diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..dc8bd2c6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + versioning-strategy: increase + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..646e1e1d --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,52 @@ +name: "Code scanning - action" + +on: + push: + branches: [master] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] + schedule: + - cron: "0 7 * * 0" + +jobs: + CodeQL-Build: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + # Override language selection by uncommenting this and choosing your languages + # with: + # languages: go, javascript, csharp, python, cpp, java + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml new file mode 100644 index 00000000..3cb0664f --- /dev/null +++ b/.github/workflows/dependabot-automerge.yml @@ -0,0 +1,28 @@ +# Based on https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request +name: Dependabot auto-merge +on: pull_request_target + +permissions: + pull-requests: write + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs + # Automatically merge semver-patch and semver-minor PRs + if: "${{ steps.metadata.outputs.update-type == + 'version-update:semver-minor' || + steps.metadata.outputs.update-type == + 'version-update:semver-patch' }}" + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/nodejs-test.yml b/.github/workflows/nodejs-test.yml new file mode 100644 index 00000000..f330fb40 --- /dev/null +++ b/.github/workflows/nodejs-test.yml @@ -0,0 +1,57 @@ +name: Node.js CI + +on: [push, pull_request] + +env: + CI: true + FORCE_COLOR: 2 + NODE_COV: 16 # The Node.js version to run coveralls on + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: 16 + cache: npm + - run: npm ci + - run: npm run lint + + test: + name: Node ${{ matrix.node }} + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + node: + - 10 + - 12 + - 14 + - 16 + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node }} + uses: actions/setup-node@v2 + with: + node-version: ${{ matrix.node }} + cache: npm + - run: npm ci + - run: npm run build --if-present + + - name: Run Jest + run: npm run test:jest + if: matrix.node != env.NODE_COV + + - name: Run Jest with coverage + run: npm run test:jest -- --coverage + if: matrix.node == env.NODE_COV + + - name: Run Coveralls + uses: coverallsapp/github-action@master + if: matrix.node == env.NODE_COV + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 4a44a5c8..00000000 --- a/.travis.yml +++ /dev/null @@ -1,6 +0,0 @@ -language: node_js -arch: - - amd64 - - ppc64le -node_js: - - lts/* diff --git a/package.json b/package.json index a410c951..bccefe74 100644 --- a/package.json +++ b/package.json @@ -17,8 +17,8 @@ "lib/**/*" ], "scripts": { - "test": "jest --coverage && npm run lint", - "coverage": "cat coverage/lcov.info | coveralls", + "test": "npm run test:jest && npm run lint", + "test:jest": "jest", "lint": "npm run lint:es && npm run lint:prettier", "lint:es": "eslint .", "lint:prettier": "npm run prettier -- --check",