=camelCase + +# Regular expression matching correct constant names. Overrides const-naming- +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=camelCase + +# Regular expression matching correct function names. Overrides function- +# naming-style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs=^[a-z]?$ + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=any + +# Regular expression matching correct method names. Overrides method-naming- +# style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=any + +# Regular expression matching correct module names. Overrides module-naming- +# style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Naming style matching correct variable names. +variable-naming-style=camelCase + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. +#variable-rgx="[a-z0-9_]{1,30}$" + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=120 + +# Maximum number of lines in a module. +max-module-lines=1000 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[LOGGING] + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=old + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + +# Regular expression of note tags to take in consideration. +#notes-rgx= + + +[SIMILARITIES] + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=yes + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: en_AG (hunspell), en_AU +# (hunspell), en_BS (hunspell), en_BW (hunspell), en_BZ (hunspell), en_CA +# (hunspell), en_DK (hunspell), en_GB (hunspell), en_GH (hunspell), en_HK +# (hunspell), en_IE (hunspell), en_IN (hunspell), en_JM (hunspell), en_MW +# (hunspell), en_NA (hunspell), en_NG (hunspell), en_NZ (hunspell), en_PH +# (hunspell), en_SG (hunspell), en_TT (hunspell), en_US (hunspell), en_ZA +# (hunspell), en_ZM (hunspell), en_ZW (hunspell). +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains the private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +spelling-store-unknown-words=no + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis). It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +# List of decorators that change the signature of a decorated function. +signature-mutators= + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp, + __post_init__ + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=cls + + +[DESIGN] + +# Maximum number of arguments for function / method. +max-args=10 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=6 + +# Maximum number of branch for function / method body. +max-branches=15 + +# Maximum number of locals for function / method body. +max-locals=20 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules=optparse,tkinter.tix + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled). +ext-import-graph= + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled). +import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "BaseException, Exception". +overgeneral-exceptions=BaseException, + Exception diff --git a/.secretlintrc.json b/.secretlintrc.json new file mode 100644 index 000000000..5682c9451 --- /dev/null +++ b/.secretlintrc.json @@ -0,0 +1,7 @@ +{ + "rules": [ + { + "id": "@secretlint/secretlint-rule-preset-recommend" + } + ] + } diff --git a/.stylelintignore b/.stylelintignore new file mode 100644 index 000000000..aa9ce8193 --- /dev/null +++ b/.stylelintignore @@ -0,0 +1 @@ +src/jmbde/wwwroot diff --git a/.stylelintrc.json b/.stylelintrc.json index 01aef6519..40db42c66 100644 --- a/.stylelintrc.json +++ b/.stylelintrc.json @@ -1,3 +1,3 @@ { - "extends": "stylelint-config-standard-scss" + "extends": "stylelint-config-standard" } diff --git a/.yamllint.yaml b/.yamllint.yml similarity index 100% rename from .yamllint.yaml rename to .yamllint.yml diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 000000000..66a67517d --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,53 @@ +version = 1 +SPDX-PackageName = "jmbde-java" +SPDX-PackageSupplier = "" +SPDX-PackageDownloadLocation = "https://www.github.com/jmuelbert/jmbde-java" + +[reuse] +exclude = [ + "docs/node_modules/**", + "**/node_modules/**", + "**/bin", + "**/obj", + "**/result", +] + +[[annotations]] +path = ["**.java", "**.csproj"] +precedence = "aggregate" +SPDX-FileCopyrightText = "Jürgen Mülbert " +SPDX-License-Identifier = "EUPL-1.2" + +[[annotations]] +path = [ + "CHANGES", + "CONTRIBUTORS.txt", + "INSTALL.md", + "README.md", + "AUTHORS", + "docs/manual/style/**", + "docs/api/**.dox", + "docs/api/**.html", + "docs/man/**.pod", + "docs/**.pdf", +] +precedence = "aggregate" +SPDX-FileCopyrightText = "Jürgen Mülbert " +SPDX-License-Identifier = "CC-BY-SA-4.0" + +[[annotations]] +path = [ + ".checkov.yml", + ".devcontainer/.dockerignore", + ".devcontainer/devcontainer.json", + ".devskim.json", + ".codespellrc", + ".git-blame-ignore-revs", + ".gitattributes", + ".gitignore", + ".pre-commit-config.yaml", + ".github/**", +] +precedence = "aggregate" +SPDX-FileCopyrightText = "Jürgen Mülbert " +SPDX-License-Identifier = "BSD-3-Clause" diff --git a/biome.json b/biome.json index 9fe0cca1d..73e7034ed 100644 --- a/biome.json +++ b/biome.json @@ -2,7 +2,9 @@ "$schema": "https://biomejs.dev/schemas/1.7.1/schema.json", "files": { "ignore": [ + ".venv/**", "vendor", + "src/app/AnniversaryReminder/wwwroot/**", "**/{node_modules,dist,smoke,fixtures,vendor,.vercel,.mypy_cache,.github/styles/vale}/**" ], "include": ["tests/**", "src/**"] @@ -19,20 +21,8 @@ "benchmark/projects/", "benchmark/results/", ".changeset", - "**/pnpm-lock.yaml", - "**/package.json", - "*.astro", - "**/dist", - "**/build", - "**/smoke", - "**/node_modules", - "**/fixtures", - "**/vendor", - "**/.vercel", - "**/.github", - "**/.changeset", - "**/.mypy_cache/**", - ".github/styles/vale/**/*.{yml,yaml,json}" + "pnpm-lock.yaml", + "*.astro" ] }, "organizeImports": { @@ -94,7 +84,8 @@ "**/.github/", "**/.changeset/", "**/.mypy_cache/**", - ".github/styles/vale/**/*.{yml,yaml,json}" + ".github/styles/vale/**/*.{yml,yaml,json}", + "*.astro" ] }, "javascript": { diff --git a/cspell.config.yaml b/cspell.config.yaml index fae4a0fec..a019e3273 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -17,19 +17,32 @@ ignorePaths: - .devcontainer/.dockerignore - .git* - .prettierignore + - .codespellrc - CHANGELOG.md + - LICENSE + - license.txt - '**/{report,site,LICENSES,docs/about/EUPL-1.2.md}/**' - cspell.config.yaml - - .github/styles/vale/** + - '**/styles/vale/**' + - '**/nbproject/**' words: - jmuelbert - Jürgen + - juergen - Mülbert - - JMPlasterTemplates - - Astro - - astrojs + - muelbert + - apdisk + - donotpresent + - ehthumbs + - esktop + - fseventsd + - HSTS + - icns + - msix - NOLOGO - nupkg + - rarr + - maxNumberOfProblems: 1000 import: [] useGitignore: true @@ -97,6 +110,11 @@ dictionaryDefinitions: scope: - workspace path: ./.github/styles/config/vocabularies/cspell/github-actions.txt + - name: local-node + addWords: false + scope: + - workspace + path: ./.github/styles/config/vocabularies/cspell/node.txt dictionaries: - project-words - local-german @@ -105,6 +123,7 @@ dictionaries: - local-ruby - local-python - local-github-actions + - local-node - bash - companies - csharp diff --git a/eslint.config.js b/eslint.config.js new file mode 100644 index 000000000..b313d6921 --- /dev/null +++ b/eslint.config.js @@ -0,0 +1,55 @@ +// @ts-check +import { FlatCompat } from '@eslint/eslintrc' +import eslint from '@eslint/js' +import prettierConfig from 'eslint-config-prettier' +// plugins +import noOnlyTestsEslint from 'eslint-plugin-no-only-tests' +import regexpEslint from 'eslint-plugin-regexp' +import globals from 'globals' +import path from 'node:path' +import { fileURLToPath } from 'node:url' +import tseslint from 'typescript-eslint' + +const typescriptEslint = tseslint.plugin + +// parsers +const typescriptParser = tseslint.parser + +const __filename = fileURLToPath(import.meta.url) +const __dirname = path.dirname(__filename) + +// ref: +// https://eslint.org/docs/latest/use/configure/migration-guide#using-eslintrc-configs-in-flat-config +// mimic CommonJS variables -- not needed if using CommonJS +const compat = new FlatCompat({ baseDirectory: __dirname }) + +export default tseslint.config( + eslint.configs.recommended, + ...compat + .extends('plugin:regexp/recommended'), + ...tseslint.configs.recommendedTypeChecked, + ...tseslint.configs.stylisticTypeChecked, prettierConfig, { + languageOptions: { + parser: typescriptParser, + parserOptions: { + project: ['./tsconfig.eslint.json'], + tsconfigRootDir: __dirname + }, + globals: globals.browser + }, + plugins: { + '@typescript-eslint': typescriptEslint, + 'no-only-tests': noOnlyTestsEslint, + regexp: regexpEslint + } + }, + { + ignores: [ + '**/*.d.*', '**/*.map.*', 'packages/**/*.min.js', + 'packages/**/dist/', 'packages/**/fixtures/', + 'packages/astro/vendor/vite/', 'benchmark/**/dist/', + 'examples/', 'scripts/', 'megalinter-reports/', '.github/', + '.changeset/', '**/wwwroot/**/*.js', + 'eslint.config.js' // TODO: Remove an resolve the issues + ] + }) diff --git a/goodcheck.yml b/goodcheck.yml index 33af9b5e5..8c8c165db 100644 --- a/goodcheck.yml +++ b/goodcheck.yml @@ -1,14 +1,13 @@ ---- rules: # id, pattern, message are required attributes. - - id: com.github.jmuelbert.jmbde-macos + - id: com.github.jmuelbert.jmbde-java pattern: Github severity: warning message: Do you want to write GitHub? glob: - '**/*.rb' - '**/*.{yaml,yml}' - - 'public/**/*.html' + - public/**/*.html fail: - Signup via GitHub pass: diff --git a/tsconfig.eslint.json b/tsconfig.eslint.json new file mode 100644 index 000000000..7f344f315 --- /dev/null +++ b/tsconfig.eslint.json @@ -0,0 +1,4 @@ +{ + "extends": "./tsconfig.json", + "exclude": ["node_modules", "dist", "src/app/AnniversaryReminder/wwwroot"] +} diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 000000000..bad263dac --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,11 @@ +{ + "extends": "astro/tsconfigs/strict", + "exclude": [ + "**/dist/**", + "**/__coverage__/**" + ], + "include": [ + "./*.js*", + "docs/**/*" + ], +}