automated using bump-everywhere + more quality checks (#8)

- new workflows - linting commands & linted stuff - security checks & fixed audited vulnerabilities - updated documentation
undergroundwires · May 24, 2020 · 4a91e8c · 2961f69f-d3d2-4f42-8aa2-d7ed4570fd49 · Nov 13, 2021 · 2961f69f-d3d2-4f42-8aa2-d7ed4570fd49
1 parent 997be71
commit 4a91e8c
Show file tree

Hide file tree

Showing 13 changed files with 3,447 additions and 1,528 deletions.
diff --git a/.github/workflows/bump-and-release.yaml b/.github/workflows/bump-and-release.yaml
@@ -0,0 +1,23 @@
+name: Bump & release
+
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - master
+  push: # Ensure a new release is created for each new tag
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  bump-version-and-release:
+    if: > # Push => Ensure only changes from master. PR => to not trigger when closing PR without merging
+      (github.event_name == 'push' && github.event.base_ref == 'refs/heads/master')
+      || github.event.pull_request.merged == true 
+    runs-on: ubuntu-latest
+    steps:
+      - 
+        uses: undergroundwires/bump-everywhere@master
+        with:
+          user: undergroundwires-bot
+          release-token: ${{secrets.BUMP_GITHUB_PAT}} # Does not trigger release pipeline if we use default token: https://github.community/t5/GitHub-Actions/Github-Action-trigger-on-release-not-working-if-releases-was/td-p/34559
diff --git a/.github/workflows/build-and-deploy.yaml → .github/workflows/deploy.yaml b/.github/workflows/build-and-deploy.yaml → .github/workflows/deploy.yaml
@@ -1,31 +1,11 @@
 name: Build & deploy
 
 on:
-  push:
-    branches:
-    - master
+ release:
+   types: [created] # will be triggered when a NON-draft release is created and published.
 
 jobs:
-  increase-version:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
-        with:
-          node-version: '12.x'
-      - name: Setup GIT
-        run: |
-          git config user.email "[email protected]"
-          git config user.name "$GITHUB_ACTOR"
-      - name: Install and Publish
-        run: |
-          npm version patch -m "🚀 upgraded to %s"
-          git push --set-upstream origin master && git push --tags
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-
   build-and-deploy:
-    needs: increase-version
     runs-on: ubuntu-latest
     steps:
       -
@@ -98,11 +78,12 @@ jobs:
         uses: actions/checkout@v2
         with:
           path: site
+          ref: master # otherwise we don't get version bump commit
       -
         name: "App: Setup node"
         uses: actions/setup-node@v1
         with:
-          node-version: '12.x'
+          node-version: '14.x'
       -
         name: "App: Install dependencies"
         run: npm install

diff --git a/.github/workflows/quality-checks.yaml b/.github/workflows/quality-checks.yaml
@@ -0,0 +1,37 @@
+name: Quality checks
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      -
+        name: Install dependencies
+        run: npm ci
+      -
+        name: Lint vue
+        run: npm run lint:vue
+      -
+        name: Lint yaml
+        run: npm run lint:yaml
+      -
+        name: 'Validate md: Relative URLs'
+        run: npm run lint:md:relative-urls
+      -
+        name: 'Validate md: Enforce standards'
+        run: npm run lint:md
+      -
+        name: 'Validate md: Ensure consistency'
+        run: npm run lint:md:consistency
diff --git a/.github/workflows/security-checks.yaml b/.github/workflows/security-checks.yaml
@@ -0,0 +1,24 @@
+name: Security checks
+
+on:
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  npm-audit:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      -
+        name: NPM audit
+        run: npm audit
diff --git a/.github/workflows/run-tests.yaml → .github/workflows/test.yaml b/.github/workflows/run-tests.yaml → .github/workflows/test.yaml
@@ -1,22 +1,25 @@
-name: Run tests
+name: Test
 
-on: [push, pull_request]
+on:
+  pull_request:
+    branches:
+      - master
 
 jobs:
   run-tests:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
       -
         name: Setup node
         uses: actions/setup-node@v1
         with:
-          node-version: '11.x'
+          node-version: '14.x'
       -
         name: Install dependencies
-        run: npm install
+        run: npm ci
       -
         name: Run tests
         run: npm run test:unit
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -0,0 +1,4 @@
+{
+    "default": true,
+    "MD013": false
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/README.md b/README.md
@@ -1,13 +1,16 @@
 # privacy.sexy
 
-![Build & deploy status](https://github.com/undergroundwires/privacy.sexy/workflows/Build%20&%20deploy/badge.svg)
-![Vulnerabilities](https://snyk.io/test/github/undergroundwires/privacy.sexy/badge.svg)
+> Web tool to enforce privacy & security best-practices on Windows, because privacy is sexy 🍑🍆
+
 [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/undergroundwires/privacy.sexy/issues)
 [![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/undergroundwires/privacy.sexy.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/undergroundwires/privacy.sexy/context:javascript)
 [![Maintainability](https://api.codeclimate.com/v1/badges/3a70b7ef602e2264342c/maintainability)](https://codeclimate.com/github/undergroundwires/privacy.sexy/maintainability)
-
-Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it.
-> because privacy is sexy 🍑🍆
+[![Tests status](https://github.com/undergroundwires/privacy.sexy/workflows/Test/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Quality checks status](https://github.com/undergroundwires/privacy.sexy/workflows/Quality%20checks/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Security checks status](https://github.com/undergroundwires/privacy.sexy/workflows/Security%20checks/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Bump & release status](https://github.com/undergroundwires/privacy.sexy/workflows/Bump%20&%20release/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Deploy status](https://github.com/undergroundwires/privacy.sexy/workflows/Build%20&%20deploy/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Auto-versioned by bump-everywhere](https://github.com/undergroundwires/bump-everywhere/blob/master/badge.svg?raw=true)](https://github.com/undergroundwires/bump-everywhere)
 
 [https://privacy.sexy](https://privacy.sexy)
 
@@ -50,7 +53,7 @@ Fork it & add more scripts in [application.yaml](src/application/application.yam
   - **Application Layer**
     - Keeps the application state
       - The [state](src/application/State/ApplicationState.ts) is a mutable singleton & event producer.
-    - The application is defined & controlled in a [single YAML file](`\application\application.yaml`) (see [Data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming))
+    - The application is defined & controlled in a [single YAML file](src/application/application.yaml) (see [Data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming))
 
 ![DDD + vue.js](docs/app-ddd.png)
 
@@ -64,17 +67,8 @@ Fork it & add more scripts in [application.yaml](src/application/application.yam
 
 #### GitOps: CI/CD to AWS
 
+- CI/CD is fully automated for this repo using different GIT events & GitHub actions.
+  - Versioning, tagging, creation of `CHANGELOG.md` and releasing is automated using [bump-everywhere](https://github.com/undergroundwires/bump-everywhere) action
 - Everything that's merged in the master goes directly to production.
-- See more at [build-and-deploy.yaml](.github/workflows/build-and-deploy.yaml), and [run-tests.yaml](.github/workflows/run-tests.yaml)
-
-[![CI/CD to AWS with GitHub Actions](docs/gitops.png)](.github/workflows/build-and-deploy.yaml)
-
-## Thank you for the awesome projects 🍺
 
-- [Vue.js](https://vuejs.org/) the only big JavaScript framework that's not backed by companies that make money off your data.
-- [liquor-tree](https://GitHub.com/amsik/liquor-tree) for the awesome & super extensible tree component.
-- [Ace](https://ace.c9.io/) for code box.
-- [FileSaver.js](https://GitHub.com/eligrey/FileSaver.js) for save file dialog.
-- [chai](https://GitHub.com/chaijs/chai) & [mocha](https://GitHub.com/mochajs/mocha) for making testing fun.
-- [js-yaml-loader](https://GitHub.com/wwilsman/js-yaml-loader) for ahead of time loading `application.yml`
-- [v-tooltip](https://GitHub.com/Akryum/v-tooltip) takes seconds to have a tooltip, exactly what I needed.
+[![CI/CD to AWS with GitHub Actions](docs/gitops.png)](.github/workflows/)
diff --git a/docs/gitops.drawio b/docs/gitops.drawio
diff --git a/docs/gitops.png b/docs/gitops.png