diff --git a/.github/actions/setup-environment/action.yml b/.github/actions/setup-environment/action.yml new file mode 100644 index 0000000..e9f14b5 --- /dev/null +++ b/.github/actions/setup-environment/action.yml @@ -0,0 +1,30 @@ +name: Setup Environment +description: Setup Bun and install dependencies with caching + +runs: + using: composite + steps: + - name: Setup Bun + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 + + - name: Restore dependences cache + uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + id: restore-bun-dependences-cache + with: + path: node_modules + key: ${{ runner.os }}-bun-dependences-${{ hashFiles('**/bun.lock') }} + + - name: Install dependencies + # Install only if cache is not matched. + if: ${{ !contains(steps.restore-bun-dependences-cache.outputs.cache-matched-key, steps.restore-bun-dependences-cache.outputs.cache-primary-key) }} + run: bun install --frozen-lockfile + shell: bash + + - name: Save dependences cache + # Execute cache by default branch only. + if: ${{ github.ref_name == github.event.repository.default_branch && !contains(steps.restore-bun-dependences-cache.outputs.cache-matched-key, steps.restore-bun-dependences-cache.outputs.cache-primary-key) }} + uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + id: save-dependences-cache + with: + path: node_modules + key: ${{ runner.os }}-bun-dependences-${{ hashFiles('**/bun.lock') }} diff --git a/.github/codecov.yml b/.github/codecov.yml new file mode 100644 index 0000000..cdbc90f --- /dev/null +++ b/.github/codecov.yml @@ -0,0 +1,30 @@ +# Codecov configuration for safe-formdata +# This project requires 100% test coverage + +coverage: + precision: 2 + round: down + range: "100...100" + + status: + project: + default: + target: 100% + threshold: 0% + if_ci_failed: error + + patch: + default: + target: 100% + threshold: 0% + if_ci_failed: error + +comment: + layout: "header, diff, flags, components" + behavior: default + require_changes: false + require_base: false + require_head: true + +github_checks: + annotations: true diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..14fd7db --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,22 @@ +changelog: + exclude: + labels: + - "ignore for release" + + categories: + - title: Security Fixes + labels: ["Type: Security", "security"] + - title: Breaking Changes + labels: ["Type: Breaking Change"] + - title: Features + labels: ["Type: Feature"] + - title: Bug Fixes + labels: ["Type: Bug"] + - title: Documentation + labels: ["Type: Documentation"] + - title: CI + labels: ["Type: CI"] + - title: Dependency Updates + labels: ["Type: Dependencies", "dependencies"] + - title: Other Changes + labels: ["*"] diff --git a/.github/workflows/assign.yml b/.github/workflows/assign.yml new file mode 100644 index 0000000..8505d7a --- /dev/null +++ b/.github/workflows/assign.yml @@ -0,0 +1,30 @@ +name: Auto Assign +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: + pull_request: + types: [opened, reopened, ready_for_review] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} + cancel-in-progress: true + +defaults: + run: + shell: bash + +jobs: + assign: + runs-on: ubuntu-slim + timeout-minutes: 2 + permissions: + pull-requests: write + steps: + - name: Assign PR to author if no assignees + if: ${{ github.event.pull_request.user.type != 'Bot' && toJSON(github.event.pull_request.assignees) == '[]' }} + run: gh pr edit $NUMBER --add-assignee $ASSIGNEE + env: + GH_TOKEN: ${{ github.token }} + GH_REPO: ${{ github.repository }} + NUMBER: ${{ github.event.pull_request.number }} + ASSIGNEE: ${{ github.event.pull_request.user.login }} diff --git a/.github/workflows/call-dependency-review.yml b/.github/workflows/call-dependency-review.yml new file mode 100644 index 0000000..e0209f2 --- /dev/null +++ b/.github/workflows/call-dependency-review.yml @@ -0,0 +1,30 @@ +name: Dependency Review (workflow_call) +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: workflow_call + +permissions: + contents: read + pull-requests: write + +defaults: + run: + shell: bash + +jobs: + dependency-review: + name: Review Dependencies + runs-on: ubuntu-slim + timeout-minutes: 2 + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Dependency Review + uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 + with: + deny-licenses: GPL-2.0, GPL-3.0 + fail-on-severity: moderate + comment-summary-in-pr: always diff --git a/.github/workflows/call-export-validation.yml b/.github/workflows/call-export-validation.yml new file mode 100644 index 0000000..8d40d2e --- /dev/null +++ b/.github/workflows/call-export-validation.yml @@ -0,0 +1,35 @@ +name: Export Validation (workflow_call) +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: workflow_call + +defaults: + run: + shell: bash + +jobs: + export-validation: + name: Export Validation + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Initialize + uses: ./.github/actions/setup-environment + + - name: Build package + run: bun run build + + - name: Verify build outputs + run: | + test -f dist/index.js || (echo "dist/index.js not found" && exit 1) + test -f dist/index.js.map || (echo "dist/index.js.map not found" && exit 1) + test -f dist/index.d.ts || (echo "dist/index.d.ts not found" && exit 1) + echo "Build verification successful" + + - name: Validate exports + run: bun run check:package diff --git a/.github/workflows/call-lint-format.yml b/.github/workflows/call-lint-format.yml new file mode 100644 index 0000000..4911720 --- /dev/null +++ b/.github/workflows/call-lint-format.yml @@ -0,0 +1,25 @@ +name: Lint & Format Check (workflow_call) +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: workflow_call + +defaults: + run: + shell: bash + +jobs: + lint-format: + name: Lint & Format Check + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Initialize + uses: ./.github/actions/setup-environment + + - name: Run Lint & Format Check + run: bun run check:source diff --git a/.github/workflows/call-test.yml b/.github/workflows/call-test.yml new file mode 100644 index 0000000..3cd0dc7 --- /dev/null +++ b/.github/workflows/call-test.yml @@ -0,0 +1,36 @@ +name: Test (workflow_call) +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: + workflow_call: + secrets: + CODECOV_TOKEN: + description: Token for Codecov upload + required: true + +defaults: + run: + shell: bash + +jobs: + test: + name: Test + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Initialize + uses: ./.github/actions/setup-environment + + - name: Run tests with coverage + run: bun run test:coverage + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + with: + token: ${{ secrets.CODECOV_TOKEN }} + fail_ci_if_error: true diff --git a/.github/workflows/call-type-check.yml b/.github/workflows/call-type-check.yml new file mode 100644 index 0000000..763f94e --- /dev/null +++ b/.github/workflows/call-type-check.yml @@ -0,0 +1,25 @@ +name: Type Check (workflow_call) +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: workflow_call + +defaults: + run: + shell: bash + +jobs: + type-check: + name: TypeScript Type Check + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Initialize + uses: ./.github/actions/setup-environment + + - name: Run type check + run: bun run check:type diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..adfdc8d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,82 @@ +name: CI +run-name: "${{ github.workflow }} (${{ github.ref_name }}): ${{ github.event.pull_request.title }}" + +on: + push: + branches: [main] + pull_request: + branches: [main] + types: [opened, synchronize, reopened, ready_for_review] + +defaults: + run: + shell: bash + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +# This workflow contains core CI jobs that run on push/pull_request events. +# For additional jobs, create separate workflow_call files (e.g., call-*.yml) +# and invoke them from this workflow. See .github/workflows/call-dependency-review.yml for reference. +jobs: + setup: + name: Setup + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + pull-requests: read + if: ${{ !github.event.pull_request.draft }} + outputs: + dependencies: ${{ steps.filter.outputs.dependencies }} + typescript: ${{ steps.filter.outputs.typescript }} + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Initialize + uses: ./.github/actions/setup-environment + + - name: Check diff targets by path filters + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + dependencies: + - 'bun.lock' + typescript: + - 'bun.lock' + - '**/tsconfig*.json' + - '**/*.ts' + - '**/*.tsx' + + lint-format: + needs: [setup] + uses: ./.github/workflows/call-lint-format.yml + + type-check: + needs: [setup] + if: ${{ needs.setup.outputs.typescript == 'true' }} + uses: ./.github/workflows/call-type-check.yml + + test: + needs: [setup] + uses: ./.github/workflows/call-test.yml + secrets: + CODECOV_TOKEN: "${{ secrets.CODECOV_TOKEN }}" + + export-validation: + needs: [setup, lint-format, type-check, test] + if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') + uses: ./.github/workflows/call-export-validation.yml + + status-check: + name: Status Check + runs-on: ubuntu-slim + timeout-minutes: 1 + needs: [setup, lint-format, type-check, test, export-validation] + if: always() && (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) + steps: + - run: exit 1 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..d8ff626 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,78 @@ +name: Publish +run-name: "${{ github.workflow }} (${{ github.ref_name }})" + +on: + push: + tags: + - v[0-9]+.[0-9]+.[0-9]+(-[a-zA-Z0-9]+)? + +defaults: + run: + shell: bash + +jobs: + validate: + name: Validate Version + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Extract version from tag + id: tag_version + run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT + + - name: Extract version from package.json + id: pkg_version + run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT + + - name: Compare versions + run: | + if [ "${{ steps.tag_version.outputs.version }}" != "${{ steps.pkg_version.outputs.version }}" ]; then + echo "Error: Tag version (${{ steps.tag_version.outputs.version }}) does not match package.json version (${{ steps.pkg_version.outputs.version }})" + exit 1 + fi + echo "Version validation successful: v${{ steps.pkg_version.outputs.version }}" + + publish-npm: + name: Publish to npm + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: write + id-token: write + environment: npm-registry + needs: [validate] + steps: + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: Initialize + uses: ./.github/actions/setup-environment.yml + + - name: Run prepublishOnly + run: bun run prepublishOnly + + - name: Setup Node.js + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + with: + node-version: lts/* + registry-url: "https://registry.npmjs.org" + + - name: Install latest npm + run: npm install -g npm@latest + + - name: Publish to npm + run: npm publish --provenance --access public + + - name: Create GitHub Release + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + with: + generate_release_notes: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/package.json b/package.json index 51a7c8a..bde8f90 100644 --- a/package.json +++ b/package.json @@ -7,6 +7,10 @@ "type": "git", "url": "git+https://github.com/roottool/safe-formdata.git" }, + "bugs": { + "url": "https://github.com/roottool/safe-formdata/issues" + }, + "homepage": "https://github.com/roottool/safe-formdata#readme", "imports": { "#*": { "types": "./src/*.ts",