diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 86686206..f80bec44 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,13 +34,25 @@ on: # yamllint disable-line rule:truthy jobs: analyze: - name: Analyze + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources + # for possible analysis time improvements. runs-on: - ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + ${{ (matrix.language == 'swift' && 'macos-14') || 'ubuntu-24.04' }} permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories actions: read contents: read - security-events: write strategy: fail-fast: false diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 2a3b5f17..cd46d67f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -18,7 +18,7 @@ jobs: build: name: "Build Docker images" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 @@ -73,7 +73,7 @@ jobs: lint: name: "Run in docker: LINT" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: build steps: - name: Download artifact @@ -93,7 +93,7 @@ jobs: test: name: "Run in docker: TEST" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: build steps: - name: Download artifact @@ -113,7 +113,7 @@ jobs: security: name: "Snyk Container" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: build permissions: actions: read @@ -160,7 +160,7 @@ jobs: sarif_file: 'snyk.sarif' scan: name: "Trivy" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: build permissions: actions: read diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 942271eb..0a62546d 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -32,7 +32,13 @@ on: # yamllint disable-line rule:truthy jobs: eslint: name: Run eslint scanning - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: ["ubuntu-24.04", "macos-14", "windows-2022"] + node-version: [18.x, 20.x, 22.x] + # See supported Node.js release schedule + # at https://nodejs.org/en/about/releases/ permissions: contents: read security-events: write diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 0870c98f..914e00c2 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -20,7 +20,7 @@ on: # yamllint disable-line rule:truthy jobs: scan: name: gitleaks - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml index 2a73909a..1b47c9ae 100644 --- a/.github/workflows/markdown-lint.yml +++ b/.github/workflows/markdown-lint.yml @@ -1,5 +1,4 @@ --- - name: Markdown Lint on: # yamllint disable-line rule:truthy @@ -10,19 +9,27 @@ on: # yamllint disable-line rule:truthy branches: ["main"] workflow_dispatch: +permissions: read-all + jobs: - lint: + markdownlint: name: Markdown Lint - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 + + strategy: + matrix: + node-version: [22.x] + # See supported Node.js release schedule + # at https://nodejs.org/en/about/releases/ steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Set up Node.js + - name: Set up Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: - node-version: 22.x + node-version: ${{ matrix.node-version }} - name: Install dependencies run: npm install -g markdownlint-cli diff --git a/.github/workflows/node-coverage.js.yml b/.github/workflows/node-coverage.js.yml index 1ad76f5b..fc189940 100644 --- a/.github/workflows/node-coverage.js.yml +++ b/.github/workflows/node-coverage.js.yml @@ -11,8 +11,9 @@ on: # yamllint disable-line rule:truthy workflow_dispatch: jobs: - build: - runs-on: ubuntu-latest + coverage: + name: NodeJS CI Coverage + runs-on: ubuntu-24.04 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 @@ -27,9 +28,6 @@ jobs: - name: Install dependencies run: npm ci --verbose - - name: Lint - run: npm run lint - - name: Run the tests run: npm run jest:ci -- --coverage diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index c4be0780..dba51cf2 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -1,5 +1,4 @@ --- - name: Node.js CI Tests on: # yamllint disable-line rule:truthy @@ -12,14 +11,11 @@ on: # yamllint disable-line rule:truthy jobs: build: - runs-on: ubuntu-latest + name: NodeJS Jest CI Test + runs-on: ${{ matrix.os }} strategy: matrix: - os: [ - "windows-latest", - "ubuntu-latest", - "macOS-latest" - ] + os: ["ubuntu-24.04", "macos-14", "windows-2022"] node-version: [18.x, 20.x, 22.x] # See supported Node.js release schedule # at https://nodejs.org/en/about/releases/ @@ -36,8 +32,5 @@ jobs: - name: Install dependencies run: npm ci --verbose - - name: Lint - run: npm run lint - - name: Run the tests run: npm run jest:ci diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml index b73e4b23..731ea612 100644 --- a/.github/workflows/snyk-code.yml +++ b/.github/workflows/snyk-code.yml @@ -13,7 +13,7 @@ on: # yamllint disable-line rule:truthy jobs: security: name: Snyk Open Source (Node.js) - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: actions: read contents: read diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml index 95521bc3..9cb9e0b3 100644 --- a/.github/workflows/yamllint.yml +++ b/.github/workflows/yamllint.yml @@ -1,5 +1,4 @@ --- - name: YAML lint on: # yamllint disable-line rule:truthy @@ -12,7 +11,8 @@ on: # yamllint disable-line rule:truthy jobs: lint: - runs-on: ubuntu-latest + name: YAML lint + runs-on: ubuntu-24.04 steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 diff --git a/package-lock.json b/package-lock.json index 5dff0309..b2cb9b8f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,6 +22,7 @@ "@types/eslint__js": "^8.42.3", "@types/jest": "^29.5.5", "@typescript-eslint/eslint-plugin": "^8.5.0", + "cross-env": "^7.0.3", "eslint": "^8.57.1", "eslint-config-airbnb-base": "^15.0.0", "eslint-config-prettier": "^9.0.0", @@ -2667,11 +2668,31 @@ "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==", "dev": true }, - "node_modules/cross-spawn": { + "node_modules/cross-env": { "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "resolved": "https://registry.npmjs.org/cross-env/-/cross-env-7.0.3.tgz", + "integrity": "sha512-+/HKd6EgcQCJGh2PSjZuUitQBQynKor4wrFbRg4DtAgS1aWO+gU52xpH7M9ScGgXSYmAVS9bIJ8EzuaGw0oNAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.1" + }, + "bin": { + "cross-env": "src/bin/cross-env.js", + "cross-env-shell": "src/bin/cross-env-shell.js" + }, + "engines": { + "node": ">=10.14", + "npm": ">=6", + "yarn": ">=1" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/package.json b/package.json index f56c363d..8f13fdae 100644 --- a/package.json +++ b/package.json @@ -20,6 +20,7 @@ "@types/eslint__js": "^8.42.3", "@types/jest": "^29.5.5", "@typescript-eslint/eslint-plugin": "^8.5.0", + "cross-env": "^7.0.3", "eslint": "^8.57.1", "eslint-config-airbnb-base": "^15.0.0", "eslint-config-prettier": "^9.0.0", @@ -36,13 +37,13 @@ "scripts": { "build": "tsc -p tsconfig.prod.json", "start": "npm run test", - "lint": "npx --yes eslint --env-info; npx --yes eslint . --color --max-warnings=0 && echo '✔ Your code looks good.'", - "jest:ci": "node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", - "jest:clean": "npx --yes jest --clearCache && npx --yes watchman watch-del-all", - "jest:bruteforce": "BRUTEFORCE=true node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", - "jest:watch": "node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug --watchAll", - "style:format": "npx --yes prettier --write 'src/**/*.ts'", - "style:check": "npx --yes prettier --check 'src/**/*.ts'", + "lint": "npx eslint --env-info; npx eslint . --color --max-warnings=0 && echo '✔ Your code looks good.'", + "jest:ci": "cross-env NODE_OPTIONS=--experimental-vm-modules npx jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", + "jest:clean": "npx jest --clearCache && npx watchman watch-del-all", + "jest:bruteforce": "cross-env BRUTEFORCE=true NODE_OPTIONS=--experimental-vm-modules npx jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", + "jest:watch": "cross-env NODE_OPTIONS=--experimental-vm-modules npx jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug --watchAll", + "style:format": "npx prettier --write 'src/**/*.ts'", + "style:check": "npx prettier --check 'src/**/*.ts'", "test": "jest", "update-all": "npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)" }