chore(ci): Use GitHub Actions, Dependabot (#10)

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+    - package-ecosystem: npm
+      directory: "/"
+      schedule:
+          interval: daily
+      open-pull-requests-limit: 10
+      versioning-strategy: increase
+    - package-ecosystem: "github-actions"
+      directory: "/"
+      schedule:
+          interval: daily

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+    push:
+        branches: [master]
+    pull_request:
+        # The branches below must be a subset of the branches above
+        branches: [master]
+    schedule:
+        - cron: "0 7 * * 0"
+
+jobs:
+    CodeQL-Build:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+              with:
+                  # We must fetch at least the immediate parents so that if this is
+                  # a pull request then we can checkout the head.
+                  fetch-depth: 2
+
+            # If this run was triggered by a pull request event, then checkout
+            # the head of the pull request instead of the merge commit.
+            - run: git checkout HEAD^2
+              if: ${{ github.event_name == 'pull_request' }}
+
+            # Initializes the CodeQL tools for scanning.
+            - name: Initialize CodeQL
+              uses: github/codeql-action/init@v1
+              # Override language selection by uncommenting this and choosing your languages
+              # with:
+              #   languages: go, javascript, csharp, python, cpp, java
+            # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+            # If this step fails, then you should remove it and run the build manually (see below)
+            - name: Autobuild
+              uses: github/codeql-action/autobuild@v1
+
+            # ℹ️ Command-line programs to run using the OS shell.
+            # 📚 https://git.io/JvXDl
+
+            # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+            #    and modify them (or add more) to build your code if your project
+            #    uses a compiled language
+
+            #- run: |
+            #   make bootstrap
+            #   make release
+
+            - name: Perform CodeQL Analysis
+              uses: github/codeql-action/analyze@v1

.github/workflows/dependabot-automerge.yml

@@ -0,0 +1,28 @@
+# Based on https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
+name: Dependabot auto-merge
+on: pull_request_target
+
+permissions:
+    pull-requests: write
+    contents: write
+
+jobs:
+    dependabot:
+        runs-on: ubuntu-latest
+        if: ${{ github.actor == 'dependabot[bot]' }}
+        steps:
+            - name: Dependabot metadata
+              id: metadata
+              uses: dependabot/fetch-metadata@v1.1.1
+              with:
+                  github-token: "${{ secrets.GITHUB_TOKEN }}"
+            - name: Enable auto-merge for Dependabot PRs
+              # Automatically merge semver-patch and semver-minor PRs
+              if: "${{ steps.metadata.outputs.update-type ==
+                  'version-update:semver-minor' ||
+                  steps.metadata.outputs.update-type ==
+                  'version-update:semver-patch' }}"
+              run: gh pr merge --auto --squash "$PR_URL"
+              env:
+                  PR_URL: ${{github.event.pull_request.html_url}}
+                  GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/nodejs-test.yml

@@ -0,0 +1,57 @@
+name: Node.js CI
+
+on: [push, pull_request]
+
+env:
+    CI: true
+    FORCE_COLOR: 2
+    NODE_COV: 16 # The Node.js version to run coveralls on
+
+jobs:
+    lint:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+            - uses: actions/setup-node@v2
+              with:
+                  node-version: 16
+                  cache: npm
+            - run: npm ci
+            - run: npm run lint
+
+    test:
+        name: Node ${{ matrix.node }}
+        runs-on: ubuntu-latest
+
+        strategy:
+            fail-fast: false
+            matrix:
+                node:
+                    - 10
+                    - 12
+                    - 14
+                    - 16
+
+        steps:
+            - uses: actions/checkout@v2
+            - name: Use Node.js ${{ matrix.node }}
+              uses: actions/setup-node@v2
+              with:
+                  node-version: ${{ matrix.node }}
+                  cache: npm
+            - run: npm ci
+            - run: npm run build --if-present
+
+            - name: Run Jest
+              run: npm run test:jest
+              if: matrix.node != env.NODE_COV
+
+            - name: Run Jest with coverage
+              run: npm run test:jest -- --coverage
+              if: matrix.node == env.NODE_COV
+
+            - name: Run Coveralls
+              uses: coverallsapp/github-action@master
+              if: matrix.node == env.NODE_COV
+              with:
+                  github-token: "${{ secrets.GITHUB_TOKEN }}"

package.json

@@ -17,8 +17,8 @@
         "lib/**/*"
     ],
     "scripts": {
-        "test": "jest --coverage && npm run lint",
-        "coverage": "cat coverage/lcov.info | coveralls",
+        "test": "npm run test:jest && npm run lint",
+        "test:jest": "jest",
         "lint": "npm run lint:es && npm run lint:prettier",
         "lint:es": "eslint .",
         "lint:prettier": "npm run prettier -- --check",